On 05/06/2014 01:20 AM, Bernie Cosell wrote:
On 6 May 2014 at 8:35, Dave Horsfall wrote:
On Mon, 5 May 2014, Marcus Brinkmann wrote:
It is well known that the DES S-Boxes were specifically designed (by
the
NSA, no less, back in the good ol' days) to protect against that
attack.
If I recall Schneier, the S-boxes were *modified* by the NSA, not
designed.
More than that, the modifications *improved* the S-boxes --- they made
DES resistent to differential attacks that [AFAIK] weren't yet known in
the civilian community. I think it was only after a few years that the
impact of their changes was understood [and that it was a good thing].
On rereading the Wikipedia article on DES history, the whole story seems
to be considerably muddier than I recalled at first.
On the one hand, the article cites Schneier "Applied Cryptography" (2nd
ed.). p. 280, quoting Alan Konheim (one of the designers of DES) with:
"We sent the S-boxes off to Washington. They came back and were all
different."
On the other hand the article says that Steven Levy ("Crypto") claims
that "IBM Watson researchers discovered differential cryptanalytic
attacks in 1974 and were asked by the NSA to keep the technique secret."
Yet again the "United States Senate Select Committee on Intelligence" is
cited with: "In the development of DES, NSA [...] indirectly assisted in
the development of the S-box structures."
Also, the article cites "a declassified NSA book on cryptologic history"
with: "NSA worked closely with IBM to strengthen the algorithm against
all except brute force attacks and to strengthen substitution tables,
called S-boxes."
I guess a more careful review of the evidence is required to make heads
and tails of it.
Thanks,
Marcus
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
