|
|
Line 1: |
Line 1: |
| In [[cryptography]], '''DES-X''' (or '''DESX''') is a variant on the [[Data Encryption Standard|DES]] (Data Encryption Standard) [[Symmetric-key algorithm|symmetric-key]] [[block cipher]] intended to increase the complexity of a [[brute force attack]] using a technique called ''[[key whitening]]''.
| | I'm Pablo and I live with my husband and our three children in Miles, in the QLD south part. My hobbies are Scrapbooking, Archery and Sculpting.<br><br>my web site - [http://tinyurl.com/odudrnx http://tinyurl.com/odudrnx] |
| | |
| The original DES algorithm was specified in 1976 with a 56-bit [[key size]]: 2<sup>56</sup> possibilities for the [[key (cryptography)|key]]. There was criticism that an exhaustive search might be within the capabilities of large governments, particularly the United States' [[National Security Agency]] (NSA). One scheme to increase the key size of DES without substantially altering the algorithm was DES-X, proposed by [[Ron Rivest]] in May 1984.
| |
| | |
| The algorithm has been included in [[RSA Security]]'s BSAFE cryptographic library since the late 1980s.
| |
| | |
| DES-X augments DES by [[XOR]]ing an extra 64 bits of key (K<sub>1</sub>) to the [[plaintext]] ''before'' applying DES, and then XORing another 64 bits of key (K<sub>2</sub>) ''after'' the encryption:
| |
| | |
| <math>\mbox{DES-X}(M) = K_2 \oplus \mbox{DES}_K(M \oplus K_1)</math>
| |
| | |
| The key size is thereby increased to 56 + (2 × 64) = 184 bits.
| |
| | |
| However, the effective key size (security) is only increased to 56+64-1-''lb(M)'' = 119 - ''lb(M)'' = ~119 bits, where ''M'' is the number of [[Chosen-plaintext attack|chosen plaintext/ciphertext pairs]] the adversary can obtain, and ''lb'' denotes the [[binary logarithm]]. Moreover key size drops to 88 bits given 2<sup>32.5</sup> known plaintext and using advanced slide attack. (Because of this, some implementations actually make K<sub>2</sub> a strong one way function of K<sub>1</sub> and K.)
| |
| | |
| DES-X also increases the strength of DES against [[differential cryptanalysis]] and [[linear cryptanalysis]], although the improvement is much smaller than in the case of brute force attacks. It is estimated that differential cryptanalysis would require 2<sup>61</sup> chosen plaintexts (vs. 2<sup>47</sup> for DES), while linear cryptanalysis would require 2<sup>60</sup> known plaintexts (vs. 2<sup>43</sup> for DES.) Note that with 2<sup>64</sup> plaintexts (known or chosen being the same in this case), DES (or indeed any other [[block cipher]] with a 64 bit [[block size (cryptography)|block size]]) is totally broken via the elementary codebook attack.
| |
| | |
| ==See also==
| |
| * [[G-DES]]
| |
| * [[Meet-in-the-middle attack]]
| |
| * [[Triple DES]]
| |
| | |
| ==References==
| |
| * Joe Kilian and Phillip Rogaway, [http://wwwcsif.cs.ucdavis.edu/~rogaway/papers/desx.ps How to protect DES against exhaustive key search] (PostScript), Advances in Cryptology - Crypto '96, Springer-Verlag (1996), pp. 252–267.
| |
| * P. Rogaway, [http://www.cs.ucdavis.edu/~rogaway/papers/cryptobytes.ps The security of DESX] (PostScript), CryptoBytes '''2'''(2) (Summer 1996).
| |
| * A. Biryukov and D. Wagner, Advanced Slide Attacks, Eurocrypt 2000, Springer-Verlag (2000), pp. 589–606.
| |
| | |
| ==External links==
| |
| * [http://www.rsasecurity.com/rsalabs/node.asp?id=2232 RSA FAQ Entry]
| |
| | |
| {{Cryptography navbox | block}}
| |
| | |
| [[Category:Broken block ciphers]]
| |
| [[Category:Data Encryption Standard]]
| |
I'm Pablo and I live with my husband and our three children in Miles, in the QLD south part. My hobbies are Scrapbooking, Archery and Sculpting.
my web site - http://tinyurl.com/odudrnx