Is DES a Pure Cipher? (Results of More Cycling Experiments on DES)

During summer 1985, we performed eight cycling experiments on the Data Encryption Standard (DES) to see if DES has certain algebraic weaknesses. Using special-purpose hardware, we applied the cycling closure test described in our Eurocrypt 85 paper to determine whether DES is a pure cipher. We also carried out a stronger version of this test. (A cipher is pure if, for any keys i, j, k, there exists some key l such that T i T j −1 T k = T l, where T w denotes encryption under key w.) In addition, we followed the orbit of a randomly chosen DES transformation for 236 steps, as well as the orbit of the composition of two of the “weak key” transformations. Except for the weak key experiment, our results are consistent with the hypothesis that DES acts like a set of randomly chosen permutations. In particular, our results show with overwhelming confidence that DES is not pure. The weak key experiment produced a short cycle of about 233 steps, the consequence of hitting a fixed point for each weak key.

[1]  B. Harris PROBABILITY DISTRIBUTIONS RELATED TO RANDOM MAPPINGS , 1960 .

[2]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[3]  Alan Williamson,et al.  The Probability of Generating the Symmetric Group , 1978 .

[4]  L. A. Shepp,et al.  Ordered cycle lengths in a random permutation , 1966 .

[5]  Stephen M. Matyas,et al.  Cryptography: A New Dimension in Computer Data Security--A Guide for the Design and Implementation of Secure Systems , 1982 .

[6]  Alan T. Sherman,et al.  Is the data encryption standard a group , 1986 .

[7]  Jason Gait,et al.  A New Nonlinear Pseudorandom Number Generator , 1977, IEEE Transactions on Software Engineering.

[8]  J. Rotman The theory of groups : an introduction , 1966 .

[9]  R. R. Jueneman,et al.  Analysis of Certain Aspects of Output Feedback Mode , 1982, CRYPTO.

[10]  Donald W. Davies Some Regular Properties of the 'Data Encryption Standard' Algorithm , 1982, CRYPTO.

[11]  G. M.,et al.  An Introduction to the Theory of Groups of Finite Order , 1908, Nature.

[12]  Thomas Beth Cryptography, Proceedings of the Workshop on Cryptography, Burg Feuerstein, Germany, March 29 - April 2, 1982 , 1983, Lecture Notes in Computer Science.

[13]  Justin M. Reyneri,et al.  Drainage and the DES , 1982, CRYPTO.

[14]  P. W. Purdom,et al.  Cycle length in a random function , 1968 .

[15]  Donald W. Davies,et al.  The average Cycle size of the Key-Stream in Output Feedback Encipherment , 1982, EUROCRYPT.

[16]  Donald E. Knuth,et al.  The Art of Computer Programming, Vol. 2 , 1981 .

[17]  David Chaum,et al.  Advances in Cryptology: Proceedings Of Crypto 83 , 2012 .

[18]  Andrew Chi-Chih Yao,et al.  The Complexity of Finding Cycles in Periodic Functions , 1982, SIAM J. Comput..

[19]  J. D. Bovey,et al.  An Approximate Probability Distribution for the order of Elements of the Symmetric Group , 1980 .

[20]  Donald W. Davies,et al.  Some Regular Properties of the DES , 1981, CRYPTO.

[21]  Martin E. Hellman,et al.  On the security of multiple encryption , 1981, CACM.

[22]  H. Wielandt,et al.  Finite Permutation Groups , 1964 .