How to strengthen DES using existing hardware

  • Eli Biham
  • Alex Biryukov
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 917)


Differential, linear and improved Davies' attacks are capable of breaking DES faster than exhaustive search, but are usually impractical due to enormous amounts of data required. In [20] Wiener designed a million dollar special purpose computer capable of breaking DES in 3.5 hours in average by exhaustive search. In this paper we describe methods of strengthening DES against exhaustive search, differential attacks, linear attacks and improved Davies' attacks that can be applied on existing DES hardware. We use the fact that there are DES chips in the market that permit replacement of the S-boxes. We introduce the concept of key-dependent invariant S-box transformations. Differential and linear properties of the cipher are invariant under these transformations. We show how to expand the key using such transformations. Possible reorderings of S-boxes are discussed; we present orders of the original DES S-boxes which are slightly stronger than the standard order of S-boxes. Finally we suggest a concrete scheme to strengthen DES which uses the methods described above. This modified DES can be used with existing DES hardware and is much stronger than the standard DES.



A binary number ra is denoted with the subscript b (e.g. 110000b = 48)


A hexadecimal number n is denoted with the subscript x (e.g. 10x = 16)


The encryption of 64-bit plaintext block P under the key K


A 56-bit subkey (of our scheme) which is entered to the (original) DES key scheduling algorithm


The i-th round 48-bit subkey of K d


The expansion operation of DES.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Thomas A. Berson, Long key variants of DES, Advances in Cryptology, Proceedings of CRYPTO'82, pp. 311–313, 1982.Google Scholar
  2. 2.
    Eli Biham, Adi Shamir, Differential Cryptanalysis of the Data Encryption Standard, Springer-Verlag, 1993.Google Scholar
  3. 3.
    Eli Biham, Alex Biryukov, An Improvement of Davies' Attack on DES, Proceedings of EUROCRYPT'94, to appear.Google Scholar
  4. 4.
    Eli Biham, Alex Biryukov, Uwe Blöcher, Markus Dichtl, Modifications of DES and their Effect on Differential and Linear Cryptanalysis, unpublished paper, 1994.Google Scholar
  5. 5.
    Ishai Ben-Aroya, Eli Biham, A Systematic Method to Find Characteristics, unpublished paper, 1993.Google Scholar
  6. 6.
    Don Coppersmith, The Data Encryption Standard (DES) and its Strength Against Attacks, IBM Journal of Research and Development, Vol. 38, No. 3, pp. 243–250, May 1994.Google Scholar
  7. 7.
    D.W. Davies, Some Regular Properties of the’ Data Encryption Standard’ Algorithm, Advances in Cryptology, Proceedings of CRYPTO'82, pp. 89–96, 1982.Google Scholar
  8. 8.
    D.W. Davies, Investigation of a Potential Weakness in the DES Algorithm, private communications, 1987.Google Scholar
  9. 9.
    Whitfield Diffie, Martin Hellman, Exhaustive Cryptanalysis of the NBS Data Encryption Standard, IEEE Computer, Vol. 10, No. 6, pp. 74–84, June 1977.Google Scholar
  10. 10.
    M. Hellman, R. Merkle, R. Schroeppel, L. Washington, W. Diffie, S. Pohlig, P. Schweitzer, Results of an Initial Attempt to Cryptanalyze the NBS Data Encryption Standard, Information Systems Laboratory Report, Stanford University, November 1976.Google Scholar
  11. 11.
    Kwangjo Kim, Sangjun Park, Sangjin Lee, Reconstruction of s 2 DES S-boxes and their Immunity to Differential Cryptanalysis, Proceedings of JW-ISC93 — Korea-Japan Joint Workshop on Information Security and Cryptology, Seoul, Korea, October 24–26, 1993.Google Scholar
  12. 12.
    Lars Knudsen, An Analysis of Kim, Park and Lee's DES-like S-boxes, private communication, June 1993.Google Scholar
  13. 13.
    Lars Knudsen, On the Design of Secure Block Ciphers, Fast Software Encryption, Proceedings of Cambridge security workshop, pp. 9–11, December 1993.Google Scholar
  14. 14.
    Mitsuru Matsui, Linear Cryptanalysis Method for DES Cipher, Proceedings of EUROCRYPT'93, pp. 386–397, 1993.Google Scholar
  15. 15.
    Mitsuru Matsui, On Correlation Between the Order of S-boxes and the Strength of DES, Proceedings of EUROCRYPT'94, to appear.Google Scholar
  16. 16.
    Ralph C. Merkle, Fast Software Encryption Functions, Lecture Notes in Computer Science, Advances in Cryptology, Proceedings of CRYPTO'90, pp. 476–501, 1990.Google Scholar
  17. 17.
    National Bureau of Standards, Data Encryption Standard, Federal Information Processing Standards Publication 46, January 1977.Google Scholar
  18. 18.
    SuperCrypt, High Speed Cryptographic Data Security Element, Preliminary Data Sheet.Google Scholar
  19. 19.
    J.-J. Quisquater, Y. Desmedt, M. Davio, The Importance of’ Good’ Key Scheduling Schemes, Proceedings of CRYPTO'85, pp. 537–542, 1985.Google Scholar
  20. 20.
    M. J. Wiener, Efficient DES Key Search, technical report TR-244, School of Computer Science, Carleton University, Ottawa, Canada, May 1994. Presented at the Rump session of CRYPTO'93, August 1993.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1995

Authors and Affiliations

  • Eli Biham
    • 1
  • Alex Biryukov
    • 2
  1. 1.Computer Science DepartmentTechnion-Israel Institute of TechnologyHaifaIsrael
  2. 2.Applied Mathematics DepartmentTechnion - Israel Institute of TechnologyHaifaIsrael

Personalised recommendations