# How to strengthen DES using existing hardware

## Abstract

Differential, linear and improved Davies' attacks are capable of breaking DES faster than exhaustive search, but are usually impractical due to enormous amounts of data required. In [20] Wiener designed a million dollar special purpose computer capable of breaking DES in 3.5 hours in average by exhaustive search. In this paper we describe methods of strengthening DES against exhaustive search, differential attacks, linear attacks and improved Davies' attacks that can be applied on existing DES hardware. We use the fact that there are DES chips in the market that permit replacement of the S-boxes. We introduce the concept of key-dependent invariant S-box transformations. Differential and linear properties of the cipher are invariant under these transformations. We show how to expand the key using such transformations. Possible reorderings of S-boxes are discussed; we present orders of the original DES S-boxes which are slightly stronger than the standard order of S-boxes. Finally we suggest a concrete scheme to strengthen DES which uses the methods described above. This modified DES can be used with existing DES hardware and is much stronger than the standard DES.

## Notations

- n
_{b} A binary number ra is denoted with the subscript

*b*(e.g. 110000_{b}= 48)- n
_{x} A hexadecimal number

*n*is denoted with the subscript*x*(e.g. 10_{x}= 16)- E
_{K}(P) The encryption of 64-bit plaintext block

*P*under the key*K*- K
_{d} A 56-bit subkey (of our scheme) which is entered to the (original) DES key scheduling algorithm

- Ki
The

*i*-th round 48-bit subkey of*K*_{ d }- E(·)
The expansion operation of DES.

## Preview

Unable to display preview. Download preview PDF.

## References

- 1.Thomas A. Berson,
*Long key variants of DES*, Advances in Cryptology, Proceedings of CRYPTO'82, pp. 311–313, 1982.Google Scholar - 2.Eli Biham, Adi Shamir,
*Differential Cryptanalysis of the Data Encryption Standard*, Springer-Verlag, 1993.Google Scholar - 3.Eli Biham, Alex Biryukov,
*An Improvement of Davies' Attack on DES*, Proceedings of EUROCRYPT'94, to appear.Google Scholar - 4.Eli Biham, Alex Biryukov, Uwe Blöcher, Markus Dichtl,
*Modifications of DES and their Effect on Differential and Linear Cryptanalysis*, unpublished paper, 1994.Google Scholar - 5.Ishai Ben-Aroya, Eli Biham,
*A Systematic Method to Find Characteristics*, unpublished paper, 1993.Google Scholar - 6.Don Coppersmith,
*The Data Encryption Standard (DES) and its Strength Against Attacks*, IBM Journal of Research and Development, Vol. 38, No. 3, pp. 243–250, May 1994.Google Scholar - 7.D.W. Davies,
*Some Regular Properties of the’ Data Encryption Standard’ Algorithm*, Advances in Cryptology, Proceedings of CRYPTO'82, pp. 89–96, 1982.Google Scholar - 8.D.W. Davies,
*Investigation of a Potential Weakness in the DES Algorithm*, private communications, 1987.Google Scholar - 9.Whitfield Diffie, Martin Hellman,
*Exhaustive Cryptanalysis of the NBS Data Encryption Standard*, IEEE Computer, Vol. 10, No. 6, pp. 74–84, June 1977.Google Scholar - 10.M. Hellman, R. Merkle, R. Schroeppel, L. Washington, W. Diffie, S. Pohlig, P. Schweitzer,
*Results of an Initial Attempt to Cryptanalyze the NBS Data Encryption Standard*, Information Systems Laboratory Report, Stanford University, November 1976.Google Scholar - 11.Kwangjo Kim, Sangjun Park, Sangjin Lee,
*Reconstruction of s*^{2}*DES S-boxes and their Immunity to Differential Cryptanalysis*, Proceedings of JW-ISC93 — Korea-Japan Joint Workshop on Information Security and Cryptology, Seoul, Korea, October 24–26, 1993.Google Scholar - 12.Lars Knudsen,
*An Analysis of Kim, Park and Lee's DES-like S-boxes*, private communication, June 1993.Google Scholar - 13.Lars Knudsen,
*On the Design of Secure Block Ciphers*, Fast Software Encryption, Proceedings of Cambridge security workshop, pp. 9–11, December 1993.Google Scholar - 14.Mitsuru Matsui,
*Linear Cryptanalysis Method for DES Cipher*, Proceedings of EUROCRYPT'93, pp. 386–397, 1993.Google Scholar - 15.Mitsuru Matsui,
*On Correlation Between the Order of S-boxes and the Strength of DES*, Proceedings of EUROCRYPT'94, to appear.Google Scholar - 16.Ralph C. Merkle,
*Fast Software Encryption Functions*, Lecture Notes in Computer Science, Advances in Cryptology, Proceedings of CRYPTO'90, pp. 476–501, 1990.Google Scholar - 17.National Bureau of Standards,
*Data Encryption Standard*, Federal Information Processing Standards Publication 46, January 1977.Google Scholar - 18.SuperCrypt,
*High Speed Cryptographic Data Security Element*, Preliminary Data Sheet.Google Scholar - 19.J.-J. Quisquater, Y. Desmedt, M. Davio,
*The Importance of’ Good’ Key Scheduling Schemes*, Proceedings of CRYPTO'85, pp. 537–542, 1985.Google Scholar - 20.M. J. Wiener,
*Efficient DES Key Search*, technical report TR-244, School of Computer Science, Carleton University, Ottawa, Canada, May 1994. Presented at the Rump session of CRYPTO'93, August 1993.Google Scholar