[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cryptography
Subject:    Re: IBM's original S-Boxes for DES?
From:       "Steven M. Bellovin" <smb () research ! att ! com>
Date:       2004-09-30 16:25:20
Message-ID: 20040930162520.16E341AE84 () berkshire ! research ! att ! com
[Download RAW message or body]

In message <1096535230.415bccbe98ef6@webmail1.ec.auckland.ac.nz>, Nicolai Moles
-Benfell writes:
>Hi,
>
>A number of sources state that the NSA changed the S-Boxes (and reduced the ke
>y
>size) of IBM's original DES submission, and that these change were made to
>strengthen the cipher against differential/linear/?? cryptanalysis.
>
>Does anybody have a reference to, or have an electronic copy of these original
>S-Boxes?
>

It was only to protect against differential cryptanalysis; they did not 
know about linear cryptanalysis.  See Don Coppersmith, The Data Encryption
Standard (DES) and its strength against attacks, IBM Journal of Research
and Development, Vol. 38, n. 3, pp. 243-250, May 1994.


		--Steve Bellovin, http://www.research.att.com/~smb



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
[prev in list] [next in list] [prev in thread] [next in thread]