Hi all, I was just wondering... In DES, there's an Initial Permutation (IP) on the plaintext, then 16 rounds, and then the inverse permutation (IP^-1) of the result to produce the ciphertext. How effective are these permutations? Do they really add diffusion to the algorithm, considering that they don't depend on the key? Someone told me that they are necessary to provide reversibility to DES. Is this correct? Thanks in advance, Best Regards, Devegili
At 08:00 PM 9/5/00 -0400, Augusto Jun Devegili wrote:
Hi all,
I was just wondering... In DES, there's an Initial Permutation (IP) on the plaintext, then 16 rounds, and then the inverse permutation (IP^-1) of the result to produce the ciphertext.
How effective are these permutations? Do they really add diffusion to the algorithm, considering that they don't depend on the key?
Someone told me that they are necessary to provide reversibility to DES. Is this correct?
You are correct. They are needed to perform DES as spec'd in the FIPS, so just for interoperability you've gotta keep them. When you do 3DES you can combine them. These permutations cost only wires in hardware, but take cycles on a CPU. This is one of the reasons that DES is inefficient in software.
according to applied cryptography, these permutaions do not effect the security of the algorithm, but i'm not sure about the purpose. Augusto Jun Devegili wrote:
Hi all,
I was just wondering... In DES, there's an Initial Permutation (IP) on the plaintext, then 16 rounds, and then the inverse permutation (IP^-1) of the result to produce the ciphertext.
How effective are these permutations? Do they really add diffusion to the algorithm, considering that they don't depend on the key?
Someone told me that they are necessary to provide reversibility to DES. Is this correct?
Thanks in advance, Best Regards,
Devegili
-- foo===================== rim vilgalys juzam@cyberspace.org -export-a-crypto-system-sig -RSA-3-lines-PERL #!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj $/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1 lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/) =====================bar
At 17:30 -0400 9/6/00, juzam wrote:
according to applied cryptography, these permutaions do not effect the security of the algorithm, but i'm not sure about the purpose.
As I recall the basic purpose was to make it slow in software meaning that software cracking apps were/are at a severe disadvantage vs. hardware implementations. It would be interesting to see how much longer that extended DES's effective lifetime. I would consider the initial permutations to be in the same category as Blowfish's (and derivative algorithm's) time consuming key expansion phase- a neat "trick" that does not improve theoretical security but significantly increases the difficulty of real world attacks. -- Kevin "The Cubbie" Elliott <mailto:kelliott@mac.com> ICQ#23758827 _______________________________________________________________________________ "As nightfall does not come at once, neither does oppression. In both instances, there is a twilight when everything remains seemingly unchanged. And it is in such twilight that we all must be most aware of change in the air--however slight--lest we become unwitting victims of the darkness." -- Justice William O. Douglas
At 09:08 PM 9/6/00 -0400, Kevin Elliott wrote:
initial permutations to be in the same category as Blowfish's (and derivative algorithm's) time consuming key expansion phase- a neat "trick" that does not improve theoretical security but significantly increases the difficulty of real world attacks.
They do an *excellent* job of that but hamper key agility, unless you do something like page state.
participants (4)
-
Augusto Jun Devegili -
David Honig -
juzam -
Kevin Elliott