Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Data Encryption Standard
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== Minor cryptanalytic properties === DES exhibits the complementation property, namely that :<math>E_K(P)=C \iff E_{\overline{K}}(\overline{P})=\overline{C}</math> where <math>\overline{x}</math> is the [[bitwise complement]] of <math>x.</math> <math>E_K</math> denotes encryption with key <math>K.</math> <math>P</math> and <math>C</math> denote plaintext and ciphertext blocks respectively. The complementation property means that the work for a [[brute-force attack]] could be reduced by a factor of 2 (or a single bit) under a [[chosen-plaintext attack|chosen-plaintext]] assumption. By definition, this property also applies to TDES cipher.<ref>{{cite book |last1=Menezes |first1=Alfred J. |last2=van Oorschot |first2=Paul C. |last3=Vanstone |first3=Scott A. |date=1996 |title=Handbook of Applied Cryptography |url=https://archive.org/details/handbookofapplie0000mene/page/257 |publisher=CRC Press |page=[https://archive.org/details/handbookofapplie0000mene/page/257 257] |isbn=978-0849385230 |url-access=registration }}</ref> DES also has four so-called ''[[Weak key#Weak keys in DES|weak keys]]''. Encryption (''E'') and decryption (''D'') under a weak key have the same effect (see [[involution (mathematics)|involution]]): :<math>E_K(E_K(P)) = P</math> or equivalently, <math>E_K = D_K.</math> There are also six pairs of ''semi-weak keys''. Encryption with one of the pair of semiweak keys, <math>K_1</math>, operates identically to decryption with the other, <math>K_2</math>: :<math>E_{K_1}(E_{K_2}(P)) = P</math> or equivalently, <math>E_{K_2} = D_{K_1}.</math> It is easy enough to avoid the weak and semiweak keys in an implementation, either by testing for them explicitly, or simply by choosing keys randomly; the odds of picking a weak or semiweak key by chance are negligible. The keys are not really any weaker than any other keys anyway, as they do not give an attack any advantage. DES has also been proved not to be a [[group (mathematics)|group]], or more precisely, the set <math>\{E_K\}</math> (for all possible keys <math>K</math>) under [[functional composition]] is not a group, nor "close" to being a group.<ref>{{cite book| url = http://dl.acm.org/citation.cfm?id=705523| title = Campbell and Wiener, 1992| date = 16 August 1992| pages = 512β520| isbn = 9783540573401| last1 = Brickell| first1 = Ernest F.}}</ref> This was an open question for some time, and if it had been the case, it would have been possible to break DES, and multiple encryption modes such as [[Triple DES]] would not increase the security, because repeated encryption (and decryptions) under different keys would be equivalent to encryption under another, single key.<ref>{{Cite web|url=https://www.nku.edu/~christensen/3DES.pdf |archive-url=https://web.archive.org/web/20110409080716/http://www.nku.edu/~christensen/3DES.pdf |archive-date=2011-04-09 |url-status=live|title=Double DES}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)