Jump to content

Main menu Navigation ●Main page ●Contents ●Current events ●Random article ●About Wikipedia ●Contact us ●Donate Contribute ●Help ●Learn to edit ●Community portal ●Recent changes ●Upload file

●Create account ●Log in ●Create account ● Log in Pages for logged out editors learn more ●Contributions ●Talk

(Top) 1 See also 2 References 3 External links

DES-X

●Català ●فارسی ●Français ●Italiano ●日本語 ●Polski ●Português ●Русский ●Simple English ●Türkçe Edit links ●Article ●Talk ●Read ●Edit ●View history Tools Actions ●Read ●Edit ●View history General ●What links here ●Related changes ●Upload file ●Special pages ●Permanent link ●Page information ●Cite this page ●Get shortened URL ●Download QR code ●Wikidata item Print/export ●Download as PDF ●Printable version Appearance From Wikipedia, the free encyclopedia (Redirected from DESX)

Incryptography, DES-X (orDESX) is a variant on the DES (Data Encryption Standard) symmetric-key block cipher intended to increase the complexity of a brute-force attack. The technique used to increase the complexity is called key whitening.

The original DES algorithm was specified in 1976 with a 56-bit key size: 2⁵⁶ possibilities for the key. There was criticism that an exhaustive search might be within the capabilities of large governments, particularly the United States' National Security Agency (NSA). One scheme to increase the key size of DES without substantially altering the algorithm was DES-X, proposed by Ron Rivest in May 1984.

The algorithm has been included in RSA Security's BSAFE cryptographic library since the late 1980s.

DES-X augments DES by XORing an extra 64 bits of key (K₁) to the plaintext before applying DES, and then XORing another 64 bits of key (K₂) after the encryption:

${\displaystyle {\mbox{DES-X}}($

The key size is thereby increased to 56 + (2 ×64) = 184 bits.

However, the effective key size (security) is only increased to 56+64−1−lb(M) = 119 − lb(M) = ~119 bits, where M is the number of chosen plaintext/ciphertext pairs the adversary can obtain, and lb denotes the binary logarithm. Moreover, key size drops to 88 bits given 2^32.5 known plaintext and using advanced slide attack.

DES-X also increases the strength of DES against differential cryptanalysis and linear cryptanalysis, although the improvement is much smaller than in the case of brute force attacks. It is estimated that differential cryptanalysis would require 2⁶¹ chosen plaintexts (vs. 2⁴⁷ for DES), while linear cryptanalysis would require 2⁶⁰ known plaintexts (vs. 2⁴³ for DES or 2⁶¹ for DES with independent subkeys.^[1]) Note that with 2⁶⁴ plaintexts (known or chosen being the same in this case), DES (or indeed any other block cipher with a 64 bit block size) is totally broken as the whole cipher's codebook becomes available.

Although the differential and linear attacks, currently best attack on DES-X is a known-plaintext slide attack discovered by Biryukov-Wagner ^[2] which has complexity of 2^32.5 known plaintexts and 2^87.5 time of analysis. Moreover the attack is easily converted into a ciphertext-only attack with the same data complexity and 2⁹⁵ offline time complexity.

References

[edit]

^ Biham, Eli; Shamir, Adi (1991). "Differential cryptanalysis of DES-like cryptosystems". Journal of Cryptology. 4: 3–72. doi:10.1007/BF00630563. S2CID 33202054.

^ Biryukov, Alex; Wagner, David (2000). "Advanced Slide Attacks". Advances in Cryptology — EUROCRYPT 2000 (PDF). Lecture Notes in Computer Science. Vol. 1807. pp. 589–606. doi:10.1007/3-540-45539-6_41. ISBN 978-3-540-67517-4.

Kilian, Joe; Rogaway, Phillip (1996). "How to Protect DES Against Exhaustive Key Search". Advances in Cryptology — CRYPTO '96. Lecture Notes in Computer Science. Vol. 1109. pp. 252–267. doi:10.1007/3-540-68697-5_20. ISBN 978-3-540-61512-5.
P. Rogaway, The security of DESX (PDF), CryptoBytes 2(2) (Summer 1996).

External links

[edit]

RSA FAQ Entry

v t e Block ciphers (security summary)
Common algorithms	AES Blowfish DES (internal mechanics, Triple DES) Serpent SM4 Twofish
Less common algorithms	ARIA Camellia CAST-128 GOST IDEA LEA RC5 RC6 SEED Skipjack TEA XTEA
Other algorithms	3-Way Adiantum Akelarre Anubis Ascon BaseKing BassOmatic BATON BEAR and LION CAST-256 Chiasmus CIKS-1 CIPHERUNICORN-A CIPHERUNICORN-E CLEFIA CMEA Cobra COCONUT98 Crab Cryptomeria/C2 CRYPTON CS-Cipher DEAL DES-X DFC E2 FEAL FEA-M FROG G-DES Grand Cru Hasty Pudding cipher Hierocrypt ICE IDEA NXT Intel Cascade Cipher Iraqi Kalyna KASUMI KeeLoq KHAZAD Khufu and Khafre KN-Cipher Kuznyechik Ladder-DES LOKI (97, 89/91) Lucifer M6 M8 MacGuffin Madryga MAGENTA MARS Mercy MESH MISTY1 MMB MULTI2 MultiSwap New Data Seal NewDES Nimbus NOEKEON NUSH PRESENT Prince Q RC2 REDOC Red Pike S-1 SAFER SAVILLE SC2000 SHACAL SHARK Simon Speck Spectr-H64 Square SXAL/MBAL Threefish Treyfer UES xmx XXTEA Zodiac
Design	Feistel network Key schedule Lai–Massey scheme Product cipher S-box P-box SPN Confusion and diffusion Round Avalanche effect Block size Key size Key whitening (Whitening transformation)
Attack (cryptanalysis)	Brute-force (EFF DES cracker) MITM Biclique attack 3-subset MITM attack Linear (Piling-up lemma) Differential Impossible Truncated Higher-order Differential-linear Distinguishing (Known-key) Integral/Square Boomerang Mod n Related-key Slide Rotational Side-channel Timing Power-monitoring Electromagnetic Acoustic Differential-fault XSL Interpolation Partitioning Rubber-hose Black-bag Davies Rebound Weak key Tau Chi-square Time/memory/data tradeoff
Standardization	AES process CRYPTREC NESSIE NSA Suite B CNSA
Utilization	Initialization vector Mode of operation Padding

Cryptography

General

Mathematics

Category

Retrieved from "https://en.wikipedia.org/w/index.php?title=DES-X&oldid=1199236970" Categories: ●Broken block ciphers ●Data Encryption Standard Hidden categories: ●Articles with short description ●Short description matches Wikidata ●This page was last edited on 26 January 2024, at 15:06 (UTC). ●Text is available under the Creative Commons Attribution-ShareAlike License 4.0; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a non-profit organization. ●Privacy policy ●About Wikipedia ●Disclaimers ●Contact Wikipedia ●Code of Conduct ●Developers ●Statistics ●Cookie statement ●Mobile view