# Is the Data Encryption Standard a group? (Results of cycling experiments on DES)

@article{Kaliski2004IsTD, title={Is the Data Encryption Standard a group? (Results of cycling experiments on DES)}, author={Burton S. Kaliski and Ronald L. Rivest and Alan T. Sherman}, journal={Journal of Cryptology}, year={2004}, volume={1}, pages={3-36} }

The Data Encryption Standard (DES) defines an indexed set of permutations acting on the message space ℳ ={0,1}64. If this set of permutations were closed under functional composition, then the two most popular proposals for strengthening DES through multiple encryption would be equivalent to single encryption. Moreover, DES would be vulnerable to a known-plaintext attack that runs in 228 steps on the average. It is unknown in the open literature whether or not DES has this weakness.Two…

## 40 Citations

The t-wise Independence of Substitution-Permutation Networks

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2021

Almost pairwise independence is proved for sufficiently many rounds of both the AES block cipher and the MiMC block cipher, assuming independent sub-keys, and it is shown that instantiating a key-alternating cipher with most permutations gives us (almost) t-wise independence in t+o(t) rounds.

A Simplified and Generalized Treatment of DES-Related Ciphers

- Mathematics, Computer ScienceCryptologia
- 2015

A two-round simplified version of DES is constructed that contains all the DES components and is shown to be not a group under functional composition, it is not a pure cipher, and its set of encryption permutations does not generate the alternating group.

Algebraic aspects of the advanced encryption standard

- Computer Science, Mathematics
- 2006

This work will examine some algebraic aspects of the AES and consider a number of algebraic techniques that could be used in the analysis of the cipher, and focus on the large, though surprisingly simple, systems of multivariate quadratic equations derived from the encryption operation.

Algebraic properties of generalized Rijndael-like ciphers

- Mathematics, Computer ScienceGroups Complex. Cryptol.
- 2014

Conditions under which the group generated by the Rijndael-like round functions based on operations of the finite field GF (p k ) is equal to the symmetric group or the alternating group on the state space are provided.

Parallel Collision Search with Cryptanalytic Applications

- Computer Science, MathematicsJournal of Cryptology
- 2013

The new technique greatly extends the reach of practical attacks, providing the most cost-effective means known to date for defeating: the small subgroup used in certain schemes based on discrete logarithms such as Schnorr, DSA, and elliptic curve cryptosystems; hash functions; and double encryption and three-key triple encryption.

On Boolean functions, symmetric cryptography and algebraic coding theory

- Computer Science, Mathematics
- 2015

It is proved that hidden sum trapdoors are practical and can perform a global reconstruction attack, and the notion of Anti-Crooked function is introduced.

Algebraic properties of cryptosystem PGM

- Mathematics, Computer ScienceJournal of Cryptology
- 2006

It is shown that the set of PGM transformations ℐG is not closed under functional composition and hence not a group, which is one of the strongest security conditions that can be offered by a private-key encryption system.

On the primitivity of Lai-Massey schemes

- Computer Science, MathematicsArXiv
- 2020

The Lai-Massey scheme is proposed, a framework which combines both Substitution Permutation Network and Feistel Network features, and resistance to the imprimitivity attack is obtained as a consequence of a more general result.

The Round Functions of Cryptosystem PGM Generate the Symmetric Group

- Mathematics, Computer ScienceDes. Codes Cryptogr.
- 2006

If G is a nontrivial finite group which is not cyclic of order aprime, or the square of a prime, then the round functions of these systems, that are the permutations of G induced by the exact-transversal logarithmic signatures (also known as transversal group bases), generate the full symmetric group on G.

Generalised Round Functions for Block Ciphers and their Security

- Computer Science, MathematicsArXiv
- 2017

The immunity from some group-theoretical attacks is investigated, and it is shown how to avoid that the group generated by the round functions acts imprimitively, which would represent a serious flaw for the cipher.

## References

SHOWING 1-10 OF 77 REFERENCES

Is the Data Encryption Standard a Group? (Preliminary Abstract)

- Computer Science, MathematicsEUROCRYPT
- 1985

The Data Encryption Standard (DES) defines an indexed set of permutations acting on the message space M = {0,1}64, which would be vulnerable to a known-plaintext attack that runs in 228 steps, on the average.

Is DES a Pure Cipher? (Results of More Cycling Experiments on DES)

- Mathematics, Computer ScienceCRYPTO
- 1985

During summer 1985, eight cycling experiments on the Data Encryption Standard (DES) were performed to see if DES has certain algebraic weaknesses, and the results show with overwhelming confidence that DES is not pure.

A cryptanalytic time-memory trade-off

- Computer Science, MathematicsIEEE Trans. Inf. Theory
- 1980

A probabilistic method is presented which cryptanalyzes any N key cryptosystem in N 2/3 operational with N2/3 words of memory after a precomputation which requires N operations, and works in a chosen plaintext attack and can also be used in a ciphertext-only attack.

Two Issues in Public Key Cryptography: RSA Bit Security and a New Knapsack Type System

- Computer Science, Mathematics
- 1986

This book explores public key cryptographic systems, first investigating the question of cryptographic security of bits in the RSA encryption and then constructing a new knapsack type public key cryptosystem, based on arithmetic in finite fields, following a construction by Bose and Chowla.

On the security of multiple encryption

- Computer Science, MathematicsCACM
- 1981

It is shown that although either technique significantly improves security over single encryption, the new technique does not significantly increase security over simple double encryption.

Advances in Cryptology

- Computer Science, MathematicsLecture Notes in Computer Science
- 2000

The undecidable word problem for groups and semlgroups is investigated as a basis for a public-key cryptosystem, and the type of cryptos System shown is randomized, with infinitely many ciphertexts corresponding t o each plaintext.

Cryptography, Proceedings of the Workshop on Cryptography, Burg Feuerstein, Germany, March 29 - April 2, 1982

- Computer Science, MathematicsLecture Notes in Computer Science
- 1983

This paper presents a new algorithm for the solution of the Knapsack Problem and discusses Finite Semigroups and The RSA-Cryptosystem.

Some Regular Properties of the 'Data Encryption Standard' Algorithm

- Mathematics, Computer ScienceCRYPTO
- 1982

This note describes five regular properties of the ‘Data Encryption Standard’ or DES, two of which have been described elsewhere and are included for completeness.

DES-like functions can generate the alternating group

- Computer Science, MathematicsIEEE Trans. Inf. Theory
- 1983

It is proved that the group of permutations generated by the DES-like functions is exactly the alternating group of the set of binary n vectors.

Advances in Cryptology: Proceedings Of Crypto 83

- Computer Science, Mathematics
- 1985

Some Public-Key Crypto-Functions as Intractable as Factorization as well as Cryptosystems and Other Hard Problems.