Is the Data Encryption Standard a group? (Results of cycling experiments on DES)

@article{Kaliski2004IsTD,
  title={Is the Data Encryption Standard a group? (Results of cycling experiments on DES)},
  author={Burton S. Kaliski and Ronald L. Rivest and Alan T. Sherman},
  journal={Journal of Cryptology},
  year={2004},
  volume={1},
  pages={3-36}
}
The Data Encryption Standard (DES) defines an indexed set of permutations acting on the message space ℳ ={0,1}64. If this set of permutations were closed under functional composition, then the two most popular proposals for strengthening DES through multiple encryption would be equivalent to single encryption. Moreover, DES would be vulnerable to a known-plaintext attack that runs in 228 steps on the average. It is unknown in the open literature whether or not DES has this weakness.Two… 
The t-wise Independence of Substitution-Permutation Networks
TLDR
Almost pairwise independence is proved for sufficiently many rounds of both the AES block cipher and the MiMC block cipher, assuming independent sub-keys, and it is shown that instantiating a key-alternating cipher with most permutations gives us (almost) t-wise independence in t+o(t) rounds.
A Simplified and Generalized Treatment of DES-Related Ciphers
TLDR
A two-round simplified version of DES is constructed that contains all the DES components and is shown to be not a group under functional composition, it is not a pure cipher, and its set of encryption permutations does not generate the alternating group.
Algebraic aspects of the advanced encryption standard
TLDR
This work will examine some algebraic aspects of the AES and consider a number of algebraic techniques that could be used in the analysis of the cipher, and focus on the large, though surprisingly simple, systems of multivariate quadratic equations derived from the encryption operation.
Algebraic properties of generalized Rijndael-like ciphers
TLDR
Conditions under which the group generated by the Rijndael-like round functions based on operations of the finite field GF (p k ) is equal to the symmetric group or the alternating group on the state space are provided.
Parallel Collision Search with Cryptanalytic Applications
TLDR
The new technique greatly extends the reach of practical attacks, providing the most cost-effective means known to date for defeating: the small subgroup used in certain schemes based on discrete logarithms such as Schnorr, DSA, and elliptic curve cryptosystems; hash functions; and double encryption and three-key triple encryption.
On Boolean functions, symmetric cryptography and algebraic coding theory
TLDR
It is proved that hidden sum trapdoors are practical and can perform a global reconstruction attack, and the notion of Anti-Crooked function is introduced.
Algebraic properties of cryptosystem PGM
TLDR
It is shown that the set of PGM transformations ℐG is not closed under functional composition and hence not a group, which is one of the strongest security conditions that can be offered by a private-key encryption system.
On the primitivity of Lai-Massey schemes
TLDR
The Lai-Massey scheme is proposed, a framework which combines both Substitution Permutation Network and Feistel Network features, and resistance to the imprimitivity attack is obtained as a consequence of a more general result.
The Round Functions of Cryptosystem PGM Generate the Symmetric Group
TLDR
If G is a nontrivial finite group which is not cyclic of order aprime, or the square of a prime, then the round functions of these systems, that are the permutations of G induced by the exact-transversal logarithmic signatures (also known as transversal group bases), generate the full symmetric group on G.
Generalised Round Functions for Block Ciphers and their Security
TLDR
The immunity from some group-theoretical attacks is investigated, and it is shown how to avoid that the group generated by the round functions acts imprimitively, which would represent a serious flaw for the cipher.
...
1
2
3
4
...

References

SHOWING 1-10 OF 77 REFERENCES
Is the Data Encryption Standard a Group? (Preliminary Abstract)
TLDR
The Data Encryption Standard (DES) defines an indexed set of permutations acting on the message space M = {0,1}64, which would be vulnerable to a known-plaintext attack that runs in 228 steps, on the average.
Is DES a Pure Cipher? (Results of More Cycling Experiments on DES)
TLDR
During summer 1985, eight cycling experiments on the Data Encryption Standard (DES) were performed to see if DES has certain algebraic weaknesses, and the results show with overwhelming confidence that DES is not pure.
A cryptanalytic time-memory trade-off
  • M. Hellman
  • Computer Science, Mathematics
    IEEE Trans. Inf. Theory
  • 1980
TLDR
A probabilistic method is presented which cryptanalyzes any N key cryptosystem in N 2/3 operational with N2/3 words of memory after a precomputation which requires N operations, and works in a chosen plaintext attack and can also be used in a ciphertext-only attack.
Two Issues in Public Key Cryptography: RSA Bit Security and a New Knapsack Type System
  • B. Chor
  • Computer Science, Mathematics
  • 1986
TLDR
This book explores public key cryptographic systems, first investigating the question of cryptographic security of bits in the RSA encryption and then constructing a new knapsack type public key cryptosystem, based on arithmetic in finite fields, following a construction by Bose and Chowla.
On the security of multiple encryption
TLDR
It is shown that although either technique significantly improves security over single encryption, the new technique does not significantly increase security over simple double encryption.
Advances in Cryptology
TLDR
The undecidable word problem for groups and semlgroups is investigated as a basis for a public-key cryptosystem, and the type of cryptos System shown is randomized, with infinitely many ciphertexts corresponding t o each plaintext.
Cryptography, Proceedings of the Workshop on Cryptography, Burg Feuerstein, Germany, March 29 - April 2, 1982
  • T. Beth
  • Computer Science, Mathematics
    Lecture Notes in Computer Science
  • 1983
TLDR
This paper presents a new algorithm for the solution of the Knapsack Problem and discusses Finite Semigroups and The RSA-Cryptosystem.
Some Regular Properties of the 'Data Encryption Standard' Algorithm
  • D. Davies
  • Mathematics, Computer Science
    CRYPTO
  • 1982
TLDR
This note describes five regular properties of the ‘Data Encryption Standard’ or DES, two of which have been described elsewhere and are included for completeness.
DES-like functions can generate the alternating group
TLDR
It is proved that the group of permutations generated by the DES-like functions is exactly the alternating group of the set of binary n vectors.
Advances in Cryptology: Proceedings Of Crypto 83
  • D. Chaum
  • Computer Science, Mathematics
  • 1985
TLDR
Some Public-Key Crypto-Functions as Intractable as Factorization as well as Cryptosystems and Other Hard Problems.
...
1
2
3
4
5
...