DES and Cryptanalysis

Question 1

What is the key schedule in DES?

Answer 1

DEs key schedule returns various permutations of k as sub-keys for later Feistel networks e.g. key 1for feistel network 1, key 2 for feistel network 2, etc…

Question 2

What is PC-1 in DES?

Answer 2

PC-1 selects 56 of the 64 bits in the original key. The other parity bits are discarded, and these key bits are removed in a systematic manner i.e. the same key bits every time are removed.

Question 3

What are the properties of the key schedule?

Answer 3

• It is entirely permutation based
• Doesn’t use XOR, addition or any other mixing operation
• The last round of key permutation is the same key as the first key calculated

Question 4

How do meet-in-the-middle attacks work?

Answer 4

They split the search space in two, and start by calculating encryptions and store intermediate values. They then calculate all decryptions and then find any value that matches the intermediate values.

Question 5

What are the practicalities of Meet-in-the-middle attacks?

Answer 5

• Requires 2^(k + 1) attempts rather than 2^(k * 2)
• Trades computation for storage e.g. petabytes needed for DES
• Assumes some kind of O(1) lookup

Question 6

Why did people start using triple DES instead of standard DES?

Answer 6

• Increased key sizes e.g. 168-bits, which made brute force attacks significantly harder
• Resisted known attacks on DES e.g. differential and linear cryptanalysis

Question 7

What were some issues with Triple DES?

Answer 7

• 3x slower than DES
• Smaller block size

Question 8

What are the types of attacks on cryptographic systems, in order of least strong to most strong?

Answer 8

• Brute force
• Ciphertext-only
• Known-plaintext
• Chosen-plaintext
• Chosen-ciphertext
• Related-key attacks

Question 9

What are the two types of attacks in cryptanalysis?

Answer 9

Analytical attacks - Exploit some underlying structural or mathematical weakness in a cipher
Statistical attacks - Capture statistical patterns between input and output to recover key bits

Question 10

How does Differential Cryptanalysis work, and what sort of strength level is it?

Answer 10

Aims to find predictable changes in output bits caused by known changes in input bits.
It’s a chosen plaintext attack, so quite strong.

Question 11

How do you resist differential cryptanalysis?

Answer 11

• S-Boxes must be designed such that the probability of any pair is as low as possible
• More rounds make differentials less likely
• Good permutation to involve more S-Boxes