On 05/07/2014 08:31 AM, Joshua Hill wrote:
On Mon, May 05, 2014 at 10:37:48PM +0200, Marcus Brinkmann wrote:
It is well known that the DES S-Boxes were specifically designed (by the
NSA, no less, back in the good ol' days) to protect against that attack.
This was the lore for years after the introduction of DES (and as you
mentioned, Schneier repeated this lore in his books), but this was
denied by Don Coppersmith (one of the cryptographers involved with the
DES S-box design) 20 years ago. Coppersmith states that cryptographers
within IBM independently knew of differential cryptanalysis as early as
1974, and that IBM did not publish a rational for the selection of the
DES S-boxes because the NSA voiced concern over the publication of this
cryptanalytic technique.
Thanks for the link. But let's be very careful here and not replace one
rumor by another: Coppersmith gives no attribution, and no description
of any process that lead to the discovery of differential attacks. He
also does not deny anything, and he does not claim "independent"
knowledge in the 1994 paper. Maybe he did that elsewhere? According to
Wikipedia, Stephen Levy claims that IBM had independent knowledge, but I
don't know his evidence, and I don't have a copy of the book around.
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
