Applied Cryptography, Second Edition: Protocols, Algorthms, and Source Code in C (cloth)
(Publisher: John Wiley & Sons, Inc.)
Author(s): Bruce Schneier
ISBN: 0471128457
Publication Date: 01/01/96

Previous Table of Contents Next

12.3 Security of DES

People have long questioned the security of DES [458]. There has been much speculation on the key length, number of iterations, and design of the S-boxes. The S-boxes were particularly mysterious—all those constants, without any apparent reason as to why or what they’re for. Although IBM claimed that the inner workings were the result of 17 man-years of intensive cryptanalysis some people feared that the NSA embedded a trapdoor into the algorithm so they would have an easy means of decrypting messages.

The U.S. Senate Select Committee on Intelligence, with full top-secret clearances, investigated the matter in 1978. The findings of the committee are classified, but an unclassified summary of those findings exonerated the NSA from any improper involvement in the algorithm’s design [1552]. “It was said to have convinced IBM that a shorter key was adequate, to have indirectly assisted in the development of the S-box structures and to have certified that the final DES algorithm was, to the best of their knowledge, free of any statistical or mathematical weaknesses” [435]. However, since the government never made the details of the investigation public, many people remained unconvinced.

Tuchman and Meyer, two of the IBM cryptographers who designed DES, said the NSA did not alter the design [841]:

Their basic approach was to look for strong substitution, permutation, and key scheduling functions.... IBM has classified the notes containing the selection criteria at the request of the NSA.... “The NSA told us we had inadvertently reinvented some of the deep secrets it uses to make its own algorithms,” explains Tuchman.

Table 12.9
Commercial DES Chips

Manufacturer Chip Year Clock Data Rate Availability

AMD Am9518 1981 3 MHz 1.3 MByte/s N
AMD Am9568 ? 4 MHz 1.5 MByte/s N
AMD AmZ8068 1982 4 MHz 1.7 MByte/s N
AT&T T7000A 1985 ? 1.9 MByte/s N
CE-Infosys SuperCrypt 1992 20 MHz 12.5 MByte/s Y
CE-Infosys SuperCrypt 1994 30 MHz 20.0 MByte/s Y
Cryptech Cry12C102 1989 20 MHz 2.8 MByte/s Y
Newbridge CA20C03A 1991 25 MHz 3.85 MByte/s Y
Newbridge CA20C03W 1992 8 MHz 0.64 MByte/s Y
Newbridge CA95C68/18/09 1993 33 MHz 14.67 MByte/s Y
Pijnenburg PCC100 ? ? 2.5 MByte/s Y
Semaphore Communications Roadrunner284 ? 40 MHz 35.5 MByte/s Y
VLSI Technology VM007 1993 32 MHz 200.0 MByte/s Y
VLSI Technology VM009 1993 33 MHz 14.0 MByte/s Y
VLSI Technology 6868 1995 32 MHz 64.0 MByte/s Y
Western Digital WD2001/2002 1984 3 MHz 0.23 MByte/s N

Table 12.10
DES Speeds on Different Microprocessors and Computers

Processor Speed (in MHz) DES Blocks (per second)

8088 4.7 370
68000 7.6 900
80286 6 1,100
68020 16 3,500
68030 16 3,900
80386 25 5,000
68030 50 10,000
68040 25 16,000
68040 40 23,000
80486 66 43,000

Sun ELC 26,000
HyperSparc 32,000
RS6000-350 53,000
Sparc 10/52 84,000
DEC Alpha 4000/610 154,000
HP 9000/887 125 196,000

Previous Table of Contents Next
[an error occurred while processing this directive]