[cryptography] DES history

Marcus Brinkmann marcus.brinkmann at ruhr-uni-bochum.de
Mon May 5 21:58:23 EDT 2014

On 05/06/2014 01:20 AM, Bernie Cosell wrote:
> On 6 May 2014 at 8:35, Dave Horsfall wrote:
>> On Mon, 5 May 2014, Marcus Brinkmann wrote:
>>> It is well known that the DES S-Boxes were specifically designed (by
>> the
>>> NSA, no less, back in the good ol' days) to protect against that
>> attack.
>> If I recall Schneier, the S-boxes were *modified* by the NSA, not
>> designed.
> More than that, the modifications *improved* the S-boxes --- they made
> DES resistent to differential attacks that [AFAIK] weren't yet known in
> the civilian community.  I think it was only after a few years that the
> impact of their changes was understood [and that it was a good thing].

On rereading the Wikipedia article on DES history, the whole story seems 
to be considerably muddier than I recalled at first.

On the one hand, the article cites Schneier "Applied Cryptography" (2nd 
ed.). p. 280, quoting Alan Konheim (one of the designers of DES) with: 
"We sent the S-boxes off to Washington. They came back and were all 

On the other hand the article says that Steven Levy ("Crypto") claims 
that "IBM Watson researchers discovered differential cryptanalytic 
attacks in 1974 and were asked by the NSA to keep the technique secret."

Yet again the "United States Senate Select Committee on Intelligence" is 
cited with: "In the development of DES, NSA [...] indirectly assisted in 
the development of the S-box structures."

Also, the article cites "a declassified NSA book on cryptologic history" 
with: "NSA worked closely with IBM to strengthen the algorithm against 
all except brute force attacks and to strengthen substitution tables, 
called S-boxes."

I guess a more careful review of the evidence is required to make heads 
and tails of it.


More information about the cryptography mailing list