[cryptography] DES history

Marcus Brinkmann marcus.brinkmann at ruhr-uni-bochum.de
Wed May 7 05:27:30 EDT 2014

On 05/07/2014 08:31 AM, Joshua Hill wrote:
> On Mon, May 05, 2014 at 10:37:48PM +0200, Marcus Brinkmann wrote:
>> It is well known that the DES S-Boxes were specifically designed (by the
>> NSA, no less, back in the good ol' days) to protect against that attack.
> This was the lore for years after the introduction of DES (and as you
> mentioned, Schneier repeated this lore in his books), but this was
> denied by Don Coppersmith (one of the cryptographers involved with the
> DES S-box design) 20 years ago. Coppersmith states that cryptographers
> within IBM independently knew of differential cryptanalysis as early as
> 1974, and that IBM did not publish a rational for the selection of the
> DES S-boxes because the NSA voiced concern over the publication of this
> cryptanalytic technique.

Thanks for the link.  But let's be very careful here and not replace one 
rumor by another: Coppersmith gives no attribution, and no description 
of any process that lead to the discovery of differential attacks.  He 
also does not deny anything, and he does not claim "independent" 
knowledge in the 1994 paper.  Maybe he did that elsewhere?  According to 
Wikipedia, Stephen Levy claims that IBM had independent knowledge, but I 
don't know his evidence, and I don't have a copy of the book around.

More information about the cryptography mailing list