Modes of operation for encryption algorithms
The breaking of a US standard

Lars Ramkilde Knudsen, Department of Informatics, University of Bergen

The history of cryptography is long and goes back at least 4,000 years to the Egyptians, who used hieroglyphic codes for inscription on tombs. Since then many cryptosystems, also called ciphers, have seen the light of the day. The most well-known conventional cryptosystem is the Data Encryption Standard (DES), developed by IBM in the mid 70's and standardised in the US in 1977. Because of the tremendous progress in computer technology in recent years, the DES has become inadequate for secure encryption. This has been known for some years, and it has often been recommended to use the DES in multiple modes of operation, where the plaintext is encrypted several times with the DES using different keys. The American National Standards Institute (ANSI) has been working on standardising a suite of multiple modes for use with DES. One such mode, developed by IBM, was included as the strongest such mode. Shortly before the final vote of the standard Eli Biham and myself found an attack on the mode, which shows that the strength of the proposal is several orders of magnitudes less than expected. Because of our attack the US government informed ANSI that they would not recommend the standard for governmental use, whereafter ANSI withdrew the (draft) standard. A new standard is now being developed.

back to seminar homepage