The Feistel function (F function) of DES
|
|
General | |
---|---|
Designers | IBM |
First published | 1975 (Federal Register) (standardized in January 1977) |
Derived from | Lucifer |
Successors | Triple DES, G-DES, DES-X, LOKI89, ICE |
Cipher detail | |
Key sizes | 56 bits (+8 parity bits) |
Block sizes | 64 bits |
Structure | Balanced Feistel network |
Rounds | 16 |
Best public cryptanalysis | |
DES is now considered insecure because a brute force attack is possible (see EFF DES cracker). As of 2008, the best analytical attack is linear cryptanalysis, which requires 243known plaintexts and has a time complexity of 239–43 (Junod, 2001). |
The Data Encryption Standard (DES, /ˌdiːˌiːˈɛs/ or /ˈdɛz/) is a symmetric-key algorithm for the encryption of electronic data. Although now considered insecure, it was highly influential in the advancement of modern cryptography.
Developed in the early 1970s at IBM and based on an earlier design by Horst Feistel, the algorithm was submitted to the National Bureau of Standards (NBS) following the agency's invitation to propose a candidate for the protection of sensitive, unclassified electronic government data. In 1976, after consultation with the National Security Agency (NSA), the NBS eventually selected a slightly modified version (strengthened against differential cryptanalysis, but weakened against brute force attacks), which was published as an official Federal Information Processing Standard (FIPS) for the United States in 1977.
The publication of an NSA-approved encryption standard simultaneously resulted in its quick international adoption and widespread academic scrutiny. Controversies arose out of classified design elements, a relatively short key length of the symmetric-key block cipher design, and the involvement of the NSA, nourishing suspicions about a backdoor. The intense academic scrutiny the algorithm received over time led to the modern understanding of block ciphers and their cryptanalysis.