World Library  
Flag as Inappropriate
Email this Article


Article Id: WHEBN0000619801
Reproduction Date:

Title: Des-x  
Author: World Heritage Encyclopedia
Language: English
Subject: WikiProject Cryptography, Key whitening, Triple DES, RC2, Data Encryption Standard
Collection: Broken Block Ciphers, Data Encryption Standard
Publisher: World Heritage Encyclopedia


In cryptography, DES-X (or DESX) is a variant on the DES (Data Encryption Standard) symmetric-key block cipher intended to increase the complexity of a brute force attack using a technique called key whitening.

The original DES algorithm was specified in 1976 with a 56-bit key size: 256 possibilities for the key. There was criticism that an exhaustive search might be within the capabilities of large governments, particularly the United States' National Security Agency (NSA). One scheme to increase the key size of DES without substantially altering the algorithm was DES-X, proposed by Ron Rivest in May 1984.

The algorithm has been included in RSA Security's BSAFE cryptographic library since the late 1980s.

DES-X augments DES by XORing an extra 64 bits of key (K1) to the plaintext before applying DES, and then XORing another 64 bits of key (K2) after the encryption:

\mbox{DES-X}(M) = K_2 \oplus \mbox{DES}_K(M \oplus K_1)

The key size is thereby increased to 56 + (2 × 64) = 184 bits.

However, the effective key size (security) is only increased to 56+64-1-lb(M) = 119 - lb(M) = ~119 bits, where M is the number of chosen plaintext/ciphertext pairs the adversary can obtain, and lb denotes the binary logarithm. Moreover key size drops to 88 bits given 232.5 known plaintext and using advanced slide attack. (Because of this, some implementations actually make K2 a strong one way function of K1 and K.)

DES-X also increases the strength of DES against differential cryptanalysis and linear cryptanalysis, although the improvement is much smaller than in the case of brute force attacks. It is estimated that differential cryptanalysis would require 261 chosen plaintexts (vs. 247 for DES), while linear cryptanalysis would require 260 known plaintexts (vs. 243 for DES.) Note that with 264 plaintexts (known or chosen being the same in this case), DES (or indeed any other block cipher with a 64 bit block size) is totally broken via the elementary codebook attack.

See also


  • Joe Kilian and Phillip Rogaway, How to protect DES against exhaustive key search(PDF), Advances in Cryptology - Crypto '96, Springer-Verlag (1996), pp. 252–267.
  • P. Rogaway, The security of DESX (PostScript), CryptoBytes 2(2) (Summer 1996).
  • A. Biryukov and D. Wagner, Advanced Slide Attacks, Eurocrypt 2000, Springer-Verlag (2000), pp. 589–606.

External links

  • RSA FAQ Entry
This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.

Copyright © World Library Foundation. All rights reserved. eBooks from Project Gutenberg are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.