1

I came across this question:

  • Test the security of the following variation of DES-X cryptosystem, which uses 2 keys $k_1$ and $k_2$: $$Enc(m) = DES_{k_1}(m \oplus k_2)$$

(Basically, it uses the 2nd key to xor the text before the DES encryption)

So, I've started researching it and i got confused.

In general, lots of people suggested that XORing the original text or the ciphertext provides extra security only against brute-force attacks.

However, in this very-similar-question, the first answer states that the extra XOR " has almost no advantage compared to DES (even) in term of resistance to brute force".

Both got me confused because, in this illustration of the simple DES, lots of different keys are generated to XOR blocks of the text several times, so I guess the same is happening twice in the variation above (or 3 times in case of DES-X). As I see it, something like this really messes things up.

Is this really so useless even against brute-force attacks? And if so, can you explain it a bit?

kelalaka
  • 49,797
  • 12
  • 123
  • 211
Don S
  • 13
  • 4

1 Answers1

0

The hint that you have given is simply saying that, if you have more than one (better many) plaintext-ciphertext pairs;

  • First, apply the n-pad attack to recover the real $k_2$ by; $$p_1 \oplus p_2 = m_1 \oplus m_2$$ $$p_1 \oplus p_3 = m_1 \oplus m_3,\ldots$$etc. Once you recover one of the $m_i$'s than $$ p_i = k_2 \oplus m_i$$ is enough to extract the $k_2$

  • Then apply the usual brute-force with $k_2$ is known.

Note: your DES-X is not using key whitening which uses 3 keys, not 2.

kelalaka
  • 49,797
  • 12
  • 123
  • 211