Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [desx]

DESX is an extension of DES that attempts to foil brute force attacks

DESX is an extension of DES that attempts to foil brute force attacks. It does this by adding two 64 bit whitening keys and is defined as:

$DESX(K, K_1, K_2, P) = K_2 \oplus DES(K, K_1 \oplus P)$

DESX is proposed by Ron Rivest in May 1984, however, there is no article to the proposal!

9 questions
4
votes
2 answers

Why does DESX break if one removed post whitening?

DESX uses whitening to strengthen against brute force attacks. What is an attack one could use to recover DESX's pre-whitening key with only two known ciphertext/plaintext pairs, given that the attacker can successfully disable the post-whitening…
RenWal
  • 45
  • 4
4
votes
1 answer

A simple attack on DESX in time $2^{120}$

Let $\mathcal{M}$ be our message space and $\mathcal{K}$ our key space. Now, let $\mathrm{E} : \mathcal{K} \times \mathcal{M} \to \mathcal{M}$ be a block cipher. Define the block cipher $\mathrm{EX}((k_1, k_2, k_3), m) := k_1 \oplus \mathrm{E}(k_2,…
d125q
  • 192
  • 1
  • 7
3
votes
1 answer

Effective key length in DESX variant

We are given a variant of DESX, where $ENC(M)= DES_k(M \oplus k_1)$ (keys are 64bits). In DESX effective key length is $119-lb(M)$ according to wikipedia, but I have not found how this is calculated. I know that the effective key length should be…
elrond
  • 133
  • 5
3
votes
1 answer

total effective key length of the AESX-192

If I have a AESX-192 be a block cipher which is similar to DESX but has the DES being replaced by AES and the AES key size is 192 bits. How should I compute the total effective key length of the AESX-192.
Ricky
  • 133
  • 1
  • 1
  • 5
2
votes
1 answer

Why is the second XOR operation in OCB mode necessary?

In Rogaway's OCB mode, the offset (derived from the key) ist XOR-added twice: Once to the plaintext block, and a second time after the Encryption. I am wondering, why the second XOR operation is necessary. The design is I believe inspired by the…
mat
  • 2,558
  • 1
  • 14
  • 28
2
votes
1 answer

DES-X , computation load and storage

The passage said that the computational load to attack DES-X can be reduced to approximately $2^{(56+64)}=2^{120}$ steps,and the storage of data sets should be $2^{64}$. But I can't figure why it is time complexity $2^{120}$ and the (space…
C learner
  • 23
  • 4
1
vote
1 answer

Comparing DES and DES-X variation: $Enc(m) = DES_{k_1}(m \oplus k_2)$

I came across this question: Test the security of the following variation of DES-X cryptosystem, which uses 2 keys $k_1$ and $k_2$: $$Enc(m) = DES_{k_1}(m \oplus k_2)$$ (Basically, it uses the 2nd key to xor the text before the DES encryption) So,…
Don S
  • 13
  • 4
1
vote
2 answers

Some simple questions about tweakable ciphers

I have read a few papers on tweakable ciphers (didn't understand them well, though) and looked at many of the questions and answers on this exchange: What is a tweakable block cipher, Tweakable Block ciphers, Tweaking Even-Mansour Ciphers [video].…
Red Book 1
  • 1,025
  • 10
  • 26
-1
votes
1 answer

How to make DES more secure without switching from des state to another cryptography system and what are limitations of DES?

How to make DES more secure without switching from des state to another cryptography system and what are limitations of DES? Is there any 3 ways to make des more secure?
user97033