Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!husc6!sri-unix!sri-spam!ames!sdcsvax!ucsdhub!hp-sdd!hplabs!sdcrdcf!randvax!jim
From: jim@randvax.UUCP (Jim Gillogly)
Newsgroups: sci.crypt
Subject: Re: Design for a DES-breaker
Message-ID: <305@markle.randvax.UUCP>
Date: Mon, 19-Oct-87 11:44:06 EDT
Article-I.D.: markle.305
Posted: Mon Oct 19 11:44:06 1987
Date-Received: Fri, 23-Oct-87 03:50:39 EDT
References: <7449@reed.UUCP-> <1409@osiris.UUCP> <289@apr.UUCP> <6491@apple.UUCP> <1483@faline.bellcore.com>
Reply-To: jim@markle.UUCP (Jim Gillogly)
Organization: Banzai Institute
Lines: 15
Summary: Table lookup not necessarily needed

In article <1483@faline.bellcore.com> karn@faline.bellcore.com (Phil R. Karn) writes:
>Each round in DES involves an expansion, exclusive-OR, a ROM table
>lookup (the S-boxes) followed by a permutation (P-boxes) and then
>another exclusive-OR.

If it helps, the S-box step can be done with Boolean operators: each of
the 4 output bits of each S box can be represented as a Boolean function
of the 6 input bits.  Some of them are simpler than one might expect, as
has been pointed out in the literature.  I suspect this would be faster in
hardware than a ROM lookup, but it would presumably take more chip area
and reinforce the bottom line of Phil's argument.
-- 
	Jim Gillogly
	{hplabs, ihnp4}!sdcrdcf!randvax!jim
	jim@rand-unix.arpa