Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!husc6!hao!ames!sdcsvax!ucsdhub!hp-sdd!hplabs!hp-pcd!hpcvlo!john
From: john@hpcvlo.HP.COM (John Eaton)
Newsgroups: sci.crypt
Subject: Double Des
Message-ID: <1290007@hpcvlo.HP.COM>
Date: Fri, 23-Oct-87 15:23:20 EST
Article-I.D.: hpcvlo.1290007
Posted: Fri Oct 23 15:23:20 1987
Date-Received: Mon, 26-Oct-87 01:48:58 EST
Organization: Hewlett-Packard Co., Corvallis, OR, USA
Lines: 27

<<<<<

 I recently mentioned the use of multiple DES encryptions in order to get
around the limitations of a 56 bit key length. Several people wrote to say
that this won't work because encrypting with two keys would be equivalent to
a single encryption with a third key. I dont think this is true for DES
because of one simple reason. The number of possible DES encryptions is only
a small subset of the total number of possible transformations. There are
(2^64)factorial possible ways to transform a 8 byte group of numbers into 
another 8 byte group. The 2^56 ways that are equivalent to DES keys are only
a small subset of possible transformations. If a crypto system has the number
of keys equal to the total possible number of transformations then multiple
encryptions would be useless but this is not the case with DES. Another 
characteristic of these systems is that they would have a "Null" key that
would encrypt any input into itself.

 A possible way to prove this is simple. Take an 8 byte input and encrypt it
with all 2^56 DES keys and make a list of the 2^56 results. Then take each of
the results and encrypt each one with all of the 2^56 possible DES keys. If
this second round of 2^112 encryptions ever produces a result that is not on
your list from the first round then you have found a combination of two keys
that can never be duplicated with a single key encryption.


John Eaton
!hplabs!hp-pcd!john