Xref: utzoo comp.misc:5452 sci.crypt:1649
Path: utzoo!utgpu!watmath!maytag!water!ymchee
From: ymchee@water.waterloo.edu (Yeow Meng Chee)
Newsgroups: comp.misc,sci.crypt
Subject: Re: DES Busting--Let's See Some Proof!
Message-ID: <2151@water.waterloo.edu>
Date: 12 Mar 89 04:42:42 GMT
References: <15057@cup.portal.com> <5555@abo.fi> <6096@abo.fi> <800@Portia.Stanford.EDU>
Organization: U of Waterloo, Ontario
Lines: 18

In article <800@Portia.Stanford.EDU>, foo@Portia.Stanford.EDU (castor fu) writes:
> Although the Russian rumor is suspect, in a class I have been sitting in on
> the professor said that Adi Shamir (MIT) claims to have broken (in some sense
> which is not clear) a modified DES
> where only 8 rounds of encryption instead of the normal sixteen are used.
>            ^                                            ^^^^^^^
> 
> 			-Castor Fu
> 			foo@portia.stanford.edu


There is a general phenomena called Combinatorial Explosion which is
inherent in many combinatorial problems: for any problem, there is an
integer N such that it is possible to solve the problem of size N-1 by
hand, the problem of size N can be solved on a computer, and the problem
of size N+1 cannot be solved on even the fastest computer around in
reasonable time. So breaking DES with 8 rounds does not really imply
that DES with 16 rounds can be broken in reasonable time.