We Owe Much to DES
By Bruce Schneier
August 30, 2004
It was a historic moment when, last month, the National Institute of Standards and Technology proposed withdrawing the Data Encryption Standard as an encryption standard.
DES has been the most popular encryption algorithm for 25 years. Developed at IBM, it was chosen by the National Bureau of Standards (now NIST) as the government-standard encryption algorithm in 1976. Since then, it has become an international encryption standard and has been used in thousands of applications, despite concerns about its short key length.
In 1972, the NBS initiated a program to protect computer and communications data that included a standard encryption algorithm. IBM submitted an algorithm that used simple logical operations on small groups of bits and could be implemented efficiently in mid-1970s hardware. The algorithm's key strength comes from an S-box, a nonlinear table-lookup specified by strings of constants.
NBS lacked the ability to evaluate the algorithm, so it turned to the National Security Agency for help. NSA changed the constants in the S-boxes and reduced the key size from its original 128 bits to 56 bits -- less than the specified 64 bits. The revised algorithm, DES, was published by NBS in March 1975. There was a public outcry among the few who paid attention because the NSA did not make the changes public and gave no rationale for them. Only in the '90s was it learned that the S-box changes were made for classified reasons.
Despite criticism, the DES was adopted as a Federal Information Processing Standard in November 1976. DES was also adopted by other standards bodies worldwide, including the American National Standards Institute and the International Organization for Standardization. It became the standard encryption algorithm in the banking industry and was used in many applications around the world. NBS recertified DES for the first time in 1987; NIST recertified DES in 1993; and, in 1997, both bodies initiated a program to replace DES with the Advanced Encryption Standard.
In the late '90s, it was widely believed that NSA could break DES by trying every possible key, something called brute force cryptanalysis. The Electronic Frontier Foundation demonstrated this ability in July 1998, when John Gilmore built a $250,000 machine that could break a DES key by brute force in a few days. Years before, more-secure applications had already converted to the triple-DES encryption algorithm, which is the application of three DES encryptions, effectively lengthening the key. It's in wide use today to protect all kinds of secrets.
Almost all today's newer encryption algorithms have roots in DES, on which the modern academic discipline of cryptography was founded. Every standard should have such long, useful life.
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..