Is it possible to deduce the plaintext block or the key, given only a Simplified-DES ciphertext block (e.g. c=01110110)? I'm reading Cryptography And Network Security, by William Stallings and I'm bit confused.
Asked
Active
Viewed 1,411 times
1 Answers
3
Simplified DES is a toy Feistel cipher with 16-bit 8-bit block and 10-bit key, and only two rounds, intended for educational purposes. Here is a preview of the original paper, and an implementation; another; yet another.
If one knows one block of ciphertext, but nothing about the plaintext and key, the plaintext can not be guessed entirely: each of the $2^{10}$ key will lead to a plaintext. Most plaintext will be reached several times, but a few plaintext might be excluded. If S-DES was a perfect toy cipher, it seems that any particular plaintext would have odds about $(1-2^{-8})^{10}\approx1.8\%$ to be impossible (it turns out odds are much higher for S-DES with two rounds, which is far from a good cipher); this in itself would constitutes a practical attack in some contexts (e.g. when one is content to exclude that the plaintext is "OK" or "NO", with some sizable odds). An adversary can also assign odds to each possible plaintext, and is at a sizable advantage over a random guess of the plaintext.
If one knows enough blocks of ciphertext, and something about the plaintext, even so vague as "it is mostly text", then an attack is easy: decipher with all the possible keys, and have a human look at the $1024=2^{10}$ resulting plaintexts, formatted with one line per candidate key. Most likely the right plaintext will be spotted by naked eye+brain within seconds. This can be helped by ordering the candidates according to how well they compress with LZW or similar. Success depends on the length of the known ciphertext, and redundancy in the plaintext. If some bits of the plaintext are known, then very little ciphertext is enough (e.g. about 5 blocks if 2 bits per plaintext blocks are known to be 0, which is the case for ASCII).
fgrieu
- 149,326
- 13
- 324
- 622