Prove the following: if P is a bit mixing permutation then for all x and y in A, P(x xor y) = P(x) xor P(y).
2. In class, we discussed the fact that DES implements a tiny fraction of all possible permutations on 64-bit binary strings. Let's model the set of permutations realized by DES as 256 distinct permutations, and call this set of permutations D. Now, what is the probability that a randomly-chosen 64-bit permutation (from the space of all possible permutations) is contained in D?
3. This problem has two parts; the first part is the easier.
4. We saw in class that 256 DES keys was not enough: specialized hardware could be built which finds the key by exhaustive search in about 35 mins on average (for about $1M US, in 1998). We might attempt to increase the length of the 56-bit DES key by making a new block cipher DES+ with a 120-bit key as follows:
5. The following problem is very challenging and should not be attempted unless you have successfully completed the 4 preceeding problems and you are prepared to spend some significant time and are fairly comfortable with linear algebra.
We have claimed that the design of the S-boxes in DES was very carefully chosen. This exercise shows that not any design will do.
Let's say you have the ability to change the contents of the S-boxes (not the structure, just the numbers inside). Change them to anything you like and call this new cipher WDES (for Weak DES). Then describe a simple attack on WDES which efficiently extracts the key given one known plaintext-ciphertext pair.