Would DES be secure with 128 bit keys?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP












3












$begingroup$


Assuming you only modify the key schedule so that each of a 128-bit key is used at least once, would DES be about as secure as other ciphers such as AES? I am not talking about 2DES/3DES or other drawbacks like performance etc.










share|improve this question











$endgroup$







  • 4




    $begingroup$
    You should also define the new key schedule. When parameters changed, It usually requires new design and analysis. See AES-128 vs AES-256.
    $endgroup$
    – kelalaka
    Feb 18 at 17:08






  • 1




    $begingroup$
    One could take this question to be about Lucifer, or about Lucifer with the S-boxes as modified by the NSA to make them resist differential cryptanalysis.
    $endgroup$
    – Squeamish Ossifrage
    Feb 18 at 17:32















3












$begingroup$


Assuming you only modify the key schedule so that each of a 128-bit key is used at least once, would DES be about as secure as other ciphers such as AES? I am not talking about 2DES/3DES or other drawbacks like performance etc.










share|improve this question











$endgroup$







  • 4




    $begingroup$
    You should also define the new key schedule. When parameters changed, It usually requires new design and analysis. See AES-128 vs AES-256.
    $endgroup$
    – kelalaka
    Feb 18 at 17:08






  • 1




    $begingroup$
    One could take this question to be about Lucifer, or about Lucifer with the S-boxes as modified by the NSA to make them resist differential cryptanalysis.
    $endgroup$
    – Squeamish Ossifrage
    Feb 18 at 17:32













3












3








3





$begingroup$


Assuming you only modify the key schedule so that each of a 128-bit key is used at least once, would DES be about as secure as other ciphers such as AES? I am not talking about 2DES/3DES or other drawbacks like performance etc.










share|improve this question











$endgroup$




Assuming you only modify the key schedule so that each of a 128-bit key is used at least once, would DES be about as secure as other ciphers such as AES? I am not talking about 2DES/3DES or other drawbacks like performance etc.







des






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Feb 18 at 17:06









kelalaka

8,43822351




8,43822351










asked Feb 18 at 16:23









enigma969enigma969

183




183







  • 4




    $begingroup$
    You should also define the new key schedule. When parameters changed, It usually requires new design and analysis. See AES-128 vs AES-256.
    $endgroup$
    – kelalaka
    Feb 18 at 17:08






  • 1




    $begingroup$
    One could take this question to be about Lucifer, or about Lucifer with the S-boxes as modified by the NSA to make them resist differential cryptanalysis.
    $endgroup$
    – Squeamish Ossifrage
    Feb 18 at 17:32












  • 4




    $begingroup$
    You should also define the new key schedule. When parameters changed, It usually requires new design and analysis. See AES-128 vs AES-256.
    $endgroup$
    – kelalaka
    Feb 18 at 17:08






  • 1




    $begingroup$
    One could take this question to be about Lucifer, or about Lucifer with the S-boxes as modified by the NSA to make them resist differential cryptanalysis.
    $endgroup$
    – Squeamish Ossifrage
    Feb 18 at 17:32







4




4




$begingroup$
You should also define the new key schedule. When parameters changed, It usually requires new design and analysis. See AES-128 vs AES-256.
$endgroup$
– kelalaka
Feb 18 at 17:08




$begingroup$
You should also define the new key schedule. When parameters changed, It usually requires new design and analysis. See AES-128 vs AES-256.
$endgroup$
– kelalaka
Feb 18 at 17:08




1




1




$begingroup$
One could take this question to be about Lucifer, or about Lucifer with the S-boxes as modified by the NSA to make them resist differential cryptanalysis.
$endgroup$
– Squeamish Ossifrage
Feb 18 at 17:32




$begingroup$
One could take this question to be about Lucifer, or about Lucifer with the S-boxes as modified by the NSA to make them resist differential cryptanalysis.
$endgroup$
– Squeamish Ossifrage
Feb 18 at 17:32










1 Answer
1






active

oldest

votes


















8












$begingroup$

No, DES* (which I'll call your "DES modified to use 128 bit keys") would not be as secure as AES; two reasons spring immediately to mind:



  • Block size; DES* would still have 64 bit blocks; most block cipher modes start to leak information when you get close to the birthday bound; for DES*, that'd be 32Gigabytes, which isn't that long for common use. In contrast, AES (which has a 128 bit block size) has a birthday bound of circa 300Exabytes


  • Linear cryptanalysis; DES is known to be weak against linear cryptanalysis; depending on how you map the 128 bit keys to the DES* subkeys, DES* may very well be as well. Of course, AES is known to be immune to linear cryptanalysis






share|improve this answer









$endgroup$








  • 3




    $begingroup$
    And that's already enough reason not to go for 128 bit DES, ignoring the less serious issues such as parity bits, weak keys and what-not.
    $endgroup$
    – Maarten Bodewes
    Feb 18 at 17:10











Your Answer





StackExchange.ifUsing("editor", function ()
return StackExchange.using("mathjaxEditing", function ()
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix)
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
);
);
, "mathjax-editing");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "281"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f67407%2fwould-des-be-secure-with-128-bit-keys%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









8












$begingroup$

No, DES* (which I'll call your "DES modified to use 128 bit keys") would not be as secure as AES; two reasons spring immediately to mind:



  • Block size; DES* would still have 64 bit blocks; most block cipher modes start to leak information when you get close to the birthday bound; for DES*, that'd be 32Gigabytes, which isn't that long for common use. In contrast, AES (which has a 128 bit block size) has a birthday bound of circa 300Exabytes


  • Linear cryptanalysis; DES is known to be weak against linear cryptanalysis; depending on how you map the 128 bit keys to the DES* subkeys, DES* may very well be as well. Of course, AES is known to be immune to linear cryptanalysis






share|improve this answer









$endgroup$








  • 3




    $begingroup$
    And that's already enough reason not to go for 128 bit DES, ignoring the less serious issues such as parity bits, weak keys and what-not.
    $endgroup$
    – Maarten Bodewes
    Feb 18 at 17:10
















8












$begingroup$

No, DES* (which I'll call your "DES modified to use 128 bit keys") would not be as secure as AES; two reasons spring immediately to mind:



  • Block size; DES* would still have 64 bit blocks; most block cipher modes start to leak information when you get close to the birthday bound; for DES*, that'd be 32Gigabytes, which isn't that long for common use. In contrast, AES (which has a 128 bit block size) has a birthday bound of circa 300Exabytes


  • Linear cryptanalysis; DES is known to be weak against linear cryptanalysis; depending on how you map the 128 bit keys to the DES* subkeys, DES* may very well be as well. Of course, AES is known to be immune to linear cryptanalysis






share|improve this answer









$endgroup$








  • 3




    $begingroup$
    And that's already enough reason not to go for 128 bit DES, ignoring the less serious issues such as parity bits, weak keys and what-not.
    $endgroup$
    – Maarten Bodewes
    Feb 18 at 17:10














8












8








8





$begingroup$

No, DES* (which I'll call your "DES modified to use 128 bit keys") would not be as secure as AES; two reasons spring immediately to mind:



  • Block size; DES* would still have 64 bit blocks; most block cipher modes start to leak information when you get close to the birthday bound; for DES*, that'd be 32Gigabytes, which isn't that long for common use. In contrast, AES (which has a 128 bit block size) has a birthday bound of circa 300Exabytes


  • Linear cryptanalysis; DES is known to be weak against linear cryptanalysis; depending on how you map the 128 bit keys to the DES* subkeys, DES* may very well be as well. Of course, AES is known to be immune to linear cryptanalysis






share|improve this answer









$endgroup$



No, DES* (which I'll call your "DES modified to use 128 bit keys") would not be as secure as AES; two reasons spring immediately to mind:



  • Block size; DES* would still have 64 bit blocks; most block cipher modes start to leak information when you get close to the birthday bound; for DES*, that'd be 32Gigabytes, which isn't that long for common use. In contrast, AES (which has a 128 bit block size) has a birthday bound of circa 300Exabytes


  • Linear cryptanalysis; DES is known to be weak against linear cryptanalysis; depending on how you map the 128 bit keys to the DES* subkeys, DES* may very well be as well. Of course, AES is known to be immune to linear cryptanalysis







share|improve this answer












share|improve this answer



share|improve this answer










answered Feb 18 at 16:53









ponchoponcho

93k2145241




93k2145241







  • 3




    $begingroup$
    And that's already enough reason not to go for 128 bit DES, ignoring the less serious issues such as parity bits, weak keys and what-not.
    $endgroup$
    – Maarten Bodewes
    Feb 18 at 17:10













  • 3




    $begingroup$
    And that's already enough reason not to go for 128 bit DES, ignoring the less serious issues such as parity bits, weak keys and what-not.
    $endgroup$
    – Maarten Bodewes
    Feb 18 at 17:10








3




3




$begingroup$
And that's already enough reason not to go for 128 bit DES, ignoring the less serious issues such as parity bits, weak keys and what-not.
$endgroup$
– Maarten Bodewes
Feb 18 at 17:10





$begingroup$
And that's already enough reason not to go for 128 bit DES, ignoring the less serious issues such as parity bits, weak keys and what-not.
$endgroup$
– Maarten Bodewes
Feb 18 at 17:10


















draft saved

draft discarded
















































Thanks for contributing an answer to Cryptography Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

Use MathJax to format equations. MathJax reference.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f67407%2fwould-des-be-secure-with-128-bit-keys%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown






Popular posts from this blog

How to check contact read email or not when send email to Individual?

Displaying single band from multi-band raster using QGIS

How many registers does an x86_64 CPU actually have?