Re: "complementary pairs of keys"

Darrell Kindred (dkindred@cmu.edu)
Sun, 4 May 1997 22:24:43 -0400


Justin Dolske writes:
> You can't really make use of this to directly speed up the keysearch,
> though. That's because to find out anything about K', you need to modify
> P', not P -- which means you've got to do the whole DES encryptino process
> again. Ie, P<-K=C does not imply P<-K'=C'

Actually, you often can take advantage of this property to
save some work, and I imagine DESCHALL clients do.

The reason is that even though you have to do two
encryptions to check K and K', you can use the same key in
both encryptions. Since there's usually some work
associated with setting up a new key for encryption, you
win. It's not a 2x speedup, but it helps.

So for each key, K, that you test, you try encrypting P with
K and compare against C, then you try encrypting P' with K
and compare against C'. If the first test succeeds, the
real key is K; if the second test succeeds, the real key is
K'.

- Darrell