[2663] in cryptography@c2.net mail archive
DES search faces possible legal challenge
daemon@ATHENA.MIT.EDU (Frank Andrew Stevenson)
Tue May 12 11:37:36 1998
Date: Tue, 12 May 1998 09:02:58 +0200 (MDT)
From: Frank Andrew Stevenson <frank@funcom.com>
To: cryptography@c2.net
After over 1 year of preperation the keyblitz project realeased it's
DES searching client on May 1st this year, the search was only
allowed to run for 11 days before it faced a possible legal challenge:
http://www.thoic.com/keyblitz/
The keyblitz search is not a academic DES challenge, but a real
life 'malicious' attack on a deployed cryptographic system. The target
of the search is management keys for the European D2-MAC / Eurocrypt
sattelite scrambling system.
Although the search had only been running for 11 days the team
claimed to have recovered 2 DES keys already. This is made
possible by exploiting a weakness in the Eurocrypt protocoll.
TV signals are coded under the control of a single Operational
key. However this key is continously being updated to the
systems smart cards encrypted under as many as perhaps 2000
different managment keys. Recovering a single managment
key will suffice to recover future operational keys.
The modified DES search will encrypt the known operational
(plaintext) key with a set of trial keys, and check every
encryption against the list of 2000 ciphertexts. Such a
lookup is much faster that 2000 trial encryptions, and can
be done quickly using binary search or table lookups. The net
result is that the complexity of recovering a single
management key is 2^45 as opposed to 2^55 of recovering
a single DES key.
Subsequent operational keys can then be found by simple
decryption, and published over the internet on such sites
as http://www.d2mac.com
frank
--
This sentence is unique in this respect;
it can safely be attributed to my employer, Funcom productions.
E3D2BCADBEF8C82F A5891D2B6730EA1B PGPencrypted mail preferred, finger for key
There is no place like N59 50.558' E010 50.870'.
