NewDES

Algorithm

NewDES, unlike DES, has no bit-level permutations, making it easy to implement in software. All operations are performed on whole bytes. It is a product cipher, consisting of 17 rounds performed on a 64-bit data block and makes use of a 120-bit key.

In each round, subkey material is XORed with the 1-byte sub-blocks of data, then fed through an S-box, the output of which is then XORed with another sub-block of data. In total, 8 XORs are performed in each round. The S-box is derived from the United States Declaration of Independence (to show that Scott had nothing up his sleeve).

Each set of two rounds uses seven 1-byte subkeys, which are derived by splitting 56 bits of the key into bytes. The key is then rotated 56 bits for use in the next two rounds.

Cryptanalysis

Only a small amount of cryptanalysis has been published on NewDES. The designer showed that NewDES exhibits the full avalanche effect after seven rounds: every ciphertext bit depends on every plaintext bit and key bit.

NewDES has the same complementation property that DES has: namely, that if

then

where

is the bitwise complement of x. This means that the work factor for a brute force attack is reduced by a factor of 2. Eli Biham also noticed that changing a full byte in all the key and data bytes leads to another complementation property. This reduces the work factor by 2⁸.

Biham's related-key attack can break NewDES with 2³³ chosen-key chosen plaintexts, meaning that NewDES is not as secure as DES.

John Kelsey, Bruce Schneier, and David Wagner used related-key cryptanalysis to develop another attack on NewDES; it requires 2³² known plaintexts and one related key.