S-Box changes

Michael Roth mroth at nessie.de
Fri Sep 24 02:02:36 CEST 1999 

On Thu, 23 Sep 1999, Lazarus Long wrote:

> Why are S-boxes being changed?  Forgive my suspicious sounding question
> here, but I'm sure you can understand how this can be a sensitive matter.

You mean the latest Tripple-DES changes, do you? So, take a look at the
ChangeLog file in the same directory:

Wed Sep 15 14:39:59 CEST 1999  Michael Roth <mroth at nessie.de>

        * des.c: Various speed improvements: One bit pre rotation
          trick after initial permutation (Richard Outerbridge).
          Finished test of SSLeay Tripple-DES patterns.

And additionally check out the comment before the S-Boxes in 3des.c:

	/*
	 * The s-box values are permuted according to the 'primitive function P'
	 * and are rotated one bit to the left.
	 */

The second line is new in the latest CVS versions. So, you migth guess it:
This are speed improvemenents. Further more: When you look at the
FIPS-46-2 paper and compare the given S-Boxes their with those used in
GnuPG it will look like that the S-Boxes in GnuPG are different. But as
you might guess: In GnuPG their are some pre calculations made to speed
up the whole encrypting/decrypting Tripple-DES process. In reality the
S-Boxes are exactly equal. They just _look_ different.
However, if you don't trust me, the advantages of Open-Source crypto
plays the game: Just choose a Tripple-DES implementation of your choice
and compare its results with the Tripple-DES implementation used in
GnuPG. For example, if you trust the SSLeay implementation you will see
that GnuPG even uses SSLeays test vectors to check its own Tripple-DES
implementation is Ok. Further more: You could take the orginal FIPS paper
and GnuPGs Tripple-DES source and reverse all speed improvement changes 
made in GnuPG and check if the result of this process is a native
implementation wich follows the FIPS rules. Their is nobody who prevents
you from doing this.

To state it clear: GnuPG uses DES exactly as described in the FIPS 46-2
paper. Their are _no_ changes in the S-Boxes and _no_ changes in the
algorithmen at a whole.
However, their are some programming technics used to gain more or less
speed improvements. To an inexperienced programmer these tricks could look
like changes in the algorithmn by accident. But in reality their are no
changes. Their are implementation issues developed for efficiency reasons.


cu
		Michael Roth

More information about the Gnupg-devel mailing list