Lucifer (cipher)
cryptography, Lucifer was the name given to several of the earliest civilian block ciphers, developed by Horst Feistel and his colleagues at IBM. Lucifer was a direct precursor to the Data Encryption Standard. One version, alternatively named DTD-1, saw commercial use in the 1970s for electronic banking.
One variant, described in (Feistel, 1973), uses a 128-bit key and operates on 128-bit blocks. The cipher is a Substitution-permutation network and uses two 4-bit S-boxes. The key selects which S-boxes are used.
A later Lucifer was a 16-round Feistel network, also on 128-bit blocks and 128-bit keys, described in (Sorkin, 1984). This version was shown to be susceptible to differential cryptanalysis; for about half the keys, the cipher can be broken with 236 chosen plaintexts and 236 time complexity (Ben-Aroya and Biham, 1996).
IBM submitted the Feistel-network version of Lucifer as a candidate for DES (compare the more recent AES process). After some redesign (a reduction to a 56-bit key and 64-bit block, but strengthened against differential cryptanalysis) it became the Data Encryption Standard in 1977.
The name "Lucifer" was apparently a pun on "Demon". This was in turn a truncation of "Demonstration", the name for a privacy system Feistel was working on. The operating system used could not handle the longer name. (See Forth for a similar, also humorous, compression consequence).
References
- Ishai Ben-Aroya, Eli Biham (1996). Differential Cryptanalysis of Lucifer. Journal of Cryptology 9(1), pp. 21–34, 1996.
- Eli Biham, Adi Shamir (1991). Differential Cryptanalysis of Snefru, Khafre, REDOC-II, LOKI and Lucifer. CRYPTO 1991: pp156–171
- Whitfield Diffie, Susan Landau (1998). Privacy on the Line: The Politics of Wiretapping and Encryption.
- Horst Feistel, (1973). Cryptography and Computer Privacy". Scientific American, 228(5), May 1973, pp 15–23.
- Stephen Levy. (2001). Crypto: Secrecy and Privacy in the New Code War (Penguin Press Science).
- A. Sorkin, (1984). LUCIFER: a cryptographic algorithm. Cryptologia, 8(1), 22--35, 1984.
