New Data Seal
| General | |
|---|---|
| First published | 1975 |
| Derived from | Lucifer |
| Cipher detail | |
| Key sizes | 2048 bits |
| Block sizes | 128 bits |
| Structure | Feistel network |
| Rounds | 16 |
| Best public cryptanalysis | |
| Grossman & Tuckerman's slide attack uses at most 212 chosen plaintexts | |
In cryptography, New Data Seal (NDS) is a block cipher that was designed at IBM in 1975, based on the Lucifer algorithm that became DES.
The cipher uses a block size of 128 bits, and a very large key size of 2048 bits. Like DES it has a 16-round Feistel network structure. The round function uses two fixed 4×4-bit S-boxes, chosen to be non-affine. The key is also treated as an 8×8-bit lookup table, using the first bit of each of the 8 bytes of the half-block as input. The nth bit of the output of this table determines whether or not the two nibbles of the nth byte are swapped after S-box substitution. All rounds use the same table. Each round function ends with a fixed permutation of all 64 bits, preventing the cipher from being broken down and analyzed as a system of simpler independent subciphers.
In 1977, Edna Grossman and Bryant Tuckerman cryptanalyzed NDS using the first known slide attack. This method uses no more than 4096 chosen plaintexts; in their best trial they recovered the key with only 556 chosen plaintexts.