> The impressively well-engineered > resistance of DES to differential cryptanalysis (apparently called the > "tickle attack" on the inside years before Biham and Shamir's result)
That was IBM's name for DC; it wasn't the NSA's name. In the late 90's I asked a DSD (Australian NSA) officer what the UKUSA nations called DC, and he thought about it, then declined to answer. However, a certain well known cryptographer who has done some work with the NSA told me that they called it "Directional Derivative". I asked the abovementioned DSD officer when the UKUSA nations discovered DC. Again he paused to think, and then said that he believed that Gus Simmons had publicly said that the NSA was aware of the technique in 1965 or so. Despite considerable research, I've been unable to locate any evidence of Simmons saying that. It is, however, feasable within the timeline of what is known and implied about their cipher development. Before the mid-60's, hardware implementations of block ciphers would have been largely impractical anyway. I do have to comment, however, that this particular DSD officer chose his words carefully in answering the question. Specifically, he told me what Simmons said (at least in his memory), as opposed to "we discovered it in 1965". This particular officer was responsible for crypto export control in Oz, and was a hardline anti-export warrior. He never directly lied, but in true "Yes Minister" fashion, he was regularly "economical with the truth" and quite linguistically tricky. With him, one quickly learned to listen to what he exactly said, not what he was trying to imply. :) If anyone else can confirm his claim about Simmons, I'd like to read the full text. Ian. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]