The RSA
Data Security Secret-Key Challenge |
RSA
Laboratories is pleased to announce the establishment of
a series of new cryptographic contests. The goal of the
contests described here is to quantify the security
offered by the government-endorsed data encryption
standard (DES) and other secret-key ciphers with keys of various
sizes. The information obtained from these contests is
anticipated to be of value to researchers and developers
alike as they estimate the strength of an algorithm or
application against exhaustive key-search. It is widely agreed
that 56-bit keys, such as those offered by the
government's DES standard, offer marginal protection
against a committed adversary. By inertia as much as
anything else, however, DES is still used for many
applications. Theoretical studies have been performed showing
that it is possible to build for a modest sum a
specialized computer "DES cracker" that could
crack keys in mere hours by exhaustive search. However,
no one is known to have built such a machine in the
private sector, and it is generally unknown whether or
not one has been built by any government, either. The successful
factorizations achieved as part of the RSA Factoring
Challenge (launched by RSA Data Security, Inc. in 1991)
show that for some types of problems, it is possible to
recruit spare cycles on a large number of machines
distributed around the Internet. Therefore, by offering a
suitable incentive, it might well be possible to recruit
sufficient computational power across the Internet to
exhaustively search the DES keyspace (or the keyspace of
a cipher with a comparable keysize) in a matter of weeks. The RSA Secret-Key
Challenge consists of one DES challenge and twelve
contests based around the block cipher RC5. DES has a
fixed key of length 56 bits, and the ciphertext produced
by DES-encrypting some unknown plaintext will be posted
as part of the DES challenge. RC5 is a fully
parameterized block cipher, and twelve RC5 contests will
be posted. As well as having a variable key size, RC5
also has a variable block size and a variable number of
rounds; however, all the RC5 contests posted as part of
the RSA Secret-Key Challenge will use 12-round RC5 with a
32-bit word size. The different RC5 contests will involve
secret keys of different lengths. The first RC5 contest
will consist of some unknown plaintext encrypted using a
40-bit key; the second will consist of some unknown
plaintext encrypted using a 48-bit key; and so forth to
the twelfth contest, which will consist of some unknown
plaintext message encrypted using a 128-bit key. For each contest, the
unknown plaintext message is preceded by three known
blocks of text that contain the 24-character phrase
"The unknown message is: ". While the mystery
text that follows will clearly be known to a few
employees of RSA Data Security, the secret key itself used
for the encryption was generated at random and never
revealed to the challenge administrators. The goal of
each contest is for participants to recover the secret randomly-generated
key that was used in the encryption. In addition to the
"real" contests, thirteen
"pseudo-contests" will be posted. These pseudo-contests
have no prizes attached to them and the solutions to each
pseudo-contest is not secret. The pseudo-contests are
only supplied so that contest participants can test out
their software in a "contest" scenario with a
known solution. RSA Data Security requests that participants
not submit solutions to the practice contests, except
possibly to test out the formatting of output produced by
their software. |
THE RULES | THE FORMAT | STATUS & PRIZES | CONTESTS |