Return to Timeline of the History of Computers
1974
Data Encryption Standard
Horst Feistel (1915–1990)
In the late 1960s, Lloyds Bank in the United Kingdom asked IBM to create an unattended cash-dispensing machine—what we now call an automatic teller machine, or ATM. IBM realized that it needed to encrypt the data sent between the bank and the machine, lest thieves splice the telephone wires and convince the machine to dispense all of its cash. So IBM charged its newly created cryptography research group headed by Horst Feistel with the task. The group created an algorithm called Lucifer.
Lucifer encrypted blocks of data using 128-bit long keys. The algorithm was unbreakable, as far as anyone knew, meaning that there was no way to find the secret key used to encrypt a message other than by trying all possible keys—an impossible task.
In May 1973 and again in August 1974, the US National Bureau of Standards (NBS) invited cryptographers to submit their algorithms in a competition to create a national encryption standard. Lucifer was the best submission that NBS received. But when NBS finally adopted the algorithm as the Data Encryption Standard (DES), two important changes were made at the request of the US National Security Agency (NSA): the key size was cut from 128 bits to 56, and the way that the algorithm used its keys became significantly more complicated. Some academics criticized the move, claiming that the NSA had intentionally weakened the algorithm.
It turns out that the agency had actually strengthened the algorithm. The NSA had discovered an attack on Lucifer using a classified cryptanalytic technique called differential cryptanalysis. But the NSA couldn’t explain this in 1974. Academics independently discovered differential cryptanalysis two decades later.
DES remained in use well into the 1990s, when the nonprofit Electronic Frontier Foundation constructed a special-purpose DES-cracking machine for roughly $250,000. From that point on, it was clear that a single application of DES was not sufficient to keep secrets safe. In 1999, many users started using Triple DES, in which the algorithm is used three times, with three different keys, for an effective key length of 168 bits.
Today Triple DES has largely been replaced by the Advanced Encryption Standard (AES).
SEE ALSO Advanced Encryption Standard (2001)
Engraving of Lucifer by Gustave Doré, for John Milton’s Paradise Lost. The US National Bureau of Standards adopted the Lucifer algorithm as the Data Encryption Standard in 1974.