New Data Seal
|Key sizes||2048 bits|
|Block sizes||128 bits|
|Best public cryptanalysis|
|Grossman & Tuckerman's slide attack uses at most 212 chosen plaintexts|
The cipher uses a block size of 128 bits, and a very large key size of 2048 bits. Like DES it has a 16-round Feistel network structure. The round function uses two fixed 4×4-bit S-boxes, chosen to be non-affine. The key is also treated as an 8×8-bit lookup table, using the first bit of each of the 8 bytes of the half-block as input. The nth bit of the output of this table determines whether or not the two nibbles of the nth byte are swapped after S-box substitution. All rounds use the same table. Each round function ends with a fixed permutation of all 64 bits, preventing the cipher from being broken down and analyzed as a system of simpler independent subciphers.
In 1977, Edna Grossman and Bryant Tuckerman cryptanalyzed NDS using the first known slide attack. This method uses no more than 4096 chosen plaintexts; in their best trial they recovered the key with only 556 chosen plaintexts.
- Henry Beker & Fred Piper (1982). Cipher Systems: The Protection of Communications. John Wiley & Sons. pp. 263–267. ISBN 0-471-89192-4.
- D.C. Hankerson; Gary Hoffman; D.A. Leonard; Charles C. Lindner; K.T. Phelps; Christopher A. Rodger; J.R. Wall (2000). Coding Theory and Cryptography: The Essentials (2nd ed.). CRC Press. pp. 240–242. ISBN 0-8247-0465-7.