# Understanding Cryptography by Christof Paar and Jan Pelzl - Chapter 3 Solutions - Ex3.6

- 4 mins- Return to index
- Exercise 3.1
- Exercise 3.2
- Exercise 3.3
- Exercise 3.4
- Exercise 3.5
- Exercise 3.6
- Exercise 3.7
- Exercise 3.8
- Exercise 3.9
- Exercise 3.10
- Exercise 3.11
- Exercise 3.12
- Exercise 3.13

## Exercise 3.6

An avalanche effect is also desirable for the key: A one-bit change in a key should result in a dramatically different ciphertext if the plaintext is unchanged.

- Assume an encryption with a given key. Now assume the key bit at position 1 (prior to PC − 1) is being flipped. Which S-boxes in which rounds are affected by the bit flip during DES encryption?
- Which S-boxes in which DES rounds are affected by this bit flip during DES decryption?

### Solution

*I haven’t yet verified this solution independently. If you spot any mistakes, please leave a comment in the Disqus box at the bottom of the page.*

1. The keybit at position 1 is moved to position 8 by .

The two halves of the key which are independently rotated are referred to as and .

Since is all 0s, then will also be all 0s.

(due to the 1 in position 8).

In rounds 1, 2, 9, and 16, the key halves are rotated 1 position left. In all other rounds, they are rotated 2 positions left.

It’s worth noting that, even after the permutation, a keybit in the first half will remain in the first half after permutation. Second-half keybits will also remain in the second half after permutation.

This allows us to completely forget about when calculating which S-boxes are affected.

2. It’s not necessary to explicitly check what the effect of this bitflip is during decryption key-scheduling, since it must be the same in reverse. If it wasn’t the S-boxes would receive different input during decryption than they do during encryption, and the cipher would not function.

I wrote a python script which can calculate which S-boxes are affected: