The data encryption standard (DES) is an encryption method of substantial practical importance; it is widely used in commercial transactions. This paper deals with an issue that is directly related to the question of how secure the DES is. The starting point of the paper is Rivest’s report [1] at Crypto ’85 of the discovery of a plaintext that reappeared after only about 2³³ iterations of being alternately subjected to superencryption with the all zeros and the all ones DES key. At the same conference Coppersmith proposed an explanation of this unexpected phenomenon, which the paper under review shows to be correct. Cycles that conform to Coppersmith’s explanation, including Rivest’s original cycle, are christened Coppersmith cycles. The authors also show that there are other types of small cycles for certain DES keys.

The paper is well written; because of its mathematical content (which, even though it is not advanced, is pervasive) it is accessible mainly to specialists in cryptanalysis (for whom it should be required reading). However, I am completely mystified why the paper appeared in a software engineering journal.