Journal of Cryptology

, Volume 4, Issue 1, pp 3–72 | Cite as

Differential cryptanalysis of DES-like cryptosystems

  • Eli Biham
  • Adi Shamir


The Data Encryption Standard (DES) is the best known and most widely used cryptosystem for civilian applications. It was developed at IBM and adopted by the National Bureau of Standards in the mid 1970s, and has successfully withstood all the attacks published so far in the open literature. In this paper we develop a new type of cryptanalytic attack which can break the reduced variant of DES with eight rounds in a few minutes on a personal computer and can break any reduced variant of DES (with up to 15 rounds) using less than 256 operations and chosen plaintexts. The new attack can be applied to a variety of DES-like substitution/permutation cryptosystems, and demonstrates the crucial role of the (unpublished) design rules.

Key words

Data Encryption Standard Differential cryptanalysis Iterated cryptosystems 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    E. F. Brickell, J. H. Moore, M. R. Purtill, Structure in the S-boxes of the DES,Advances in Cryptology, Proceedings of CRYPTO 86, pp. 3–7, 1986.Google Scholar
  2. [2]
    D. Chaum, J.-H. Evertse, Cryptanalysis of DES with a Reduced Number of Rounds, Sequences of Linear Factors in Block Ciphers,Advances in Cryptology, Proceedings of CRYPTO 85, pp. 192–211, 1985.Google Scholar
  3. [3]
    D. W. Davies, Private communications.Google Scholar
  4. [4]
    B. Den Boer, Cryptanalysis of F.E.A.L.,Advances in Cryptology, Proceedings of EUROCRYPT 88, pp. 293–300, 1988.Google Scholar
  5. [5]
    Y. Desmedt, J.-J. Quisquater, M. Davio, Dependence of output on input in DES: small avalanche characteristics,Advances in Cryptology, Proceedings of CRYPTO 84, pp. 359–376, 1984.Google Scholar
  6. [6]
    W. Diffie, M. E. Hellman, Exhaustive cryptanalysis of the NBS Data Encryption Standard,Computer, Vol. 10, No. 6, pp. 74–84, June 1977.Google Scholar
  7. [7]
    H. Feistel, Cryptography and data security,Scientific American, Vol. 228, No. 5, pp. 15–23, May 1973.Google Scholar
  8. [8]
    M. E. Hellman, A cryptanalytic time-memory tradeoff,IEEE Transactions on Information Theory, Vol. 26, No. 4, pp. 401–406, July 1980.Google Scholar
  9. [9]
    M. E. Hellman, R. Merkle, R. Schroppel, L. Washington, W. Diffie, S. Pohlig, P. Schweitzer, Results of an Initial Attempt to Cryptanalyze the NBS Data Encryption Standard, Standford University, September 1976.Google Scholar
  10. [10]
    R. C. Merkle, A fast software one-way hash function,Journal of Cryptology, Vol. 3, No. 1, pp. 43–58, 1990.Google Scholar
  11. [11]
    S. Miyaguchi, Feal-N specifications, NTT, 1989.Google Scholar
  12. [12]
    S. Miyaguchi, News on Feal Cipher, Talk at the RUMP session at CRYPTO 90, 1990.Google Scholar
  13. [13]
    S. Miyaguchi, K. Ohta, M. Iwata, 128-bit hash function (N-Hash),Proceedings of SECURICOM 90, pp. 123–137, March 1990.Google Scholar
  14. [14]
    S. Miyaguchi, A. Shiraishi, A. Shimizu, Fast data encryption algorithm Feal-8,Review of Electrical Communications Laboratories, Vol. 36, No. 4, pp. 433–437, 1988.Google Scholar
  15. [15]
    National Bureau of Standars,Data Encryption Standard, FIPS publication, No. 46, U. S. Department of Commerce, January 1977.Google Scholar
  16. [16]
    I. Schaumuller-Bichl, Zur Analyse des Data Encryption Standard und Synthese Verwandter Chiffriersysteme, Ph.D. Thesis, Linz University, May 1981.Google Scholar
  17. [17]
    I. Schaumuller-Bichl, Cryptanalysis of the Data Encryption Standard by the method of formal coding,Cryptologia, Proceedings of CRYPTO 82, pp. 235–255, 1982.Google Scholar
  18. [18]
    I. Schaumuller-Bichl, On the Design and Analysis of New Cipher Systems Related to the DES, Technical Report, Linz University, 1983.Google Scholar
  19. [19]
    A. Shimizu, S. Miyaguchi, Fast Data Encryption Algorithm Feal,Advances in Cryptology, Proceedings of EUROCRYPT 87, pp. 267–278, 1987.Google Scholar
  20. [20]
    A. Shimizu, S. Miyaguchi, Fast Data Encryption Algorithm Feal,Abstracts of EUROCRYPT 87, pp. VII-11–VII-14, April 1987.Google Scholar

Copyright information

© International Association for Cryptologic Research 1991

Authors and Affiliations

  • Eli Biham
    • 1
  • Adi Shamir
    • 1
  1. 1.Department of Applied Mathematics and Computer ScienceThe Weizmann Institute of ScienceRehovotIsrael

Personalised recommendations