Differential Cryptanalysis of DES-like Cryptosystems

Extended Abstract
  • Eli Biham
  • Adi Shamir
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 537)


The Data Encryption Standard (DES) is the best known and most widely used cryptosystem for civilian applications. It was developed at IBM and adopted by the National Buraeu of Standards in the mid 70’s, and has successfully withstood all the attacks published so far in the open literature. In this paper we develop a new type of cryptanalytic attack which can break DES with up to eight rounds in a few minutes on a PC and can break DES with up to 15 rounds faster than an exhaustive search. The new attack can be applied to a variety of DES-like substitution/permutation cryptosystems, and demonstrates the crucial role of the (unpublished) design rules.


  1. [1]
    E. F. Brickell, J. H. Moore, M. R. Purtill, Structure in the S-Boxes of the DES, Advances in cryptology, proceedings of CRYPTO 86, pp. 3–7, 1986.Google Scholar
  2. [2]
    David Chaum, Jan-Hendrik Evertse, Cryptanalysis of DES with a reduced number of rounds, Sequences of linear factors in block ciphers, technical report, 1987.Google Scholar
  3. [3]
    D. W. Davies, private communications.Google Scholar
  4. [4]
    Bert Den Boer, Cryptanalysis of F. E. A. L., Advances in cryptology, proceedings of EUROCRYPT 88, 1988.Google Scholar
  5. [5]
    Yvo Desmedt, Jean-Jacque Quisquater, Marc Davio, Dependence of output on input in DES: small avalanche characteristics, Advances in cryptology, proceedings of CRYPTO 84, pp. 359–376, 1984.Google Scholar
  6. [6]
    W. Diffie and M. E. Hellman, Exhaustive cryptanalysis of the NBS Data Encryption Standard, Computer, Vol. 10, No. 6, pp. 74–84, June 1977.CrossRefGoogle Scholar
  7. [7]
    H. Feistel, Cryptography and data security, Scientific american, Vol 228, No. 5, pp. 15–23, May 1973.CrossRefGoogle Scholar
  8. [8]
    M. E. Hellman, A Cryptanalytic Time-Memory Tradeoff, IEEE Trans. Inform. Theory, Vol. 26, No. 4, pp. 401–406, July 1980.MathSciNetCrossRefGoogle Scholar
  9. [9]
    M. E. Hellman, R. Merkle, R. Schroppel, L. Washington, W. Diffie, S. Pohlig and P. Schweitzer, Results of an Initial Attempt to Cryptanalyze the NBS Data Encryption Standard, Stanford university, September 1976.Google Scholar
  10. [10]
    Ralph C. Merkle, technical report, March 1990.Google Scholar
  11. [11]
    Shoji Miyaguchi, Feal-N specifications.Google Scholar
  12. [12]
    S. Miyaguchi, K. Ohta, M. Iwata, 128-bit hash function (N-Hash), proceedings of SECURICOM90, March 1990.Google Scholar
  13. [13]
    Shoji Miyaguchi, Akira Shiraishi, Akihiro Shimizu, Fast data encryption algorithm Feal-8, Review of electrical communications laboratories, Vol. 36 No. 4, 1988.Google Scholar
  14. [14]
    National Bureau of Standards, Data Encryption Standard, U.S. Department of Commerce, FIPS pub. 46, January 1977.Google Scholar
  15. [15]
    Ingrid Schaumuller-Bichl, Zur Analyse des Data Encryption Standard und Synthese Verwandter Chiffriersysteme, thesis, May 1981.Google Scholar
  16. [16]
    Ingrid Schaumuller-Bichl, Cryptanalysis of the Data Encryption Standard by the Method of Formal Coding, Cryptologia, proceedings of CRYPTO 82, pp. 235–255, 1982.Google Scholar
  17. [17]
    Ingrid Schaumuller-Bichl, On the Design and Analysis of New Cipher Systems Related to the DES, technical report, 1983.Google Scholar
  18. [18]
    Akihiro Shimizu, Shoji Miyaguchi, Fast Data Encryption Algorithm Feal, Advances in cryptology. proceedings of EUROCRYPT 87. pp. 267, 1957.Google Scholar
  19. [19]
    Akihiro Shimizu, Shoji Miyaguchi. Fast Data Encryption Algorithm Feal, Abstracts of EUROCRYPT 87. Amsterdam, April 1987.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1991

Authors and Affiliations

  • Eli Biham
    • 1
  • Adi Shamir
    • 1
  1. 1.Department of Applied MathematicsThe Weizmann Institute of ScienceIsrael

Personalised recommendations