Differential Cryptanalysis of the Full 16-round DES
In this paper we develop the first known attack which is capable of breaking the full 16 round DES in less than the 255 complexity of exhaustive search. The data anlaysis phase computes the key by analyzing about 236 ciphertexts in 237 time. The 236 usable ciphertexts are obtained during the data collection phase from a larger pool of 247 chosen plaintexts by a simple bit repetition criteria which discards more than 99.9% of the ciphertexts as soon as they are generated. While earlier versions of differential attacks were based on huge counter arrays, the new attack requires negligible memory and can be carried out in parallel on up to 233 disconnected processors with linear speedup. In addition, the new attack can be carried out even if the analyzed ciphertexts are derived from up to 233 different keys due to frequent key changes during the data collection phase. The attack can be carried out incrementally with any number of available ciphertexts, and its probability of success grows linearly with this number (e.g., when 229 usable ciphertexts are generated from a smaller pool of 240 plaintexts, the analysis time decreases to 230 and the probability of success is about 1%).
- Eli Biham, Adi Shamir, Differential Cryptanalysis of Feal and N-Hash, technical report CS91-17, Department of Applied Mathematics and Computer Science, The Weizmann Institute of Science, 1991. The extended abstract appears in Advances in cryptology, proceedings of EUROCRYPT’91, pp. 1–16, 1991.Google Scholar
- Eli Biham, Adi Shamir, Differential Cryptanalysis of Snefru, Khafre, REDOC-II, LOKI and Lucifer, technical report CS91-18, Department of Applied Mathematics and Computer Science, The Weizmann Institute of Science, 1991. The extended abstract appears in Advances in cryptology, proceedings of CRYPTO’91, 1991.Google Scholar
- David Chaum, Jan-Hendrik Evertse, Cryptanalysis of DES with a reduced number of rounds, Sequences of linear factors in block ciphers, Advances in cryptology, proceedings of CRYPTO’85, pp. 192–211, 1985.Google Scholar
- D. W. Davies, private communication.Google Scholar
- National Bureau of Standards, Data Encryption Standard, U.S. Department of Commerce, FIPS pub. 46, January 1977.Google Scholar