Linear Cryptanalysis Method for DES Cipher
We introduce a new method for cryptanalysis of DES cipher, which is essentially a known-plaintext attack. As a result, it is possible to break 8-round DES cipher with 221 known-plaintexts and 16-round DES cipher with 247 known-plaintexts, respectively. Moreover, this method is applicable to an only-ciphertext attack in certain situations. For example, if plaintexts consist of natural English sentences represented by ASCII codes, 8-round DES cipher is breakable with 229 ciphertexts only.
- E. Biham and A. Shamir, “Differential Cryptanalysis of FEAL and N-Hash,” Advances in Cryptology-EUROCRYPT’91, Lecture Notes in Computer Science, Vol.547, pp. 1–16, (1991).Google Scholar
- E. Biham and A. Shamir, “Differential Cryptanalysis of the full 16-round DES,” CRYPTO’92 Extended Abstracts, pp.12-1–12-5, (1992).Google Scholar
- A. Tardy-Corfdir and H. Gilbert, “A Known Plaintext Attack of FEAL-4 and FEAL-6,” Advances in Cryptology-CRYPTO’91, Lecture Notes in Computer Science, Vol.576, pp.172–182, (1991).Google Scholar
- M. Matsui and A. Yamagishi, “A New Method for Known Plaintext Attack of FEAL Cipher,” Advances in Cryptology-EUROCRYPT’92, Lecture Notes in Computer Science,Vol.658, pp.81–91, (1992).Google Scholar
- A. Shamir, “On the Security of DES,” Advances in Cryptology-CRYPTO’85, Lecture Notes in Computer Science, Vol.218, pp.280–281, (1985).Google Scholar
- R.A. Rueppel, “Analysis and Design of Stream Ciphers,” Springer Verlag, (1986).Google Scholar