The First Experimental Cryptanalysis of the Data Encryption Standard

  • Mitsuru Matsui
Conference paper

DOI: 10.1007/3-540-48658-5_1

Part of the Lecture Notes in Computer Science book series (LNCS, volume 839)
Cite this paper as:
Matsui M. (1994) The First Experimental Cryptanalysis of the Data Encryption Standard. In: Desmedt Y.G. (eds) Advances in Cryptology — CRYPTO ’94. CRYPTO 1994. Lecture Notes in Computer Science, vol 839. Springer, Berlin, Heidelberg


This paper describes an improved version of linear cryptanalysis and its application to the first successful computer experiment in breaking the full 16-round DES. The scenario is a known-plaintext attack based on two new linear approximate equations, each of which provides candidates for 13 secret key bits with negligible memory. Moreover, reliability of the key candidates is taken into consideration, which increases the success rate. As a result, the full 16-round DES is breakable with high success probability if 24.3 random plaintexts and their ciphertexts are available. The author carried out the first experimental attack using twelve computers to confirm this: he finally reached all of the 56 secret key bits in fifty days, out of which forty days were spent for generating plaintexts and their ciphertexts and only ten days were spent for the actual key search.

Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 1994

Authors and Affiliations

  • Mitsuru Matsui
    • 1
  1. 1.Computer & Information Systems LaboratoryMitsubishi Electric CorporationKamakura, KanagawaJapan

Personalised recommendations