On the Complexity of Matsui’s Attack
Linear cryptanalysis remains the most powerful attack against DES at this time. Given 243 known plaintext-ciphertext pairs, Matsui expected a complexity of less than 243 DES evaluations in 85 % of the cases for recovering the key. In this paper, we present a theoretical and experimental complexity analysis of this attack, which has been simulated 21 times using the idle time of several computers. The experimental results suggest a complexity upper-bounded by 241 DES evaluations in 85 % of the case, while more than the half of the experiments needed less than 239 DES evaluations. In addition, we give a detailed theoretical analysis of the attack complexity.
Keywordslinear cryptanalysis DES
- 1.E. Biham, A fast new DES implementation in software, FSE’ 97, LNCS, vol. 1267, Springer-Verlag, 1997, pp. 260–272.Google Scholar
- 2.U. Blöcher and M. Dichtl, Problems with the linear cryptanalysis of DES using more than one active S-box per round, FSE’ 94, LNCS, vol. 1008, Springer-Verlag, 1995, pp. 265–274.Google Scholar
- 3.C. Harpes, G. Kramer, and J.L. Massey, A generalization of linear cryptanalysis and the applicability of Matsui’s piling-up lemma, Advances in Cryptology—EuroCrypt’ 95, LNCS, vol. 921, Springer-Verlag, 1995, pp. 24–38.Google Scholar
- 5.M. Kwan, Reducing the gate count of bitslice DES, http://eprint.iacr.org/2000/051.ps, 2000.
- 6.M. Matsui, Linear cryptanalysis method for DES cipher, Advances in Cryptology—EuroCrypt’ 93, LNCS, vol. 765, Springer-Verlag, 1993, pp. 386–397.Google Scholar
- 7.___, The first experimental cryptanalysis of the Data Encryption Standard, Advances in Cryptology—Crypto’ 94, LNCS, vol. 839, Springer-Verlag, 1994, pp. 1–11.Google Scholar
- 8.L. May, L. Penna, and A. Clark, An implementation of bitsliced DES on the pentium MMX TM processor, Information Security and Privacy: 5th Australasian Conference, ACISP 2000, LNCS, vol. 1841, Springer-Verlag, 2000.Google Scholar
- 10.National Bureau of Standards, Data encryption standard, U. S. Department of Commerce, 1977.Google Scholar
- 11.A. Rényi, Probability theory, Elsevier, 1970.Google Scholar
- 13.S. Vaudenay, An experiment on DES statistical cryptanalysis, 3rd ACM Conference on Computer and Communications Security, ACM Press, 1996, pp. 139–147.Google Scholar