A method to estimate the number of ciphertext pairs for differential cryptanalysis
Differential cryptanalysis introduced by Biham and Shamir in 1990 is one of the most powerful attacks to DES-like cryptosystems. This attack presumes on some tendency of the target cryptosystem. So the efficiency of the attack depends upon the conspicuousness of this tendency. S/N ratio introduced in the paper is to evaluate this conspicuousness. In other words, the S/N ratio is a measure of the efficiency of the attack. Nevertheless, S/N ratio does NOT suggest how many pairs of ciphertexts are needed.
In this paper, we show how to estimate the number of necessary pairs of ciphertexts for the differential cryptanalysis. We also show that our estimation is adequate using the 8-round-DES as an example. Biham and Shamir also showed a counting scheme to save memories at the cost of efficiency. We show an algorithm to find the secret key saving memories at the less cost of efficiency.
Unable to display preview. Download preview PDF.
- National Bureau of Standards, Data Encryption Standard, U.S. Department of Commerce, FIPS pub. 46, January 1977.Google Scholar
- Shoji Miyaguchi, Akira Shiraishi, Akihiro Shimizu, Fast data encryption algorithm Feal-8, Review of electrical communications laboratories, Vol.36 No.4, 1988.Google Scholar
- Lawrence Brown, Josef Pieprzyk, Jennifer Seberry, LOKI — A Cryptographic Primitive for Authentication and Secrecy Applications, Advances in Cryptology — AUSCRYPT'90. Springer Verlag, Lecture Notes 453, pp.229–236, 1990.Google Scholar
- Eli Biham, Adi Shamir, Differential Cryptanalysis of DES-like Cryptosystems, proceedings of CRYPTO 90, 1990.Google Scholar