# Differential Cryptanalysis of the Full 16-Round DES

@inproceedings{Biham1992DifferentialCO, title={Differential Cryptanalysis of the Full 16-Round DES}, author={Eli Biham and Adi Shamir}, booktitle={Annual International Cryptology Conference}, year={1992} }

In this paper we develop the first known attack which is capable of breaking the full 16 round DES in less than the 255 complexity of exhaustive search. The data analysis phase computes the key by analyzing about 236 ciphertexts in 237 time. The 236 usable ciphertexts are obtained during the data collection phase from a larger pool of 247 chosen plaintexts by a simple bit repetition criteria which discards more than 99.9% of the ciphertexts as soon as they are generated. While earlier versions…

## 158 Citations

### Algebraic-Differential Cryptanalysis of DES

- Computer Science, Mathematics
- 2009

An attack against round-reduced version of DES mixing algebraic and differential techniques, which reduces the minimum numbers of pairs required and the cost is higher than a standard usual differential cryptanalysis but remaining at a reasonable level.

### Structural Cryptanalysis of the Message Based Random Variable Length Key Encryption Algorithm (MRVLK)

- Computer Science, Mathematics
- 2014

The attack performs analysis on the final ciphertext and reveals the plaintext of MRVLK by exploiting the fact that the structure of the ciphertext is obvious and weak and efficiently utilizes this information and prompts the operations cryptanalysis.

### An experiment on DES statistical cryptanalysis

- Computer Science, MathematicsCCS '96
- 1996

A new heuristic method has found an attack against DES absolutely equivalent to M. Matsui's (1994) one by following a distinct path and appears to be roughly as efficient as both differential and linear cryptanalysis.

### Algebraic Cryptanalysis of Curry and Flurry Using Correlated Messages

- Computer Science, MathematicsInscrypt
- 2009

It turns out that the new approach permits to go one step further in the (algebraic) cryptanalysis of difficult instances of Flurry and Curry and is polynomial when the Sbox is a power function.

### Cryptanalysis of Block Ciphers

- Computer Science, Mathematics
- 2008

This thesis proposes a new extension of differential cryptanalysis, which is called the impossible boomerang attack, and describes the early abort technique for (related-key) impossible differential crypt analysis and rectangle attacks.

### Cryptanalysis of the CFB Mode of the DES with a Reduced Number of Rounds

- Computer Science, MathematicsCRYPTO
- 1993

Three attacks on the DES with a reduced number of rounds in the Cipher Feedback Mode (CFB) are studied, namely a meet in the middle attack, a differential attack, and a linear attack, showing that the final permutation has some cryptographic significance in the CFB mode.

### Cryptanalysis of SIMON Variants with Connections

- Computer Science, MathematicsRFIDSec
- 2014

This work presents several linear characteristics for reduced-round SIMON32/64 that can be used for a key-recovery attack and extend them further to attack other variants of SIMON, and exploits a connection between linear and differential characteristics for SIMON to constructlinear characteristics for different variants of reduced- round SIMON.

### Advanced Truncated Differential Attacks Against GOST Block Cipher and Its Variants

- Computer Science, Mathematics
- 2015

This paper presents an attack against full GOST for the variant of GOST which is supposed to be the strongest one and uses the set of S-boxes proposed in ISO 18033-3, and is of Depth-First key search style constructed by solving several underlying optimization problems.

### Linear cryptanalysis of substitution-permutation networks

- Computer Science, Mathematics
- 2004

The Q cipher, an SPN submitted to the European Commission's NESSIE cryptographic competition, is analyzed and it is proved that Q can be broken using linear cryptanalysis based onlinear hulls, the first use of linear hulls to break a proposed cipher.

### Provable Security Against Differential Cryptanalysis

- Mathematics, Computer ScienceCRYPTO
- 1992

It is shown that there exist functions such that the probabilities of differentials are less than or equal to 22 − n where n is the length of the plaintext block and an prototype of an iterated block cipher, which is compatible with DES and has proven security against differential attacks.

## References

SHOWING 1-10 OF 16 REFERENCES

### Cryptanalysis of DES with a reduced number of rounds

- Mathematics, Computer ScienceCRYPTO 1986
- 1986

A blockcipher is said to have a linear factor if, for all plaintexts and keys, there is a fixed non-empty set of key bits whose simultaneous complementation leaves the exclusive-or sum of a fixed…

### Differential Cryptanalysis of Snefru, Khafre, REDOC-II, LOKI and Lucifer

- Mathematics, Computer ScienceCRYPTO
- 1991

Differential cryptanalytic methods are applied to the hash function Snefru and to the cryptosystems Khafre, REDOC-II, LOKI, and Lucifer.

### Differential Cryptanalysis of Feal and N-Hash

- Computer Science, MathematicsEUROCRYPT
- 1991

The applicability of differential cryptanalysis to the Feal family of encryption algorithms and to the N-Hash hash function is shown.

### Crytanalysis of DES with a Reduced Number of Rounds: Sequences of Linear Factors in Block Ciphers

- Mathematics, Computer ScienceCRYPTO
- 1985

A blockcipher is said to have a linear factor if, for all plaintexts and keys, there is a fixed non-empty set of key bits whose simultaneous complementation leaves the exclusive-or sum of a fixed…

### Diflerential Cryptanalysis o j DES-like

- The extended abstract appears in Advances in cryptology, proceedings of CRYFTO'SO
- 1990

### The Weizmann Institute of Science? 1991. The extended abstract appears in Advances in cryptology, proceedings of EUKOCRYFT'Si

- Department of Applied Mathematics and Computer Science
- 1991

### The Weizmann Institute of Science, 1991. The extended abstract appears in Advances in cryptology

- 1991

### Cryptanalysis of Feai and 11’-Hash, technical report cS91-17, Department of Applied Mathematics and Computer Science, The Weizmann Institute of Science

- 1991

### DzjJerential Cryptanalysis of Feai and 11'-Hash, technical report cS91-17 The Weizmann Institute of Science? 1991. The extended abstract appears in Advances in cryptology, proceedings of EUKOCRYFT'Si

- Department of Applied Mathematics and Computer Science
- 1991

### Diflerential Crgptanafysis ofSnefru, Khafre, REDOC-[I, LOKI and Lucifer, technical report CS91-18

- Department of Applied Mathematics and Computer Science, The Weizmann Institute of Science,
- 1991