# Differential cryptanalysis of DES-like cryptosystems

@article{Biham2004DifferentialCO, title={Differential cryptanalysis of DES-like cryptosystems}, author={Eli Biham and Adi Shamir}, journal={Journal of Cryptology}, year={2004}, volume={4}, pages={3-72} }

The Data Encryption Standard (DES) is the best known and most widely used cryptosystem for civilian applications. It was developed at IBM and adopted by the National Bureau of Standards in the mid 1970s, and has successfully withstood all the attacks published so far in the open literature. In this paper we develop a new type of cryptanalytic attack which can break the reduced variant of DES with eight rounds in a few minutes on a personal computer and can break any reduced variant of DES (with…

## 2,646 Citations

### Linear and differential cryptanalysis of DES

- Computer Science
- 2013

Introduction The most widely used encryption scheme is based on the Data Encryption Standard (DES) adopted in 1977 by the National Bureau of Standards, now the National Institute of Standards and…

### DLCT: A New Tool for Differential-Linear Cryptanalysis

- Mathematics, Computer ScienceIACR Cryptol. ePrint Arch.
- 2019

This paper focuses on the differential-linear attack, which was used to mount the best known attacks against numerous ciphers, including the AES finalist Serpent, ICEPOLE, COCONUT98, Chaskey, CTC2, and 8-round DES.

### Differential cryptanalysis of Lucifer

- Computer Science, MathematicsJournal of Cryptology
- 2005

A new extension of differential cryptanalysis is devised to extend the class of vulnerable cryptosystems, and suggests key-dependent characteristics, called conditional characteristics, selected to increase the characteristics' probabilities for keys in subsets of the key space.

### Differential cryptanalysis of new Qamal encryption algorithm

- Computer Science
- 2020

It is shown that for a version with a 128-bit data block and the same secret key size for three rounds of encryption it is difficult to find the right pairs of texts with a probability of 2 –120, which makes differential cryptanalysis not applicable to the Qamal cypher.

### Feistel Schemes and Bi-linear Cryptanalysis

- Computer Science, MathematicsCRYPTO
- 2004

A practical attack on DES based on a 1-round invariant is presented, the fastest known based on such invariant, and about as fast as the best Matsui’s attack.

### Combined Differential and Linear Cryptanalysis of Reduced-Round PRINTcipher

- Computer Science, MathematicsSelected Areas in Cryptography
- 2011

This paper analyzes the security of PRINTcipher using a technique that combines differential and linear cryptanalysis and shows that specific choices of some of the key bits give rise to a certain differential characteristic probability, which is far higher than the best characteristic probability claimed by the designers.

### Linear-differential cryptanalysis for SPN cipher structure and AES

- Computer Science, MathematicsWuhan University Journal of Natural Sciences
- 2006

It is shown that the upper bound of MLDP is up to 1.68×2−19, which extends the known results for the 2-round SPN, and it is obtained that the MLDP for 4 rounds of AES is bounded by 2−73.

### Linear-Differential Cryptanalysis for SPN Cipher Structure and AES

- Computer Science, Mathematics
- 2007

It is shown that the upper bound of MLDP is up to 1.68×2−19, which extends the known results for the 2-round SPN, and it is obtained that the MLDP for 4 rounds of AES is bounded by 2−73.

### KFC - The Krazy Feistel Cipher

- Computer Science, MathematicsASIACRYPT
- 2006

KFC is the first practical block cipher to propose tight security proofs of resistance against large classes of attacks, including most classical cryptanalysis (such as linear and differential cryptanalysis, taking hull effect in consideration in both cases), and results from the decorrelation theory are extended to the whole KFC construction.

### A Semi-Linear Relation between Inputs and Outputs of DES S-Boxes

- Computer Science, Mathematics
- 2012

A semilinear relation between input and output of S-boxes that could be used to cryptanalyze DES is presented, based on Differential Cryptanalysis method proposed by Biham and Shamir.

## References

SHOWING 1-10 OF 38 REFERENCES

### A cryptanalytic time-memory trade-off

- Computer Science, MathematicsIEEE Trans. Inf. Theory
- 1980

A probabilistic method is presented which cryptanalyzes any N key cryptosystem in N 2/3 operational with N2/3 words of memory after a precomputation which requires N operations, and works in a chosen plaintext attack and can also be used in a ciphertext-only attack.

### Cryptanalysis of F.E.A.L

- Computer Science, MathematicsEUROCRYPT
- 1988

At Eurocrypt 87 the blockcipher F.E.A.L.L-2 was presented, a Feistel cipher, but in contrast to D.S.S., a software implementation does not require a table look-up.

### Cryptography and Data Security

- Computer Science
- 1982

The goal of this book is to introduce the mathematical principles of data security and to show how these principles apply to operating systems, database systems, and computer networks.

### Cryptography and Data Security

- Computer Science, Mathematics
- 2003

Encryption transformations: for each fixed key the encryption operation E K is one-to-one (invertible) function from the set of plaintexts to the setof ciphertext.

### Cryptanalysis of DES with a reduced number of rounds

- Mathematics, Computer ScienceCRYPTO 1986
- 1986

A blockcipher is said to have a linear factor if, for all plaintexts and keys, there is a fixed non-empty set of key bits whose simultaneous complementation leaves the exclusive-or sum of a fixed…

### Cryptonalysis of the Data Encryption Standard by the Method of Formal Coding

- Computer ScienceEUROCRYPT
- 1982

The "Method of Formal Coding" consists in representing each bit of a DES ciphertext block as an XOR-sum-of-products of the plaintext bits and the key bits. Subsequent introduction of the…

### Crytanalysis of DES with a Reduced Number of Rounds: Sequences of Linear Factors in Block Ciphers

- Mathematics, Computer ScienceCRYPTO
- 1985

A blockcipher is said to have a linear factor if, for all plaintexts and keys, there is a fixed non-empty set of key bits whose simultaneous complementation leaves the exclusive-or sum of a fixed…

### Fast Data Encipherment Algorithm FEAL

- Computer ScienceEUROCRYPT
- 1987

The FEAL (Fast data Encipherment ALgorihtm) fills the need for an encipherment algorithm that has safety equal to DES and is suitable for software as well as hardware implementation.

### A fast software one-way hash function

- Computer Science, MathematicsJournal of Cryptology
- 2004

This work presents a candidate one-way hash function which appears to have these desirable properties; resistant to cryptographic attack, and fast when implemented in software.

### Special Feature Exhaustive Cryptanalysis of the NBS Data Encryption Standard

- Computer ScienceComputer
- 1977

This paper presents a meta-modelling system that automates the very labor-intensive and therefore time-heavy and expensive process of manually cataloging and cataloging individual pieces of data to provide real-time information about their owners.