Abstract
In this paper we consider a chosen-plaintext variant of the linear attack on DES introduced by Matsui. By choosing plaintexts in a clever way one can reduce the number of plaintexts required in a successful linear attack. This reduces the amount of plaintexts to find key bits to a factor of more than four compared to Matsui's attack. To estimate the probabilities of success in the attack we did extensive experiments on DES reduced to 8 and 12 rounds. We believe that the results in this paper contain the fastest attack on the DES reported so far in the open literature. As an example, one attack needs about 242 chosen texts, finds 12 bits of key information and succeeds with a probability of about 86%. An additional 12 key bits can be found by similar methods. For compa- rison, Matsui's attack on the DES needs about 244 known texts, finds 13 bits of the key and succeeds with a probability of 78%. Of independent interest is a new approach searching for “pseudo-keys”, which are secret key bits added an unknown but fixed value. These bits can be used to find the secret key bits at a later stage in the analysis.
Chapter PDF
Similar content being viewed by others
References
B. S. Kaliski and M. J. B. Robshaw. Linear cryptanalysis using multiple approximations. In Y. Desmedt, editor, Advances in Cryptology: CRYPTO’94, LNCS 839, pages 26–39. Springer Verlag, 1994.
L. R. Knudsen and M. P. J. Robshaw. Non-linear approximations in linear cryptanalysis. In U. Maurer, editor, Advances in Cryptology: EUROCRYPT’96, LNCS 1070, pages 224–236. Springer Verlag, 1996.
M. Matsui. Linear cryptanalysis method for DES cipher. In T. Helleseth, editor, Advances in Cryptology-EUROCRYPT’93, LNCS 765, pages 386–397. Springer Verlag, 1993.
M. Matsui. The first experimental cryptanalysis of the Data Encryption Standard. In Y. G. Desmedt, editor, Advances in Cryptology-CRYPTO’94, LNCS 839, pages 1–11. Springer Verlag, 1994.
M. Matsui. On correlation between the order of S-boxes and the strength of DES. In A. De Santis, editor, Advances in Cryptology-EUROCRYPT’94, LNCS 950. Springer Verlag, 1995.
M. Matsui and A. Yamagishi. A new method for known plaintext attack of FEAL cipher. In R. Rueppel, editor, Advances in Cryptology-EUROCRYPT’92, LNCS 658, pages 81–91. Springer Verlag, 1992.
T. Shimoyama and T. Kaneko. Quadratic relation of s-box and its application to the linear attack of full round DES. In H. Krawczyk, editor, Advances in Cryptology: CRYPTO’98, LNCS 1462, pages 200–211. Springer Verlag, 1998.
S. Vaudenay. An experiment on DES-statistical cryptanalysis. In Proceedings of the 3rd ACM Conferences on Computer Security, New Delhi, India, pages 139–147. ACM Press, 1995.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Knudsen, L.R., Mathiassen, J.E. (2001). A Chosen-Plaintext Linear Attack on DES. In: Goos, G., Hartmanis, J., van Leeuwen, J., Schneier, B. (eds) Fast Software Encryption. FSE 2000. Lecture Notes in Computer Science, vol 1978. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44706-7_18
Download citation
DOI: https://doi.org/10.1007/3-540-44706-7_18
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-41728-6
Online ISBN: 978-3-540-44706-1
eBook Packages: Springer Book Archive