On the Complexity of Matsui’s Attack (original) (raw)

Abstract

Linear cryptanalysis remains the most powerful attack against DES at this time. Given 243 known plaintext-ciphertext pairs, Matsui expected a complexity of less than 243 DES evaluations in 85 % of the cases for recovering the key. In this paper, we present a theoretical and experimental complexity analysis of this attack, which has been simulated 21 times using the idle time of several computers. The experimental results suggest a complexity upper-bounded by 241 DES evaluations in 85 % of the case, while more than the half of the experiments needed less than 239 DES evaluations. In addition, we give a detailed theoretical analysis of the attack complexity.

Chapter PDF

Keywords

References

  1. E. Biham, A fast new DES implementation in software, FSE’ 97, LNCS, vol. 1267, Springer-Verlag, 1997, pp. 260–272.
    Google Scholar
  2. U. Blöcher and M. Dichtl, Problems with the linear cryptanalysis of DES using more than one active S-box per round, FSE’ 94, LNCS, vol. 1008, Springer-Verlag, 1995, pp. 265–274.
    Google Scholar
  3. C. Harpes, G. Kramer, and J.L. Massey, A generalization of linear cryptanalysis and the applicability of Matsui’s piling-up lemma, Advances in Cryptology—EuroCrypt’ 95, LNCS, vol. 921, Springer-Verlag, 1995, pp. 24–38.
    Google Scholar
  4. Z. Kukorelly, The piling-up lemma and dependent random variables, Cryptography and coding: 7th IMA conference, LNCS, vol. 1746, Springer-Verlag, 1999.
    Chapter Google Scholar
  5. M. Kwan, Reducing the gate count of bitslice DES, http://eprint.iacr.org/2000/051.ps, 2000.
  6. M. Matsui, Linear cryptanalysis method for DES cipher, Advances in Cryptology—EuroCrypt’ 93, LNCS, vol. 765, Springer-Verlag, 1993, pp. 386–397.
    Google Scholar
  7. ___, The first experimental cryptanalysis of the Data Encryption Standard, Advances in Cryptology—Crypto’ 94, LNCS, vol. 839, Springer-Verlag, 1994, pp. 1–11.
    Google Scholar
  8. L. May, L. Penna, and A. Clark, An implementation of bitsliced DES on the pentium MMX TM processor, Information Security and Privacy: 5th Australasian Conference, ACISP 2000, LNCS, vol. 1841, Springer-Verlag, 2000.
    Google Scholar
  9. K. Nyberg, Linear approximation of block ciphers, Advances in Cryptology—EuroCrypt’ 94, LNCS, vol. 950, Springer-Verlag, 1995, pp. 439–444.
    Chapter Google Scholar
  10. National Bureau of Standards, Data encryption standard, U. S. Department of Commerce, 1977.
    Google Scholar
  11. A. Rényi, Probability theory, Elsevier, 1970.
    Google Scholar
  12. T. Shimoyama and T. Kaneko, Quadratic relation of s-box and its application to the linear attack of full round DES, Advances in Cryptology—Crypto’ 98, LNCS, vol. 1462, Springer-Verlag, 1998, pp. 200–211.
    Chapter Google Scholar
  13. S. Vaudenay, An experiment on DES statistical cryptanalysis, 3rd ACM Conference on Computer and Communications Security, ACM Press, 1996, pp. 139–147.
    Google Scholar

Download references

Author information

Authors and Affiliations

  1. Security and Cryptography Laboratory, Swiss Federal Institute of Technology, CH-1015, Lausanne, Switzerland
    Pascal Junod

Authors

  1. Pascal Junod
    You can also search for this author inPubMed Google Scholar

Editor information

Editors and Affiliations

  1. EPFL, LASEC, 1015, Lausanne, Switzerland
    Serge Vaudenay
  2. University of Waterloo, CACR, Waterloo, N2L 3G1, Ontario, Canada
    Amr M. Youssef

Rights and permissions

© 2001 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Junod, P. (2001). On the Complexity of Matsui’s Attack. In: Vaudenay, S., Youssef, A.M. (eds) Selected Areas in Cryptography. SAC 2001. Lecture Notes in Computer Science, vol 2259. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45537-X\_16

Download citation

Publish with us