Cryptanalysis of DES with a reduced number of rounds
Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
Linear cryptanalysis method for DES cipher
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Logical Cryptanalysis as a SAT Problem
Journal of Automated Reasoning
The Security of Hidden Field Equations (HFE)
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Essential Algebraic Structure within the AES
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
A Known Plaintext Attack of FEAL-4 and FEAL-6
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Cryptoanalysis of the Matsumoto and Imai Public Key Scheme of Eurocrypt'88
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
Cryptanalysis of Block Ciphers with Probabilistic Non-linear Relations of Low Degree
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Cryptanalysis of Block Ciphers with Overdefined Systems of Equations
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Algorithms for solving linear and polynomial systems of equations over finite fields, with applications to cryptanalysis
Using Walk-SAT and Rel-SAT for cryptographic key search
IJCAI'99 Proceedings of the 16th international joint conference on Artifical intelligence - Volume 1
Efficient algorithms for solving overdefined systems of multivariate polynomial equations
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Algebraic attacks on stream ciphers with linear feedback
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
About the XL algorithm over GF(2)
CT-RSA'03 Proceedings of the 2003 RSA conference on The cryptographers' track
General principles of algebraic attacks and new design criteria for cipher components
AES'04 Proceedings of the 4th international conference on Advanced Encryption Standard
The inverse s-box, non-linear polynomial relations and cryptanalysis of block ciphers
AES'04 Proceedings of the 4th international conference on Advanced Encryption Standard
Algebraic attacks on combiners with memory and several outputs
ICISC'04 Proceedings of the 7th international conference on Information Security and Cryptology
Applications of SAT solvers to cryptanalysis of hash functions
SAT'06 Proceedings of the 9th international conference on Theory and Applications of Satisfiability Testing
Specific S-Box Criteria in Algebraic Attacks on Block Ciphers with Several Known Plaintexts
Research in Cryptology
Algebraic and Slide Attacks on KeeLoq
Fast Software Encryption
Information Security and Cryptology --- ICISC 2008
Practical Algebraic Attacks on the Hitag2 Stream Cipher
ISC '09 Proceedings of the 12th International Conference on Information Security
Algebraic Side-Channel Attacks on the AES: Why Time also Matters in DPA
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
Linear (Hull) and Algebraic Cryptanalysis of the Block Cipher PRESENT
CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
Probabilistic versus deterministic algebraic cryptanalysis: a performance comparison
IEEE Transactions on Information Theory
An analysis of the RC4 family of stream ciphers against algebraic attacks
AISC '10 Proceedings of the Eighth Australasian Conference on Information Security - Volume 105
Algebraic cryptanalysis of SMS4: gröbner basis attack and SAT attack compared
ICISC'09 Proceedings of the 12th international conference on Information security and cryptology
Algebraic side-channel attacks
Inscrypt'09 Proceedings of the 5th international conference on Information security and cryptology
Algebraic techniques in differential cryptanalysis revisited
ACISP'11 Proceedings of the 16th Australasian conference on Information security and privacy
Algebraic precomputations in differential and integral cryptanalysis
Inscrypt'10 Proceedings of the 6th international conference on Information security and cryptology
On equivalence classes of boolean functions
ICISC'10 Proceedings of the 13th international conference on Information security and cryptology
An improvement of linearization-based algebraic attacks
InfoSecHiComNet'11 Proceedings of the First international conference on Security aspects in information technology
Algebraic analysis of GOST encryption algorithm
Proceedings of the 4th international conference on Security of information and networks
Algebraic cryptanalysis of the round-reduced and side channel analysis of the full PRINTCipher-48
CANS'11 Proceedings of the 10th international conference on Cryptology and Network Security
Towards parallel direct SAT-based cryptanalysis
PPAM'11 Proceedings of the 9th international conference on Parallel Processing and Applied Mathematics - Volume Part I
FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
Solving polynomial systems over finite fields: improved analysis of the hybrid approach
Proceedings of the 37th International Symposium on Symbolic and Algebraic Computation
| Hi-index | 0.06 |
In spite of growing importance of the Advanced Encryption Standard (AES), the Data Encryption Standard (DES) is by no means obsolete. DES has never been broken from the practical point of view. The variant "triple DES" is believed very secure, is widely used, especially in the financial sector, and should remain so for many many years to come. In addition, some doubts have been risen whether its replacement AES is secure, given the extreme level of "algebraic vulnerability" of the AES S-boxes (their low I/O degree and exceptionally large number of quadratic I/O equations). Is DES secure from the point of view of algebraic cryptanalysis? We do not really hope to break it, but just to advance the field of cryptanalysis. At a first glance, DES seems to be a very poor target -- as there is (apparently) no strong algebraic structure of any kind in DES. However in [15] it was shown that "small" S-boxes always have a low I/O degree (cubic for DES as we show below). In addition, due to their low gate count requirements, by introducing additional variables, we can always get an extremely sparse system of quadratic equations. To assess the algebraic vulnerabilities of DES is the easy part, that may appear unproductive. In this paper we demonstrate that in this way, several interesting attacks on a real-life "industrial" block cipher can be found. One of our attacks is the fastest known algebraic attack on 6 rounds of DES. It requires only one single known plaintext (instead of a very large quantity) which is quite interesting in itself. Our attacks will recover the key using an ordinary PC, for only six rounds. Furthermore, in a much weaker sense, we can also attack 12 rounds of DES. These results are very interesting because DES is known to be a very robust cipher, and our methods are very generic. We discuss how they can be applied to DES with modified S-boxes, and potentially other reduced-round block ciphers.