Is the data encryption standard a group?
Proc. of a workshop on the theory and application of cryptographic techniques on Advances in cryptology---EUROCRYPT '85
Crytanalysis of DES with a Reduced Number of Rounds: Sequences of Linear Factors in Block Ciphers
CRYPTO '85 Advances in Cryptology
Imprimitive Permutation Groups and Trapdoors in Iterated Block Ciphers
FSE '99 Proceedings of the 6th International Workshop on Fast Software Encryption
The one-round functions of the DES generate the alternating group
EUROCRYPT'92 Proceedings of the 11th annual international conference on Theory and application of cryptographic techniques
Linear structures in blockciphers
EUROCRYPT'87 Proceedings of the 6th annual international conference on Theory and application of cryptographic techniques
Non-linear cryptanalysis revisited: heuristic search for approximations to S-boxes
Cryptography and Coding'07 Proceedings of the 11th IMA international conference on Cryptography and coding
| Hi-index | 0.00 |
Interest in the cryptanalysis of the National Bureau of Standards' Data Encryption Standard (DES) has been strong since its announcement. Here we describe an attack on a class of ciphers like DES based on linear factors.If DES had any non trivial factors, these factors would provide an easier attack than one based on complete enumeration. Basically, a factor of order n reduces the cost of a solution from 256 to 2n+256-n At worst (n-1 or 55), this reduces the cost of a Diffie-Hellman search machine from 20 million dollars to 10 million dollars: a 10 million dollar savings. At best (n-28), even without iteration, the method could reduce the cost from 256 to 228+ 228: a computation well within the reach of a personal computer.Alas, DES has no such linear factors.