Handbook of Applied Cryptography
Handbook of Applied Cryptography
A Time-Memory Tradeoff Using Distinguished Points: New Analysis & FPGA Results
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Security analysis of a cryptographically-enabled RFID device
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
New Distinguishers Based on Random Mappings against Stream Ciphers
SETA '08 Proceedings of the 5th international conference on Sequences and Their Applications
On the effectiveness of TMTO and exhaustive search attacks
IWSEC'06 Proceedings of the 1st international conference on Security
| Hi-index | 0.00 |
A cryptanalytic time-memory tradeoff allows the cryptanalysis of any N key symmetric cryptosystem in O(N2/3) operations with O(N2/3) storage, if a precomputation of O(N) operations has been done in advance. This procedure is well known but did not lead to any realistic implementations. In this paper, the experimental results for the cryptanalysis of DES that are presented are based on a time-memory tradeoff using distinguished points, a method which is referenced to Rivest [2]. For this task, a fast hardware implementation of DES was designed using FPGA technology. The target is a 40-bit DES which is obtained from DES by fixing 16 key bits to arbitrary values. The precomputation task is performed with a purpose-built FPGA design, whereas the search algorithm corresponding to the online attack is reported to be feasible on any PC within about 10 seconds, with a success rate of 72%. The cost of an expansion to 56-bit DES is evaluated.