Linear cryptanalysis method for DES cipher
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Digital integrated circuits: a design perspective
Digital integrated circuits: a design perspective
The First Experimental Cryptanalysis of the Data Encryption Standard
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
An FPGA Implementation of the Linear Cryptanalysis
FPL '02 Proceedings of the Reconfigurable Computing Is Going Mainstream, 12th International Conference on Field-Programmable Logic and Applications
High Performance DES Encryption in Virtex(tm) FPGAs Using Jbits(tm)
FCCM '00 Proceedings of the 2000 IEEE Symposium on Field-Programmable Custom Computing Machines
Reconfigurable hardware solutions for the digital rights management of digital cinema
Proceedings of the 4th ACM workshop on Digital rights management
A fast pipelined multi-mode DES architecture operating in IP representation
Integration, the VLSI Journal
Efficient hardware implementations for the DES family
ISP'06 Proceedings of the 5th WSEAS International Conference on Information Security and Privacy
On the power consumption of security algorithms employed in wireless networks
CCNC'09 Proceedings of the 6th IEEE Conference on Consumer Communications and Networking Conference
A brief survey of research jointly with jean-jacques quisquater
Cryptography and Security
Hi-index | 14.98 |
In its basic version, linear cryptanalysis is a known-plaintext attack that uses a linear relation between input-bits, output-bits, and key-bits of an encryption algorithm that holds with a certain probability. If enough plaintext-ciphertext pairs are provided, this approximation can be used to assign probabilities to the possible keys and to locate the most probable one. In 1993, Matsui applied it to DES, becoming the best known attack against DES. In 2000, Knudsen proposed three chosen-plaintext linear attacks, the third one becoming the best chosen-plaintext attack. This paper presents two original FPGA implementations of a DES encryption/decryption core that work at data rates up to 21.3 Gbps (333 MHz). We believe that our implementations are the fastest ones known nowadays. In our design, the plaintext, the key, and the mode (encryption/decrytion) can be changed with no dead cycles. Based on one of our fast DES implementations, we present an FPGA implementation of the known-plaintext linear cryptanalysis of DES. The resulting design is deployed on eight FPGAs and allows us to find 12 + 1 key bits in about 2.3 hours. As a comparison, the fastest software implementation known so far (in 2000) used the idle time of 18 Intel Pentium III MMX and broke a DES key in 4.32 days. Our fast linear cryptanalysis implementation made the performing of practical tests possible, allowing a comparison with Matsui's theoretical estimations.