Abstract
Linear cryptanalysis remains the most powerful attack against DES at this time. Given 243 known plaintext-ciphertext pairs, Matsui expected a complexity of less than 243 DES evaluations in 85 % of the cases for recovering the key. In this paper, we present a theoretical and experimental complexity analysis of this attack, which has been simulated 21 times using the idle time of several computers. The experimental results suggest a complexity upper-bounded by 241 DES evaluations in 85 % of the case, while more than the half of the experiments needed less than 239 DES evaluations. In addition, we give a detailed theoretical analysis of the attack complexity.
Chapter PDF
References
E. Biham, A fast new DES implementation in software, FSE’ 97, LNCS, vol. 1267, Springer-Verlag, 1997, pp. 260–272.
U. Blöcher and M. Dichtl, Problems with the linear cryptanalysis of DES using more than one active S-box per round, FSE’ 94, LNCS, vol. 1008, Springer-Verlag, 1995, pp. 265–274.
C. Harpes, G. Kramer, and J.L. Massey, A generalization of linear cryptanalysis and the applicability of Matsui’s piling-up lemma, Advances in Cryptology—EuroCrypt’ 95, LNCS, vol. 921, Springer-Verlag, 1995, pp. 24–38.
Z. Kukorelly, The piling-up lemma and dependent random variables, Cryptography and coding: 7th IMA conference, LNCS, vol. 1746, Springer-Verlag, 1999.
M. Kwan, Reducing the gate count of bitslice DES, http://eprint.iacr.org/2000/051.ps, 2000.
M. Matsui, Linear cryptanalysis method for DES cipher, Advances in Cryptology—EuroCrypt’ 93, LNCS, vol. 765, Springer-Verlag, 1993, pp. 386–397.
___, The first experimental cryptanalysis of the Data Encryption Standard, Advances in Cryptology—Crypto’ 94, LNCS, vol. 839, Springer-Verlag, 1994, pp. 1–11.
L. May, L. Penna, and A. Clark, An implementation of bitsliced DES on the pentium MMX TM processor, Information Security and Privacy: 5th Australasian Conference, ACISP 2000, LNCS, vol. 1841, Springer-Verlag, 2000.
K. Nyberg, Linear approximation of block ciphers, Advances in Cryptology—EuroCrypt’ 94, LNCS, vol. 950, Springer-Verlag, 1995, pp. 439–444.
National Bureau of Standards, Data encryption standard, U. S. Department of Commerce, 1977.
A. Rényi, Probability theory, Elsevier, 1970.
T. Shimoyama and T. Kaneko, Quadratic relation of s-box and its application to the linear attack of full round DES, Advances in Cryptology—Crypto’ 98, LNCS, vol. 1462, Springer-Verlag, 1998, pp. 200–211.
S. Vaudenay, An experiment on DES statistical cryptanalysis, 3rd ACM Conference on Computer and Communications Security, ACM Press, 1996, pp. 139–147.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Junod, P. (2001). On the Complexity of Matsui’s Attack. In: Vaudenay, S., Youssef, A.M. (eds) Selected Areas in Cryptography. SAC 2001. Lecture Notes in Computer Science, vol 2259. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45537-X_16
Download citation
DOI: https://doi.org/10.1007/3-540-45537-X_16
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-43066-7
Online ISBN: 978-3-540-45537-0
eBook Packages: Springer Book Archive