Abstract
DES is a famous 64-bit block cipher with balanced Feistel structure. It consists of 16 rounds. The key has 56 bits and the round key has 48 bits. Two major cryptanalysis techniques (namely, linear cryptanalysis and differential cryptanalysis) were notably developed and successfully applied to the full 16-round DES in the early 1990’s. Davies-Murphy’s attack can be seen as a special linear attack, which was developed before invention of linear cryptanalysis. It was improved by Biham and Biryukov and most recently by Jacques and Muller. In this paper, we revisit the recent improved Davies-Murphy’s attack by Jacques and Muller from an algorithmic point of view. Based on Matsui’s algorithm 2, we give an improved attack algorithm. Our improved attack algorithm works in time \((2^{41})\) with memory \((2^{33})\). In contrast, Jacques-Muller’s attack takes time \((2^{43})\) and memory \((2^{35})\). It seems that our results of the time and memory complexities are optimal, due to the use of Walsh transform. Meanwhile, we generalize and further improve the results of the improved Matsui’s algorithm 2 for the case that the subkeys are XORed into the round function.
Y. Lu—Supported by the National Science and Technology Major Project under Grant No. 2012ZX01039-004, and the National Natural Science Foundation of China under Grant No. 61170072. Part of this work done while funded by British Telecommunications under Grant No. ML858284/CT506918.
Y. Desmedt—Part of this work was done while funded by EPSRC EP/C538285/1 and by BT, as BT Chair of Information Security.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
Throughout the paper, we always let bit 0 be the least significant bit.
- 3.
The subkey’s mask \(\beta \) corresponds to the highest 2 bits of the subkey’s 6-bit input to S-box S8 and the lowest 2 bits of the subkey’s 6-bit input to S-box S7.
- 4.
Because they are bit expansion from 4 bits of \({S5}{-}{S8}\) outputs (i.e., output bit 1 of S5, output bit 2 of S6, output bit 3 of S7, output bit 2 of S8) at Round 1.
- 5.
Note that the 7-bit \(x\) actually is bit expansion from 6 unknown bits.
- 6.
Note that \(k_1,k_2,k_{16},\ell _0,r_0,\ell _{16}\) simply is the bit selection function of \(K_1,K_2,K_{16},L_0,R_0,L_{16}\) with reduced bit length respectively.
- 7.
Note that convolution can be computed by three times of Fast Walsh Transforms.
References
Biham, E., Biryukov, A.: An improvement of Davies’ attack on DES. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 461–467. Springer, Heidelberg (1995)
Biham, E., Shamir, A.: Differential cryptanalysis of the full 16-round DES. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 487–496. Springer, Heidelberg (1993)
Collard, B., Standaert, F.-X., Quisquater, J.-J.: Improving the time complexity of Matsui’s linear cryptanalysis. In: Nam, K.-H., Rhee, G. (eds.) ICISC 2007. LNCS, vol. 4817, pp. 77–88. Springer, Heidelberg (2007)
Courtois, N.T., Castagnos, G., Goubin, L.: What do DES S-boxes say to each other?, IACR eprint. http://eprint.iacr.org/2003/184 (2003)
Courtois, N.T., Bard, G.V.: Algebraic cryptanalysis of the data encryption standard, IACR eprint. http://eprint.iacr.org/2006/402 (2006)
Davies, D., Murphy, S.: Pairs and triplets of DES S-Boxes. J. Cryptol. 8(1), 1–25 (1995)
Etrog, J., Robshaw, M.J.B.: The cryptanalysis of reduced-round SMS4. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 51–65. Springer, Heidelberg (2009)
Harpes, C., Massey, J.L.: Partitioning cryptanalysis. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 13–27. Springer, Heidelberg (1997)
Kunz-Jacques, S., Muller, F.: New improvements of Davies-Murphy cryptanalysis. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 425–442. Springer, Heidelberg (2005)
Lu, Y., Desmedt, Y.: Bias analysis of a certain problem with applications to E0 and Shannon cipher. In: Rhee, K.-H., Nyang, D. (eds.) ICISC 2010. LNCS, vol. 6829, pp. 16–28. Springer, Heidelberg (2011)
Lu, Y., Wang, H., Ling, S.: Cryptanalysis of Rabbit. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 204–214. Springer, Heidelberg (2008)
Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Lu, Y., Desmedt, Y. (2014). Improved Davies-Murphy’s Attack on DES Revisited. In: Danger, J., Debbabi, M., Marion, JY., Garcia-Alfaro, J., Zincir Heywood, N. (eds) Foundations and Practice of Security. FPS 2013. Lecture Notes in Computer Science(), vol 8352. Springer, Cham. https://doi.org/10.1007/978-3-319-05302-8_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-05302-8_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-05301-1
Online ISBN: 978-3-319-05302-8
eBook Packages: Computer ScienceComputer Science (R0)