Improved Meet-in-the-Middle Attacks on Reduced-Round DES

  • Orr Dunkelman
  • Gautham Sekar
  • Bart Preneel
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4859)


The Data Encryption Standard (DES) is a 64-bit block cipher. Despite its short key size of 56 bits, DES continues to be used to protect financial transactions valued at billions of Euros. In this paper, we investigate the strength of DES against attacks that use a limited number of plaintexts and ciphertexts. By mounting meet-in-the-middle attacks on reduced-round DES, we find that up to 6-round DES is susceptible to this kind of attacks. The results of this paper lead to a better understanding on the way DES can be used.


Time Complexity Block Cipher Alternative Description Data Encryption Standard Linear Cryptanalysis 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Biham, E., Biryukov, A.: An Improvement of Davies’ Attack on DES. Journal of Cryptology 10(3), 195–206 (1997)zbMATHCrossRefGoogle Scholar
  2. 2.
    Biham, E., Shamir, A.: Differential Cryptanalysis of the Data Encryption Standard. Springer, Heidelberg (1993)zbMATHGoogle Scholar
  3. 3.
    Chaum, D., Evertse, J.-H.: Cryptanalysis of DES with a Reduced Number of Rounds: Sequences of Linear Factors in Block Ciphers. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 192–211. Springer, Heidelberg (1986)Google Scholar
  4. 4.
    CNET, Users take crack at 56-bit crypto (1997), Available on-line at
  5. 5.
    Courtois, N.T., Bard, G.V.: Algebraic Cryptanalysis of the Data Encryption Standard (2006), Available on-line at
  6. 6.
    Davies, D.W.: Investigation of a Potential Weakness in the DES Algorithm, private communications (1987)Google Scholar
  7. 7.
    Davies, D.W., Murphy, S.: Pairs and Triplets of DES S-Boxes. Journal of Cryptology 8(1), 1–25 (1995)zbMATHCrossRefGoogle Scholar
  8. 8.
    Diffie, W., Hellman, M.E.: Exhaustive Cryptanalysis of the NBS Data Encryption Standard. Computer 10(6), 74–84 (1977)CrossRefGoogle Scholar
  9. 9.
    Electronic Frontier Foundation, Cracking DES, Secrets of Encryption Research, Wiretap Politics & Chip Design, O’reilly (1998)Google Scholar
  10. 10.
    Hellman, M.E.: A Cryptanalytic Time-Memory Tradeoff. IEEE Transactions on Information Theory 26(4), 401–406 (1980)zbMATHCrossRefMathSciNetGoogle Scholar
  11. 11.
    Knudsen, L.R., Mathiassen, J.E.: A Chosen-Plaintext Linear Attack on DES. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 262–272. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  12. 12.
    Kumar, S., Paar, C., Pelzl, J., Pfeiffer, G., Schimmler, M.: Breaking Ciphers with COPACOBANA - A Cost-Optimized Parallel Code Breaker. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 101–118. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  13. 13.
    Kunz-Jacques, S., Muller, F.: New Improvements of Davies-Murphy Cryptanalysis. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 425–442. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  14. 14.
    Matsui, M.: Linear Cryptanalysis Method for DES Cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)Google Scholar
  15. 15.
    National Bureau of Standards, Data Encryption Standard, Federal Information Processing Standards Publications No. 46 (1977)Google Scholar
  16. 16.
    Poschmann, A., Leander, G., Schramm, K., Paar, C.: New Light-Weight DES Variants Suited for RFID Applications. In: Proceedings of Fast Software Encryption 14. LNCS, Springer, Heidelberg (to appear, 2007)Google Scholar
  17. 17.
    Raddum, H., Semaev, I.: New Technique for Solving Sparse Equation Systems (2006), Available on-line at
  18. 18.
    Shamir, A.: On the Security of DES. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 280–281. Springer, Heidelberg (1986)Google Scholar
  19. 19.
    Shimoyama, T., Kaneko, T.: Quadratic Relation of S-box and Its Application to the Linear Attack of Full Round DES. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 200–211. Springer, Heidelberg (1998)Google Scholar
  20. 20.
    RSA Data Security, Team of Universities, Companies and Individual Computer Users Linked Over the Internet Crack RSA’s 56-Bit DES Challenge (1997), Available on-line at
  21. 21.
    Wiener, M.J.: Efficient DES Key Search, Technical Report TR-244, Carleton University. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, Springer, Heidelberg (1994)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Orr Dunkelman
    • 1
  • Gautham Sekar
    • 1
  • Bart Preneel
    • 1
  1. 1.Katholieke Universiteit Leuven, Department of Electrical Engineering ESAT/SCD-COSIC, Kasteelpark Arenberg 10, B-3001 Leuven-HeverleeBelgium

Personalised recommendations