Presentation is loading. Please wait.

Presentation is loading. Please wait.

Linear Cryptanalysis of DES M. Matsui. 1.Linear Cryptanalysis Method for DES Cipher. EUROCRYPT 93, 1994.Linear Cryptanalysis Method for DES Cipher 2.The.

Published byKaren Carter Modified over 8 years ago

Similar presentations

Presentation on theme: "Linear Cryptanalysis of DES M. Matsui. 1.Linear Cryptanalysis Method for DES Cipher. EUROCRYPT 93, 1994.Linear Cryptanalysis Method for DES Cipher 2.The."— Presentation transcript:

1 Linear Cryptanalysis of DES M. Matsui. 1.Linear Cryptanalysis Method for DES Cipher. EUROCRYPT 93, 1994.Linear Cryptanalysis Method for DES Cipher 2.The first experimental cryptanalysis of the Data Encryption Standard. CRYPT0 94, 1994.The first experimental cryptanalysis of the Data Encryption Standard

2 Linear Approximations

3 Using Linear Approximations of DES

4 How do we find linear approximations in DES? consider 3-round DES, without IP and IP -1. start with an S-BOX – S 5.

5 The S-Box S 5 2124171011685315130149 11212471315015103986 4211110137815912563014 1181271142136150910453 S5S5 2124171011685315130149 11212471315015103986 4211110137815912563014 1181271142136150910453 Does not look random: 1,2,7,11 appears only in left side 4,12,13 appear 3 times in left side 8,10,14 appear 2 times in each side 0,3,5,9,15 appears only in right side 6 appears 3 times in right side The XOR of the numbers in left-side is 1

6 The f function of DES 17—20

7 The permutation P 1672021 29122817 1152326 5183110 282414 322739 1913306 2211425 We need to trace the bits 17-20 that come from to S 5 After P they are bits 3,8,14,25 1672021 29122817 1152326 5183110 282414 322739 1913306 2211425

8 The f function of DES Bits 3,8,14,25 17-20 26 Bit 26 in k 26

9 The Expansion function E We need bit 26 – the second bit that goes to S 5

10 The f function of DES Bits 3,8,14,25 17-20 26 Bit 26 in k 26 Bit 17 in R

11 3 Round DES Bit 26 Bit 17 Bits 3,8,14,25 Bit 26 Bits 3,8,14,25 Bit 17 Bits 3,8,14,25

12 The Attack on 3 Round DES From third round with probability 52/64 From first round with probability 52/64 Thus, with probability (52/64) 2 +(12/64) 2  0.7 Finds one bit of the key

13 Linear cryptanalysis: Learning One Bit If a bit of the outputs has a 1/2+p linear approximation in i-round DES, then – Get O(1/p 2 ) message, encryption pairs For each pair compute “the bit” of the key Take the value that appears more times Get correct value with high probability Learn one bit of key Can do better…

14 4 Round DES Bits 3,8,14,25 K ? Bit 26 Bits 3,8,14,25Bit 17 K4K4 Bits 3,8,14,25 44 ?

15 Linear cryptanalysis If a bit of the outputs has a 1/2+p linear approximation in i-round DES, then we choose O(1/p 2 ) messages in (i+1)-round DES and compute 7 bits of the key. Can do the same trick with first round and last i-rounds, get another 7 bits Use exhaustive search to find the other 42 bits.

16 Known Attacks 8 rounds: 2 21 plaintexts (40 seconds) 12 rounds: 2 33 plaintexts (50 hours) 16 rounds: 2 43 plaintexts (50 days, 12 computers) – Uses two 14-rounds approximation – Using each approximation it finds 13 bits – Finds 30 bits by exhaustive search

Download ppt "Linear Cryptanalysis of DES M. Matsui. 1.Linear Cryptanalysis Method for DES Cipher. EUROCRYPT 93, 1994.Linear Cryptanalysis Method for DES Cipher 2.The."

Similar presentations

6.1.2 Overview DES is a block cipher, as shown in Figure 6.1.

6.1.2 Overview DES is a block cipher, as shown in Figure 6.1.
Lee Jae-song 1.  How to cryptanalysis DES?  C = E K (P)  E is DES encryption funtion  K is a key, 56-bit.  P is a plaintext, C is a ciphertext, both.

Lee Jae-song 1.  How to cryptanalysis DES?  C = E K (P)  E is DES encryption funtion  K is a key, 56-bit.  P is a plaintext, C is a ciphertext, both.
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Cryptology  Terminology  plaintext - text that is not encrypted.  ciphertext - the output of the encryption process.  key - the information required.

Cryptology  Terminology  plaintext - text that is not encrypted.  ciphertext - the output of the encryption process.  key - the information required.
Cryptography and Network Security Chapter 3

Cryptography and Network Security Chapter 3
Rachana Y. Patil 1 Data Encryption Standard (DES) (DES)

Rachana Y. Patil 1 Data Encryption Standard (DES) (DES)
Data Encryption Standard (DES)

Data Encryption Standard (DES)
Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits.

Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits.
Cryptography Course 2008 Lecture 4 Jesper Buus Nielsen Modern Block Ciphers 1/43 Contents Encryption modes –Cipher-Block Chaining (CBC) Mode –Counter mode.

Cryptography Course 2008 Lecture 4 Jesper Buus Nielsen Modern Block Ciphers 1/43 Contents Encryption modes –Cipher-Block Chaining (CBC) Mode –Counter mode.
JLM 20060209 12:161 Homework 6 – Problem 1 S-box 4 is observed to have the indicated output xor when presented with the indicated inputs In1: 0x22, In2:

JLM :161 Homework 6 – Problem 1 S-box 4 is observed to have the indicated output xor when presented with the indicated inputs In1: 0x22, In2:
Data Encryption Standard (DES)

Data Encryption Standard (DES)
Cryptography1 CPSC 3730 Cryptography Chapter 3 DES.

Cryptography1 CPSC 3730 Cryptography Chapter 3 DES.
FEAL FEAL 1.

FEAL FEAL 1.
DES 1 Data Encryption Standard DES 2 Data Encryption Standard  DES developed in 1970’s  Based on IBM Lucifer cipher  U.S. government standard  DES.

DES 1 Data Encryption Standard DES 2 Data Encryption Standard  DES developed in 1970’s  Based on IBM Lucifer cipher  U.S. government standard  DES.
1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.

1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.
Announcements: Quizzes returned at end of class Quizzes returned at end of class This week: Mon-Thurs: Data Encryption Standard (DES) Mon-Thurs: Data Encryption.

Announcements: Quizzes returned at end of class Quizzes returned at end of class This week: Mon-Thurs: Data Encryption Standard (DES) Mon-Thurs: Data Encryption.
Chapter 3 – Block Ciphers and the Data Encryption Standard Jen-Chang Liu, 2004 Adopted from lecture slides by Lawrie Brown.

Chapter 3 – Block Ciphers and the Data Encryption Standard Jen-Chang Liu, 2004 Adopted from lecture slides by Lawrie Brown.
ICS 454: Principles of Cryptography

ICS 454: Principles of Cryptography
CNS2010lecture 5 :: attacks on DES1 ELEC5616 computer and network security matt barrie

CNS2010lecture 5 :: attacks on DES1 ELEC5616 computer and network security matt barrie
Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.

Similar presentations

Ads by Google