Differential Cryptanalysis of the Full 16-round DES | SpringerLink
Skip to main content

Advertisement

Springer Nature Link
Log in
Menu
Find a journal Publish with us Track your research
Search
Cart
  1. Home
  2. Advances in Cryptology — CRYPTO’ 92
  3. Conference paper

Differential Cryptanalysis of the Full 16-round DES

  • Conference paper
  • First Online: 01 January 2001
  • pp 487–496
  • Cite this conference paper
Advances in Cryptology — CRYPTO’ 92 (CRYPTO 1992)
Differential Cryptanalysis of the Full 16-round DES
  • Eli Biham4 &
  • Adi Shamir5 

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 740))

Included in the following conference series:

  • Annual International Cryptology Conference

  • 8251 Accesses

  • 123 Citations

  • 3 Altmetric

Abstract

In this paper we develop the first known attack which is capable of breaking the full 16 round DES in less than the 255 complexity of exhaustive search. The data anlaysis phase computes the key by analyzing about 236 ciphertexts in 237 time. The 236 usable ciphertexts are obtained during the data collection phase from a larger pool of 247 chosen plaintexts by a simple bit repetition criteria which discards more than 99.9% of the ciphertexts as soon as they are generated. While earlier versions of differential attacks were based on huge counter arrays, the new attack requires negligible memory and can be carried out in parallel on up to 233 disconnected processors with linear speedup. In addition, the new attack can be carried out even if the analyzed ciphertexts are derived from up to 233 different keys due to frequent key changes during the data collection phase. The attack can be carried out incrementally with any number of available ciphertexts, and its probability of success grows linearly with this number (e.g., when 229 usable ciphertexts are generated from a smaller pool of 240 plaintexts, the analysis time decreases to 230 and the probability of success is about 1%).

Download to read the full chapter text

Chapter PDF

Similar content being viewed by others

Another Look at Differential-Linear Attacks

Chapter © 2024

Better Steady than Speedy: Full Break of SPEEDY-7-192

Chapter © 2023

A First-Order Chosen-Plaintext DPA Attack on the Third Round of DES

Chapter © 2018

References

  1. Eli Biham, Adi Shamir, Differential Cryptanalysis of DES-like Cryptosystems, Journal of Cryptology, Vol. 4, No. 1, pp. 3–72, 1991. The extended abstract appears in Advances in cryptology, proceedings of CRYPTO’90, pp. 2–21, 1990.

    Article  MATH  MathSciNet  Google Scholar 

  2. Eli Biham, Adi Shamir, Differential Cryptanalysis of Feal and N-Hash, technical report CS91-17, Department of Applied Mathematics and Computer Science, The Weizmann Institute of Science, 1991. The extended abstract appears in Advances in cryptology, proceedings of EUROCRYPT’91, pp. 1–16, 1991.

    Google Scholar 

  3. Eli Biham, Adi Shamir, Differential Cryptanalysis of Snefru, Khafre, REDOC-II, LOKI and Lucifer, technical report CS91-18, Department of Applied Mathematics and Computer Science, The Weizmann Institute of Science, 1991. The extended abstract appears in Advances in cryptology, proceedings of CRYPTO’91, 1991.

    Google Scholar 

  4. David Chaum, Jan-Hendrik Evertse, Cryptanalysis of DES with a reduced number of rounds, Sequences of linear factors in block ciphers, Advances in cryptology, proceedings of CRYPTO’85, pp. 192–211, 1985.

    Google Scholar 

  5. D. W. Davies, private communication.

    Google Scholar 

  6. National Bureau of Standards, Data Encryption Standard, U.S. Department of Commerce, FIPS pub. 46, January 1977.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science Department, Technion - Israel Institute of Technology, Haifa, 32000, Israel

    Eli Biham

  2. Department of Applied Mathematics and Computer Science, The Weizmann Institute of Science, Rehovot, 76100, Israel

    Adi Shamir

Authors
  1. Eli Biham
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Adi Shamir
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department 1423, Sandia National Laboratories, PO Box 5800, Albuquerque, NM, 87185, USA

    Ernest F. Brickell

Rights and permissions

Reprints and permissions

Copyright information

© 1993 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Biham, E., Shamir, A. (1993). Differential Cryptanalysis of the Full 16-round DES. In: Brickell, E.F. (eds) Advances in Cryptology — CRYPTO’ 92. CRYPTO 1992. Lecture Notes in Computer Science, vol 740. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48071-4_34

Download citation

  • .RIS
  • .ENW
  • .BIB

  • DOI: https://doi.org/10.1007/3-540-48071-4_34

  • Published: 18 May 2001

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-57340-1

  • Online ISBN: 978-3-540-48071-6

  • eBook Packages: Springer Book Archive

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Publish with us

Policies and ethics

Search

Navigation

  • Find a journal
  • Publish with us
  • Track your research

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Journal finder
  • Publish your research
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our imprints

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support
  • Legal notice
  • Cancel contracts here

8.209.245.224

Not affiliated

Springer Nature

© 2025 Springer Nature