Abstract
Interest in the cryptanalysis of the National Bureau of Standards’ Data Encryption Standard (DES) has been strong since its announcement. Here we describe an attack on a class of ciphers like DES based on linear factors.
If DES had any non trivial factors, these factors would provide an easier attack than one based on complete enumeration. Basically, a factor of order n reduces the cost of a solution from 256 to 2n+256−n At worst (n=1 or 55), this reduces the cost of a Diffie-Hellman search machine from 20 million dollars to 10 million dollars: a 10 million dollar savings. At best (n=281), even without iteration, the method could reduce the cost from 256 to 228+228: a computation well within the reach of a personal computer.
Alas, DES has no such linear factors.
Chapter PDF
Similar content being viewed by others
References
National Bureau of Standards, Data Encryption Standard. US. Department of Commerce, FIPS 46, 15 January 1977.
MacWilliams, F.J. and N.J.A. Sloane, The Theory of Error Correcting Codes. North-Holland. 1977.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1985 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Reeds, J.A., Manferdelli, J.L. (1985). Des has no Per Round Linear Factors. In: Blakley, G.R., Chaum, D. (eds) Advances in Cryptology. CRYPTO 1984. Lecture Notes in Computer Science, vol 196. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-39568-7_29
Download citation
DOI: https://doi.org/10.1007/3-540-39568-7_29
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-15658-1
Online ISBN: 978-3-540-39568-3
eBook Packages: Springer Book Archive