Skip to main content
SpringerLink
Log in

Improved Davies-Murphy’s Attack on DES Revisited

  • Conference paper
  • First Online:
Foundations and Practice of Security (FPS 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8352))

Included in the following conference series:

Abstract

DES is a famous 64-bit block cipher with balanced Feistel structure. It consists of 16 rounds. The key has 56 bits and the round key has 48 bits. Two major cryptanalysis techniques (namely, linear cryptanalysis and differential cryptanalysis) were notably developed and successfully applied to the full 16-round DES in the early 1990’s. Davies-Murphy’s attack can be seen as a special linear attack, which was developed before invention of linear cryptanalysis. It was improved by Biham and Biryukov and most recently by Jacques and Muller. In this paper, we revisit the recent improved Davies-Murphy’s attack by Jacques and Muller from an algorithmic point of view. Based on Matsui’s algorithm 2, we give an improved attack algorithm. Our improved attack algorithm works in time \((2^{41})\) with memory \((2^{33})\). In contrast, Jacques-Muller’s attack takes time \((2^{43})\) and memory \((2^{35})\). It seems that our results of the time and memory complexities are optimal, due to the use of Walsh transform. Meanwhile, we generalize and further improve the results of the improved Matsui’s algorithm 2 for the case that the subkeys are XORed into the round function.

Y. Lu—Supported by the National Science and Technology Major Project under Grant No. 2012ZX01039-004, and the National Natural Science Foundation of China under Grant No. 61170072. Part of this work done while funded by British Telecommunications under Grant No. ML858284/CT506918.

Y. Desmedt—Part of this work was done while funded by EPSRC EP/C538285/1 and by BT, as BT Chair of Information Security.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Note that Walsh transform and Fourier transform have been useful tools to aid linear cryptanalysis, e.g., [10, 11].

  2. 2.

    Throughout the paper, we always let bit 0 be the least significant bit.

  3. 3.

    The subkey’s mask \(\beta \) corresponds to the highest 2 bits of the subkey’s 6-bit input to S-box S8 and the lowest 2 bits of the subkey’s 6-bit input to S-box S7.

  4. 4.

    Because they are bit expansion from 4 bits of \({S5}{-}{S8}\) outputs (i.e., output bit 1 of S5, output bit 2 of S6, output bit 3 of S7, output bit 2 of S8) at Round 1.

  5. 5.

    Note that the 7-bit \(x\) actually is bit expansion from 6 unknown bits.

  6. 6.

    Note that \(k_1,k_2,k_{16},\ell _0,r_0,\ell _{16}\) simply is the bit selection function of \(K_1,K_2,K_{16},L_0,R_0,L_{16}\) with reduced bit length respectively.

  7. 7.

    Note that convolution can be computed by three times of Fast Walsh Transforms.

References

  1. Biham, E., Biryukov, A.: An improvement of Davies’ attack on DES. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 461–467. Springer, Heidelberg (1995)

    Google Scholar 

  2. Biham, E., Shamir, A.: Differential cryptanalysis of the full 16-round DES. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 487–496. Springer, Heidelberg (1993)

    Google Scholar 

  3. Collard, B., Standaert, F.-X., Quisquater, J.-J.: Improving the time complexity of Matsui’s linear cryptanalysis. In: Nam, K.-H., Rhee, G. (eds.) ICISC 2007. LNCS, vol. 4817, pp. 77–88. Springer, Heidelberg (2007)

    Google Scholar 

  4. Courtois, N.T., Castagnos, G., Goubin, L.: What do DES S-boxes say to each other?, IACR eprint. http://eprint.iacr.org/2003/184 (2003)

  5. Courtois, N.T., Bard, G.V.: Algebraic cryptanalysis of the data encryption standard, IACR eprint. http://eprint.iacr.org/2006/402 (2006)

  6. Davies, D., Murphy, S.: Pairs and triplets of DES S-Boxes. J. Cryptol. 8(1), 1–25 (1995)

    MATH  Google Scholar 

  7. Etrog, J., Robshaw, M.J.B.: The cryptanalysis of reduced-round SMS4. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 51–65. Springer, Heidelberg (2009)

    Google Scholar 

  8. Harpes, C., Massey, J.L.: Partitioning cryptanalysis. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 13–27. Springer, Heidelberg (1997)

    Google Scholar 

  9. Kunz-Jacques, S., Muller, F.: New improvements of Davies-Murphy cryptanalysis. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 425–442. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  10. Lu, Y., Desmedt, Y.: Bias analysis of a certain problem with applications to E0 and Shannon cipher. In: Rhee, K.-H., Nyang, D. (eds.) ICISC 2010. LNCS, vol. 6829, pp. 16–28. Springer, Heidelberg (2011)

    Google Scholar 

  11. Lu, Y., Wang, H., Ling, S.: Cryptanalysis of Rabbit. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 204–214. Springer, Heidelberg (2008)

    Google Scholar 

  12. Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)

    Google Scholar 

  13. Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. National Engineering Research Center of Fundamental Software, Institute of Software, Chinese Academy of Sciences, Beijing, China

    Yi Lu

  2. The University of Texas at Dallas, Richardson, TX, USA

    Yvo Desmedt

  3. University College London, London, UK

    Yvo Desmedt

Authors
  1. Yi Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yvo Desmedt
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yi Lu .

Editor information

Editors and Affiliations

  1. Dept. Commun. & Electronique, Télécom ParisTech, Paris, France

    Jean Luc Danger

  2. Concordia Institute for Information Syst Concordia University Research Chair Tier, Concordia University, Montreal, Québec, Canada

    Mourad Debbabi

  3. École des Mines, Nancy, France

    Jean-Yves Marion

  4. RST Department, Rm A105-2, Télécom SudParis, Evry, France

    Joaquin Garcia-Alfaro

  5. Dalhousie University, Halifax, Nova Scotia, Canada

    Nur Zincir Heywood

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Lu, Y., Desmedt, Y. (2014). Improved Davies-Murphy’s Attack on DES Revisited. In: Danger, J., Debbabi, M., Marion, JY., Garcia-Alfaro, J., Zincir Heywood, N. (eds) Foundations and Practice of Security. FPS 2013. Lecture Notes in Computer Science(), vol 8352. Springer, Cham. https://doi.org/10.1007/978-3-319-05302-8_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-05302-8_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-05301-1

  • Online ISBN: 978-3-319-05302-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation