D. Davies, 'Investigation of a potential weakness in the DES algorithm," July 1987 (revised January 1990), preprint.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....Feedback (CFB) and Output Feedback (OFB) The DES has been the subject of several studies. One of the first properties that was discovered was the complementation property [10] it can be exploited to halve the number of operations for an exhaustive key search. Attacks have been described in [6, 7], but the most successful techniques are differential cryptanalysis introduced by E. Biham and A. Shamir [3] and linear cryptanalysis invented by M. Matsui [13] The first attack which is faster than exhaustive key search was the differential attack of [5] Most attacks on the DES are applicable ....

D. Davies, 'Investigation of a potential weakness in the DES algorithm," July 1987 (revised January 1990), preprint.

....keys were found, related key attacks would not be applicable. Serpent has none of the simpler vulnerabilities that can result from exploitable symmetries in the key schedule: there are no weak keys, semi weak keys, equivalent keys, or complementation properties. 5. 9 Other Attacks Davies attack [12, 13] and the Improved Davies attack [6] are not applicable, since the S boxes are invertible, and no duplications of data bits are applied. As far as we know, neither statistical cryptanalysis [22] nor partitioning cryptanalysis [14] provides a less complex attack than differential or linear ....

DW Davies, `Investigation of a Potential Weakness in the DES Algorithm', private communication (1987)

....keys were found, related key attacks would not be applicable. Serpent has none of the simpler vulnerabilities that can result from exploitable symmetries in the key schedule: there are no weak keys, semi weak keys, equivalent keys, or complementation properties. 5. 9 Other Attacks Davies attack [17, 18] and the improved version of [11] are not applicable, since the S boxes are invertible, and no duplications of data bits are applied. As far as we know, neither statistical cryptanalysis [31] nor partitioning cryptanalysis [19] provides a less complex attack than differential or linear ....

DW Davies, `Investigation of a Potential Weakness in the DES Algorithm', private communication (1987)

.... 1982: For a very small class of semi weak keys, DES can be broken with complexity 1 [Dav82] 1985: A meet in the middle attack can break 6 round DES with complexity 2 52 [CE85] 1987: The so called Davies Attack can break DES with complexity 2 56.6 , slightly worse than brute force [Dav87]. 1990: Di#erential cryptanalysis can break DES with 2 47 chosen plaintexts. Note that this attack was used in the previous year to break reduced round versions of DES [BS90] and that DES was optimized against this attack. 1992: Related key cryptanalysis can break a modified version of ....

D.W. Davies, Investigation of a Potential Weakness in the DES Algorithm, private communications with Eli Biham, 1987.

....keys were found, related key attacks would not be applicable. Serpent has none of the simpler vulnerabilities that can result from exploitable symmetries in the key schedule: there are no weak keys, semi weak keys, equivalent keys, or complementation properties. 5. 9 Other Attacks Davies attack [17, 18] and the improved version of [11] are not applicable, since the S boxes are invertible, and no duplications of data bits are applied. As far as we know, neither statistical cryptanalysis [31] nor partitioning cryptanalysis [19] provides a less complex attack than di#erential or linear ....

DW Davies, `Investigation of a Potential Weakness in the DES Algorithm', private communication (1987)

....able to find a key in 3.5 hours in average. In parallel, many researches invested a great effort to cryptanalyze DES. Their work lead to development of two powerful methods of cryptanalysis of iterative ciphers: differential cryptanalysis [2] and linear cryptanalysis [14] Recently Davies attack [8] has been improved to be capable of breaking DES faster than exhaustive search [3] Those are the only known methods of breaking DES faster than half of exhaustive search; they require huge amounts of 2 47 ,2 43 and 2 50 plaintexts, respectively. These attacks are very important for our ....

....factor of 4 5 in terms of required known plaintexts and complexity of the attack. These are all the orders where S 8 comes after S 2 or S 4 . Among the 32 Delta 8 best differential orders 18 Delta 8 are weaker under Davies attack. These results can be verified easily by looking at Figure 9 in [8]. We performed extensive analysis for one of the best orders. Table 3 describes the order: S2; S4; S6; S7; S3; S1; S5; S8. For this particular order the complexity of differential attack becomes ( 1 256 ) 6 = 2 Gamma48 instead of ( 1 234 ) 6 = 2 Gamma47:2 . This is not a major gain ....

D.W. Davies, Investigation of a Potential Weakness in the DES Algorithm, private communications, 1987.

....2. Discard the keys for which the J bits are not the same under partial encryption decryption. 3. For the remaining keys try all the possible values of the key bits in I. This algorithm requires about 2 56 GammajIj 2 jIj encryption decryption attempts. In the same year, Donald W. Davies[3] described a known plaintext cryptanalytic attack on DES. Given sufficient data, it could yield 16 linear relationships among key bits, thus reducing the size of a subsequent key search to 2 40 . It exploited the correlation between the outputs of adjacent S boxes, due to their inputs being ....

D. W. Davies, Investigation of a Potential Weakness in the DES Algorithm, 1987, private communication.

....variants of DES, and in particular variants of DES with fewer than 16 rounds. Chaum and Evertse[4] described an attack on reduced variants of DES, whose complexity is 2 54 for the six round variant. They showed that their attack is not applicable to variants with eight or more rounds. Davies[5] devised a known plaintext attack whose application to DES reduced to eight rounds analyzes 2 40 known plaintexts and has time complexity 2 40 . This attack is not applicable to the full 16round DES since it has to analyze more than the 2 64 possible plaintexts. The most successful attack on ....

D. W. Davies, Investigation of a Potential Weakness in the DES Algorithm, 1987, private communication.

.... Improvement of Davies Attack on DES Eli Biham Alex Biryukov y Abstract In this paper we improve Davies attack [2] on DES to become capable of breaking the full 16 round DES faster than the exhaustive search. Our attack requires 2 50 complexity of the data collection and 2 50 the complexity of analysis. An alternative approach nds 24 key bits of DES with 2 52 known plaintexts and the data analysis ....

....requires only several minutes on a SPARC. Therefore, this is the third successful attack on DES, faster than brute force, after di erential cryptanalysis [1] and linear cryptanalysis [5] We also suggest criteria which make the S boxes immune to this attack. 1 Introduction In 1987, Davies [2] described a potential attack on DES[6] that is based on the nonuniformity of the distribution of the outputs of pairs of adjacent S boxes. Theoretically one can gain up to 16 parity bits of the key with this attack. However the direct application of Davies attack is impractical since the ....

[Article contains additional citation context not shown here]

D.W. Davies, Investigation of a Potential Weakness in the DES Algorithm, private communications, 1987.

No context found.

D. W. Davies, Investigation of a Potential Weakness in the DES Algorithm, 1987, private communication.

No context found.

D. W. Davies, Investigation of a Potential Weakness in the DES Algorithm, 1987, private communication.

No context found.

D. W. Davies, Investigation of a Potential Weakness in the DES Algorithm, 1987, private communication.

No context found.

D. W. Davies, Investigation of a Potential Weakness in the DES Algorithm, 1987, private communication.

No context found.

D.W. Davies, Investigation of a Potential Weakness in the DES Algorithm, private communications, 1987.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC