Just yesterday I saw _Differential Cryptanalysis of the Data Encryption Standard_ by Biham and Shamir at a local bookstore and immediately purchased it. It is published by Springer-Verlag (who also publish Salomaa's _Public Key Cryptography_); ISBN 0-387-97930-1 and 3-540-97930-1. The book describes the differential cryptanalysis attack, which is also applicable to "bounded-round versions" of certain other cryptosystems [what is a "bounded-round version" anyway?]. Phil Zimmerman is acknowledged in the Preface [could this be the same prz of PGP?] I haven't had a chance to read the book - I've just been flipping around so far, but here are the chapters: 1 Introduction 2 Results 3 Introduction to Differential Cryptanalysis 4 Differential Cryptanalysis of DES Variants four rounds six rounds eight rounds arbitrary number of rounds modified variants of DES DES with independent keys generalized DES 5 Differential Cryptanalysis of the Full 16-Round DES 6 Differential Cryptanalysis of FEAL FEAL-8 FEAL-N and FEAL-NX other properties 7 Differential Cryptanalysis of Other Cryptosystems Khafre REDOC-II LOKI Lucifer 8 Differential Cryptanalysis of Hash Functions Snefru N-Hash 9 Non-Differential Cryptanalysis of DES with a Small Number of Rounds Ciphertext Only Known Plaintext Statistical Known Plaintext Appendix A: Description of DES Appendix B: Difference Distribution Tables of DES I doesn't look like IDEA, MD4, or MD5 are mentioned. /-----------------------------------\ | Karl L. Barrus | | elee9sf@menudo.uh.edu | <- preferred address | barrus@tree.egr.uh.edu (NeXTMail) | \-----------------------------------/