Biham and Shamir on cracking DES

Marc Horowitz marc at Athena.MIT.EDU
Fri Feb 26 22:17:19 PST 1993

This is, I believe, the state of the art in published techniques to
break DES.  Note that this attack is basically useless against
one-time or short-lived keys, since there's no chance to make repeated
chosen plaintext attacks against the key.

Short form:  If you can get me to encrypt 2**37 plaintexts *of* *your*
*choice* against my key, you can crack it.


This info is forwarded from a friend.

Eli Biham and Adi Shamir, "Differential Cryptanalysis of the full
16-round DES," December 19, 1991.  

The paper was announced in Dec. '91 on the net, and paper copies
circulated from people who had gotten copies directly from Biham &
Shamir.  The paper was submitted to Crypto '92 and presented there on
August 20, 1992.  The Crypto '92 proceedings will be published by
Springer-Verlag at some point, so you could also reference it this

{\sl E.~Biham and A.~Shamir}, Differential Cryptanalysis of the full
16-round DES, {\sl Advances in Cryptology: Proceedings of Crypto '92},
E.~Brickell, ed., {\sl Lecture Notes in Computer Science},
Springer-Verlag, New York, to appear.

Biham is at Technion - Israel Inst. of Tech.
Shamir is at Weizmann Inst. of Science.

I don't know of an FTP site where the paper is available.  

More information about the cypherpunks-legacy mailing list