Cryptology ePrint Archive: Report 2001/056

On the Complexity of Matsui's Attack

P. Junod

Abstract: Linear cryptanalysis remains the most powerful attack against DES at this time. Given $2^{43}$ known plaintext-ciphertext pairs, Matsui expected a complexity of less than $2^{43}$ DES evaluations in 85% of the cases for recovering the key. In this paper, we present a theoretical and experimental complexity analysis of this attack, which has been simulated 21 times using the idle time of several computers. The experimental results suggest a complexity upper-bounded by $2^{41}$ DES evaluations in 85% of the case, while more than the half of the experiments needed less than $2^{39}$ DES evaluations. In addition, we give a detailed theoretical analysis of the attack complexity.

Category / Keywords: secret-key cryptography / DES, linear cryptanalysis

Publication Info: To be published in the proceedings of SAC '01

Date: received 9 Jul 2001, last revised 30 Aug 2001

Contact author: pascal junod at epfl ch

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20011015:224546 (All versions of this report)

Short URL: ia.cr/2001/056

Discussion forum: Show discussion | Start new discussion