Paper 2001/056

On the Complexity of Matsui's Attack

P. Junod

Abstract

Linear cryptanalysis remains the most powerful attack against DES at this time. Given $2^{43}$ known plaintext-ciphertext pairs, Matsui expected a complexity of less than $2^{43}$ DES evaluations in 85% of the cases for recovering the key. In this paper, we present a theoretical and experimental complexity analysis of this attack, which has been simulated 21 times using the idle time of several computers. The experimental results suggest a complexity upper-bounded by $2^{41}$ DES evaluations in 85% of the case, while more than the half of the experiments needed less than $2^{39}$ DES evaluations. In addition, we give a detailed theoretical analysis of the attack complexity.

Metadata
Available format(s)
PDF PS
Category
Secret-key cryptography
Publication info
Published elsewhere. To be published in the proceedings of SAC '01
Keywords
DESlinear cryptanalysis
Contact author(s)
pascal junod @ epfl ch
History
2001-08-30: revised
2001-07-10: received
See all versions
Short URL
https://ia.cr/2001/056
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2001/056,
      author = {P.  Junod},
      title = {On the Complexity of Matsui's Attack},
      howpublished = {Cryptology ePrint Archive, Paper 2001/056},
      year = {2001},
      note = {\url{https://eprint.iacr.org/2001/056}},
      url = {https://eprint.iacr.org/2001/056}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.