International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Paper: On the Complexity of Matsui's Attack

Authors:
P. Junod
Download:
URL: http://eprint.iacr.org/2001/056
Search ePrint
Search Google
Abstract: Linear cryptanalysis remains the most powerful attack against DES at this time. Given $2^{43}$ known plaintext-ciphertext pairs, Matsui expected a complexity of less than $2^{43}$ DES evaluations in 85% of the cases for recovering the key. In this paper, we present a theoretical and experimental complexity analysis of this attack, which has been simulated 21 times using the idle time of several computers. The experimental results suggest a complexity upper-bounded by $2^{41}$ DES evaluations in 85% of the case, while more than the half of the experiments needed less than $2^{39}$ DES evaluations. In addition, we give a detailed theoretical analysis of the attack complexity.
BibTeX
@misc{eprint-2001-11468,
  title={On the Complexity of Matsui's Attack},
  booktitle={IACR Eprint archive},
  keywords={secret-key cryptography / DES, linear cryptanalysis},
  url={http://eprint.iacr.org/2001/056},
  note={To be published in the proceedings of SAC '01 pascal.junod@epfl.ch 11564 received 9 Jul 2001, last revised 30 Aug 2001},
  author={P. Junod},
  year=2001
}