The First Experimental Cryptanalysis of the Data Encryption Standard

  • Mitsuru Matsui
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 839)


This paper describes an improved version of linear cryptanalysis and its application to the first successful computer experiment in breaking the full 16-round DES. The scenario is a known-plaintext attack based on two new linear approximate equations, each of which provides candidates for 13 secret key bits with negligible memory. Moreover, reliability of the key candidates is taken into consideration, which increases the success rate. As a result, the full 16-round DES is breakable with high success probability if 24.3 random plaintexts and their ciphertexts are available. The author carried out the first experimental attack using twelve computers to confirm this: he finally reached all of the 56 secret key bits in fifty days, out of which forty days were spent for generating plaintexts and their ciphertexts and only ten days were spent for the actual key search.


Assembly Language Data Encryption Standard Linear Cryptanalysis High Success Probability Effective Text 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    National Burean of Standards: Data Encryption Standard. U.S. Department of Commerce, Federal Information Processing Standards 46 (1977)Google Scholar
  2. 2.
    Matsui, M.: Linear Cryptanalysis Method for DES cipher. Advances in Cryptology-Eurocrypt’93, Lecture Notes in Computer Science, Springer-Verlag 765 (1993) 386–397Google Scholar
  3. 3.
    Matsui, M.: On correlation between the order of S-boxes and the strength of DES. Pre-proceedings of Eurocrypt’94 (1994) 375–387Google Scholar
  4. 4.
    Hellman, M., Merkle, R., Schroeppel, R., Washington, L., Diffie, W., Pohlig, S., Schweitzer, P.: Results of an initial attempt to cryptanalyze the NBS Data Encryption Standard. Information Systems Laboratory, Stanford University 76-042 (1976)Google Scholar
  5. 5.
    Shamir, A.: On the security of DES. Advances in Cryptology — Crypto’85, Lecture Notes in Computer Science, Springer-Verlag 218 (1985) 280–281Google Scholar
  6. 6.
    Davies, D., Murphy, S.: Pairs and triplets of DES s-boxes. (preprint)Google Scholar
  7. 7.
    Rueppel, R.A,: Analysis and design of stream ciphers. Springer Verlag (1986)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1994

Authors and Affiliations

  • Mitsuru Matsui
    • 1
  1. 1.Computer & Information Systems LaboratoryMitsubishi Electric CorporationKamakura, KanagawaJapan

Personalised recommendations