How to Forge DES-Encrypted Messages in $2^{28}$ Steps

In this paper we suggest key-collision attacks, and show that the theoretic strength of a cipher cannot exceed the square root of the size of the key space. As a result, in some circumstances, some DES keys can be recovered while they are still in use, and these keys can then be used to forge messages: in particular, one key of DES can be recovered with complexity 2 28 , and one key of (three-key) triple-DES can be recovered with complexity 2 84 .

[1]  Hans Eberle,et al.  A High-Speed DES Implementation for Network Applications , 1992, CRYPTO.

[2]  Stephen M. Matyas,et al.  Cryptography: A New Dimension in Computer Data Security--A Guide for the Design and Implementation of Secure Systems , 1982 .

[3]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[4]  Eli Biham,et al.  An Improvement of Davies' Attack on DES , 1994, EUROCRYPT.

[5]  Walter Tuchman,et al.  IV. `Hellman presents no shortcut solutions to the DES¿ , 1979, IEEE Spectrum.

[6]  Martin E. Hellman,et al.  On the security of multiple encryption , 1981, CACM.

[7]  Jennifer Seberry,et al.  Improving Resistance to Differential Cryptanalysis and the Redesign of LOKI , 1991, ASIACRYPT.

[8]  Paul C. van Oorschot,et al.  A Known Plaintext Attack on Two-Key Triple Encryption , 1991, EUROCRYPT.

[9]  Shoji Miyaguchi,et al.  The FEAL Cipher Family , 1990, CRYPTO.

[10]  Xuejia Lai,et al.  Markov Ciphers and Differential Cryptanalysis , 1991, EUROCRYPT.

[11]  Don Coppersmith,et al.  Another Birthday Attack , 1986, CRYPTO.

[12]  Ivan Damgård,et al.  Multiple Encryption with Minimum Key , 1995, Cryptography: Policy and Algorithms.

[13]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[14]  Bernard P. Zajac Applied cryptography: Protocols, algorithms, and source code in C , 1994 .

[15]  Marc Girault,et al.  A Generalized Birthday Attack , 1988, EUROCRYPT.

[16]  Jennifer Seberry,et al.  LOKI - A Cryptographic Primitive for Authentication and Secrecy Applications , 1990, AUSCRYPT.

[17]  Johan Håstad,et al.  On Using RSA with Low Exponent in a Public Key Network , 1985, CRYPTO.

[18]  Eli Biham,et al.  Cryptanalysis of Multiple Modes of Operation , 1994, Journal of Cryptology.