sao19677terra.com.br

• Next message: Jack Lloyd: "Re: Info on Cobra128?"
• Previous message: Kuehn, Ulrich: "AW: q&d comparison (was Re: [Cryptix-Users] Rijndael - the real w ork now begins)"
• Maybe in reply to: Kuehn, Ulrich: "AW: q&d comparison (was Re: [Cryptix-Users] Rijndael - the real w ork now begins)"
• Maybe reply: sao19677terra.com.br: "Re: AW: q&d comparison (was Re: [Cryptix-Users] Rijndael - the real w ork now begins)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ulrich.Kuehn wrote:

> Wait, the number you cite is the amount
> of known plaintext, not the work required!
> Actually the Matsui paper speaks of 2^47
> known plaintexts, maybe that is due to a
> higher probability of success.

Cf. M. Matsui, "The first experimental
cryptanalysis of the Data Encryption Standard,"
Advances in Cryptology, Crypto'94 proceedings,
where it is stated that "the full 16-round DES
is breakable with high success probability if
2^43 random plaintexts and their ciphertexts
are available."

The 2^47 figure appears on Matsui's original
paper; the attack was improved to require 2^43
KP (I seem to recall that a recent variant
requires even less texts).

> is not the problem. But the amount of known
> plaintext definitely is!

Yes; it amounts to almost a petabyte of data.
Therefore linear attacks against DES are
irrelevant -- but only because brute force,
even having potentially higher workload, is
actually feasible today.

Tschuess,

Paulo.

• Next message: Jack Lloyd: "Re: Info on Cobra128?"
• Previous message: Kuehn, Ulrich: "AW: q&d comparison (was Re: [Cryptix-Users] Rijndael - the real w ork now begins)"
• Maybe in reply to: Kuehn, Ulrich: "AW: q&d comparison (was Re: [Cryptix-Users] Rijndael - the real w ork now begins)"
• Maybe reply: sao19677terra.com.br: "Re: AW: q&d comparison (was Re: [Cryptix-Users] Rijndael - the real w ork now begins)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]