Scribd
Upload
34 views

HLVSJR Lev4

This document summarizes the team's analysis and cracking of a 6-round DES cipher using differential cryptanalysis. They used two characteristics to determine the subkeys for 7 S-boxes, leaving 14 unknown key bits. They then exhaustively searched the remaining key space to find the full key. Decrypting the ciphertext with the recovered key yielded plaintext that unlocked a password in the caves system, demonstrating a successful cryptanalysis of the 6-round DES cipher.

Uploaded by

Sai Saurab
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
34 views

HLVSJR Lev4

This document summarizes the team's analysis and cracking of a 6-round DES cipher using differential cryptanalysis. They used two characteristics to determine the subkeys for 7 S-boxes, leaving 14 unknown key bits. They then exhaustively searched the remaining key space to find the full key. Decrypting the ciphertext with the recovered key yielded plaintext that unlocked a password in the caves system, demonstrating a successful cryptanalysis of the 6-round DES cipher.

Uploaded by

Sai Saurab
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

TEAM : HLVSJR

Members: Lohit Jain (11390) & Vishnu (12376)


SECTION A
1. According to the clue in the caves the cipher used was probably either a four or a six
round DES; See SECTION C for justification of 6 round.
2. We followed the method given in Shamir and Biham's paper on Differential
Cryptanalysis. [1]
3. We used two characterstics < 00000400,00200008 > & < 40080000,04000000 > (both
have prob of 1/16) to get the keys for S1,S2,S4,S5,S6,S7 &S8 boxes. (Explained in
SECTION B).
4. This left us with 14 unknown bits. We iterated over the 2^14 sub-keys (exhaustive search
over 16384). And found the rest bits.
5. Now we verified our key using 1L input output pairs. We got correct result in every case!
Although this part is not needed at all. But we did it just because of the next point!
6. By decrypting the text (password cipher text) ie. somrgsqupgpfrspiuhlortrrmmfrulpk,
we got the result lslomflplnlhlhlklsmgifififififif. (note that if is filler ie. Removing
any number of if does not affect the result in any way.)
7. We entered this in caves and got the text (password text) back.
So we have broken the DES!
NOTE: this password was not being accepted in the caves system. I have communicated with Sir
on this matter too.
SECTION B: Point 3 explained in detail:
8. We use the two characteristics as a n-3 round characteristic and apply it on the given
cipher by using the attack explained in Shamir and Biham's paper on Differential
Cryptanalysis [1].
9. For both the characterstics we encrypt 300000 plaintext pairs which have a XOR value
equal to the characteristic used.
10. The last round subkey is guessed using these 300000 ciphertext XOR pairs by counting
the possible keys for some S box and choosing the 6 bits of the key which have the
highest count.
11. This is done for S1, S2, S4, S5, S6, S7 & S8 (together in both characterstics). So we now
know 42 bits of the key.
SECTION C
What we did to eliminate the possibility of 4 Round:
1. We tried the 4 round characteristic mentioned in [1], on the des. But the keys for Sboxes
with highest count were not distinguishing from the rest of the key counts. (ie. No clear
max in count!).
2. This gave us the hint that the des was 6 round! (code for 4 round was easily converted to
6 round!)
REFERENCES: [1]: Biham, Eli, and Adi Shamir. "Differential cryptanalysis of DES-like
cryptosystems." Journal of CRYPTOLOGY 4.1 (1991): 3-72.

You might also like