
related topics 
{math, number, function} 
{theory, work, human} 
{war, force, army} 
{system, computer, user} 
{law, state, case} 
{work, book, publish} 
{game, team, player} 

Differential cryptanalysis is a general form of cryptanalysis applicable primarily to block ciphers, but also to stream ciphers and cryptographic hash functions. In the broadest sense, it is the study of how differences in an input can affect the resultant difference at the output. In the case of a block cipher, it refers to a set of techniques for tracing differences through the network of transformations, discovering where the cipher exhibits nonrandom behaviour, and exploiting such properties to recover the secret key.
Contents
History
The discovery of differential cryptanalysis is generally attributed to Eli Biham and Adi Shamir in the late 1980s, who published a number of attacks against various block ciphers and hash functions, including a theoretical weakness in the Data Encryption Standard (DES). It was noted by Biham and Shamir that DES is surprisingly resistant to differential cryptanalysis, in the sense that even small modifications to the algorithm would make it much more susceptible.^{[1]}
In 1994, a member of the original IBM DES team, Don Coppersmith, published a paper stating that differential cryptanalysis was known to IBM as early as 1974, and that defending against differential cryptanalysis had been a design goal.^{[2]} According to author Steven Levy, IBM had discovered differential cryptanalysis on its own, and the NSA was apparently well aware of the technique.^{[3]} IBM kept some secrets, as Coppersmith explains: "After discussions with NSA, it was decided that disclosure of the design considerations would reveal the technique of differential cryptanalysis, a powerful technique that could be used against many ciphers. This in turn would weaken the competitive advantage the United States enjoyed over other countries in the field of cryptography."^{[2]} Within IBM, differential cryptanalysis was known as the "Tattack"^{[2]} or "Tickle attack".^{[4]}
While DES was designed with resistance to differential cryptanalysis in mind, other contemporary ciphers proved to be vulnerable. An early target for the attack was the FEAL block cipher. The original proposed version with four rounds (FEAL4) can be broken using only eight chosen plaintexts, and even a 31round version of FEAL is susceptible to the attack.
Full article ▸


related documents 
Static code analysis 
Degenerate distribution 
Pseudometric space 
Fibonacci coding 
Iteration 
Zeta distribution 
Heap (data structure) 
Bernoulli process 
Bijection 
Geometric mean 
Waring's problem 
Alexandroff extension 
Domain (mathematics) 
Extractor 
Binary operation 
Closed set 
Alternating group 
Currying 
Abstract factory pattern 
Algebraic extension 
Byteorder mark 
General number field sieve 
Residue (complex analysis) 
Hamming distance 
Quadratic programming 
Graph of a function 
Subtraction 
Lex programming tool 
Hilbert's fifth problem 
Malleability (cryptography) 
