Given a message and DES encrypted form of said message, is it possible to efficiently compute the key used to encrypt the data?
Asked
Active
Viewed 4,919 times
8
-
by efficient do you mean faster than brute force? – mikeazo Dec 16 '13 at 20:23
2 Answers
9
Efficiently - no. However, the best attack on DES - linear cryptanalysis - works with known plaintexts, and theoretically may work slightly faster than the brute force even for small amounts of data.
Computing linear relations between plaintext $P$ and ciphertext $C$, an attacker is able to enumerate all keys according to their likelihood. The PhD thesis by Junod provides a comprehensive description of the attack for various parameters in Sections 3.1, 3.2. There is a formula of the probability that the correct key is found among the $r$ candidates with the highest score after analysis of $\nu$ (plaintext,ciphertext) pairs. Given only few ciphertexts, all the keys will have almost the same likelihood, and $r$ must be very close to $2^{56}$ to provide the success rate close to 1. Still, the resulting attack must be faster than the brute force, even though only marginally.
Dmitry Khovratovich
- 5,647
- 21
- 24
4
No. This is known as a known-plaintext attack, and AFAIK no such attack is faster than bruteforce for DES.
However, DES only uses a keyspace of $2^{56}$, so you could theoretically still bruteforce it.
orlp
- 4,230
- 20
- 29