LOW DATA COMPLEXITY DIFFERENTIAL - ALGEBRAIC ATTACK ON REDUCED ROUND DES

At IMA 2007 Courtois and Bard presented low-data complexity attacks 011 up to 6 rounds of DES bv software algebraic attack methods and SAT solvers. With current methods it appears that 8 rounds of DES should be able to resist such attacks [Courtois, N. T. Gawinecki, A. Song, G.: Contradiction immunity and guess-then-determine attacks on GOST, Tatra Mt. Math. Publ. 53 (2012), 65 79|. An explicit challenge with a price was proposed: break 8 rounds of DES in less than a week 011 one PC with maximum 2 gigabytes of RAM and given at most 16 chosen plaintexts. In this paper we propose a new attack which is trying to achieve this objective as much as possible. Presented method combines two, already known techniques, namely differential cryptanalysis and algebraic attacks. More specifically, it shows how to use relations arising from differential chracteristics to speed up and im- prove key-recovery algebraic attacks against reduced block cipher DES.