Vulnerabilities

There is a lot of information published on the cryptanalysis of the DES, but in conclusion the brute force attack ends being the most practical and efficient attack. There are also three possible theoretical attacks that are supposed to have a lesser complexity than the brute force attack, but consist on finding an endless number of texts that might be the solution. That seems impractical, so no one uses them.


1- Brute Force Attack

Brute Force is the most simple and practical way to break a cipher. It consists in trying every key combination possible until the right one is found. Having the right key you can then break the cipher and read what was ciphered. The number of possibilities is determined by the keys size in bits, since DES only has a 64 bit key, the number of combinations is rather small and a personal computer can break it in a few days. This was the main reason why DES lost its credibility and began not to be used.


2- Attacks faster than Brute Force Attack

None of this kind of attacks are feasible to use in practise, but they show that in theory the algorithm has some glitches that by now they might not be a problem, but on the future with the increasing power of the machines they might become a serious concern.

2.1- Differential cryptanalysis (DC)

Rediscovered by Adi Shamir and Eli Biham back in the 80's, that claimed that in order to break all the 16 rounds of the DES there were required 2^49 chosen texts. Since DES was designed to be DC resistant this was for sure a glitch that could make a faster attack, because the possibilities are not infinite like in brute force, but still it might be as bad, because the attacker needs to be lucky to find a suitable text not beyond the 2^49 attempt.

2.2- Linear cryptanalysis (LC)

In 1993 Mitsuru Matsui discovered that using his method there were "only" needed 2^43 Known plaintexts. This was the first reported experimental LC to DES, and although it's only theoretical it shows once again that DES is breakable specially taking into account that DES was not designed to deal with this kind of attack. Still, there are a lot of texts to test, might not be as practical as brute force.

2.3- Davies Attack(DA)

Davies attack was first suggested by Donald Davies in the 80's and was a specialized attack that only applies to DES. The LC and DC are general attacks suitable for a lot more algorithms. Davies said that to break the DES it is required 2^50 Known plaintexts with a success rate of 51%.