Security of Data Encryption Standard (DES)

The Data Encryption Standard (DES) is the old Federal Information Processing Standard (FIPS PUB 46). It have been used for over 25 years by the U.S. Government organisations to protect sensitive (unclassified) information. DES was designed in the 70s. Hundreds of researchers tried to break it, and from the practical point of view, nobody really succeeded.

Unfortunately, DES and triple DES remains the most widely used cipher in commercial and financial applications. If it was badly broken, the output could be truly devastating.

The goal of this page is to stimulate research on DES, and to inform the public about any potential or real weakness of DES. External contribution is welcome.

D. Davies and S. Murphy, Pairs and Triplets of DES S-Boxes, Journal of Cryptology, vol. 8, Nb. 1, pp. 1-25, 1995.
M. Matsui: Linear Cryptanalysis Method for DES Cipher, Eurocrypt'93, LNCS 765, Springer, pp. 386-397, 1993.
M.Matsui: The First Experimental Cryptanalysis of the Data Encryption Standard, Crypto'94, LNCS 839, Springer, pp. 1-11, 1994.
Eli Biham: How to Make a Difference: the History of Differential Cryptanalysis, Invited talk at Fast Software Encryption 2006, 15-17 March 2006 Graz, Austria.
Eli Biham and Adi Shamir: Differential Cryptanalysis of DES-like Cryptosystems. Journal of Cryptology, vol. 4, pp. 3-72, IACR, 1991.

Orr Dunkelman, Gautham Sekar, and Bart Preneel: Improved Meet-in-the-Middle Attacks on Reduced-Round DES, To appear in Indocrypt 2007.
Nicolas Courtois, Gregory V. Bard: Algebraic Cryptanalysis of the Data Encryption Standard, to appear in 11-th IMA Conference, Cirencester, UK, 18-20 December 2007, see also eprint.iacr.org/2006/402/. Also be presented at ECRYPT workshop Tools for Cryptanalysis in Krakow, 24-25 September. Available at eprint.iacr.org/2006/402/. The equations exploited in this paper can be downloaded from here.
Thomas Baignères, Pascal Junod and Serge Vaudenay: How Far Can We Go Beyond Linear Cryptanalysis ?, to appear in Asiacrypt 2004, 5-9 Dec. 2004, Korea, LNCS, Springer.
Nicolas Courtois, Feistel Schemes and Bi-Linear Cryptanalysis, Appears in Crypto 2004, LNCS 3152, pp. 23-40, Springer 2004. The extended version is available at eprint.iacr.org/2005/251/.
Alex Biryukov, Christophe de Cannière and Michael Quisquater: On Multiple Linear Approximations. Will be presented at Crypto 2004, August 15-19, LNCS, Springer. Also at http://eprint.iacr.org/2004/057/.

Nicolas Courtois: The Best Differential Characteristics and Subtleties of the Biham-Shamir Attacks on DES, eprint/2005/202/.

Nicolas Courtois, Guilhem Castagnos and Louis Goubin: What do DES S-boxes Say to Each Other ? Available on eprint.iacr.org/2003/184/. This paper exhibits some structure in the DES S-boxes, probably nothing serious. It also introduces a new type of algebraic attack on block ciphers.
Adi Shamir: On the security of DES, Crypto'85, LNCS 218, Springer, pages 280-281, 1985. (mystery paper).
And many others.... Many researchers have studied in details many different aspects of DES and its S-boxes... Yet so far, none of these results have been demonstrated to matter at all (or to have a non-negligible impact) for the security of the full 16-rounds DES (or the triple DES).