"Differential Cryptanalysis (cont.)"

Iterative patterns. Structures. Signal/Noise ratio. Differentials vs. characteristics.
1R,2R,3R attacks. The first round trick. Bytewise (truncated) differentials.
Boomerang attack.

[after the lecture notes]

We have covered basic definitions related to differential cryptanalysis:
1. Active S-box, differential pattern (characteristic), difference distribution tables
2. Design criteria for the S-boxes and for the permutation P
3. 2-round iterative pattern with 3 active S-boxes
all this material can be found in reference 2 or 4 (on-line).

In the next lecture we will show the attack on full 16-round DES and some
extensions of differential cryptanalytic technique.
 

Reading for the lecture
 

1. FIPS PUB: The Data Encryption Standard.

2. Don Coppersmith, "The Data Encryption Standard and its Strength Against Attacks".
IBM TR. [not on-online].

3. Eli Biham, Adi Shamir, "Differential Cryptanalysis of the Full 16-Round DES (.ps)",
   CS 708, December 1991,   Proceedings of Crypto'92, LNCS 740. (see also our library).

4. Eli Biham, Adi Shamir,
     Differential cryptanalysis of DES-like cryptosystems,
     Technical report CS90-16, Weizmann Institute of Science
     CRYPTO'90 & Journal of Cryptology, Vol. 4, No. 1, pp. 3-72, 1991.