Abstract:- Despite recent improvements in analytic techniques for attacking the Data Encryption Standard (DES), exhaustive key search remains the most practical and efficient attack. Key search is becoming alarmingly practical. We show how to build an exhaustive DES key search machine for $1 million that can perform a known-plaintext attack in 3.5 hours on average. This machine contains 57600 special-purpose DES key search chips. The chip and the rest of the machine have been designed in detail for the purpose of assessing the resistance of DES to an exhaustive attack; we have no plans to build the machine. This design is based on mature technology to avoid making guesses about future capabilities. With this approach, DES keys can be found one to two orders of magnitude faster than other recently proposed designs.

The basic machine design can be adapted to attack the standard DES modes of operation for a small penalty in running time. A $1 million machine would take 8 hours on average to find a key used in 1 -bit CFB mode and 4 hours on average for any of ECB, CBC, 64-bit OFB, 64-bit CFB, or 8-bit CFB mode.

In the past, a concern about key search machines was that they would break down too frequently to produce any useful results. This is not a problem with current technology. The expected failure rate of the DES key search machine described here is one failure for every 270 keys found.

If it ever was true that attacking DES was only within the reach of large governments, it is clearly no longer true. In light of this work, it would be prudent in many applications to use DES in a triple- encryption mode.