biham-lens

Differential Cryptanalysis of a Toy SPN Cipher

by Eli Biham & Adi Shamir (1990)

Live Differential Attack

This tab demonstrates a real chosen-plaintext differential attack on the 4-round toy SPN cipher. We exploit a high-probability differential to recover the last round subkey.

Step 1: Choose Plaintext Difference

Step 2: Collect Ciphertext Pairs

0 pairs collected. Need ~500 for reliable recovery.

Step 3: Run Attack

Ready to analyze pairs.

Differential Trace Visualization

Watch how XOR differences propagate through the rounds of the cipher via S-box substitution and bit permutation.

Input difference

Input Difference

Value: 0x00 Active bits: 0 Probability: 1.00
β†’

After S-box (Round 1)

Value: ? Active bits: β€” Probability: β€”
β†’

After Permutation (Round 1)

Value: ? Active bits: β€” Probability: β€”
Active bit (different)
Inactive bit (same)

S-box Analysis

The S-box is the only non-linear component of the cipher. Its differential properties determine the strength of the cipher against differential attacks.

S-box Substitution

Input (outer number) β†’ Output (colored square)

Difference Distribution Table (DDT)

Rows: Input Difference β€’ Columns: Output Difference β€’ Colors show count (0-255 pairs)

S-box Strength Assessment

Historical Impact: Differential Cryptanalysis

Differential cryptanalysis was the cryptanalytic breakthrough of the late 20th century.

Eli Biham

Affiliation: Technion β€” Israel Institute of Technology

Co-inventor of differential cryptanalysis. Later designed Serpent cipher to resist his own technique.

Adi Shamir

Affiliation: Weizmann Institute of Science, Israel

Co-inventor of differential cryptanalysis. Legendary cryptographer and co-founder of RSA cryptosystem.

Timeline of Discovery

Original Paper:

Eli Biham and Adi Shamir. "Differential Cryptanalysis of DES-like Cryptosystems." Journal of Cryptology, vol. 4, no. 1, pp. 3–72, 1991.

Why Serpent Survived: Defense Against Differential Cryptanalysis

Eli Biham designed Serpent specifically to be immune to differential cryptanalysis and other attacks he had discovered.

Cipher Defense Comparison

Property DES (1977) AES (2001) Serpent (1998)
S-box Max DDT 8 4 4
Rounds 16 10/12/14 32
Differential Reach 8 rounds Beyond attack Beyond attack
Design Philosophy Proven secure (classified) Resistant to known attacks Hardened by attack inventor

Portfolio Thread: A Cipher's Journey

This demo is part of a series exploring cipher design and cryptanalysis:

  • biham-lens (you are here) β€” Attack-side: differential cryptanalysis
  • iron-serpent β€” Defense-side: Serpent cipher designed to defeat differential attacks
  • dead-sea-cipher β€” Historical failures: why ciphers break
  • shamir-gate β€” The mind of Adi Shamir: RSA, differential cryptanalysis, secret sharing