MHB How Many Tests to Break DES and AES Encryption by Brute Force?

  • Thread starter Thread starter Sudharaka
  • Start date Start date
  • Tags Tags
    Force
Sudharaka
Gold Member
MHB
Messages
1,558
Reaction score
1
Hi everyone, :)

Here's a question I encountered in one of my computer science classes.
  • How many tests are necessary to break a DES encryption by brute force attack?
  • What is the expected number of tests to break a DES encryption by brute force attack?
  • How many tests are necessary to break a 128-bit key AES encryption by brute force attack?
  • What is the expected number of tests to break a 128-bit key AES encryption by brute force attack?

And here's my answer. I just want to know whether you think it's correct. It seems ambiguous to me what is meant by necessary and expected in these questions. I hope I did it correctly but want some confirmation. :)

My Answer:

The number of bits in the key of the DES algorithm is 64. However only 56 bits are used in encryption; giving a total number of $2^{56}$ keys. Therefore the expected number of tests to break a DES encryption by brute force is $2^{56}$. However DES has the property that the compliment of the plaintext gives the compliment of the ciphertext under the compliment of the key. That is if the encryption is given as, $c=E(p,\,k)$ then, $\neg c=E(\neg p,\,\neg k)$. Therefore in each test (each application of the decryption algorithm) we can take the compliment of the plaintext that is produced and check whether it makes sense. This means instead of running the decryption algorithm $2^{56}$ times we only need to run the algorithm $2^{56}\div 2=2^{55}$ times. Hence the necessary number of tests to break a DES encryption by brute force is $2^{55}$.

Both expected and necessary number of tests to break a 128-bit AES encryption by brute force is $2^{128}$. This stems from the fact that the AES encryption scheme does not have the complimentary key weakness as the DES algorithm. So each key will have to be tested separately applying the decryption algorithm over and over again.
 
Mathematics news on Phys.org
Sudharaka said:
Hi everyone, :)

Here's a question I encountered in one of my computer science classes.
  • How many tests are necessary to break a DES encryption by brute force attack?
  • What is the expected number of tests to break a DES encryption by brute force attack?
  • How many tests are necessary to break a 128-bit key AES encryption by brute force attack?
  • What is the expected number of tests to break a 128-bit key AES encryption by brute force attack?

And here's my answer. I just want to know whether you think it's correct. It seems ambiguous to me what is meant by necessary and expected in these questions. I hope I did it correctly but want some confirmation. :)

My Answer:

The number of bits in the key of the DES algorithm is 64. However only 56 bits are used in encryption; giving a total number of $2^{56}$ keys. Therefore the expected number of tests to break a DES encryption by brute force is $2^{56}$. However DES has the property that the compliment of the plaintext gives the compliment of the ciphertext under the compliment of the key. That is if the encryption is given as, $c=E(p,\,k)$ then, $\neg c=E(\neg p,\,\neg k)$. Therefore in each test (each application of the decryption algorithm) we can take the compliment of the plaintext that is produced and check whether it makes sense. This means instead of running the decryption algorithm $2^{56}$ times we only need to run the algorithm $2^{56}\div 2=2^{55}$ times. Hence the necessary number of tests to break a DES encryption by brute force is $2^{55}$.

Both expected and necessary number of tests to break a 128-bit AES encryption by brute force is $2^{128}$. This stems from the fact that the AES encryption scheme does not have the complimentary key weakness as the DES algorithm. So each key will have to be tested separately applying the decryption algorithm over and over again.

Our professor told that "expected" means the average value. So basically the expected number of tests needed to break a DES encryption is $2^{55}$ and for AES it's $2^{127}$.
 
Sudharaka said:
Hi everyone, :)

Here's a question I encountered in one of my computer science classes.
  • How many tests are necessary to break a DES encryption by brute force attack?
  • What is the expected number of tests to break a DES encryption by brute force attack?
  • How many tests are necessary to break a 128-bit key AES encryption by brute force attack?
  • What is the expected number of tests to break a 128-bit key AES encryption by brute force attack?

And here's my answer. I just want to know whether you think it's correct. It seems ambiguous to me what is meant by necessary and expected in these questions. I hope I did it correctly but want some confirmation. :)

My Answer:

The number of bits in the key of the DES algorithm is 64. However only 56 bits are used in encryption; giving a total number of $2^{56}$ keys. Therefore the expected number of tests to break a DES encryption by brute force is $2^{56}$. However DES has the property that the compliment of the plaintext gives the compliment of the ciphertext under the compliment of the key. That is if the encryption is given as, $c=E(p,\,k)$ then, $\neg c=E(\neg p,\,\neg k)$. Therefore in each test (each application of the decryption algorithm) we can take the compliment of the plaintext that is produced and check whether it makes sense. This means instead of running the decryption algorithm $2^{56}$ times we only need to run the algorithm $2^{56}\div 2=2^{55}$ times. Hence the necessary number of tests to break a DES encryption by brute force is $2^{55}$.

Both expected and necessary number of tests to break a 128-bit AES encryption by brute force is $2^{128}$. This stems from the fact that the AES encryption scheme does not have the complimentary key weakness as the DES algorithm. So each key will have to be tested separately applying the decryption algorithm over and over again.

Our professor told that "expected" means the average value. So basically the expected number of tests needed to break a DES encryption is $2^{55}$ and for AES it's $2^{127}$.
 
Sudharaka said:
Our professor told that "expected" means the average value. So basically the expected number of tests needed to break a DES encryption is $2^{55}$ and for AES it's $2^{127}$.

Remember that without further information on the key you are trying to find, you can only assume it has been chosen uniformly from the key space (from $[0, 2^{56})$ and $[0, 2^{128})$ respectively) so after trying half the keys you should expect to have found the correct one with probability $\frac{1}{2}$. In probability theory, the expected value is a synonym for the average value (or, perhaps, it is the opposite :p)

If you go on to study advanced cryptography, the reason you fall back to a uniform distribution will be formally explained in more detail than you would have ever hoped :) (it comes from the way security properties are defined, and that the uniform distribution constitutes the global maximum of all probability distributions under a very well-defined metric, which makes it essential to properly calculate worst-case security bounds - specifically, it is the maximum-entropy distribution of all continuous distributions).
 
Last edited:

Thread 'What Exactly is Dirac’s Delta Function? - Insight'

Insights auto threads is broken atm, so I'm manually creating these for new Insight articles. In Dirac’s Principles of Quantum Mechanics published in 1930 he introduced a “convenient notation” he referred to as a “delta function” which he treated as a continuum analog to the discrete Kronecker delta. The Kronecker delta is simply the indexed components of the identity operator in matrix algebra Source: https://www.physicsforums.com/insights/what-exactly-is-diracs-delta-function/ by...
View full post »

Thread 'Fermat's Last Theorem'

Fermat's Last Theorem has long been one of the most famous mathematical problems, and is now one of the most famous theorems. It simply states that the equation $$ a^n+b^n=c^n $$ has no solutions with positive integers if ##n>2.## It was named after Pierre de Fermat (1607-1665). The problem itself stems from the book Arithmetica by Diophantus of Alexandria. It gained popularity because Fermat noted in his copy "Cubum autem in duos cubos, aut quadratoquadratum in duos quadratoquadratos, et...
View full post »
Thread 'Imaginary Pythagorus'

Thread 'Imaginary Pythagorus'

I posted this in the Lame Math thread, but it's got me thinking. Is there any validity to this? Or is it really just a mathematical trick? Naively, I see that i2 + plus 12 does equal zero2. But does this have a meaning? I know one can treat the imaginary number line as just another axis like the reals, but does that mean this does represent a triangle in the complex plane with a hypotenuse of length zero? Ibix offered a rendering of the diagram using what I assume is matrix* notation...
View full post »

Similar threads

Comp Sci Data Encryption Standard Confusion
Replies
2
Views
1K
A historical look at decrypting the Enigma
2
Replies
52
Views
5K
Decrypting Encrypted Messages | Easy Algorithm and Challenge
Replies
3
Views
3K
Is there a way to do this without brute force ?
Replies
17
Views
3K
A How Many Hidden Variables Would It Take to Model Photon Polarization?
Replies
45
Views
6K
BRS: PKI Cryptosystems for SA/Ms: A Tutorial
Replies
13
Views
3K
How Can Timmy the Bee Calculate Routes in a Honeycomb?
Replies
4
Views
2K
Mathematica This Week's Finds in Mathematical Physics (Week 226)
Replies
7
Views
3K
What if Gravity could be controlled?
Replies
1
Views
3K
Mathematica This Week's Finds in Mathematical Physics (Week 226)
Replies
7
Views
4K

Hot Threads

Recent Insights

Back
Top