How Many Tests to Break DES and AES Encryption by Brute Force?

  • Context: MHB 
  • Thread starter Thread starter Sudharaka
  • Start date Start date
  • Tags Tags
    Force
Click For Summary

Discussion Overview

The discussion revolves around the number of tests required to break DES and AES encryption through brute force attacks. Participants explore the concepts of necessary and expected tests in the context of cryptographic algorithms, specifically focusing on the implications of key lengths and properties of the encryption methods.

Discussion Character

  • Exploratory
  • Technical explanation
  • Debate/contested

Main Points Raised

  • Some participants state that the DES algorithm has a key length of 64 bits, with only 56 bits used for encryption, leading to an expected number of tests of $2^{56}$.
  • Others propose that due to a property of DES, the necessary number of tests can be reduced to $2^{55}$ by leveraging the relationship between plaintext and ciphertext.
  • There is a claim that for AES, both the expected and necessary number of tests to break a 128-bit key encryption is $2^{128}$, as AES does not exhibit the same weaknesses as DES.
  • A later reply suggests that the expected number of tests for DES should be $2^{55}$ and for AES $2^{127}$, based on the professor's clarification that "expected" refers to the average value.
  • One participant emphasizes that without additional information about the key, it is assumed to be uniformly chosen from the key space, which affects the expected value calculations.
  • There is a mention of advanced cryptography concepts that explain the reliance on uniform distribution for calculating security bounds, although this is not fully explored in the current discussion.

Areas of Agreement / Disagreement

Participants express differing views on the necessary and expected number of tests for DES and AES, with no clear consensus reached on the correct interpretations or calculations. The discussion reflects multiple competing perspectives on the topic.

Contextual Notes

Participants note the ambiguity in the terms "necessary" and "expected," and there are unresolved assumptions regarding the uniformity of key selection in the context of expected value calculations.

Sudharaka
Gold Member
MHB
Messages
1,558
Reaction score
1
Hi everyone, :)

Here's a question I encountered in one of my computer science classes.
  • How many tests are necessary to break a DES encryption by brute force attack?
  • What is the expected number of tests to break a DES encryption by brute force attack?
  • How many tests are necessary to break a 128-bit key AES encryption by brute force attack?
  • What is the expected number of tests to break a 128-bit key AES encryption by brute force attack?

And here's my answer. I just want to know whether you think it's correct. It seems ambiguous to me what is meant by necessary and expected in these questions. I hope I did it correctly but want some confirmation. :)

My Answer:

The number of bits in the key of the DES algorithm is 64. However only 56 bits are used in encryption; giving a total number of $2^{56}$ keys. Therefore the expected number of tests to break a DES encryption by brute force is $2^{56}$. However DES has the property that the compliment of the plaintext gives the compliment of the ciphertext under the compliment of the key. That is if the encryption is given as, $c=E(p,\,k)$ then, $\neg c=E(\neg p,\,\neg k)$. Therefore in each test (each application of the decryption algorithm) we can take the compliment of the plaintext that is produced and check whether it makes sense. This means instead of running the decryption algorithm $2^{56}$ times we only need to run the algorithm $2^{56}\div 2=2^{55}$ times. Hence the necessary number of tests to break a DES encryption by brute force is $2^{55}$.

Both expected and necessary number of tests to break a 128-bit AES encryption by brute force is $2^{128}$. This stems from the fact that the AES encryption scheme does not have the complimentary key weakness as the DES algorithm. So each key will have to be tested separately applying the decryption algorithm over and over again.
 
Physics news on Phys.org
Sudharaka said:
Hi everyone, :)

Here's a question I encountered in one of my computer science classes.
  • How many tests are necessary to break a DES encryption by brute force attack?
  • What is the expected number of tests to break a DES encryption by brute force attack?
  • How many tests are necessary to break a 128-bit key AES encryption by brute force attack?
  • What is the expected number of tests to break a 128-bit key AES encryption by brute force attack?

And here's my answer. I just want to know whether you think it's correct. It seems ambiguous to me what is meant by necessary and expected in these questions. I hope I did it correctly but want some confirmation. :)

My Answer:

The number of bits in the key of the DES algorithm is 64. However only 56 bits are used in encryption; giving a total number of $2^{56}$ keys. Therefore the expected number of tests to break a DES encryption by brute force is $2^{56}$. However DES has the property that the compliment of the plaintext gives the compliment of the ciphertext under the compliment of the key. That is if the encryption is given as, $c=E(p,\,k)$ then, $\neg c=E(\neg p,\,\neg k)$. Therefore in each test (each application of the decryption algorithm) we can take the compliment of the plaintext that is produced and check whether it makes sense. This means instead of running the decryption algorithm $2^{56}$ times we only need to run the algorithm $2^{56}\div 2=2^{55}$ times. Hence the necessary number of tests to break a DES encryption by brute force is $2^{55}$.

Both expected and necessary number of tests to break a 128-bit AES encryption by brute force is $2^{128}$. This stems from the fact that the AES encryption scheme does not have the complimentary key weakness as the DES algorithm. So each key will have to be tested separately applying the decryption algorithm over and over again.

Our professor told that "expected" means the average value. So basically the expected number of tests needed to break a DES encryption is $2^{55}$ and for AES it's $2^{127}$.
 
Sudharaka said:
Hi everyone, :)

Here's a question I encountered in one of my computer science classes.
  • How many tests are necessary to break a DES encryption by brute force attack?
  • What is the expected number of tests to break a DES encryption by brute force attack?
  • How many tests are necessary to break a 128-bit key AES encryption by brute force attack?
  • What is the expected number of tests to break a 128-bit key AES encryption by brute force attack?

And here's my answer. I just want to know whether you think it's correct. It seems ambiguous to me what is meant by necessary and expected in these questions. I hope I did it correctly but want some confirmation. :)

My Answer:

The number of bits in the key of the DES algorithm is 64. However only 56 bits are used in encryption; giving a total number of $2^{56}$ keys. Therefore the expected number of tests to break a DES encryption by brute force is $2^{56}$. However DES has the property that the compliment of the plaintext gives the compliment of the ciphertext under the compliment of the key. That is if the encryption is given as, $c=E(p,\,k)$ then, $\neg c=E(\neg p,\,\neg k)$. Therefore in each test (each application of the decryption algorithm) we can take the compliment of the plaintext that is produced and check whether it makes sense. This means instead of running the decryption algorithm $2^{56}$ times we only need to run the algorithm $2^{56}\div 2=2^{55}$ times. Hence the necessary number of tests to break a DES encryption by brute force is $2^{55}$.

Both expected and necessary number of tests to break a 128-bit AES encryption by brute force is $2^{128}$. This stems from the fact that the AES encryption scheme does not have the complimentary key weakness as the DES algorithm. So each key will have to be tested separately applying the decryption algorithm over and over again.

Our professor told that "expected" means the average value. So basically the expected number of tests needed to break a DES encryption is $2^{55}$ and for AES it's $2^{127}$.
 
Sudharaka said:
Our professor told that "expected" means the average value. So basically the expected number of tests needed to break a DES encryption is $2^{55}$ and for AES it's $2^{127}$.

Remember that without further information on the key you are trying to find, you can only assume it has been chosen uniformly from the key space (from $[0, 2^{56})$ and $[0, 2^{128})$ respectively) so after trying half the keys you should expect to have found the correct one with probability $\frac{1}{2}$. In probability theory, the expected value is a synonym for the average value (or, perhaps, it is the opposite :p)

If you go on to study advanced cryptography, the reason you fall back to a uniform distribution will be formally explained in more detail than you would have ever hoped :) (it comes from the way security properties are defined, and that the uniform distribution constitutes the global maximum of all probability distributions under a very well-defined metric, which makes it essential to properly calculate worst-case security bounds - specifically, it is the maximum-entropy distribution of all continuous distributions).
 
Last edited:

Similar threads

Comp Sci Data Encryption Standard Confusion
  • · Replies 2 ·
Replies
2
Views
2K
A historical look at decrypting the Enigma
  • · Replies 52 ·
2
Replies
52
Views
6K
Decrypting Encrypted Messages | Easy Algorithm and Challenge
  • · Replies 3 ·
Replies
3
Views
4K
Is there a way to do this without brute force ?
  • · Replies 17 ·
Replies
17
Views
3K
Graduate How Many Hidden Variables Would It Take to Model Photon Polarization?
  • · Replies 45 ·
2
Replies
45
Views
6K
Graduate BRS: PKI Cryptosystems for SA/Ms: A Tutorial
  • · Replies 13 ·
Replies
13
Views
4K
How Can Timmy the Bee Calculate Routes in a Honeycomb?
  • · Replies 4 ·
Replies
4
Views
3K
Mathematica This Week's Finds in Mathematical Physics (Week 226)
  • · Replies 7 ·
Replies
7
Views
3K
What if Gravity could be controlled?
  • · Replies 1 ·
Replies
1
Views
4K
Mathematica This Week's Finds in Mathematical Physics (Week 226)
  • · Replies 7 ·
Replies
7
Views
4K