Differential cryptanalysis
From Academic Kids

Differential cryptanalysis is a general form of cryptanalysis applicable primarily to block ciphers, but also to stream ciphers and cryptographic hash functions. In the broadest sense, it is the study of how differences in an input can affect the resultant difference at the output. In the case of a block cipher, it refers to a set of techniques for tracing differences through the network of transformations, discovering where the cipher exhibits nonrandom behaviour, and exploiting such properties to recover the secret key.
Contents 
Origins of differential cryptanalysis
The discovery of differential cryptanalysis is generally attributed to Eli Biham and Adi Shamir in the late 1980s, who published a number of attacks against various block ciphers and hash functions, including a theoretical weakness in the Data Encryption Standard (DES). It was noted that DES is surprisingly resilient to differential cryptanalysis, in the sense that even small modifications make it much more susceptible; this suggested that the designers at IBM knew of this in the 1970s. Indeed, parties involved in the creation of DES have since admitted that defending against differential cryptanalysis was a design goal (Don Coppersmith, 1994). It would appear that the National Security Agency (NSA), who also had some input into the design, were well aware of the technique before its rediscovery at IBM, and did not want the attack to become public knowledge; this was the reason the design process was kept secret. Within IBM, differential cryptanalysis was known as the "Tattack", or "Tickling attack" [1] (http://groups.google.com/groups?selm=4v0jrv%24kf%40ground.cs.columbia.edu).
While DES was designed with resistance to differential cryptanalysis in mind, other contemporary ciphers proved to be vulnerable. An early target for the attack was the FEAL block cipher. The original proposed version with four rounds (FEAL4) can be broken using only eight chosen plaintexts, and even a 31round version of FEAL is susceptible to the attack..
A description of the attack
Differential cryptanalysis is usually a chosen plaintext attack, meaning that the attacker must be able to obtain encrypted ciphertexts for some set of plaintexts of his choosing. There are, however, extensions that would allow a known plaintext or even a ciphertextonly attack. The basic method uses pairs of plaintext related by a constant difference; difference can be defined in several ways, but the eXclusive OR (XOR) operation is usual. The attacker then computes the differences of the corresponding ciphertexts, hoping to detect statistical patterns in their distribution. In the basic attack, one particular ciphertext difference is expected to be especially frequent; in this way, the cipher can be distinguished from random. More sophisticated variations allow the key to be recovered faster than exhaustive search.
For any particular cipher, the input difference must be carefully selected if the attack is to be successful. An analysis of the algorithm's internals is undertaken; the standard method is to trace a path of highly probable differences through the various stages of encryption, termed a differential characteristic.
Since differential cryptanalysis became public knowledge, it has become a basic concern of cipher designers. New designs are expected to be accompanied by evidence that the algorithm is resistant to this attack, and many, including the Advanced Encryption Standard, have been proved to be secure against the attack.
See also
References
 Eli Biham, Adi Shamir, Differential Cryptanalysis of the Data Encryption Standard, Springer Verlag, 1993. ISBN 0387979301, ISBN 3540979301.
 Biham, E. and A. Shamir. (1990). Differential Cryptanalysis of DESlike Cryptosystems. Advances in Cryptology — CRYPTO '90. SpringerVerlag. 2–21.
 Coppersmith, Don. (1994). The data encryption standard (DES) and its strength against attacks. IBM Journal of Research and Development, 38(3), 243–250. [2] (http://www.research.ibm.com/journal/rd/383/coppersmith.pdf)
External links
 A tutorial on differential (and linear) cryptanalysis (http://www.engr.mun.ca/~howard/Research/Papers/ldc_tutorial.html)
 Helger Lipmaa's links on differential cryptanalysis (http://www.cs.ut.ee/~helger/crypto/link/block/dc.php)
 A description of the attack applied to DES (http://home.earthlink.net/~mylnir/desdoc.html)
Block ciphers edit (https://search.academickids.com:443/encyclopedia/index.php?title=Template:Block_ciphers&action=edit) 
Algorithms: 3Way  AES  Akelarre  Blowfish  Camellia  CAST128  CAST256  CMEA  DEAL  DES  DESX  FEAL  FOX  FROG  GDES  GOST  ICE  IDEA  Iraqi  KASUMI  KHAZAD  Khufu and Khafre  LOKI89/91  LOKI97  Lucifer  MacGuffin  Madryga  MAGENTA  MARS  MISTY1  MMB  NewDES  RC2  RC5  RC6  REDOC  Red Pike  S1  SAFER  SEED  Serpent  SHACAL  SHARK  Skipjack  Square  TEA  Triple DES  Twofish  XTEA 
Design: Feistel network  Key schedule  Product cipher  Sbox  SPN Attacks: Brute force  Linear / Differential cryptanalysis  Mod n  XSL Standardisation: AES process  CRYPTREC  NESSIE Misc: Avalanche effect  Block size  IV  Key size  Modes of operation  Pilingup lemma  Weak key 