Differential Cryptanalysis is a plaintext attack. The basic idea is to obtain the largest possible key by analyzing the effect of specific plaintext difference on the relative ciphertext difference. It can be used to attack any password structured by iteration of a fixed round function and many grouping passwords (including DES). It is a plaintext attack proposed by biham and Shamir in 1991.
Difference analysis involves comparing ciphertext pairs with certain characteristics with plaintext pairs. The analyzer looks for plaintext pairs with some difference. Some of these differences have a high probability of re-occurrence. The difference analysis uses these features to calculate the probability of a possible key, and finally defines it as the most possible key. It is said that this attack relies heavily on the S-box structure. However, the S-box Optimization of DES can combat differential analysis.
In addition, the number of rounds of group encryption has a greater impact on the Difference Analysis. If des only uses eight rounds, it takes several minutes to decrypt it on a PC. However, in the case of 16 rounds, the differential analysis is only a little more effective than the exhaustive key search. However, if it is increased to 17 or 18 rounds, differential analysis and exhaustive key search attacks take the same time. If we increase the number of rounds to 19 rounds, it is easier to use exhaustive search for attacks than differential analysis.
Although the difference analysis theory can be broken, it is not practical because it takes a lot of time and data support.
Reference: modern cryptography Basics
Original article, reprint please indicate the source: http://www.the5fire.net /? P = 85