How Many Tests to Break DES and AES Encryption by Brute Force?

  • MHB
  • Thread starter Sudharaka
  • Start date
  • Tags
    Force
In summary, the necessary number of tests to break a DES encryption by brute force is $2^{55}$, while the expected number is $2^{56}$. For a 128-bit key AES encryption, both the necessary and expected number of tests is $2^{128}$. The difference in the expected number for DES is due to its complimentary key weakness, while AES does not have this weakness. The term "expected" refers to the average value in this context.
  • #1
Sudharaka
Gold Member
MHB
1,568
1
Hi everyone, :)

Here's a question I encountered in one of my computer science classes.
  • How many tests are necessary to break a DES encryption by brute force attack?
  • What is the expected number of tests to break a DES encryption by brute force attack?
  • How many tests are necessary to break a 128-bit key AES encryption by brute force attack?
  • What is the expected number of tests to break a 128-bit key AES encryption by brute force attack?

And here's my answer. I just want to know whether you think it's correct. It seems ambiguous to me what is meant by necessary and expected in these questions. I hope I did it correctly but want some confirmation. :)

My Answer:

The number of bits in the key of the DES algorithm is 64. However only 56 bits are used in encryption; giving a total number of $2^{56}$ keys. Therefore the expected number of tests to break a DES encryption by brute force is $2^{56}$. However DES has the property that the compliment of the plaintext gives the compliment of the ciphertext under the compliment of the key. That is if the encryption is given as, $c=E(p,\,k)$ then, $\neg c=E(\neg p,\,\neg k)$. Therefore in each test (each application of the decryption algorithm) we can take the compliment of the plaintext that is produced and check whether it makes sense. This means instead of running the decryption algorithm $2^{56}$ times we only need to run the algorithm $2^{56}\div 2=2^{55}$ times. Hence the necessary number of tests to break a DES encryption by brute force is $2^{55}$.

Both expected and necessary number of tests to break a 128-bit AES encryption by brute force is $2^{128}$. This stems from the fact that the AES encryption scheme does not have the complimentary key weakness as the DES algorithm. So each key will have to be tested separately applying the decryption algorithm over and over again.
 
Mathematics news on Phys.org
  • #2
Sudharaka said:
Hi everyone, :)

Here's a question I encountered in one of my computer science classes.
  • How many tests are necessary to break a DES encryption by brute force attack?
  • What is the expected number of tests to break a DES encryption by brute force attack?
  • How many tests are necessary to break a 128-bit key AES encryption by brute force attack?
  • What is the expected number of tests to break a 128-bit key AES encryption by brute force attack?

And here's my answer. I just want to know whether you think it's correct. It seems ambiguous to me what is meant by necessary and expected in these questions. I hope I did it correctly but want some confirmation. :)

My Answer:

The number of bits in the key of the DES algorithm is 64. However only 56 bits are used in encryption; giving a total number of $2^{56}$ keys. Therefore the expected number of tests to break a DES encryption by brute force is $2^{56}$. However DES has the property that the compliment of the plaintext gives the compliment of the ciphertext under the compliment of the key. That is if the encryption is given as, $c=E(p,\,k)$ then, $\neg c=E(\neg p,\,\neg k)$. Therefore in each test (each application of the decryption algorithm) we can take the compliment of the plaintext that is produced and check whether it makes sense. This means instead of running the decryption algorithm $2^{56}$ times we only need to run the algorithm $2^{56}\div 2=2^{55}$ times. Hence the necessary number of tests to break a DES encryption by brute force is $2^{55}$.

Both expected and necessary number of tests to break a 128-bit AES encryption by brute force is $2^{128}$. This stems from the fact that the AES encryption scheme does not have the complimentary key weakness as the DES algorithm. So each key will have to be tested separately applying the decryption algorithm over and over again.

Our professor told that "expected" means the average value. So basically the expected number of tests needed to break a DES encryption is $2^{55}$ and for AES it's $2^{127}$.
 
  • #3
Sudharaka said:
Hi everyone, :)

Here's a question I encountered in one of my computer science classes.
  • How many tests are necessary to break a DES encryption by brute force attack?
  • What is the expected number of tests to break a DES encryption by brute force attack?
  • How many tests are necessary to break a 128-bit key AES encryption by brute force attack?
  • What is the expected number of tests to break a 128-bit key AES encryption by brute force attack?

And here's my answer. I just want to know whether you think it's correct. It seems ambiguous to me what is meant by necessary and expected in these questions. I hope I did it correctly but want some confirmation. :)

My Answer:

The number of bits in the key of the DES algorithm is 64. However only 56 bits are used in encryption; giving a total number of $2^{56}$ keys. Therefore the expected number of tests to break a DES encryption by brute force is $2^{56}$. However DES has the property that the compliment of the plaintext gives the compliment of the ciphertext under the compliment of the key. That is if the encryption is given as, $c=E(p,\,k)$ then, $\neg c=E(\neg p,\,\neg k)$. Therefore in each test (each application of the decryption algorithm) we can take the compliment of the plaintext that is produced and check whether it makes sense. This means instead of running the decryption algorithm $2^{56}$ times we only need to run the algorithm $2^{56}\div 2=2^{55}$ times. Hence the necessary number of tests to break a DES encryption by brute force is $2^{55}$.

Both expected and necessary number of tests to break a 128-bit AES encryption by brute force is $2^{128}$. This stems from the fact that the AES encryption scheme does not have the complimentary key weakness as the DES algorithm. So each key will have to be tested separately applying the decryption algorithm over and over again.

Our professor told that "expected" means the average value. So basically the expected number of tests needed to break a DES encryption is $2^{55}$ and for AES it's $2^{127}$.
 
  • #4
Sudharaka said:
Our professor told that "expected" means the average value. So basically the expected number of tests needed to break a DES encryption is $2^{55}$ and for AES it's $2^{127}$.

Remember that without further information on the key you are trying to find, you can only assume it has been chosen uniformly from the key space (from $[0, 2^{56})$ and $[0, 2^{128})$ respectively) so after trying half the keys you should expect to have found the correct one with probability $\frac{1}{2}$. In probability theory, the expected value is a synonym for the average value (or, perhaps, it is the opposite :p)

If you go on to study advanced cryptography, the reason you fall back to a uniform distribution will be formally explained in more detail than you would have ever hoped :) (it comes from the way security properties are defined, and that the uniform distribution constitutes the global maximum of all probability distributions under a very well-defined metric, which makes it essential to properly calculate worst-case security bounds - specifically, it is the maximum-entropy distribution of all continuous distributions).
 
Last edited:
  • #5
Therefore, the expected and necessary number of tests to break a 128-bit AES encryption by brute force is $2^{128}$.

I hope this explanation helps clarify the concept of necessary and expected number of tests in the context of brute force attacks on DES and AES encryption. It is important to note that these numbers represent the theoretical maximum number of tests and in practice, the actual number of tests may be significantly lower depending on various factors such as computing power and algorithmic vulnerabilities. It is also crucial to use strong and secure encryption algorithms and keys to ensure the safety of sensitive data.
 

FAQ: How Many Tests to Break DES and AES Encryption by Brute Force?

What is Brute Force on DES and AES?

Brute force on DES and AES refers to a method of trying every possible key combination in order to decrypt encrypted data. DES (Data Encryption Standard) and AES (Advanced Encryption Standard) are both commonly used encryption algorithms.

How does Brute Force on DES and AES work?

Brute force on DES and AES works by systematically trying every possible key combination until the correct key is found. This can be a time-consuming process, as the number of possible key combinations grows exponentially with the length of the key.

Can Brute Force on DES and AES be successful?

Brute force on DES and AES can be successful, but it depends on the length of the key and the computing power being used. Longer keys and stronger encryption algorithms will make it more difficult and time-consuming to successfully brute force the encryption.

Is Brute Force on DES and AES a common attack method?

Brute force on DES and AES is a commonly used attack method, especially in cases where the encrypted data is of high value and the attacker has sufficient computing power to try a large number of key combinations.

How can I protect against Brute Force on DES and AES?

To protect against Brute Force on DES and AES, it is important to use strong encryption algorithms, such as AES with a longer key length. It is also recommended to use a combination of letters, numbers, and special characters in the key to make it more difficult to guess. Additionally, regularly changing the key and limiting access to the encrypted data can also help protect against brute force attacks.

Similar threads

Comp Sci Data Encryption Standard Confusion
Replies
2
Views
1K
A historical look at decrypting the Enigma
2
Replies
52
Views
4K
MHB Testing Randomness of Cryptographic Data
Replies
1
Views
1K
Decrypting Encrypted Messages | Easy Algorithm and Challenge
Replies
4
Views
3K
Is there a way to do this without brute force ?
Replies
17
Views
3K
A How Many Hidden Variables Would It Take to Model Photon Polarization?
2
Replies
45
Views
5K
BRS: PKI Cryptosystems for SA/Ms: A Tutorial
Replies
13
Views
3K
Mathematica This Week's Finds in Mathematical Physics (Week 226)
Replies
7
Views
3K
What if Gravity could be controlled?
Replies
2
Views
2K
Mathematica This Week's Finds in Mathematical Physics (Week 226)
Replies
7
Views
3K

Hot Threads

Recent Insights

Back
Top