This project is for the second course homework of the graduate course Cryptanalysis in UCAS. It is the solution of 0CTF2019 zer0des challenge, which is differential analysis of 8 wave DES.
The main part of algorithm is implemented with C++ so that it runs fast enough.
Implementation is based on the 4.3 part of the book.
Identical characteristic is used. However, my implementation seeks to find the 30bit of subkey of K8 at once - I iterate through the key related to SBOX 6/7/8 first by frequency, and then for each fixed SBOX 6/7/8 subkey, I iterate through all possible combination of subkey related to SBOX 2/5. The heuristic that filter out pairs based on number of suggested key is applied (Page 45). After we have a guess of 30 bit of K8, we try to recover remaining bits of the key by the 7th wave result and verify whether it is the correct key.
It seems that my implementation is not careful enough. The original book says that 25000 pairs are required; however in my case 2^17 pairs are required to make success rate higher than 1/2 and 2^19 pairs to make result stable (to make all 1024 tests pass).
make
To run 1024 tests:
./desdif.elf
Assume that the server is at 127.0.0.1:10001, the exploit can be run by
python exp.py