This website does readability filtering of other pages. All styles, scripts, forms and ads are stripped. If you want your website excluded or have other feedback, use this form.

Making a Faster Cryptanalytic Time-Memory Trade-Off | SpringerLink

Annual International Cryptology Conference

CRYPTO 2003: Advances in Cryptology - CRYPTO 2003 pp 617-630 | Cite as

Making a Faster Cryptanalytic Time-Memory Trade-Off

  • Philippe Oechslin
Conference paper Part of the Lecture Notes in Computer Science book series (LNCS, volume 2729)


In 1980 Martin Hellman described a cryptanalytic time-memory trade-off which reduces the time of cryptanalysis by using precalculated data stored in memory. This technique was improved by Rivest before 1982 with the introduction of distinguished points which drastically reduces the number of memory lookups during cryptanalysis. This improved technique has been studied extensively but no new optimisations have been published ever since. We propose a new way of precalculating the data which reduces by two the number of calculations needed during cryptanalysis. Moreover, since the method does not make use of distinguished points, it reduces the overhead due to the variable chain length, which again significantly reduces the number of calculations. As an example we have implemented an attack on MS-Windows password hashes. Using 1.4GB of data (two CD-ROMs) we can crack 99.9% of all alphanumerical passwords hashes (237) in 13.6 seconds whereas it takes 101 seconds with the current approach using distinguished points. We show that the gain could be even much higher depending on the parameters used.


Time-memory trade-off cryptanalysis precomputation fixed plaintext  Download to read the full conference paper text


  1. 1. Borst, J., Preneel, B., Vandewalle, J.: On time-memory tradeoff between exhaustive key search and table precomputation. In: de With, P.H.N., van der Schaar-Mitrea, M. (eds.) 19th Symp. on Information Theory in the Benelux, Veldhoven (NL), May 28-29, pp. 111–118. Werkgemeenschap Informatie- en Communicatietheorie, Enschede, NL (1998)Google Scholar
  2. 2. Denning, D.E.: Cryptography and Data Security, p. 100. Addison-Wesley, Reading (1982)MATHGoogle Scholar
  3. 3. Fiat, A., Naor, M.: Rigorous time/space tradeoffs for inverting functions. In: STOC 1991, pp. 534–541 (1991)Google Scholar
  4. 4. Hellman, M.E.: A cryptanalytic time-memory trade off. IEEE Transactions on Information Theory IT-26, 401–406 (1980)CrossRefMathSciNetGoogle Scholar
  5. 5. Kim, I.J., Matsumoto, T.: Achieving higher success probability in time-memory trade-off cryptanalysis without increasing memory size. TIEICE: IEICE Transactions on Communications/Electronics/Information and Systems (1999)Google Scholar
  6. 6. Kusuda, K., Matsumoto, T.: Optimization of time-memory tradeoff cryptanalysis and its application to DES, FEAL-32, and skipjack. IEICE Transactions on Fundamentals E79-A(1), 35–48 (1996)Google Scholar
  7. 7. Standaert, F.X., Rouvroy, G., Quisquater, J.J., Legat, J.D.: A time-memory tradeoff using distinguished points: New analysis & FPGA results. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 596–611. Springer, Heidelberg (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Philippe Oechslin
    • 1
  1. 1.Laboratoire de Securité et de Cryptographie (LASEC)Ecole Polytechnique Fédérale de Lausanne, Faculté I&CLausanneSwitzerland

Personalised recommendations

Cite paper


We use cookies to improve your experience with our site. More information