Differential Cryptanalysis is a potent cryptanalytic technique introduced by Biham and Shamir [3]. Differential cryptanalysis is designed for the study and attack of DES-like cryptosystems. A DES-like cryptosystem is an iterated cryptosystem which relies on conventional cryptographic techniques such as substitution and diffusion. CA cryptosystems are clearly in this category, so one might expect them to yield to a differential cryptanalytic attack. Yet, due to their probabilistic nature, CA cryptosystems resist automatic application of Biham and Shamir's techniques. Why this is so is explained in this section.
Differential cryptanalysis is a chosen-plaintext/chosen-ciphertext cryptanalytic attack. Cryptanalysts choose pairs of plaintexts such that there is a specified difference between members of the pair. They then study the difference between the members of the corresponding pair of ciphertexts. Statistics of the plaintext pair-ciphertext pair differences can yield information about the key used in encryption. All of the cryptosystems thus far studied using differential cryptanalysis are non-probabilistic cryptosystems in which each plaintext corresponds to a unique ciphertext, i.e. block vs. block-link cryptosystems. In a block-link cryptosystem differences in the link as well as differences in the block can be considered. We will first consider fixing the link and producing differences in the block, and then consider fixing the block and producing differences in the link.