Advanced Micro Devices. AmZ8068/Am9518 data ciphering processor.
1984.

American National Standards Institute. Data Encryption Algorithm.
X3.92 (1981).

AT&T Technologies: T7000A digital encryption processor. 1985.

S. Banerjee: High speed implementations of DES.
Computers Security 1 (1982), 261-267.

W. Barker: Introduction to the analysis of the Data Encryption
Standard (DES). Aegean Park 1991.

7641 Ishai Ben-Aroya/Eli Biham: Differential cryptoanalysis of Lucifer.
J. Cryptology 9 (1996), 21-34.

Eli Biham/Adi Shamir: Differential cryptanalysis of DES-like
cryptosystems. Springer LN CS 537 (1991), 2-21.

Eli Biham/Adi Shamir: Differential cryptanalysis of DES-like
cryptosystems. J. Cryptology 4 (1991), 3-72.

Eli Biham/Adi Shamir: Differential cryptanalysis of the full
16-round DES. Israel Inst. Techn. TR 708 (1991).

Eli Biham/Adi Shamir: Differential cryptanalysis of the full
16-round DES. Springer LN CS 740 (1993), 487-496.

Eli Biham/Adi Shamir: Differential cryptoanalysis of the Data Encryption
Standard. Springer 1993.

8721 Eli Biham/Adi Shamir: The next stage of differential fault analysis -
how to break completely unknown cryptosystems.
Internet 1996, 2 p. (draft).

8722 Eli Biham/Adi Shamir: A new cryptanalytic attack on DES.
Internet 1996, 3p. (draft).

8723 Eli Biham/Adi Shamir: Identifying the structure of unknown ciphers
sealed in tamper-proof devices. Internet 1996, 2p. (draft).

E. Brickell/J. Moore/M. Purtill: Structure of the S-boxes of DES.
Springer LN CS 263 (1987), 3-8.

K. Campbell/Michael Wiener: Proof that DES is not a group.
CRYPTO '92, ...

D. Chaum/J. Evertse: Cryptanalysis of DES with a reduced number
of rounds. Springer LN CS 218 (1986), 192-211.

D. Coppersmith: The Data Encryption Standard (DES) and its strenght
against attacks. IBM Res. Rep. RC 18613 (81421) (1992).

D. Coppersmith: DES designed to withstand differential cryptanalysis.
sci.crypt 1992, article 6135.

11298 Matt Curtin: What DESCHALL means. Internet 1997, 5p.

11293 Matt Curtin: DESCHALL press release. Internet 1997, 3p.

D. Davies: Some regular properties of the Data Encryption Standard
algorithm. Crypto '82, Plenum 1983, 89-96.

D. Davies/W. Price: Security for computer networks. Wiley 1989.

M. Davio a.o.: Analytical characteristics of the DES.
Advances in Cryptology - Crypto '83, Plenum 1984, 171-202.

Y. Desmedt/J. Quisquater/M. Davio: Dependence of output on input
in DES - small avalanche characteristics.
Springer LN CS 196 (1985), 359-376.

W. Diffie/M. Hellman: Exhaustive cryptanalysis of the NBS Data
Encryption Standard. Computer June 1977, ...

H. Eberle: A high-speed DES implementation for network applications.
Springer LN CS 740 (1993), 521-539.

R. Fairfield/A. Matusevich/J. Plany: An LSI digital encryption
processor (DEP). Springer LN CS 196 (1985), 115-143.

F. Feldman: Fast spectral tests for measuring nonrandomness and
the DES. Springer LN CS 293 (1988), 243-254.

7667 Walter Fumy/Hans Peter Riess: Kryptographie. Oldenbourg 1994.
Contains a very detailed discussion of the DES.

T. Gutekunst: Der Lucifer-Algorithmus.
Mikro- und Kleincomputer 8/4 (1986), 55-60.

M. Hellman: DES will be totally insecure within ten years.
IEEE Spectrum 16/7 (1979), 32-39.

M. Hellman a.o.: Results of an initial attempt to cryptanalyse the
NBS Data Encryption Standard. Stanford SEL 76-042 (1976).

7640 Howard Heys/Stafford Tavares: Substitution-permutation networks
resistant to differential and linear cryptanalysis.
J. Cryptology 9 (1996), 1-19.

F. Hoornaert/J. Goubert/Y. Desmedt: Efficient hardware implementation
of the DES. Springer LN CS 196 (1985), 147-173.

2113 Patrick Horster: Kryptologie. Bibl. Inst. 1987.
Contains a clear and detailed chapter (44 pages) on the DES.

R. Jueneman: Analysis of certain aspects of output feedback mode.
Crypto '82, Plenum 1983, 99-127.

11401 John Kelsey/Bruce Schneier/David Wagner: Key-schedule cryptanalysis
of IDEA, G-DES, GOST, SAFER, AND Triple-DES. Internet ca. 1996, 15p.

L. Knudsen: Iterative characteristics of DES and S2-DES.
Springer LN CS 740 (1993), 497-511.

X. Lai/J. Massey: A proposal for a new block encryption standard.
EUROCRYPT '90, ...

X. Lai/J. Massey: Markov ciphers and differential cryptanalysis.
EUROCRYPT '91, ...

13099 Susan Landau: Standing the test of time - the Data Encryption Standard.
Notices AMS March 2000, 341-349.

M. Matsui: Linear cryptanalysis method for DES cipher.
Pre-Proc. Eurocrypt '93 (1993), ...

R. Merkle/M. Hellman: On the security of multiple encryption.
Comm. ACM ... (1981), ...

R. Meushaw: The standard encryption algorithm.
Byte 1979/4, 110-130.

C. Meyer/S. Matyas: Cryptography. Wiley 1982.

J. Moore/G. Simmons: Cycle structure of the DES with weak and semi-weak
keys. Springer LN CS 263 (1987), 9-33.

R. Morris/N. Sloane/A. Wyner: Assessment of the National Bureau of
Standards proposed Federal Data Encryption Standard.
Cryptologia 1 (1977), 281-291.

S. Murphy: The cryptanalysis of FEAL-4 with 20 chosen plaintexts.
J. Cryptology 3 (1990), ...

National Bureau of Standards: Data Encryption Standard.
Fed. Inf. Proc. Standards Publ. 46 (1977).

National Bureau of Standards: DES modes of operation.
Fed. Inf. Proc. Standards Publ. 81 (1980).

Paul van Oorschot/Michael Wiener: A known-plaintext attack on two-key triple
encryption. EUROCRYPT '90, ...

4871 Christoph Po''ppe: Spa''te Rehabilitation des Data Encryption Standard.
Spektrum 1993/5, 19-24.

J. Quisquater/J. Delescaille: Other cycling test for DES.
Springer LN CS 293 (1988), 255-256.

J. Quisquater/J. Delescaille: How easy is collision search? Applications
to DES. Springer LN CS 434 (1990), 429-434.

M. Rhee: Cryptography and secure communication. McGraw-Hill 1994.

13492 Charles Seife: Algorithmic gladiators vie for digital glory.
Science 19 May 2000, 1161-1163.

M. Smid/D. Branstad: The Data Encryption Standard - past and future.
Proc. IEEE 76/5 (1988), ...

A. Sorkin: Lucifer, a cryptographic algorithm.
Cryptologia 8 (1984), 22-41.

9623 William Stallings: Sicherheit im Datennetz.
Prentice Hall 1995, 522p. 3-930436-29-9. DM 59.

W. Tuchman: Hellman presents no shortcut solutions to the DES.
IEEE Spectrum 16/7 (1979), 40-41.

I. Verbauwhede a.o.: Security considerations in the design and
implementation of a new DES chip. Springer LN CS 304 (1988), 287-300.

V. Voydock/S. Kent: Security mechanisms in high-level network
protocols. Computing Surveys June 1983, ...

Michael Wiener: Efficient DES key search.
Crypto '93, ...

K. Zeng/J. Yang/Z. Dai: Patterns of entropy drop of the key
in an S-box of the DES. Springer LN CS 293 (1988), 438-444.