Peter Wayner describes the use of a content-addressable memory to attack DES in [Way93]. The content-addressable memory is used as an array of bit-level processors; they could be reprogrammed, as we propose, to attack algorithms which differ slightly from DES. The processing elements are sufficiently simple that it would be very hard to implement the more ``modern'' software-oriented algorithms which rely an arithmetic operators rather than boolean operations and bit permutations. FPGAs have no such limitation. In addition, Wayner's DES algorithm is coded by hand; he does not address automatic code generation for his machine from a high-level algorithm description. Finally, his results are more than an order of magnitude slower than rival custom ASIC implementations.
Wiener describes a hardware implementation of DES in detail in [Wie94]. The design is for 0.8 m standard-cell CMOS, clocked at 50 MHz. His custom chip achieves the highest speed-to-price ratio of any hardware implementation to date; our implementation success in FPGA technology will be measured against his standard. Dave Wagner describes an extension to Wiener's work to allow ciphertext-only attacks on DES for an order of magnitude more cost[WB94]; our current work concerns itself with Wiener's baseline design only.
The idea of utilizing configurable computing devices cryptographically was first proposed by [V+96] and [ACC+95], who studied long-integer arithmetic circuits suitable for public-key cryptography. These results have little relevance to the secret-key systems we consider in this paper. Implementations of microprocessors with reconfigurable functional units would be well suited to attacking cryptographic algorithms with complex boolean operations and bit permutations; however, the published literature [AS93,WH95] does not address this issue.