The bits of the subkey are the center set for a cayley graph; whose center generates the operators of the semigroup whose transition matrix elements permute equivalence classes/partitions over the plaintext, in such a manner that on average the active input and output lines of a sbox are balanced, which provides strength against differential cryptanalysis leveraging maximum likelihood computations to infer a predictive relationship between differentials and keybits – that can drive a counting attack to deduce a correlation function.
In general one simply establishes the theorem that the work required to overcome the protection against differential attacks is tantamount to brute force.
This logic only holds for DES in ECB. It doesn’t hold for DES in CBC, where the naïve feedback can undermine the assumptions about independence. The related computational graphs can induce partitions within the key space (with each CBC round acting as a new-layer of “depth”), leading to a relationship between the transition matrices in each computation graph set (that allows for faster likelihood computations).
Its tempting to think of CBC as a continued set of round of ECB; but that’s NOT what happens – and in any case there is no value in having more than n rounds since one has already hit the stationary distribution (and thus maximum distance from the keybits, upon which the process depends of course) within ECB, by definition.