Mumbai university > Electronics and telecommunication Engineering > Sem 7 > Data compression and Encryption

Marks: 10

Years: Dec 2015

Attack on double DES:

i. The simplest form of multiple encryption has two encryption stages and two keys.

ii. Given a plaintext P and two encryption keys K1 and K2, cipher text C is generated as:

C = E (K2, E (K1, P))

Decryption requires that the keys be applied in reverse order

P = D (K1, D (K2, C))

iii. For DES, this scheme apparently involves a key length of 56x2 = 112 bits of resulting in a dramatic increase in cryptographic strength. But we need to examine the algorithm more closely.

iv. Meet in the middle attack: The algorithm known as a meet in the middle attack was first described in [DIFF 77]. It is based on the observation that if we have

C = E (K2, E (K1, P)) then X = E (K1, P) = D (K2, C)

v. Given a known pair (P, C) the attack proceeds as follows.

vi. First, encrypt P for all $2^5{6}$ possible values of K1 store these results in a table and then sort the table by the values of X.

vii. Next, decrypt C using all the $2^{56}$ possible values of K2. As each decryption is produced check the result against the table for a match.

viii. If a match occurs, then test the 2 resulting keys against a new known plain text – cipher text pair. If the 2 keys produce the correct cipher text, accept them as the correct keys.

Triple DES with two keys:

i. An obvious counter to the meet in the middle attack is to use 3 stages of encryption with 3 different keys.

ii. This raises the cost of the known plain text to $2^{112}$ which is beyond what is practical now and far into the future.

iii. However, it has the drawback of requiring a key length of 56x3= 168 bits which may be somewhat unwisely. As an alternative, Tuchman proposed a triple encryption method that uses only 2 keys. T

iv. The function follows an encrypt-decrypt-encrypt (EDE) sequence.

C = E (K1, D (K2, E (K1, P)))

v. There is no cryptographic significance to the use of decryption for the second stage. Its only advantage is it allows users of 3 DES to decrypt data encrypted by users of the older single DES.

C = E (K1, D (K2, E (K1, P))) = E (K1, P)

vi. 3 DES with two keys is a relatively popular alternative to DES and has been adopted for use in the key management standards ANS X 9.17 and ISO 8732.