written 8.4 years ago by | • modified 4.5 years ago |
written 8.4 years ago by | • modified 8.4 years ago |
Multiple Encryption and Triple DES
Given the potential vulnerability of DES a brute-force attack, there has been considerable interest in finding an alternative. One approach is to design a completely new algorithm of which AES is a prime example. Another alternative, which would preserve the existing investment in software and equipment, is to use multiple encryption with DES and multiple keys. We begin by examining the simplest example of 2nd alternative. We then look at the widely accepted triple DES (3DES) approach.
1. Double DES
The simplest form of multiple encryption has 2 encryption stages and 2 keys. Given a plaintext P and 2 encryption keys K1 and K2, ciphertext C is generated as:
$C= E (K2, E (K1, P))$
Decryption requires that the keys be applied in reverse order
$P = D ((K1, D (K2, C))$
- For DES, this scheme apparently involves a key length of 56 ×2 = 112 bits, of resulting in a dramatic increase in cryptographic strength. But we need to examine the algorithm more closely.
2.Meet-in-the Middle Attack
The algorithm known as a meet-in-the middle attack, was first described in [DIFF 77]. It is based on the observation that if we have
$C = E ( K2 , E (K , P)) then X = (K1, P) = D (K2, P)$
As shown in figure a.
Given a known pair (P, C) the attack proceeds as follows. First ,encrypt P for all 256 possible values of K1 store these results in a table and then sort the table by the values of X. Next, decrypt C using all 256 possible values of K2. As each decryption is produced, check the result against the table for a match. If a match occurs, then test the 2 resulting keys against a new known plaintext – ciphertext pair. If the 2 keys produce the correct ciphertext , accept them as the correct keys.
$$\text{Figure 4.12.a Double Encryption}$$
$$\text{Figure 4.12.b Triple Encryption}$$
3.Triple DES with two keys
An obvious counter to the meet-in-the middle attack is to use 3 stages of encryption with 3 different keys. This raises the cost of the known – plaintext attack to 2112 , which is beyond what is practical now and far into the future. However, it has the drawback of requiring a key length of 56 ×3 = 168 bits, which may be somewhat unwidely . As an alternative , Tuchman proposed a triple encryption method that uses only 2 keys. The function follows an encrypt- decrypt – encrypt (EDE) sequence.
$C = E ( K1, D ( K2, E (K1, P)))$
There is no cryptographic significance to the use of decryption for the second stage. Its only advantage is that it allows users of 3DES to decrypt data encrypted by users of the older single DES.
$C= E ( K1, D ( K1, E (K1, P))) =E (K1, P)$
3 DES with 2 keys is a relatively popular alternative to DES and has been adopted for use in the key management standards ANS X 9.17 and ISO 8732.
4. Triple DES with 3 keys
Anyone using 2-key 3 DES may feel some concern. Thus, many researchers now feel that three-key 3 DES is the preferred alternative. Three- key has an effective key length of 168 bits and it is defined as follows:
$C= E ( K3, D ( K2, E (K1, P)))$
Backward compatibility with DES is provided by putting K3=K2 or K1=K2. A number of internet-based applications have adopted three-key 3 DES, including PGP and S/ MIME.