Cryptanalysis of multiple modes of operation

  • Eli Biham
Conference paper

DOI: 10.1007/BFb0000441

Part of the Lecture Notes in Computer Science book series (LNCS, volume 917)
Cite this paper as:
Biham E. (1995) Cryptanalysis of multiple modes of operation. In: Pieprzyk J., Safavi-Naini R. (eds) Advances in Cryptology — ASIACRYPT'94. ASIACRYPT 1994. Lecture Notes in Computer Science, vol 917. Springer, Berlin, Heidelberg


In recent years, several new attacks on DES were introduced. These attacks have led researchers to suggest stronger replacements for DES, and in particular new modes of operation for DES. The most popular new modes are triple DES variants, which are claimed to be as secure as triple DES. To speed up hardware implementations of these modes, and to increase the avalanche, many suggestions apply several standard modes sequentially. In this paper we study these multiple (cascade) modes of operation. This study shows that many multiple modes are much weaker than multiple DES, and their strength is comparable to a single DES.

We conjecture that operation modes should be designed around an underlying cryptosystem without any attempt to use intermediate data as feedback, or to mix the feedback into an intermediate round. Thus, in particular, triple DES used in CBC mode is more secure than three single DES's used in triple CBC mode. Alternatively, if several encryptions are applied to each block, the best choice is to concatenate them to one long encryption, and build the mode of operation around it.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag 1995

Authors and Affiliations

  • Eli Biham
    • 1
  1. 1.Computer Science DepartmentTechnion-Israel Institute of TechnologyHaifaIsrael

Personalised recommendations