Abstract
The DES has reached the end of its lifetime due to its too short key length and block length (56 and 64 bits respectively). As we are awaiting the new AES, triple (and double) encryption are the common solution. However, several authors have shown that these multiple modes are much less secure than anticipated. The general belief is that these schemes should not be used, as they are not resistant against attacks requiring 264 chosen plaintexts. This paper extends the analysis by considering some more realistic attack models. It also presents an improved attack on multiple modes that contain an OFB mode and discusses practical solutions that take into account realistic constraints.
F.W.O. postdoctoral researcher, sponsored by the Fund for Scientic Research, Flanders (Belgium).
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
ANSI draft X9.52, “Triple Data Encryption Algorithm Modes of Operation,” Revision 6.0, 1996.
M. Bellare, A. Desai, E. Jokipii, P. Rogaway, “A concrete security treatment of symmetric encryption: Analysis of the DES modes of operation,” Proceedings of the 38th Symposium on Foundations of Computer Science, IEEE, 1997.
E. Biham, “New types of cryptanalytic attacks using related keys,” EUROCRYPT’93, LNCS 765, Springer-Verlag, 1994, pp. 398–409.
E. Biham, “On modes of operation,” Fast Software Encryption’93, LNCS 809, Springer-Verlag, 1994, pp. 116–120.
E. Biham, “Cryptanalysis of multiple modes of operation,” ASIACRYPT’94, LNCS 917, Springer-Verlag, 1994, pp. 278–292.
E. Biham, “Cryptanalysis of triple-modes of operation,” Technion Technical Report CS0885, 1996.
E. Biham, L. R. Knudsen, “Cryptanalysis of the ANSI X9.52 CBCM mode,” EUROCRYPT’98, LNCS 1403, Springer-Verlag, 1998, pp. 100–111.
E. Biham, A. Shamir, “Differential Cryptanalysis of the Data Encryption Standard,” Springer-Verlag, 1993.
D. Coppersmith, “A chosen-ciphertext attack on triple-DES modes,” 1994.
D. Coppersmith, “A chosen-plaintext attack on 2-key inner triple DES CBC/EDE,” 1995.
D. Coppersmith, D. B. Johnson, S. M. Matyas, “A proposed mode for triple-DES encryption,” IBM Journal of Research and Development, Vol. 40, No. 2, 1996, pp. 253–262.
The Electronic Frontier Foundation, “Cracking DES. Secrets of Encryption Research, Wiretap Politics & Chip Design,” O’Reilly, May 1998.
FIPS 46, “Data Encryption Standard,” US Department of Commerce, National Bureau of Standards, 1977 (revised as FIPS 46-1:1988; FIPS 46–2:1993).
FIPS 81, “DES Modes of Operation,” US Department of Commerce, National Bureau of Standards, 1980.
P. Flajolet, A. M. Odlyzko, “Random mapping statistics,” EUROCRYPT’89, LNCS 434, Springer-Verlag, 1990, pp. 329–354.
B. S. Kaliski, M.J.B. Robshaw, “Multiple encryption: Weighing security and performance,” Dr. Dobb’s Journal, January 1996, pp. 123–127.
J. Kilian, P. Rogaway, “How to protect DES against exhaustive key search, CRYPTO’96, LNCS 1109, Springer-Verlag, 1996, pp. 252–267.
L. R. Knudsen, “Block Ciphers-Analysis, Design and Applications,” PhD thesis, Aarhus University, Denmark, 1994.
L. R. Knudsen, “DEAL: a 128-bit block cipher,” AES submission, 1998.
L. Knudsen, B. Preneel, “MacDES: MAC algorithm based on DES,” Electronics Letters, Vol. 34, No. 9, 1998, pp. 871–873
S. Lucks, “Attacking triple encryption,” Fast Software Encryption’98, LNCS 1372, Springer-Verlag, 1998, pp. 239–253.
S. Lucks, “On the security of the 128-bit block cipher DEAL,” Fast Software Encryption, LNCS, L.R. Knudsen, Ed., Springer-Verlag, 1999.
M. Matsui, “Linear cryptanalysis method for DES cipher,” EUROCRYPT’93, LNCS 765, Springer-Verlag, 1993, pp. 386–397.
R. C. Merkle, M. E. Hellman, “On the security of multiple encryption,” Communications of the ACM, Vol. 24, No. 7, 1981, pp. 465–467.
W. Tuchman, “Hellman presents no shortcut solutions to the DES,” Spectrum, Vol. 16, 1979, pp. 40–41.
P. C. van Oorschot, M. J. Wiener, “A known-plaintext attack on two-key triple encryption,” EUROCRYPT’90, LNCS 473, 1990, pp. 318–325.
P. C. van Oorschot, M. J. Wiener, “Improving implementable meet-in-the-middle attacks by orders of magnitude,” CRYPTO’96, LNCS 1109, 1996, pp. 229–236.
D. Wagner, “Cryptanalysis of some recently-proposed multiple modes of operation,” Fast Software Encryption’98, LNCS 1372, Springer-Verlag, 1998, pp. 254–269.
M.J. Wiener, “Efficient DES key search,” Technical Report TR-244, School of Computer Science, Carleton University, Ottawa, Canada, May 1994. Presented at the rump session of Crypto’93 and reprinted in W. Stallings, Practical Cryptography for Data Internetworks, IEEE Computer Society Press, 1996, pp. 31–79.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Handschuh, H., Preneel, B. (1999). On the Security of Double and 2-Key Triple Modes of Operation. In: Knudsen, L. (eds) Fast Software Encryption. FSE 1999. Lecture Notes in Computer Science, vol 1636. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48519-8_16
Download citation
DOI: https://doi.org/10.1007/3-540-48519-8_16
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66226-6
Online ISBN: 978-3-540-48519-3
eBook Packages: Springer Book Archive