Skip to main content
SpringerLink
Log in

The Exact Multi-user Security of 2-Key Triple DES

  • Conference paper
  • First Online:
Topics in Cryptology – CT-RSA 2024 (CT-RSA 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14643))

Included in the following conference series:

  • 77 Accesses

Abstract

We study the tight multi-user (mu) security of 2-key triple encryption (2kTE) with its application to 2-key TDES. With an n-bit block and k-bit key primitive block cipher, our new mu lower bound regarding the number of primitive queries is \(2^{\min \{2k,k+n\}}/q\) with \(q\) construction queries, which matches the previous best attacks and is tight. The bound ensures \((112 - \log _2 q)\)-bit security with 2-key TDES, and this can be used to evaluate and predict the security of systems supporting 2-key TDES for legacy use. We finally show that the FX construction does not efficiently improve the mu security with 2kTE, unlike the previous result with 3-key triple encryption appeared in CCS 2022. We show a concrete key-recovery attack with \(O(2^{n+k}/q)\) primitive queries.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 79.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The security of the single encryption is k bits by an exhaustive key search.

  2. 2.

    [9] is better with \(k<n\), e.g., DES, but it is out of the scope of [11] because \(q = 2^k\).

  3. 3.

    This is because in the ideal world, a random permutation and the underlying ideal cipher are independently defined.

  4. 4.

    Thus \(X^{(\alpha _1)} = M^{(\nu , \alpha )}\), \(W^{(\alpha _1)} = K_1^{(\nu )}\), and \(W^{(\alpha _2)} = K_2^{(\nu )}\).

  5. 5.

    This is because for each \(\nu \in [u]\), \(K_2^{(\nu )}\) is used at only the 2nd round.

References

  1. Armknecht, F., Fleischmann, E., Krause, M., Lee, J., Stam, M., Steinberger, J.: The preimage security of double-block-length compression functions. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 233–251. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_13

    Chapter  Google Scholar 

  2. Barker, E., Mouha, N.: NIST special publication 800-67 rev. 2: recommendation for the triple data encryption algorithm (TDEA) block cipher (2017)

    Google Scholar 

  3. Barker, E., Roginsky, A.: NIST special publication 800-131A: transitioning the use of cryptographic algorithms and key lengths (2011)

    Google Scholar 

  4. Barker, E., Roginsky, A.: NIST special publication 800-131A revision 2: transitioning the use of cryptographic algorithms and key lengths (2019)

    Google Scholar 

  5. Bellare, M., Tackmann, B.: The multi-user security of authenticated encryption: AES-GCM in TLS 1.3. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 247–276. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53018-4_10

    Chapter  Google Scholar 

  6. Biham, E.: How to decrypt or even substitute DES-encrypted messages in \(2^{28}\) steps. Inf. Process. Lett. 84(3), 117–124 (2002)

    Article  MathSciNet  Google Scholar 

  7. Chen, S., Lampe, R., Lee, J., Seurin, Y., Steinberger, J.: Minimizing the two-round even-Mansour cipher. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 39–56. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44371-2_3

    Chapter  Google Scholar 

  8. Degabriele, J.P., Govinden, J., Günther, F., Paterson, K.G.: The security of ChaCha20-Poly1305 in the multi-user setting. In: CCS 2021, pp. 1981–2003 (2021)

    Google Scholar 

  9. Diffie, W., Hellman, M.E.: Special feature exhaustive cryptanalysis of the NBS data encryption standard. Computer 10(6), 74–84 (1977)

    Article  Google Scholar 

  10. EMVCo: EMV integrated circuit card specifications for payment systems, book2, security and key management version 4.3 (2011)

    Google Scholar 

  11. Gazi, P., Lee, J., Seurin, Y., Steinberger, J.P., Tessaro, S.: Relaxing full-codebook security: a refined analysis of key-length extension schemes. In: FSE 2015, vol. 9054, pp. 319–341 (2015)

    Google Scholar 

  12. Hoang, V.T., Tessaro, S.: Key-alternating ciphers and key-length extension: exact bounds and multi-user security. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 3–32. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53018-4_1

    Chapter  Google Scholar 

  13. Hoang, V.T., Tessaro, S., Thiruvengadam, A.: The multi-user security of GCM, revisited: tight bounds for nonce randomization. In: CCS 2018, pp. 1429–1440 (2018)

    Google Scholar 

  14. ISO: ISO/TR 19038:2005 banking and related financial services—triple DEA—modes of operation—implementation guidelines (2005)

    Google Scholar 

  15. ISO: ISO/TR 14742:2010 financial services—recommendations on cryptographic algorithms and their use (2010)

    Google Scholar 

  16. Kilian, J., Rogaway, P.: How to protect DES against exhaustive key search (an analysis of DESX). J. Cryptol. 14(1), 17–35 (2001)

    Article  MathSciNet  Google Scholar 

  17. Luykx, A., Mennink, B., Paterson, K.G.: Analyzing multi-key security degradation. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 575–605. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70697-9_20

    Chapter  Google Scholar 

  18. Mitchell, C.J.: On the security of 2-key triple DES. IEEE Trans. Inf. Theory 62(11), 6260–6267 (2016)

    Article  MathSciNet  Google Scholar 

  19. Naito, Y., Sasaki, Y., Sugawara, T., Yasuda, K.: The multi-user security of triple encryption, revisited: exact security, strengthening, and application to TDES. In: CCS 2022 (2022)

    Google Scholar 

  20. NIST: FIPS pub. 46-3: Data encryption standard (1999)

    Google Scholar 

  21. van Oorschot, P.C., Wiener, M.J.: A known-plaintext attack on two-key triple encryption. In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 318–325. Springer, Heidelberg (1991). https://doi.org/10.1007/3-540-46877-3_29

    Chapter  Google Scholar 

  22. Patarin, J.: The “coefficients H’’ technique. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 328–345. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04159-4_21

    Chapter  Google Scholar 

  23. Rescorla, E.: RFC 8446: the transport layer security (TLS) protocol version 1.3 (2018)

    Google Scholar 

  24. Rescorla, E., Tschofenig, H., Modadugu, N.: The datagram transport layer security (DTLS) protocol version 1.3 (2021)

    Google Scholar 

  25. Thomson, M., Turner, S.: Using TLS to secure QUIC. RFC 9001, 1–52 (2021)

    Google Scholar 

  26. Ward, M.: How EMVCo is supporting card data encryption advancements for card personalisation (2021). https://www.emvco.com/emv_insights_post/how-emvco-is-supporting-card-data-encryption-advancements-for-card-personalisation. Accessed 15 Oct 2022

Download references

Author information

Authors and Affiliations

  1. Mitsubishi Electric Corporation, Kamakura, Kanagawa, Japan

    Yusuke Naito

  2. NTT Social Informatics Laboratories, Tokyo, Japan

    Yu Sasaki

  3. The University of Electro-Communications, Tokyo, Japan

    Takeshi Sugawara

Authors
  1. Yusuke Naito
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yu Sasaki
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Takeshi Sugawara
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yusuke Naito .

Editor information

Editors and Affiliations

  1. University of Klagenfurt, Klagenfurt, Austria

    Elisabeth Oswald

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Naito, Y., Sasaki, Y., Sugawara, T. (2024). The Exact Multi-user Security of 2-Key Triple DES. In: Oswald, E. (eds) Topics in Cryptology – CT-RSA 2024. CT-RSA 2024. Lecture Notes in Computer Science, vol 14643. Springer, Cham. https://doi.org/10.1007/978-3-031-58868-6_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-58868-6_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-58867-9

  • Online ISBN: 978-3-031-58868-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation