Abstract.
Multiple modes of operation and, in particular, triple modes of operation were proposed as a simple method to improve the strength of blockciphers, and in particular of DES. Developments in the cryptanalysis of DES in recent years have popularized the triple modes of DES, and such modes are now considered for ANSI standards.
In a previous paper we analyzed multiple modes of operation and showed that the security of many multiple modes is significantly smaller than expected. In this paper we extend these results, with new cryptanalytic techniques, and show that all the (cascaded) triple modes of operation are not much more secure than a single encryption—in the case of DES they can be attacked with up to an order of 2 56—2 66 chosen plaintexts or ciphertexts and complexity of analysis. We then propose several candidates for more secure modes.
Article PDF
Similar content being viewed by others
Author information
Authors and Affiliations
Additional information
Received 19 August 1996 and revised 29 September 1997
Rights and permissions
About this article
Cite this article
Biham, E. Cryptanalysis of Triple Modes of Operation . J. Cryptology 12, 161–184 (1999). https://doi.org/10.1007/s001459900050
Published:
Issue Date:
DOI: https://doi.org/10.1007/s001459900050