Encyclopedia of Cryptography and Security

2005 Edition
| Editors: Henk C. A. van Tilborg


  • Christophe De Cannière
Reference work entry
DOI: https://doi.org/10.1007/0-387-23483-7_437

Since the introduction of the Data EncryptionStandard (DES) in the mid 1970s, cryptanalysts have been increasingly concerned about the 56-bit secret key used in the cipher and its vulnerability to exhaustive key search. In 1977, Diffie and Hellman [2] estimated the cost of a machine capable of recovering a 56-bit key within a day at US$20 million. In 1993, Wiener provided a detailed design for a machine which would reduce the average search time to 3.5 hours [10]. The design consisted of 57,000 custom chips and had an estimated cost of US$1 million. Half a decade later, the Electronic Frontier Foundation (EFF) actually built the first search machine. The US$250,000 machine was called “Deep Crack” [3] and ran through the complete key space in nine days.

As it became clear that DES did not provide adequate security because of its 56-bit secret key, the cipher was gradually replaced by Triple-DES (also known as TDEA). Triple-DES is a multipleencryptionscheme. The idea of triple...

This is a preview of subscription content, log in to check access.


  1. [1]
    ANSI-X9.52 (1998). “Triple date encryption algorithm modes of operation.” Revision 6.0.Google Scholar
  2. [2]
    Diffie, W. and M. Hellman (1997). “Exhaustive cryptanalysis of the NBS data encryption standard.” Computer, 10 (6), 74–84.Google Scholar
  3. [3]
    Electronic Frontier Foundation (EFF) (1998). “DES cracker.” http://www.eff.org/DEScracker/
  4. [4]
    Kelsey, J., B. Schneier, and D. Wagner (1996). “Key-schedule cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES.” Advances in Cryptology—CRYPTO'96, Lecture Notes in Computer Science, vol. 1109, ed. N. Koblitz. Springer-Verlag, Berlin, 237–251.Google Scholar
  5. [5]
    Lucks, S. (1998). “Attacking triple encryption.” Fast Software Encryption, FSE'98, Lecture Notes in Computer Science, vol. 1372, ed. S. Vaudenay. Springer-Verlag, Berlin, 239–257.Google Scholar
  6. [6]
    Merkle, R.C. and M.E. Hellman (1981). “On the security of multiple encryption.” Communications of the ACM, 24, 465–467.MathSciNetCrossRefGoogle Scholar
  7. [7]
    National Institute of Standards and Technology (1979). “FIPS-46: Data Encryption Standard (DES).” Revised as FIPS 46-1:1988, FIPS 46-2:1993, FIPS 46-3:1999, available at http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
  8. [8]
    National Institute of Standards and Technology (2004). Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher. SP-800-67, NIST, March 2004. Draft available at http://csrc.nist.gov/publications/drafts.html
  9. [9]
    van Oorschot, P.C. and M.J. Wiener (1990). “A known plaintext attack on two-key triple encryption.” Advances in Cryptology—EUROCRYPT'90, Lecture Notes in Computer Science, vol. 473, ed. I. Damgård. Springer-Verlag, Berlin, 318–325.Google Scholar
  10. [10]
    Wiener, M. (1996). “Efficient des key search.” Practical Cryptography for Data Internetworks, 31–79. Presented at the rump session of CRYPTO'93. Reprinted in Practical Cryptography for Data Internetworks, ed. W. Stallings, IEEE Computer Society Press, pp. 31–79.Google Scholar

Copyright information

© International Federation for Information Processing 2005

Authors and Affiliations

  • Christophe De Cannière

There are no affiliations available