Triple DES

	Email		Print
	Bookmark		Link

Triple DES

In cryptography

Cryptography

Cryptography is the practice and study of hiding information. In modern times cryptography is considered a branch of both mathematics and computer science and is affiliated closely with information theory, computer security and engineering....
, Triple DES is a block cipher

Block cipher

In cryptography, a block cipher is a symmetric key algorithm cipher which operates on fixed-length groups of bits, termed blocks, with an unvarying transformation....
formed from the Data Encryption Standard

Data Encryption Standard

The Data Encryption Standard is a block cipher that was selected by National Bureau of Standards as an official Federal Information Processing Standard for the United States in 1976 and which has subsequently enjoyed widespread use internationally....
(DES) cipher

Cipher

In cryptography, a cipher is an algorithm for performing encryption and decryption — a series of well-defined steps that can be followed as a procedure....
by using it three times.

it was found that a 56-bit key of DES is not enough to guard against brute force attack

Brute force attack

In cryptanalysis, a brute force attack is a method of defeating a cryptographic scheme by systematically trying a large number of possibilities; for example, a large number of the possible key s in a key space in order to decrypt a message....
s, TDES was chosen as a simple way to enlarge the key space without a need to switch to a new algorithm. The use of three steps is essential to prevent meet-in-the-middle attack

Meet-in-the-middle attack

The Meet-in-the-middle attack is a cryptography attack which, like the birthday attack, makes use of a space-time tradeoff. While the birthday attack attempts to find two values in the domain of a function that map to the same value in its range, the meet-in-the-middle attack attempts to find a value in each of the ranges and domains of the c...
s that are effective against double DES encryption. Note that DES is not a group

Group (mathematics)

Discussion

Ask a question about 'Triple DES'

Start a new discussion about 'Triple DES'

Answer questions from other users

Full Discussion Forum

Algorithm

When it was found that a 56-bit key of DES is not enough to guard against brute force attack

Brute force attack

Meet-in-the-middle attack

Group (mathematics)

In mathematics, a group is an algebraic structure consisting of a set together with an Binary operation that combines any two of its element to form a third element....
; if it were one, the TDES construction would be equivalent to a single DES operation and no more secure.

TDES can be operated with variations in two parameters: number of keys used and order of operations. Order of operations : The simplest variant of TDES operates as follows: , where is the message block to be encrypted and , , and are DES keys. This variant is commonly known as EEE because all three DES operations are encryptions. In order to simplify interoperability between DES and TDES the middle step is usually replaced with decryption (EDE mode): and so a single DES encryption with key can be represented as TDES-EDE with . The choice of decryption for the middle step does not affect the security of the algorithm. Number of keys : Since TDES has three cipher operations it allows for the use of one, two, or three keys. The designation of the number of keys use is appended to the end of the order-of-operation notation (e.g. DES-EEE1, DES-EEE2, DES-EEE3). Using one key is the weakest implementation, especially if using an encrypt-decrypt-encrypt order of operation (DES-EDE1) This would effectively result in only one order of encryption since the first two operatons are cancelled out, being encrypted and decrypted with the same key. Using three distinct keys is the most secure operation and would be designated as DES-EEE3 or DES-EDE3.

Security

In general TDES with three different keys (3-key TDES) has a key length of 168 bits: three 56-bit DES key

Key (cryptography)

In cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would have no result....
s (with parity bits 3-key TDES has the total storage length of 192 bits), but due to the meet-in-the-middle attack

Meet-in-the-middle attack

The Meet-in-the-middle attack is a cryptography attack which, like the birthday attack, makes use of a space-time tradeoff. While the birthday attack attempts to find two values in the domain of a function that map to the same value in its range, the meet-in-the-middle attack attempts to find a value in each of the ranges and domains of the c...
the effective security it provides is only 112 bits. A variant, called two-key TDES (2-key TDES), uses k₁ = k₃, thus reducing the key size to 112 bits and the storage length to 128 bits. However, this mode is susceptible to certain chosen-plaintext

Chosen-plaintext attack

A chosen-plaintext attack is an attack model for cryptanalysis which presumes that the attacker has the capability to choose arbitrary plaintexts to be encrypted and obtain the corresponding ciphertexts....
or known-plaintext

Known-plaintext attack

The known-plaintext attack is an attack model for cryptanalysis where the attacker has samples of both the plaintext and its encryption version and is at liberty to make use of them to reveal further secret information such as Cryptographic key and Code book....
attacks and thus it is designated by NIST

National Institute of Standards and Technology

The National Institute of Standards and Technology , known between 1901 and 1988 as the National Bureau of Standards , is a measurement standards laboratory which is a non-regulatory agency of the United States Department of Commerce....
to have only 80 bits of security.

The best attack known on 3-key TDES requires around 2³² known plaintexts, 2¹¹³ steps, 2⁹⁰ single DES encryptions, and 2⁸⁸ memory (the paper presents other tradeoffs between time and memory). This is not currently practical and NIST considers 3-key TDES to be appropriate through 2030. If the attacker seeks to discover any one of many cryptographic keys, there is a memory-efficient attack which will discover one of 2²⁸ keys, given a handful of chosen plaintexts per key and around 2⁸⁴ encryption operations.

Usage

TDES is slowly disappearing from use, largely replaced by the Advanced Encryption Standard

Advanced Encryption Standard

In cryptography, the Advanced Encryption Standard is an encryption standard adopted by the Federal government of the United States. The standard comprises three block ciphers, AES-128, AES-192 and AES-256, adopted from a larger collection originally published as Rijndael. Each AES cipher has a 128 bit block size, with key sizes of 128...
(AES). One large-scale exception is within the electronic payments industry, which still uses 2TDES extensively and continues to develop and promulgate standards based upon it (e.g. EMV

EMV

EMV is a standard for interoperation of IC cards and IC capable point of sale terminals and Automated Teller Machine's, for authenticating credit card and debit card payments....
). This guarantees that TDES will remain an active cryptographic standard well into the future.

DES and therefore TDES suffer from slow performance in software; on modern processors, AES tends to be around six times faster. TDES is better suited to hardware implementations, and indeed where it is still used it tends to be with a hardware implementation (e.g., VPN appliances and the Nextel cellular and data network), but even there AES outperforms it. Finally, AES offers higher security margins in that it has better withstood cryptanalytic attack, allows a larger block size, and supports longer keys.

Triple DES

Algorithm

Security

Usage

See also