DES-EEE2;DES-EDE2;Merkle;VAn Oorshot;Wiener;attacks;keys;multiple encryption">

Question 72. What is Triple-DES?

For some time it has been common practice to protect and transport a key for DES encryption with triple-DES. This means that the plaintext is, in effect, encrypted three times. There are, of course. a variety of ways of doing this; we will explore these ways below. See Question 85 for a discussion of multiple encryption in general.

A number of modes of triple-encryption have been proposed:

Attacks on two-key triple-DES have been proposed by Merkle and Hellman [MH81] and Van Oorschot and Wiener [VW91], but the data requirements of these attacks make them impractical. Further information on triple-DES can be obtained from various sources [Bih95][KR96].

The use of double and triple encryption does not always provide the additional security that might be expected. Preneel [Pre94] provides the following comparisons in the security of various versions of multiple-DES and it can be seen that the most secure form of multiple encryption is triple-DES with three distinct keys.


      # of        # of Keys    Computation    Storage     Type of Attack    
  Encryptions                                                               

single                1            256           -      known plaintext     

single                1            238          238     chosen plaintext    

single                1             -           256     chosen plaintext    
                                                                            

double                2           2112           -      known plaintext     

double                2            256          256     known plaintext     

double                2             -           2112    chosen plaintext    

triple                2           2112           -      known plaintext     

triple                2            256          256     256 chosen plaintext           

triple                2          2120-t          2t     2t known plaintext    

triple                2             -           256     chosen plaintext    

triple                3           2112          256     known plaintext     

triple                3            256          2112    chosen plaintext    


Table 1: Comparison of different forms of DES multiple encryption