Question 85. What is Multiple Encryption?

Intuitively, we might expect that by encrypting a message twice with some block cipher, either with the same key or by using two different keys, then we would expect the resultant encryption to be stronger in all but some exceptional circumstances. And by using three encryptions, we would expect to achieve a yet greater level of security. While there are some more complicated issues to consider (see Question 61), this is pretty much the case, and triple-DES has been used for a considerable time as a more secure cipher for protecting the keys used with single-DES. However, there are some surprising results when we consider exactly how much additional protection is provided by using double and triple encryption.

For instance, the use of double encryption does not provide the expected increase in security [MH81] when compared with the increased implementation requirements, and it cannot be recommended as a good alternative. Instead, triple-encryption is the point at which multiple encryption gives substantial improvements in security. For a more detailed consideration of the situation with DES, see Question 72; for more information on multiple encryption in general see a survey article by Kaliski and Robshaw [KR96].