0Pricing
Cryptology Academy · Lesson

Triple DES: Extending DES Lifespan

Learn how 3DES extended DES security through multiple encryption passes and where it is still used.

The Meet-in-the-Middle Attack on Double DES

The obvious fix to DES's weak key length is to apply it twice (Double DES): C = DES_K2(DES_K1(P)). With two 56-bit keys, the nominal key space is 2^112.

However, meet-in-the-middle attack demolishes this: encrypt all plaintexts with all 2^56 K1 values, decrypt all ciphertexts with all 2^56 K2 values, and find matching intermediate values. The attack needs only 2^56 work and 2^56 storage, giving Double DES no security advantage over single DES.

2-Key Triple DES Security

Triple DES with two keys uses three DES operations but only two keys: C = DES_K1(DES^-1_K2(DES_K1(P))). The EDE (Encrypt-Decrypt-Encrypt) order is used for backward compatibility.

The security of 2-key 3DES is approximately 112 bits against known attacks, though meet-in-the-middle attacks reduce it somewhat. 2-key 3DES is used in many legacy banking and payment systems.

All lessons in this course

  1. DES Design and the Lucifer Cipher
  2. How DES Was Cracked
  3. Triple DES: Extending DES Lifespan
  4. Lessons from DES: What We Learned
← Back to Cryptology Academy