Triple DES: Extending DES Lifespan
Learn how 3DES extended DES security through multiple encryption passes and where it is still used.
The Meet-in-the-Middle Attack on Double DES
The obvious fix to DES's weak key length is to apply it twice (Double DES): C = DES_K2(DES_K1(P)). With two 56-bit keys, the nominal key space is 2^112.
However, meet-in-the-middle attack demolishes this: encrypt all plaintexts with all 2^56 K1 values, decrypt all ciphertexts with all 2^56 K2 values, and find matching intermediate values. The attack needs only 2^56 work and 2^56 storage, giving Double DES no security advantage over single DES.
2-Key Triple DES Security
Triple DES with two keys uses three DES operations but only two keys: C = DES_K1(DES^-1_K2(DES_K1(P))). The EDE (Encrypt-Decrypt-Encrypt) order is used for backward compatibility.
The security of 2-key 3DES is approximately 112 bits against known attacks, though meet-in-the-middle attacks reduce it somewhat. 2-key 3DES is used in many legacy banking and payment systems.
All lessons in this course
- DES Design and the Lucifer Cipher
- How DES Was Cracked
- Triple DES: Extending DES Lifespan
- Lessons from DES: What We Learned