On the Security of Double and 2-Key Triple Modes of Operation

The DES has reached the end of its lifetime due to its too short key length and block length (56 and 64 bits respectively). As we are awaiting the new AES, triple (and double) encryption are the common solution. However, several authors have shown that these multiple modes are much less secure than anticipated. The general belief is that these schemes should not be used, as they are not resistant against attacks requiring 264 chosen plaintexts. This paper extends the analysis by considering some more realistic attack models. It also presents an improved attack on multiple modes that contain an OFB mode and discusses practical solutions that take into account realistic constraints.

[1]  Stefan Lucks On Security of the 128-Bit Block Cipher DEAL , 1999, FSE.

[2]  Philippe Flajolet,et al.  Random Mapping Statistics , 1990, EUROCRYPT.

[3]  Bart Preneel,et al.  MacDES: MAC algorithm based on DES , 1998 .

[4]  Stefan Lucks,et al.  Attacking Triple Encryption , 1998, FSE.

[5]  Paul C. van Oorschot,et al.  A Known Plaintext Attack on Two-Key Triple Encryption , 1991, EUROCRYPT.

[6]  Eli Biham Cryptanalysis of Triple Modes of Operation , 1999, Journal of Cryptology.

[7]  Walter Tuchman,et al.  IV. `Hellman presents no shortcut solutions to the DES¿ , 1979, IEEE Spectrum.

[8]  Paul C. van Oorschot,et al.  Improving Implementable Meet-in-the-Middle Attacks by Orders of Magnitude , 1996, CRYPTO.

[9]  David A. Wagner Cryptanalysis of Some Recently-Proposed Multiple Modes of Operation , 1998, FSE.

[10]  Eli Biham,et al.  Cryptanalysis of Multiple Modes of Operation , 1994, Journal of Cryptology.

[11]  Matthew J. Weiner,et al.  Efficient DES Key Search , 1994 .

[12]  Eli Biham,et al.  Cryptanalysis of the ANSI X9.52 CBCM mode , 2001, Journal of Cryptology.

[13]  Mihir Bellare,et al.  A concrete security treatment of symmet-ric encryption: Analysis of the DES modes of operation , 1997, FOCS 1997.

[14]  G. E. Thyer,et al.  Modes of operation , 1991 .

[15]  Martin E. Hellman,et al.  On the security of multiple encryption , 1981, CACM.

[16]  Mihir Bellare,et al.  A concrete security treatment of symmetric encryption , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[17]  John Gilmore,et al.  Cracking DES - secrets of encryption research, wiretap politics and chip design: how federal agencies subvert privacy , 1998 .

[18]  Stephen M. Matyas,et al.  A proposed mode for triple-DES encryption , 1996, IBM J. Res. Dev..

[19]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[20]  Joe Kilian,et al.  How to Protect DES Against Exhaustive Key Search , 1996, CRYPTO.

[21]  Lars R. Knudsen,et al.  Block Ciphers: Analysis, Design and Applications , 1994 .

[22]  Eli Biham,et al.  Differential Cryptanalysis of the Data Encryption Standard , 1993, Springer New York.

[23]  Ralph Howard,et al.  Data encryption standard , 1987 .

[24]  Eli Biham,et al.  Recommendation for Block Cipher Modes of Operation: Methods and Techniques , 2001 .