Triple DES

In cryptography, Triple DES (also 3DES) is a block cipher formed from the Data Encryption Standard (DES) cipher. It was developed by Walter Tuchman (the leader of the DES development team at IBM) and is specified in FIPS Pub 46-3. There are several ways to use DES three times; not all are Triple-DES and not all are as secure.

Triple-DES is defined as performing a DES encryption, then a DES decryption, and then a DES encryption again.

C = DES_k3(DES^-1_k2(DES_k1(P))).

with

P — plaintext.

C — ciphertext.

k₁, k₂, k₃ — 56-bit DES keys.

DES_k — DES encryption with key k.

DES^-1_k — DES decryption with key k.

Triple-DES has a key length of 168-bits (three 56-bit DES keys), but because of an attack it has an effective key size of 112 bits. A variant uses k₁ = k₃, thus reducing the key size to 112 bits. This mode is susceptible to some attacks, though.

DES is not a group; if it were one, the Triple-DES construction would be equivalent to a single DES operation and no more secure.

When k₁ = k₂ or k₂ = k₃, Triple DES is reduced to single DES, and this is often used to provide backward compatibility. The use of three steps is essential to prevent meet-in-the-middle attacks; double DES would have serious vulnerabilities. The choice of decryption for the middle step (as opposed to encryption) does not affect the security of the algorithm but instead lets tools that implement triple DES interoperate with legacy single DES tools.

See also

• DESX

References

• Stefan Lucks: Attacking Triple Encryption. Fast Software Encryption 1998: pp239–253

External links

• SCAN's entry for Triple DES (http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#DESede)
• Optimized 3DES source code in C (GPL license) (http://www.cr0.net:8040/code/crypto/des/)

fr:Triple DES ja:トリプルDES pl:3DES