Triple-DES
| General | |
|---|---|
| First published | 1998 (ANS X9.52) |
| Derived from | DES |
| Cipher detail | |
| Key sizes | 168, 112 or 56 bits (keying option 1, 2, 3 respectively) |
| Block sizes | 64 bits |
| Structure | Feistel network |
| Rounds | 48 DES-equivalent rounds |
| Best public cryptanalysis | |
| Lucks: 232 known plaintexts, 2113 operations including 290 DES encryptions, 288 memory; Biham: find one of 228 target keys with a handful of chosen plaintexts per key and 284 encryptions | |
In cryptography, Triple DES (3DES), officially the Triple Data Encryption Algorithm (TDEA or Triple DEA), is a symmetric-key block cipher, which applies the Data Encryption Standard (DES) cipher algorithm three times to each data block.
The original DES cipher's key size of 56 bits was generally sufficient when that algorithm was designed, but the availability of increasing computational power made brute-force attacks feasible. Triple DES provides a relatively simple method of increasing the key size of DES to protect against such attacks, without the need to design a completely new block cipher algorithm.
The Triple Data Encryption Algorithm is variously defined in several standards documents:
While the government and industry standards abbreviate the algorithm as TDES (Triple DES) and TDEA (Triple Data Encryption Algorithm), RFC 1851 called it 3DES from the time it first promulgated the idea, and 3DES has since come into wide use by most vendors, users, and cryptographers.
Triple DES uses a "key bundle" that comprises three DES keys, K1, K2 and K3, each of 56 bits (excluding parity bits). The encryption algorithm is:
I.e., DES encrypt with K1, DES decrypt with K2, then DES encrypt with K3.
Decryption is the reverse:
I.e., decrypt with K3, encrypt with K2, then decrypt with K1.
Each triple encryption encrypts one block of 64 bits of data.
In each case the middle operation is the reverse of the first and last. This improves the strength of the algorithm when using keying option 2, and provides backward compatibility with DES with keying option 3.
The standards define three keying options:
Keying option 1 is the strongest, with 3 × 56 = 168 independent key bits.
Keying option 2 provides less security, with 2 × 56 = 112 key bits. This option is stronger than simply DES encrypting twice, e.g. with K1 and K2, because it protects against meet-in-the-middle attacks.
...
Wikipedia