# Introduction To Network Security: Theory And Practice (2015)

### Chapter 2. Data Encryption Algorithms

### 2.3 Multiple DES

As discussed in *Section 2.2.6*, applying DES multiple times can effectively extend the length of encryption keys without modifying DES. Multiple DES can therefore be used to resist brute-force attacks. We use DES to denote a multiple DES scheme of applying DES times. By applying DES, it means applying either the encryption algorithm or the decryption algorithm .

*2.3.1 Triple-DES with Two Keys*

Triple-DES with two keys, denoted by 3DES/2, is the simplest and reasonably secure method against brute-force attacks. It extends the key length to 112 bits long. Let and be two 56-bit encryption keys and a 64-bit plaintext block. The standard 3DES/2 encryption algorithm applies on to obtain , then applies on to obtain , and finally applies on to obtain . That is,

**2.7**

For convenience, we denote this scheme by .

The following is the 3DES/2 decryption algorithm:

**2.8**

For convenience, we denote this scheme by .

We note that there are other combinations for 3DES with two keys, such as or . Any of these combinations would serve the purpose. However, only the combination of allows us to use 3DES/2 to decrypt ciphertext string produced by applying single DES with key . This is done as follows: let and let . Then

A major drawback of 3DES is that its software executions are not as efficient as one would like them to be.

*2.3.2 2DES and 3DES/3*

In addition to 3DES/2, we may also apply DES twice with two keys, denoted by 2DES/2. For simplicity, we use 2DES to denote 2DES/2. Let and be two DES encryption keys and a 64-bit plaintext block. The standard 2DES encryption algorithm and decryption algorithm are described as follows:

However, 2DES is vulnerable to the *meet-in-the-middle attack* (see *Section 2.3.3* for details). Thus, 2DES is considered nonsecure.

We may also apply DES thrice with three keys, denoted by 3DES/3. 3DES/3 has an effective key length of 168 bits. Let , and be three encryption keys. The standard 3DES/3 encryption algorithm and decryption algorithm are described as follows:

**2.9**

*2.10*

*2.3.3 Meet-in-the-Middle Attacks on 2DES*

2DES is vulnerable to the meet-in-the-middle attacks. Suppose that the attacker has obtained two plaintext–ciphertext pairs and , where

That is,

The attacker may then be able to identify, with probability close to 1, the encryption keys and with time complexity much smaller than . The attack can be carried out as follows:

List all 56-bit strings and calculate, for each pair ,

Note that when and , we have . Thus, for each pair with , it is possible that . If there is only one such pair, then we have found the encryption keys and . Otherwise, apply each pair with on to obtain

Again, we note that when and , we have . Thus, if , then is more likely to be the encryption key pair. Indeed, we can show that the possibility that there exist more than one such pair is very small.

Note that for any plaintext block and any candidate for the encryption key pair, the ciphertext block is uniformly distributed (or close to being uniformly distributed). This is the property any good encryption algorithm should possess. Because , there are pairs . As , the expected number of pairs that satisfy is or near

Likewise, the expected number of pairs from these pairs that satisfy and is or near

Thus, the possibility of finding is or near .

The time complexity of executing this attack is in the order of

This is much smaller than .