Introduction To Network Security: Theory And Practice (2015)
Chapter 2. Data Encryption Algorithms
2.3 Multiple DES
As discussed in Section 2.2.6, applying DES multiple times can effectively extend the length of encryption keys without modifying DES. Multiple DES can therefore be used to resist brute-force attacks. We use
DES to denote a multiple DES scheme of applying DES
times. By applying DES, it means applying either the encryption algorithm
or the decryption algorithm
.
2.3.1 Triple-DES with Two Keys
Triple-DES with two keys, denoted by 3DES/2, is the simplest and reasonably secure method against brute-force attacks. It extends the key length to 112 bits long. Let
and
be two 56-bit encryption keys and
a 64-bit plaintext block. The standard 3DES/2 encryption algorithm applies
on
to obtain
, then applies
on
to obtain
, and finally applies
on
to obtain
. That is,
2.7![]()
For convenience, we denote this scheme by
.
The following is the 3DES/2 decryption algorithm:
2.8![]()
For convenience, we denote this scheme by
.
We note that there are other combinations for 3DES with two keys, such as
or
. Any of these combinations would serve the purpose. However, only the combination of
allows us to use 3DES/2 to decrypt ciphertext string produced by applying single DES with key
. This is done as follows: let
and let
. Then
![]()
A major drawback of 3DES is that its software executions are not as efficient as one would like them to be.
2.3.2 2DES and 3DES/3
In addition to 3DES/2, we may also apply DES twice with two keys, denoted by 2DES/2. For simplicity, we use 2DES to denote 2DES/2. Let
and
be two DES encryption keys and
a 64-bit plaintext block. The standard 2DES encryption algorithm
and decryption algorithm
are described as follows:

However, 2DES is vulnerable to the meet-in-the-middle attack (see Section 2.3.3 for details). Thus, 2DES is considered nonsecure.
We may also apply DES thrice with three keys, denoted by 3DES/3. 3DES/3 has an effective key length of 168 bits. Let
, and
be three encryption keys. The standard 3DES/3 encryption algorithm
and decryption algorithm
are described as follows:
2.9![]()
2.10![]()
2.3.3 Meet-in-the-Middle Attacks on 2DES
2DES is vulnerable to the meet-in-the-middle attacks. Suppose that the attacker has obtained two plaintext–ciphertext pairs
and
, where
![]()
That is,
![]()
The attacker may then be able to identify, with probability close to 1, the encryption keys
and
with time complexity much smaller than
. The attack can be carried out as follows:
List all 56-bit strings
and calculate, for each pair
,
![]()
Note that when
and
, we have
. Thus, for each pair
with
, it is possible that
. If there is only one such pair, then we have found the encryption keys
and
. Otherwise, apply each pair
with
on
to obtain
![]()
Again, we note that when
and
, we have
. Thus, if
, then
is more likely to be the encryption key pair. Indeed, we can show that the possibility that there exist more than one such pair is very small.
Note that for any plaintext block
and any candidate
for the encryption key pair, the ciphertext block
is uniformly distributed (or close to being uniformly distributed). This is the property any good encryption algorithm should possess. Because
, there are
pairs
. As
, the expected number of pairs
that satisfy
is or near
![]()
Likewise, the expected number of pairs
from these
pairs that satisfy
and
is or near
![]()
Thus, the possibility of finding
is or near
.
The time complexity of executing this attack is in the order of
![]()
This is much smaller than
.
All materials on the site are licensed Creative Commons Attribution-Sharealike 3.0 Unported CC BY-SA 3.0 & GNU Free Documentation License (GFDL)
If you are the copyright holder of any material contained on our site and intend to remove it, please contact our site administrator for approval.
© 2016-2026 All site design rights belong to S.Y.A.