Triple DES

In cryptography, Triple DES is a block cipher created from the Data Encryption Standard (DES) cipher by using it three times. Triple DES is also known as TDES or, more standard, TDEA (Triple Data Encryption Algorithm [1]).

When it was discovered that a 56-bit key of DES is not enough to protect from brute force attacks, TDES was chosen as a simple way to enlarge the key space without a need to switch to a new algorithm. The use of three steps is essential to prevent meet-in-the-middle attacks that are effective against double DES encryption.

In general TDES with three different keys (3-key {k1, k2, k3} TDES) has a key length of 168 bits: three 56-bit DES keys (with parity bits 3-key TDES has the total storage length of 192 bits), but due to the meet-in-the-middle attack the effective security it provides is only 112 bits. Another version, called two-key TDES (2-key TDES), uses k1 = k3, thus reducing the key size to 112 bits and the storage length to 128 bits. However, this mode can be taken advantage of through certain chosen-plaintext or known-plaintext attacks [2][3] and so TDES is treated by NIST to have only 80 bits of security.[4]

By design, DES and therefore TDES, suffer from slow performance in software.[5] TDES is better suited to hardware implementations,[5] which are many of the places it is still used.

TDES is slowly disappearing from use, largely replaced by the Advanced Encryption Standard (AES). One large-scale exception is within the electronic payments industry, which still uses 2TDES extensively and continues to develop and spread standards based upon it (e.g. EMV, the standard for inter-operation of IC cards; also called "Chip cards", and IC capable POS terminals and ATM's). This guarantees that TDES will remain an active cryptographic standard well into the future.

References

  1. NIST, Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher Archived 2017-09-06 at the Wayback Machine (PDF), Special Publication 800-67.
  2. Ralph Merkle, Martin Hellman: On the Security of Multiple Encryption Archived 2011-09-27 at the Wayback Machine (PDF), Communications of the ACM, Vol 24, No 7, pp 465–467, July 1981.
  3. Paul van Oorschot, Michael J. Wiener,A known-plaintext attack on two-key triple encryption, EUROCRYPT'90, LNCS 473, 1990, pp 318–325.
  4. NIST, Recommendation for Key Management—Part 1: general (PDF), Special Publication 800-57.
  5. 5.0 5.1 Details of the Data Encryption Standard