Triple DES (3DES)

  • Block length = 64 bits
  • Key length = 56, 112, or 168 bits

3DES cipher is quite popular block symmetric cipher, created based on DES cipher. It was presented in 1998, and described as a standard ANS X9.52. It is also called Triple Data Encryption Algorithm (TDEA).

Usage

3DES cipher was developed because DES encryption, invented in the early 1970s and protected by a 56-bit key, turned out to be too week and easy to break using modern computers of that time. The effective security which 3DES provides is 112 bits, when an attacker uses meet-in-the-middle attacks.

For several years, Triple DES was often used for electronic payments (for example, in EMV standard). New protocols based on the cipher are still being created and maintained (as for 2016). It was also used in several Microsoft products (for example, in Microsoft Outlook 2007, Microsoft OneNote, Microsoft System Center Configuration Manager 2012) for protecting user configuration and user data.

Algorithm

Triple DES algorithm performs three iterations of a typical DES algorithm. In its strongest version, it uses a secret key which consists of 168 bits. The key is then divided into three 56-bit keys.

3DES Encryption

  1. Encryption using the first secret key
  2. Decryption using the second secret key
  3. Encryption using the third secret key

The encryption and decryption operations may be presented as mathematical equations.

Encryption:
    c = E3(D2(E1(m)))

Decryption:
    m = D1(E2(D3(c)))

3DES with shorter keys

Using DES decryption operation in the second step of 3DES encryption provides backward compatibility with the original DES algorithm. In this case, the first and second secret keys, or the second and third secret keys should be identical, and their value is not important.

    c = E3(D1(E1(m))) = E3(m)
    c = E3(D3(E1(m))) = E1(m)

It is also possible to use the 3DES cipher with a secret key of size of 112 bits. In this case, the first and third secret keys should be identical. Such an approach is stronger than simple DES encryption used twice (with two separate 56-bit keys) because it provides better protection against meet-in-the-middle attacks.

    c = E1(D2(E1(m)))

Block Diagram of 3DES Encryption

Scheme of 3DES encryption

Block Diagram of 3DES Decryption

Scheme of 3DES decryption

Maths:

Transformations in 3DES

3DES is using exactly the same operations for decrypting and encrypting as DES algorithm

Each iteration of DES algorithm executes the following operations for all input data blocks: the initial permutation, 16 iterations of Feistel functions, and the final permutation.

During key manipulation, the following operations are executed: binary rotation, PC-1 permutation, and PC-2 permutation.

For more details, please visit the description of DES encryption.