What is DES?

DES is the U.S. Government's Data Encryption Standard, a product cipher that operates on 64-bit blocks of data, using a 56-bit key.

It is defined in FIPS 46-1 (1988) [which supersedes FIPS 46 (1977)]. FIPS are Federal Information Processing Standards published by NTIS. DES is identical to the ANSI standard Data Encryption Algorithm (DEA) defined in ANSI X3.92-1981.

a. What is triple DES?

Triple DES is a product cipher which, like DES, operates on 64-bit data blocks. There are several forms, each of which uses the DES cipher 3 times. Some forms use two 56-bit keys, some use three.  The DES ``modes of operation'' may also be used with triple-DES.

Some people refer to E(K1,D(K2,E(K1,x))) as triple-DES.

This method is defined in chapter 7.2 of the ANSI standard X9.17-1985  ``Financial Institution Key Management'' and is intended for use in encrypting DES keys and IVs for ``Automated Key Distribution''. Its formal name is ``Encryption and Decryption of a Single Key by a Key Pair'', but it is referenced in other standards documents as EDE.

That standard says (section 7.2.1): ``Key encrypting keys may be a single DEA key or a DEA key pair. Key pairs should be used where additional security is needed (e.g., the data protected by the key(s) has a long security life). A key pair shall not be encrypted or decrypted using a single key.''

Others use the term ``triple-DES'' for E(K1,D(K2,E(K3,x))) or E(K1,E(K2,E(K3,x))).

All of these methods are defined only for ECB mode of operation. The security of various methods of achieving other modes of operation (such as CBC) is under study at the moment. For now, it should be assumed that other modes be defined as they are today, but with E(K1,D(K2,E(K1,x))) as the block cipher within the feedback mechanism creating the mode.

One of us (Ellison) has long advocated triple DES use in the form

  E(K1, Tran( E(K2, Tran( E(K3, Compress( x )))))),

  where each DES instance has its own key and IV (for CBC mode) and Tran is
  a large-block transposition program. Tran is available from [FTPTR]. This
  claims to gain security by diffusing single bit changes over a much larger
  block (Tran's block size). Other compositions of weak ciphers with DES
  are possible.  For example, one could use:

   E(K1, Prngxor(K4, Tran( E(K2, Tran( Prngxor(K5, E(K3, Compress( x )))))))),

  where Prngxor() [FTPPX] is a simple stream cipher driven from a long-period
  pseudo-random number generator (PRNG), to make sure that all plaintext or
  ciphertext patterns are hidden while permitting the use of ECB mode for DES
  (since there are certain weaknesses in the use of inner CBC loops for
  multiple-DES, under some attacks, and we do not yet know if these show up
  under composition with Tran()).

[<< Back]