Skip to content

Page130

Triple DES

Triple DES applies single DES encryption three times per block. Formally called the “Triple Data Encryption Algorithm (TDEA) and commonly called TDES,” it became a recommended standard in 1999 by the United States Federal Information Processing Standard (FIPS) Publication 46-3 (see https://csrc.nist.gov/csrc/media/publications/fips/46/3/archive/1999-10-25/documents/fips46-3.pdf). FIPS 46-3 recommended single DES for legacy use only, due to the ever-lowering work factor required to break single DES.

Triple DES has held up well after years of cryptanalysis; the primary weakness is that it is slow and complex compared to newer symmetric algorithms such as AES or Twofish. Note that “double DES” (applying DES encryption twice using two keys) is not used due to a meet-in-the-middle attack: see the “Cryptographic Attacks” section for more information.

International Data Encryption Algorithm (IDEA)

The International Data Encryption Algorithm is a symmetric block cipher designed as an international replacement to DES. The IDEA algorithm is patented in many countries. It uses a 128-bit key and 64-bit block size. IDEA has held up to cryptanalysis; the primary drawbacks are patent encumbrance and its slow speed compared to newer symmetric ciphers such as AES.

Advanced Encryption Standard (AES)

The Advanced Encryption Standard is the current United States standard symmetric block cipher. It was published in Federal Information Processing Standard (FIPS) 197 (see https://csrc.nist.gov/csrc/media/publications/fips/197/final/documents/fips-197.pdf). AES uses 128-bit (with 10 rounds of encryption), 192-bit (12 rounds of encryption), or 256-bit (14 rounds of encryption) keys to encrypt 128-bit blocks of data. AES is an open algorithm, free to use, and free of any intellectual property restrictions.

Single DES

Single DES is the original implementation of DES, encrypting 64-bit blocks of data with a 56-bit key, using 16 rounds of encryption. The work factor required to break DES was reasonable in 1976, but advances in CPU speed and parallel architecture have made DES weak to a brute-force key attack today, where every possible key is generated and attempted. Massively parallel computers such as COPACOBANA (Cost-Optimized Parallel COde Breaker, given as a non-testable example, see https://www.copacobana.org for more information), which uses over 100 CPUs in parallel, can break 56-bit DES in a week or so (and faster with more CPUs), at a cost of under $10,000.

AES was designed to replace DES. Triple DES remains a FIPS-approved standard until 2030, to allow transition to AES. Single DES is not a current standard, and not recommended.