Cryptography Reference
In-Depth Information
that the key lengths of the two versions of Triple DES are slightly deceiving.
Since the encryption is conducted as three separate processes, there are several
techniques for exploiting this. A
meet-in-the-middle attack
involves storing tables
of single encryptions and decryptions and looking for appropriate matches that
might indicate which single DES keys have been used as part of the Triple
DES key. The existence of this type of attack against double encryption of
DES (
Double DES
) explains why this technique for strengthening DES was not
adopted.
The best meet-in-the-middle attack reduces the
effective security
of 3TDES to
about 112 bits. By this we mean that, for example, the true security of 3TDES
is roughly equivalent to an exhaustive key search for a 112-bit key. A different
attack reduces the effective security of 2TDES to about 80 bits. Thus although both
3TDES and 2TDES are significantly more secure than single DES, their security
is less than the key lengths suggest. The effective security also means that both
variants of Triple DES are significantly less secure than AES. Nonetheless, 3TDES
has sufficient effective security to be suitable for current applications.
Encryption using Triple DES is clearly a much slower process than encryption
using single DES. One of the design specifications for AES, as we will discuss
shortly, was that AES should be faster than Triple DES. In fact AES is reported to
be about six times faster than Triple DES in software.
Thus, unless there are legacy reasons for using Triple DES (and legacy reasons
can be very valid reasons), the case for using Triple DES ahead of AES is not
strong, since AES provides better security and performance. However, there
is no doubt that Triple DES will remain an important encryption technique
for many years to come, since it underpins the security of many important
applications such as the EMV standards for supporting electronic payments (see
Section 12.4).
The symmetric encryption algorithm that is now most likely to be encountered
in a new application is the
Advanced Encryption Standard
or AES. In this section
we provide a brief introduction to AES.
4.5.1
Development of AES
In 1998, NIST issued a call for proposals for a new block cipher standard to be
referred to as the AES. The three main requirements for candidate algorithms
proposed by NIST were:
1. the block size should be 128 bits;
2. the block cipher should be designed to offer variable key lengths of 128, 192
and 256 bits, in order to allow for future developments in exhaustive key
