Cryptography Reference
In-Depth Information
3.7.2 Triple DES (3DES) and DESX
An alternative to AES or the AES finalist algorithms is
triple DES
, often denoted as
3DES
. 3DES consists of three subsequent DES encryptions
y
=
DES
k
3
(
DES
k
2
(
DES
k
1
(
x
)))
with different keys, as shown in Fig. 3.19.
x
DES
DES
DES
y
k
k
2
k
3
1
Fig. 3.19
Triple DES (3DES)
3DES seems resistant to both brute-force attacks and any analytical attack imag-
inable at the moment. See Chap. 5 for more information on double and triple en-
cryption. Another version of 3DES is
y
=
DES
k
3
(
DES
−
1
k
2
(
DES
k
1
(
x
)))
.
The advantage here is that 3DES performs single DES encryption if
k
3
=
k
2
=
k
1
,
which is sometimes desired in implementations that should also support single DES
for legacy reasons. 3DES is very efficient in hardware but not particularly in soft-
ware. It is popular in financial applications as well as for protecting biometric infor-
mation in electronic passports.
A different approach for strengthening DES is to use key whitening. For this, two
additional 64-bit keys
k
1
and
k
2
are XORed to the plaintext and ciphertext, respec-
tively, prior to and after the DES algorithm. This yields the following encryption
scheme:
k
2
This surprisingly simple modification makes DES much more resistant against ex-
haustive key searches. More about key whitening is said in Sect. 5.3.3.
y
=
DES
k
,
k
1
,
k
2
(
x
)=
DES
k
(
x
⊕
k
1
)
⊕
3.7.3 Lightweight Cipher PRESENT
Over the last few years, several new block algorithms which are classified as
“lightweight ciphers” have been proposed. Lightweight commonly refers to algo-
rithms with a very low implementation complexity, especially in hardware. Trivium
(Sect. 2.3.3) is an example of a lightweight stream cipher. A promising block cipher
candidate is
PRESENT
, which was designed specifically for applications such as