Unformatted text preview: van Oorschot and Michael Wiener converted this to a knownplaintext attack, requiring p known plaintexts. This example assumes EDE mode. (1) Guess the first intermediate value, a. (2) Tabulate, for each possible K1, the second intermediate value, b, when the first intermediate value is a, using known plaintext: b = DK1(C) where C is the resulting ciphertext from a known plaintext. (3) Look up in the table, for each possible K2, elements with a matching second intermediate value, b: b = EK2(a) (4) The probability of success is p/m, where p is the number of known plaintexts and m is the block size. If there is no match, try another a and start again. The attack requires 2n + m/p time and p memory. For DES, this is 2120/p [1558]. For p greater than 256, this attack is faster than exhaustive search. Triple Encryption with Three Keys
If you are going to use triple encryption, I recommend three different keys. The key length is longer, but key storage is usually not a problem. Bits are cheap. C = EK3(DK2(EK1(P))) P = DK1(EK2(DK3(C))) The best timememory tradeoff attack takes 22n steps and requires 2n blocks of memory; it’s a meetinthemiddle attack [1075]. Triple encryption, with three independent keys, is as secure as one might naïvely expect double encryption to be. Triple Encryption with Minimum Key (TEMK)
There is a secure way of using triple encryption with two keys that prevents the previous attack, called Triple Encryption with Minimum Key (TEMK) [858]. The trick is to derive three keys from two: X1 and X2: K1 = EX1(DX2(EX1(T1))) K2 = EX1(DX2(EX1(T2))) K3 = EX1(DX2(EX1(T3))) T1, T2, and T3 are constants, which do not have to be secret. This is a special construction that guarantees that for any particular pair of keys, the best attack is a knownplaintext attack. TripleEncryption Modes
It’s not enough to just specify triple encryption; there are several ways to do it. The decision of which to use affects both security and efficiency. Here are two possible t...
View
Full Document
 Fall '10
 ALIULGER
 Cryptography, Bruce Schneier, Applied Cryptography, EarthWeb, Search Search Tips

Click to edit the document details