[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 3DES keys



> 
> Could someone post the location of the paper or argument which says that
> 3DES with 2 keys is no better than DES?  Are 3 keys any better?  What is
> the current analysis?
> 

I'm not aware of any paper which says ``two-key 3DES is no stronger than
DES''.  If you know of any, I'd love to hear of it.

There are two papers which have described attacks on two-key 3DES which
don't apply to three-key 3DES.  You get to decide whether they worry you;
certainly they're not practical right now.

The first paper was (I think) by Hellman; he described an attack on two-key
3DES which needs 2^56 chosen plaintexts.  He called this a certificational
weakness.  Unfortunately, I can't seem to find the reference for this
right now..

A more recent known plaintext attack was described by Wiener & van Oorschot.
Here's a reference:

@InProceedings{OorschotWi91,
  author =       "P. C. van Oorschot and M. J. Wiener",
  year =         "1991",
  title =        "A Known-plaintext attack on two-key triple
                 encryption",
  booktitle =    "Advances in Cryptology --- Eurocrypt '90",
  editor =       "I. B. Damg{\aa}rd",
  pages =        "318--325",
  publisher =    "Springer-Verlag",
  address =      "Berlin",
}


References: