TransWikia.com

Would Triple DES-X with 7 keys be much slower than standard Triple DES?

Cryptography Asked by Abercrombie Dorfen on October 24, 2021

Since a single hardware pass of an XOR with a 64-bit key is speedy, would Triple DES-X with seven 64-bit keys used in the following manner be virtually identical in terms of code size, memory consumption, and execution speed to 3DES?

  • You have four 128-bit keys and three 64-bit keys.

  • You take a 128-bit block of plaintext.

  • You break it into two 64-bit block halves in the following columnar
    transposition-based fashion.

The bits at even indexes go into one half, and the bits at odd indexes go into the other half, so the halves are intermingled.

  • You take the first 128-bit key and XOR the entire 128-bit block.

  • You take the first 64-bit key and encrypt each 64-bit half-block with
    DES independently of each other.

You treat the result as that round’s 128 bits of ciphertext and repeat the 128-bit columnar transposition, importantly inter-mixing both half-blocks again based on odd-even indexing.

  • You take the second 128-bit key and XOR the entire block as one.
  • You then take the second 64-bit key and DES both 64-bit half-blocks
    independently.
  • You then repeat the columnar transposition-XOR-DES process for the
    third time.
  • Finally, you XOR the entire 128-bit block with the 7th 128-bit key.

Would it be significantly stronger? Would it still suffer from the same block size-based vulnerability of DES-X?

3desencryption

One Answer

Well, there's a fairly obvious CPA attack that uses circa $2^{34}$ or so chosen plaintexts, and about $2^{120}$ trial DES operations. Because of that, the cryptographical strength is not significantly higher than standard 3DES.

As for code size and memory size, it'd certainly be larger than standard 3DES (you do more, and have more keying material lying around) - but it's hard to make a guess as to how much.

The scheme would likely be somewhat slower than 3DES. For 3DES, you can omit the intermediate IP/FP permutations between DES operations. In the scheme you've defined you would have to have them in there, and you would have to perform the columnar transposition as well. Now, it looks plausible that you could combine the FP/transpose/IP between DES operations into a single operation, which would reduce the cost somewhat, but it still wouldn't be as cheap as omitting them entirely.

On the plus side, this is effectively a 128 bit block cipher, so you do avoid the vulnerabilities that come with a 64 bit block size.

Answered by poncho on October 24, 2021

Add your own answers!

Ask a Question

Get help from others!

Recent Answers

Recent Questions

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP