Paper 2014/015

Tight Security Bounds for Triple Encryption

Jooyoung Lee

Abstract

In this paper, we revisit the old problem asking the exact provable security of triple encryption in the ideal cipher model. For a blockcipher with key length k and block size n, triple encryption is known to be secure up to 2^{k+min{k/2,n/2}} queries, while the best attack requires 2^{k+min{k,n/2}} query complexity. So there is a gap between the upper and lower bounds for the security of triple encryption. We close this gap by proving the security up to 2^{k+min{k,n/2}} query complexity. With the DES parameters, triple encryption is secure up to 2^{82.5} queries, greater than the current bound of 2^{78.3} and comparable to 2^{83.5} for 2-XOR-cascade. We also analyze the security of two-key triple encryption, where the first and the third keys are identical. We prove that two-key triple encryption is secure up to 2^{k+min{k,n/2}} queries to the underlying blockcipher and 2^{min{k,n/2}} queries to the outer permutation. For the DES parameters, this result is interpreted as the security of two-key triple encryption up to 2^{32} plaintext-ciphertext pairs and 2^{81.7} blockcipher encryptions.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
block ciphers
Contact author(s)
jlee05 @ sejong ac kr
History
2014-02-08: revised
2014-01-07: received
See all versions
Short URL
https://ia.cr/2014/015
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2014/015,
      author = {Jooyoung Lee},
      title = {Tight Security Bounds for Triple Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2014/015},
      year = {2014},
      note = {\url{https://eprint.iacr.org/2014/015}},
      url = {https://eprint.iacr.org/2014/015}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.