Why Migrating to Triple DES is Not Easy

More documents

Recommendations

Info

Why Migrating to Triple DES is Not Easy We say that DES has strength 2 56 , meaning that the most efficient way to attack DES in practice 1 is to search its key space of size 2 56 . That is, to attack DES in practice one has to try each and every possible key until the correct encryption key is identified, this takes on average 2 56 /2 = 2 55 steps. Triple-DES, noted as 3DES from here on, uses 2 keys, chosen independently at random, to DES encrypt a message multiple times. There are also ways to use 3DES with 3 different keys, but these schemes do not give a significant amount of extra security in theory and are not considered in financial systems. The most common technique is to encrypt the initial plaintext message with one key, decrypt the result with a second key and finally encrypt this last result with the first key again. This is known as E-D-E double length key 3DES encryption and is illustrated in the following figure. 1 other attacks exist in theory, but they demand an unreasonable amount of known or chosen plaintext-ciphertext pairs which renders the attacks unpractical. c○Copyright Okiok Data 2002 2
Why Migrating to Triple DES is Not Easy E-D-E 3DES is compatible with single DES (when KL and KR are identical, E-D-E 3DES produces the same result as single DES). From here on, when we will talk about 3DES we will be referring to double length key E-D-E 3DES. The strength of 3DES is approximately 2 112 since using two 56 bit keys in E-D-E 3DES is effectively equal to using one 112-bit key. A brute force search of 3DES 2 112 key space is currently not feasible nor will it be in the near future. 3 Security properties wanted Many security properties are wanted in a financial transaction system. We will not go into details and enumerate all of the security properties wanted but simply mention a couple of them in an informal way so as to motivate some of the discussions in the following sections. SP1 A cryptographic key should not be in cleartext in any single point of the system. This is the basic security property that a financial institution must achieve in order for users to have any sort of trust in the system. This is also an important point when different institutions interchange financial data between themselves, the security of one institution depends on that of others. To achieve this property cryptographic keys must be stored in secure cryptographic processors, if they are ever outside these processors they must be in a form that does not compromise the security of the keys, such as in split knowledge (under the possession of different individuals having certain permissions), or encrypted under another cryptographic key which is protected in a secure cryptographic processor. SP2 Security against known key attacks, if a working key in the system is discovered, this should not enable an attacker to figure out the values of any other keys in the system. Some would say that if a system is secure, no single key will ever be compromised so there is no need to worry about this security property, but as we will see later on this can be a dangerous way of thinking. SP3 The security of any 3DES key should be 2 112 . It should not be possible for example to break a 3DES key by breaking one or a couple of single DES keys. If a cryptographic key is to be protected by another one, this last key should be of cryptographic strength equal or greater than the key it is protecting. This implies for example, among other things, that if any c○Copyright Okiok Data 2002 3
Page 1 and 2: Why Migrating to Triple DES is Not
Page 3: 1 Introduction Why Migrating to Tri
Page 13 and 14: References Why Migrating to Triple

Why Migrating to Triple DES is Not Easy

Create successful ePaper yourself

Delete template?

Save as template?