2-DES (Double)

Double-DES has two different encryption phases with two different keys (K_1, K_2) such that:

Ciphertext (Encryption): Enc (K2, Enc(K1, P))

Plaintext (Decryption): Dec(K1, Dec(K2, C))

Meet in the Middle Attack

Meet-in-the-middle is a known plaintext attack, that targets block cipher cryptographic functions, relies on exponentially reducing the number of brute force permutations required to decrypt text that has been encrypted by more than one key. The attacker applies brute force techniques to both the plaintext and ciphertext of a block cipher, where such an attack makes it much easier to gain access to data.

Let’s consider above encryption process:

Compute and Store P'(2^56) to X mapping encryptions by using different K_1’s. Then;

Compute and Store C'(2^56) to X mapping decryptions by using K_2’s.

Finally, compare X’s from two directions. If they yield the same, try with different known plaintexts (e.g. P”, C”). Hence, attacker effort would be O(2^56) instead of O(2^112) (c.f. single-DES efforts O(2^55)).

3-DES (Triple)

Triple-DES has two different encryption phases with three different keys (K_1, K_2, K_3) such that:

Ciphertext (Encryption): Enc(K3, Dec(K2, Enc(K1, P)))

Plaintext (Decryption): Dec(K1, Enc(K2, Dec(K3, C)))

3-Des Key Options

I. Option: K_1, K_2, K_3 are independent.

II. Option: K_1, K_2 are independent, K_2 = K_3.

III. Option: K_1 = K_2 = K_3 (equivalent to single-DES)

II. Option yields; Ciphertext (Encryption): Enc(K1, Dec(K2, Enc(K1, P))), where meet-in-the-middle attack efforts O(2^112)(c.f. double-DES efforts O(2^56)).

Due to limitations of DES (small key and block sizes), NIST started a open process to select a new block cipher and 15 proposals submitted to NIST around 1998. Rijndael (by V. Rijmen and J. Daemen) from Belgium chosen as the AES in 2001 after an open process, due to its security, performance, efficiency, implementability, and flexibility. Instead of Feistel Network, it’s a type of SPN (Substitution-Permutation Network) which will be written as another article soon. Rijndael Algorithm Credit: Fig.6 from High Performance Single-Chip FPGA Rijndael Algorithm Implementations by M. Mcloone and J.V. Mccanny

AES has 128 bits (16 byte) block size with three allowable key sizes 128, 192, 256 (with # of rounds 10, 12, 14 respectively).

AES is iterated block cipher with rounds (different round keys) that processes the data as 4×4 matrix of 16 bytes total (each element is a byte) State Array.

Except for initial (AddRoundKey only) and final round (excluding MixColumns), all rounds go through the following steps:

SubBytes: substitution using look-up table, ShiftRows: row-based transposition,
MixColumns: column-based mapping, AddRoundKey: XOR with 16B round key (KeyExapnsion: round key generated), where each step is reversible.

O.S. Tapsin