Multiple modes of operation and, in particular, triple modes of operation were proposed as a simple method to improve the strength of blockciphers, and in particular of DES. Developments in the cryptanalysis of DES in recent years have popularized the triple modes of DES, and such modes are now considered for ANSI standards.
In a previous paper we analyzed multiple modes of operation and showed that the security of many multiple modes is significantly smaller than expected. In this paper we extend these results, with new cryptanalytic techniques, and show that all the (cascaded) triple modes of operation are not much more secure than a single encryption—in the case of DES they can be attacked with up to an order of 2 56—2 66 chosen plaintexts or ciphertexts and complexity of analysis. We then propose several candidates for more secure modes.
This is a preview of subscription content, log in to check access.
Buy single article
Instant access to the full article PDF.
Price includes VAT for USA
Received 19 August 1996 and revised 29 September 1997
About this article
Cite this article
Biham, E. Cryptanalysis of Triple Modes of Operation . J. Cryptology 12, 161–184 (1999). https://doi.org/10.1007/s001459900050
- Key words. Triple modes of operation, Cryptanalysis, Multiple encryption, Blockciphers, DES.