Related-Key Attacks on Triple-DES and DESX Variants
In this paper, we present related-key slide attacks on 2-key and 3-key triple DES, and related-key differential and slide attacks on two variants of DESX. First, we show that 2-key and 3-key triple-DES are susceptible to related-key slide attacks. The only previously known such attacks are related-key differential attacks on 3-key triple-DES. Second, we present a related-key differential attack on DESX+, a variant of the DESX with its pre- and post-whitening XOR operations replaced with addition modulo 264. Our attack shows a counter-intuitive result, that DESX+ is weaker than DESX against a related-key attack. Third, we present the first known attacks on DES-EXE, another variant of DESX where the XOR operations and DES encryptions are interchanged. Further, our attacks show that DES-EXE is also weaker than DESX against a related-key attack. This work suggests that extreme care has to be taken when proposing variants of popular block ciphers, that it is not always newer variants that are more resistant to attacks.
KeywordsBlock Cipher Addition Modulo Previous Attack MITM Attack Birthday Paradox
Unable to display preview. Download preview PDF.
- 1.Biham, E.: New Types of Cryptanalytic Attacks Using Related Keys. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 398–409. Springer, Heidelberg (1994)Google Scholar
- 2.Biham, E., Shamir, A.: Differential Cryptanalysis of the Full 16-round DES. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 487–496. Springer, Heidelberg (1993)Google Scholar
- 5.Daemen, J.: Limitations of the Even-Mansour Construction. In: Matsumoto, T., Imai, H., Rivest, R.L. (eds.) ASIACRYPT 1991. LNCS, vol. 739, pp. 495–498. Springer, Heidelberg (1993)Google Scholar
- 6.Kaliski, B.S., Robshaw, M.J.B.: Multiple Encryption: Weighing Security and Performance. Dr. Dobb’s Journal (1996)Google Scholar
- 7.Kelsey, J., Schneier, B., Wagner, D.: Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER and Triple-DES. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 237–251. Springer, Heidelberg (1996)Google Scholar
- 9.Kilian, J., Rogaway, P.: How to Protect DES Against Exhaustive Key Search. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 252–267. Springer, Heidelberg (1996)Google Scholar
- 12.Merkle, R.C., Hellman, M.E.: On the Security of Multiple Encryption. Communications of the ACM 24(7) (1981)Google Scholar
- 13.van Oorschot, P.C., Wiener, M.J.: A Known-plaintext Attack on Two-Key Triple Encryption. In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 318–325. Springer, Heidelberg (1991)Google Scholar