A Related-Key Attack against Multiple Encryption Based on Fixed Points

  • Aslı Bay
  • Atefeh Mashatan
  • Serge Vaudenay
Part of the Communications in Computer and Information Science book series (CCIS, volume 314)


In order to alleviate the burden of short keys, encrypting a multiple times has been proposed. In the multiple encryption mode, there may be encryptions under the same or different keys. There have been several attacks against this encryption mode. When triple encryption is based on two keys, for instance, Merkle and Hellman proposed a subtle meet-in-the-middle attack with a complexity similar to breaking a single encryption, requiring nearly all the codebook. In the case of triple encryption with three keys, Kelsey, Schneier, and Wagner proposed a related-key attack with complexity similar to breaking a single encryption.

In this paper, we propose a new related-key attack against triple encryption which compares to breaking single encryption in the two aforementioned cases. Based on finding fixed points in a decrypt-encrypt sequence, we propose a related-key attack against a two-key triple encryption. Our attack has exactly the same performance as a meet-in-the-middle on double encryption. When considering two keys, it is comparable to the Merkle-Hellman attack, except that uses related keys. And, when considering three keys, it has a higher complexity than the Kelsey-Schneier-Wagner attack, but has the advantage that it can live with known plaintexts.


Exhaustive Search Full Cost Memory Complexity Generic Attack Plaintext Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Merkle, R.C., Hellman, M.E.: On the Security of Multiple Encryption. Commun. ACM 24(7), 465–467 (1981)MathSciNetCrossRefGoogle Scholar
  2. 2.
    Bellare, M., Rogaway, P.: The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409–426. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  3. 3.
    Biham, E.: New Types of Cryptanalytic Attacks Using Related Keys. J. Cryptology 7(4), 229–246 (1994)zbMATHCrossRefGoogle Scholar
  4. 4.
    Biham, E.: New Types of Cryptanalytic Attacks Using Related Keys. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 398–409. Springer, Heidelberg (1994)Google Scholar
  5. 5.
    Biham, E.: How to decrypt or even substitute DES-encrypted messages in 228 steps. Inf. Process. Lett. 84(3), 117–124 (2002)MathSciNetzbMATHCrossRefGoogle Scholar
  6. 6.
    Biryukov, A., Khovratovich, D.: Related-Key Cryptanalysis of the Full AES-192 and AES-256. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 1–18. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  7. 7.
    Biryukov, A., Khovratovich, D., Nikolić, I.: Distinguisher and Related-Key Attack on the Full AES-256. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 231–249. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  8. 8.
    Diffie, W., Hellman, M.E.: Exhaustive Cryptanalysis of the NBS Data Encryption Standard. Computer 10, 74–84 (1977)CrossRefGoogle Scholar
  9. 9.
    Kelsey, J., Schneier, B., Wagner, D.: Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 237–251. Springer, Heidelberg (1996)Google Scholar
  10. 10.
    Knudsen, L.R.: Cryptanalysis of LOKI91. In: Zheng, Y., Seberry, J. (eds.) AUSCRYPT 1992. LNCS, vol. 718, pp. 196–208. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  11. 11.
    Lucks, S.: Attacking Triple Encryption. In: Vaudenay, S. (ed.) FSE 1998. LNCS, vol. 1372, pp. 239–253. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  12. 12.
    Phan, R.C.-W.: Related-Key Attacks on Triple-DES and DESX Variants. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 15–24. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  13. 13.
    van Oorschot, P.C., Wiener, M.: A Known-Plaintext Attack on Two-Key Triple Encryption. In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 318–325. Springer, Heidelberg (1991)Google Scholar
  14. 14.
    van Oorschot, P.C., Wiener, M.J.: Parallel Collision Search with Cryptanalytic Applications. J. Cryptology 12(1), 1–28 (1999)MathSciNetzbMATHCrossRefGoogle Scholar
  15. 15.
    Vaudenay, S.: Related-key Attack against Triple Encryption based on Fixed points. In: Lopez, J., Samarati, P. (eds.) SECRYPT 2011 - Proceedings of the International Conference on Security and Cryptography, SECRYPT is part of ICETE - The International Joint Conference on e-Business and Telecommunications, Seville, Spain, July 18-21, pp. 59–67 (2011)Google Scholar
  16. 16.
    Wiener, M.J.: The Full Cost of Cryptanalytic Attacks. J. Cryptology 17(2), 105–124 (2004)MathSciNetzbMATHCrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Aslı Bay
    • 1
  • Atefeh Mashatan
    • 1
  • Serge Vaudenay
    • 1
  1. 1.EPFLSwitzerland

Personalised recommendations