Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

multipass DES encryption?

48 views
Skip to first unread message

J. Adams - SunOS Wizard

unread,
Jul 18, 1991, 3:57:12 PM7/18/91
to

I noted in the man page for fast-des that there is an option to invoke
miltiple pass encryption with different keys. It was stated that this
increased the security of the encryption.

While I am not a mathematician or cryptanalyst, it seems reasonable
that this would merely result in the situation where a third key from
the available binary keyspace would decrypt the data in one pass. Is
this in fact the case?

--
Jim Adams Department of Physiology and Biophysics
ad...@ucunix.san.uc.edu University of Cincinnati College of Medicine
"I like the symbol visually, plus it will confuse people."
... Jim Morrison

Scharle

unread,
Jul 18, 1991, 4:40:06 PM7/18/91
to
I wonder whether multiple passes might sometimes _decrease_ security?
That is, the iteration of DES n times might result in a cipher which is less
complicated in some way -- for example by being equivalent to DES with
a restricted set of keys, or even being equivalent not to some single-pass
DES but some more easily cracked system. (I am not an expert by any
means on this subject.)
--
Tom Scharle cm65n6@irishmvs(Bitnet)
Room G003 Computing Center
University of Notre Dame Notre Dame, IN 46556-0539

Carl Ellison

unread,
Jul 18, 1991, 5:00:28 PM7/18/91
to
In article <1991Jul18.1...@ucunix.san.uc.edu> ad...@ucunix.san.uc.edu (J. Adams - SunOS Wizard) writes:
>
>I noted in the man page for fast-des that there is an option to invoke
>miltiple pass encryption with different keys. It was stated that this
>increased the security of the encryption.
>
>While I am not a mathematician or cryptanalyst, it seems reasonable
>that this would merely result in the situation where a third key from
>the available binary keyspace would decrypt the data in one pass. Is
>this in fact the case?
>


I don't believe this question has been answered.

Meanwhile, if the 2nd pass were offset from the first


11111111 11111111 11111111 11111111

22222222 22222222 22222222 22222222

yielding

1111 22222222 22222222 22222222 ....

there would be no third key because DES operates on blocks of 8 bytes
and this output has an initial block of 4 (not to mention information
in the first 8-byte block (2's) from the entire first 16 bytes of
input).

Doug Gwyn

unread,
Jul 19, 1991, 9:36:44 AM7/19/91
to
In article <1991Jul18.1...@ucunix.san.uc.edu> ad...@ucunix.san.uc.edu (J. Adams - SunOS Wizard) writes:
-While I am not a mathematician or cryptanalyst, it seems reasonable
-that this would merely result in the situation where a third key from
-the available binary keyspace would decrypt the data in one pass. Is
-this in fact the case?

I have no reason to think so. Why would you think it would?

Steven Bellovin

unread,
Jul 19, 1991, 12:07:46 PM7/19/91
to
In article <1991Jul18.1...@ucunix.san.uc.edu>, ad...@ucunix.san.uc.edu (J. Adams - SunOS Wizard) writes:
> I noted in the man page for fast-des that there is an option to invoke
> miltiple pass encryption with different keys. It was stated that this
> increased the security of the encryption.

Maybe.

> While I am not a mathematician or cryptanalyst, it seems reasonable
> that this would merely result in the situation where a third key from
> the available binary keyspace would decrypt the data in one pass. Is
> this in fact the case?

To the best of my knowledge, no one who's talking knows the answer.
I seem to recall reading that the general feeling was ``no'', that
there was not necessarily a third key that would be equivalent.
That doesn't mean it's any more secure, of course. Davies and Price
note that some people have advocated encrypting with K1, decrypting
with K2, and encrypting with K3 for high security. I think that IBM
does that for shipping keys around, in fact.

One further point... If you're saying ``more secure'', you have to
ask ``more secure against whom?''. If the enemy is a hacker who has
sabotaged your encryption command, it doesn't matter how many keys
you're using; they can all be recorded. If your enemy is NSA, they
may be able to get through it anyway, and they're probably the only
ones who know for sure if multiple encryptions are really more secure.
And if your enemy is someone else -- well, no one has published any
way to crack DES, so unless you're trying to outwit a major intelligence
agency (NSA, KGB, GCHQ, Mossad (or whoever does that sort of thing
in Israel), etc.) a single encryption with DES is almost certainly
sufficient for now.

am...@ontmoh.uucp

unread,
Jul 20, 1991, 8:30:19 AM7/20/91
to
ad...@ucunix.san.uc.edu (J. Adams - SunOS Wizard) writes:


>I noted in the man page for fast-des that there is an option to invoke
>miltiple pass encryption with different keys. It was stated that this
>increased the security of the encryption.

See: Coppersmith, D. "Cryptography", IBM Journal of research and
Development, Vol. 31, no. 2, pp. 244-248, March 1987, on
the value of triple-encryption. Also the present issue of
IBM System Journal has an interesting article on masterkeying
DES through use of vectors.

Robert Ames am...@ontmoh.uucp P.O. Box 724, Station 'A'
Toronto, Ontario, Canada

--
Robert Ames am...@ontmoh.uucp P.O. Box 724, Station 'A'
Toronto, Ontario, Canada

Scharle

unread,
Jul 22, 1991, 4:58:53 PM7/22/91
to

Let me know if I am being particulary dense
on this.
The original question was whether many passes
through DES increase security. As I understand
the consensus, it is: "Nobody who knows will tell",
and "Why bother, DES is secure enough." Fair
enough.
But I wonder whether many passes through DES
_decrease_ security. The original questioner
mentioned a package which has this as an option
(is this worse than a waste of time?) and it is
certainly conceivable that many layers of DES
are being done to data passing through a
network.
My first thought is: no, multiple passes don't
reduce security, because then that would give a
way of breaking DES, and nobody knows such an
easy way to break it. But then I hear of people
doing three passes throught DES rather than two,
with the second pass _decrypt_ rather than
_encrypt_. Do they know -- or suspect --
something?
OK, maybe the answer is still "Nobody who
knows will tell." But if that is the case,
shouldn't people be warned against multiple
passes (especially as one pass is pretty good)?
I might prefer using a weak system for
enciphering the output of DES which can be
demonstrated to result in something stronger
than DES (for example a transposition over 32
bytes).

W.A.Simon

unread,
Jul 23, 1991, 7:15:31 AM7/23/91
to
In <1991Jul22....@news.nd.edu> sch...@lukasiewicz.cc.nd.edu (Scharle) writes:
> Let me know if I am being particulary dense
>on this.
> The original question was whether many passes
>through DES increase security. As I understand
>the consensus, it is: "Nobody who knows will tell",
>and "Why bother, DES is secure enough." Fair
>enough.
> [ ... ]

> OK, maybe the answer is still "Nobody who
>knows will tell." But if that is the case,
>shouldn't people be warned against multiple
>passes (especially as one pass is pretty good)?

Why bother with DES at all?

A possible answer is that you are part of a transaction in
which the other people have accepted DES as their standard,
and they are big enough to tell you that you must use DES
or go fish. Therefore your security is only as good as theirs.
Whatever you can do to improve your security is limited by
their security.

Another answer is that you think DES is the cat's meow. In
which case I suggest you go see a a voodoo priest to get the
bad spirits cast out.

>I might prefer using a weak system for
>enciphering the output of DES which can be
>demonstrated to result in something stronger
>than DES (for example a transposition over 32
>bytes).

Not really strong.

>Tom Scharle
--
William "Alain" Simon al...@elevia.UUCP

Philippe Hebrais

unread,
Jul 23, 1991, 9:11:53 PM7/23/91
to
In article <1991Jul22....@news.nd.edu> sch...@lukasiewicz.cc.nd.edu (Scharle) writes:
> My first thought is: no, multiple passes don't
>reduce security, because then that would give a
>way of breaking DES, and nobody knows such an
>easy way to break it. But then I hear of people
>doing three passes throught DES rather than two,
>with the second pass _decrypt_ rather than
>_encrypt_. Do they know -- or suspect --
>something?

I doubt very much you can weaken DES by using multiple encryption.
But I'm no expert, so you have to make your own opinion.

My real comment is on the way to perform multiple encryption with DES.
The idea of using multiple encryption is to increase the key space and
make attacks based on key exhaustion less believable.

There is an official way of doing this: use the EDE
(Encrypt-Decrypt-Encrypt) mode of DES. EDE mode uses 2 keys: k1 and k2.

c = E_k1( D_k2( E_k1( m )))

Why 3 passes if you're only using 2 keys?
Well, to decrypt you:

m = D_k1( E_k2( D_k1( c )))

This way you don't have to reverse the order of keys for decryption.
In hardware, you plug 3 DES chips in a pipeline with the Encrypt/Decrypt
line attached directly to the first and last chip and attached through
a "not" gate to the middle chip. It is a lot easier than shuffling
the keys around. Off course, this mode is very much a **** in the ***
in software ;-(

>--
>Tom Scharle cm65n6@irishmvs(Bitnet)
>Room G003 Computing Center
>University of Notre Dame Notre Dame, IN 46556-0539

--
--
Philippe Hebrais heb...@mirkwood.cam.org
Voix: (514) 731-9146 uunet!philmtl!altitude!mirkwood!phil

0 new messages