There are many questions as to what Triple Data Encryption Standard (3DES) is and how it works. In order to understand it, we need to know what 3DES is and how it originated.
3DES is a modern variation of DES (Data Encryption Standard), which uses a block of plaintext 64 bits in length, with a 56 bit key. The actual key length equals that of the plaintext. However, the last bit on the right of the key is a parity bit (think of it as padding), and is disregarded as insignificant, which is why 56 bits are the result. (It would be helpful to note that 8 bits equal one byte, you have 8 bytes, each containing 8 bits, equaling a 64 bit block) There were many concerns about the weakness of DES against brute force attacks due to the key length, so 3DES was developed in response to needing a stronger encryption method.
3DES works in much the same way as DES, except that goes through three cycles during the encryption process, using three keys: encryption, decryption, and another encryption. It has a key length of 192 bits (64 bits x 3 keys), but its actual strength is 168 bits (56 bits x 3 keys). This method is three times as strong as DES, yet it also means that it is three times slower because of the triple processing. (Strong Encryption Package, Triple DES Encryption, n.d.)
Encryption using 3DES is represented as C = E(K3, D(K2,E(K1,P))). Similarly, decryption is the same process backwards: P = D(K1,E(K2,D(K3,C))). (Stallings, 2011) So for both algorithms, assume:
P= Plaintext
C = ciphertext
D= decryption function.
E = encryption function
Kx = key ordered by placement in operation
Think of ciphertext as the scrambled message you get after encrypting a message and the key as the scrambler of the plaintext or other ciphertext. To explain in further detail, assume that your key is A = B, B = C, and so on until you reach the end of the alphabet. (This is a sample key, but you can design it however you choose. However, nobody else but the intended recipients should have access to the key, as then it would be too easy to decrypt the message, defeating the purpose of encrypting it.) Your message in plaintext is “Don’t forget to drink your Ovaltine”. The key scrambles the plaintext, producing the ciphertext “Epou gpshu up esjol zpvs pwbmujof”. This process is known as the encryption function. The decryption function would take the ciphertext and key to produce the plaintext message.
To continue with the 3DES algorithm, the innermost parentheses are worked first according to mathematical principles, moving outward. In this example, the innermost parentheses are K1 and P, which indicate the first key combined with the plaintext, and are encrypted (note the “E” directly outside of the first set of parenthesis). This produces the first ciphertext, which is in turn combined with the second key (K2), and decrypted (“D” on outside of second set of parenthesis). The resulting ciphertext is combined with the third key (K3), and encrypted one more time (E on the outside of the first set of parenthesis). The third ciphertext is the final outcome of this operation (indicated by “C”). This follows the encrypt-decrypt-encrypt cycle (EDE):
- Encrypt using first key and plaintext to produce first ciphertext
- Decrypt using first ciphertext and second key to produce second ciphertext
- Encrypt using second ciphertext and third key to produce final ciphertext
To decrypt the ciphertext, the same operation is performed backwards, as stated in the beginning. The decryption algorithm is stated as P = D(K1,E(K2,D(K3,C))). Recalling the legend in the above example, we are looking to decipher the plaintext, and start with the innermost parenthesis, K3 and C. Starting with the third key (K3), it is combined with the final ciphertext (C) of the encrypted message to perform the first decryption (“D” on outside of innermost set of parenthesis). The resulting ciphertext is then combined with the second key (K2) to encrypt it (“E” on outside of second set of parenthesis), producing the first ciphertext in the example above. The first ciphertext is combined with the first key (K1) to decrypt it a last time (“D” on outside of all parenthesis), producing the original plaintext. This follows the decrypt-encrypt-decrypt cycle (DED):
- Decrypt using the third key and final ciphertext to produce the second ciphertext
- Encrypt using the second ciphertext and the second key to produce the first ciphertext
- Decrypt using the first ciphertext and the first key to produce the plaintext
One thing to remember is that all three keys should be different. If any of the keys are the same, it would be easier for a hacker to discover the plaintext. For this purpose, several modes of operation were designed for symmetric block ciphers such as 3DES. They include the Electronic Codebook mode (ECB), Cipher Block Chaining mode (CBC), Cipher Feedback mode (CFB), and Counter mode (CTR). While explaining these in detail are out of the scope for this discussion, ECB is a good example of why the same key should not be used. ECB uses the same key for each block of plaintext, and is considered unsecure for long messages. If any two blocks are the same, the ciphertext would be identical. A hacker could decipher the message by method of deduction. (Stallings, 2011)
To summarize, 3DES uses 64-bit symmetric block encryption with three keys, each corresponding to an encryption or decryption function, and follows the EDE cycle to encrypt plaintext, or the DED cycle to decrypt ciphertext. The keys must be kept secret to deter hackers from gaining access to the original plaintext, and should all be independent.
On a final note, 3DES is the current standard adopted by the National Institute of Standards and Technology (NIST). It is only a temporary fix until the next generation of encryption is fully integrated, the Advanced Encryption Standard (AES). (Strong Encryption Package, Triple DES Encryption, n.d.)
References
- Callas, J. (n.d.). Expert advice: Encryption 101 -- Triple DES explained. Information Security information, news and tips - SearchSecurity.com. Retrieved September 11, 2011, from http://searchsecurity.techtarget.com/tip/Expert-advice-Encryption-101-Triple-DES-explained
- Distributed Security. (n.d.). Microsoft TechNet: Resources for IT Professionals. Retrieved September 11, 2011, from http://technet.microsoft.com/en-us/library/cc767123.aspx
- Stallings, W. (2011). Symmetric Encryption and Message Confidentiality. Network security essentials: applications and standards (4th ed., pp. 36-53). Alexandria, VA: Prentice Hall.
- Strong Encryption Package, Triple DES Encryption. (n.d.). Tropical Software, Security and Privacy Products. Retrieved September 11, 2011, from http://www.tropsoft.com/strongenc/des3.html
.
I was aware of the basic version of this data encryption standard but is learning about this modern variation from this article. Its no doubt that this modern variation offers more and enhanced level of security. Thanks for posting about it.
ReplyDeletedigital signature software
Really informative blog.
ReplyDeleteIn day to day life encryption is playing an important role as to keep our conversation safe and secure.
I want to share my favorite app which is based on data encryption i.e. EnKryptonite app
You may download this from:
Iphone store & Google Play
Nicely written blog.
ReplyDeleteInformation security guidelines for working from home
Information security dos and donts
Data protection tips for organizations to keep information secure
ISO 27001 consultants in Bangalore
ISO 27001 Internal Auditor training in Bangalore and India - Inzinc Consulting India
Yes, encryption standards are rising day to day and we need all the measures to protect our data.
ReplyDeleteBellwether
ISO 27001 Consulting Company