3DES is a symmetric key block cipher in which the same key is used to encrypt and decrypt data in fixed-length groups of bits called blocks. It is also known as Triple DES, Triple DEA, TDEA or the Triple Data Encryption Algorithm.
The reason this cryptographic cipher is called Triple DES is that it applies the DES cipher three times when encrypting data.
A brief history of 3DES:
The initial version called DES was originally developed in 1976, it used a key size of 56 bits, which was a good level of security to resist brute-force attacks.
Later in 1998 3DES was introduced. By this time computers had become more powerful, enabling the 3DES algorithm to apply DES three times consecutively, thus preventing brute-force attacks.
The 3DES algorithm is broadly adopted in finance and payment to encrypt data-in-transit and at-rest, including EMV keys for protecting credit card transactions.
However, according to NIST, the Triple Data Encryption Algorithm is officially being retired as of 2018.
This means 3DES is deprecated for all new applications and usage is disallowed after 2023.
Deprecated means “the use of the algorithm and key length is allowed, but the user must accept some risk.”
Disallowed means an “algorithm of key length is no longer allowed for the indicated use.”
Here is the historical background of this algorithm:
- The Advanced Encryption Standard (AES) was introduced in 2001 to replace 3DES.
- Data Encryption Standard (DES), the algorithm 3DES is based on, was retired in 2005.
- The two-key variant of 3DES was retired in 2015.
In July 2017, NIST retired 3DES following a security analysis and practical demonstration of attacks on 3DES in several real-world protocols.
Later in November 2017, NIST restricted usage to 220 64-bits blocks (8 MB) using a single key bundle, so it could no longer effectively be used for TLS, IPsec, or large file encryption.
Triple DES encryption process
[Image Source: Crypto-It]
It works by taking three 56-bits keys (K1, K2, and K3), and encrypting first with K1, decrypting next with K2, and encrypting the last time with K3.
There are two versions of 3DES.
Two-key and three-key version.
In the two-key version, the same algorithm runs three times but uses K1 for the first and last steps.
Here is an encryption-decryption process with 3-key triple DES:
[Image Source: TutorialPoint]
- Encrypt the plaintext blocks using single DES with key K1.
- Now decrypt the output of step 1 using DES with key K2.
- Finally, encrypt the output of step 2 using single DES with key K3.
- The output of step 3 is the ciphertext.
- Decryption of the ciphertext is a reverse process. That is, first, decrypt using K3, then encrypt with K2, and finally decrypt with K1.
Now I want to hear from you.
What do you think of 3DES encryption algorithm?
Or maybe I missed an important aspect of this algorithm.
Either way, let me know by leaving a comment below.