Triple DES

In cryptography, Triple DES is a block cipher created from the Data Encryption Standard (DES) cipher by using it three times. Triple DES is also known asTDES or, more standard, TDEA (Triple Data Encryption Algorithm). When it was discovered that a 56-bit key of DES is not enough to protect from brute force attacks, TDES was chosen as a simple way to enlarge the key space without a need to switch to a new algorithm. The use of three steps is essential to prevent meet-in-the-middle attacks that are effective against double DES encryption. In general TDES with three different keys (3-key {k1, k2, k3} TDES) has a key length of 168 bits: three 56-bit DES keys (with parity bits 3-key TDES has the total storage length of 192 bits), but due to the meet-in-the-middle attack the effective security it provides is only 112 bits. Another version, called two-key TDES (2-key TDES), uses k1 = k3, thus reducing the key size to 112 bits and the storage length to 128 bits. However, this mode can be taken advantage of through certain chosen-plaintext or knownplaintext attacks [2] [3] and so TDES is treated by NIST to have only 80 bits of security [4]. By design, DES and therefore TDES, suffer from slow performance in software. TDES is better suited to hardware implementations, which are many of the places it is still used. TDES is slowly disappearing from use, largely replaced by the Advanced Encryption Standard (AES). One large-scale exception is within the electronic payments industry, which still uses 2TDES extensively and continues to develop and spread standards based upon it (e.g. EMV, the standard for inter-operation of IC cards; also called "Chip cards", and IC capable POS terminals and ATM's). This guarantees that TDES will remain an active cryptographic standard well into the future.

Algorithm
Triple DES uses a "key bundle" which comprises three DES keys, K1, K2 and K3, each of 56 bits (excluding parity bits). The encryption algorithm is: Cipher text = EK3(DK2(EK1(plaintext))) I.e., DES encrypts with K1, DES decrypt with K2, then DES encrypt with K3. Decryption is the reverse: Plaintext = DK1(EK2(DK3(cipher text))) I.e., decrypt with K3, encrypt with K2, and then decrypt with K1. Each triple encryption encrypts one block of 64 bits of data. In each case the middle operation is the reverse of the first and last. This improves the strength of the algorithm when using keying option 2, and provides backward compatibility with DES with keying option 3.