Chapter02概要1.ppt

* The simplest form of multiple encryption has two encryption stages and two keys - Double-DES. Have concern that there might be a single key that is equivalent to using 2 keys as above, not likely but only finally proved as impossible in 1992. More seriously have the “meet-in-the-middle” attack, first described by Diffie in 1977. It is a known plaintext attack (ie have know pair (P,C), and attempts to find by trial-and-error a value X in the “middle” of the double-DES encryption of this pair, and chances of this are much better at O(2^56) than exhaustive search at O(2^112). * Triple-DES with two keys is a popular alternative to single-DES, but suffers from being 3 times slower to run. The use of encryption decryption stages are equivalent, but the chosen structure allows for compatibility with single-DES implementations. 3DES with two keys is a relatively popular alternative to DES and has been adopted for use in the key management standards ANS X9.17 and ISO 8732. Currently, there are no practical cryptanalytic attacks on 3DES. Coppersmith notes that the cost of a brute-force key search on 3DES is on the order of 2^112 (=5*10^33) and estimates that the cost of differential cryptanalysis suffers an exponential growth, compared to single DES, exceeding 10^52. There are several proposed attacks on 3DES that, although not currently practical, give a flavor for the types of attacks that have been considered and that could form the basis for more successful future attacks. See text for details. * Although the attacks currently known appear impractical, anyone using two-key 3DES may feel some concern. Thus, many researchers now feel that three-key 3DES is the preferred alternative. Three-key 3DES has an effective key length of 168 bits and is defined as shown. A number of Internet-based applications have adopted three-key 3DES, including PGP and S/MIME. * The Advanced Encryption Standard (AES) was published by NIST (National Institute of Standards and Technology) in