Technology
November 27, 2022

DES and 3DES

Data Encryption Standard (DES) data is encrypted in 64-bit blocks using a 56-bit key. The DES algorithm takes input through a series of transformations: initial permutation; a complex function, involving both permutation and substitution operations and depends on a key input; a simple swap function that swaps the two halves of the data; the function is applied again; and a permutation function takes place that is the inverse of the initial permutation. There are five “modes of operation” that have been defined to apply DES to a variety of applications. They are Electronic Codebook, Cipher Block Chaining, Cipher Feedback, Output Feedback Counter, and Counter (Cryptography Concepts, 2005).

Triple DES or 3DES involves repeating the DES algorithm three times on the plaintext, using two or three different keys to produce the ciphertext. As stated in the article DES is dead. Long live… Well, um, what, “First encrypt, then decrypt, and finally encrypt again” (Moskowitz, 1999). Three DES is now used because it is highly resistant to cryptanalysis, serving as an alternative to add security against the potential vulnerability of DES to brute force attacks. Triple DES has been adopted for use in the ANSI X 9.17 and ISO 8732 key management standards, along with a number of Internet-based applications such as PGP and S/MIME (AES, Ciphers, and Confidentiality, 2005). The following image shows the triple encryption process, as well as the core part of 3DES as decryption instead of encryption, which makes it more secure.

A key distribution center and nonce (KDC) shares a secret key or “master” key between every party in a network. The KDC is responsible for generating nonces and keys to be used for a short period of time in a connection between two parties, known as session keys, and for distributing those keys using the master keys to protect the distribution. The following steps occur:

1. A issues a request to the KDC for a session key with B. The message includes the identities of A and B, as well as a unique identifier for the transaction, a nonce, which can include a random number or a counter.

2. The KDC responds with a Ka-encrypted message. Therefore, only A can read the message and knows that the message originated from the KDC. The message includes:

• The unique session key, Ks, to be used for the session.
• The original request message, including the nonce, to allow A to match this response to the appropriate request.

In addition, the message includes two elements intended for B:

• The single session key, Ks.
• An identifier of A, IDA.

These are encrypted with the master key that the KDC shares with B. They are sent to B to establish the connection and prove A’s identity.

3. A stores the session key for use in the next session and sends to B the information that originated from the KDC for B. This information is protected from eavesdropping because it is encrypted by the master key, Kb. B knows the key session name, A’s identity, and that the information originated from the KDC.

4. B then sends a nonce, N2, to A, using a newly minted session key for encryption.

5. Using the session key, A responds with f(N2), where f is a function that performs some transformation on N2 (for example, adding one) (Stallings, 2003 pp 214-15).

In conclusion, the above explained how DES works, why 3DES is now used, why the core of 3DES is decryption rather than encryption, and explains a nonce and key distribution center.

Works Cited

Moskowitz, Robert. (1999). DES he is dead. Long live… well, um, what? Network Computing, Vol. 10 number 6. Retrieved October 22, 2005 from the EBSCO Host Research Database at [http://web10.epnet.com]

Stallings, William. (2003). Cryptography and network security: principles and practice. New Jersey: Pearson Education, Inc.

admin
0

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts

Recent Comments

    Archives

    Categories

    TOGEL ONLINE

    Meta