CRYPTANALYSIS OF MULTIPLE-MODES OF OPERATION

Authors
Citation
E. Biham, CRYPTANALYSIS OF MULTIPLE-MODES OF OPERATION, Journal of cryptology, 11(1), 1998, pp. 45-58
Citations number
20
Categorie Soggetti
Computer Science Theory & Methods",Mathematics,"Computer Science Theory & Methods","Engineering, Eletrical & Electronic",Mathematics
Journal title
ISSN journal
09332790
Volume
11
Issue
1
Year of publication
1998
Pages
45 - 58
Database
ISI
SICI code
0933-2790(1998)11:1<45:COMOO>2.0.ZU;2-A
Abstract
In recent years, several new attacks on DES were introduced. These att acks have led researchers to suggest stronger replacements for DES, an d in particular new modes of operation for DES. The most popular new m odes are triple DES variants, which are claimed to be as secure as tri ple DES. To speed up hardware implementations of these modes, and to i ncrease the avalanche, many suggestions apply several standard modes s equentially. In this paper we study these multiple (cascade) modes of operation. This study shows that many multiple modes are much weaker t han multiple DES, and their strength is theoretically comparable to a single DES. We conjecture that operation modes should be designed arou nd an underlying cryptosystem without any attempt to use intermediate data as feedback, or to mix the feedback into an intermediate round. T hus, in particular, triple DES used in CBC mode is more secure than th ree single DESs used in triple CBC mode. Alternatively, if several enc ryptions are applied to each block, the best choice is to concatenate them to one long encryption, and build the mode of operation around it .