The Multi-User Security of Triple Encryption, Revisited: Exact Security, Strengthening, and Application to TDES
Pages 2323 - 2336
Abstract
We study the security of triple encryption in the multi-user setting with its application to Triple DES (TDES) in mind. Although depreciation of TDES is a global trend, the migration will take the next decade, considering the billions of TDES hardware the industry has invested so far. The multi-user security captures the reality of practical systems with multiple users, substantially impacts security, and is already considered in practical protocols such as TLS 1.3. The best multi-user lower bound of TDES is 43-(3/2) \cdot łog_2 u bits with u users, which is tractable with a standard PC and is unacceptably low. We devise a new proof to improve the multi-user security and show its tightness by giving a concrete attack. The new bound with the TDES parameters is 79-(1/2) \cdot łog_2 u bits. We also propose TEFX that strengthens triple encryption with the FX construction while preserving the compatibility with legacy hardware. TDES with TEFX achieves the multi-user security of 114-(1/2) \cdot łog_2 q bits with q TEFX calls: it achieves 84.5 bits with 2^40 users and 2^21 TEFX calls for each user, which is comparable to that of AES (128-40=88 bits).
References
[1]
Frederik Armknecht, Ewan Fleischmann, Matthias Krause, Jooyoung Lee, Martijn Stam, and John P. Steinberger. 2011. The Preimage Security of Double-Block-Length Compression Functions. In ASIACRYPT 2011 (LNCS, Vol. 7073). Springer, 233--251.
[2]
Elaine Barker and Nicky Mouha. 2017. NIST Special Publication 800--67 Rev. 2: Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800--67r2.pdf. Accessed: 2022-05-02.
[3]
Elaine Barker and Allen Roginsky. 2011. NIST Special Publication 800--131A: Transitioning the Use of Cryptographic Algorithms and Key Lengths. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800--131a.pdf.
[4]
Elaine Barker and Allen Roginsky. 2019. NIST Special Publication 800--131A Revision 2: Transitioning the Use of Cryptographic Algorithms and Key Lengths. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800--131Ar2.pdf.
[5]
Mihir Bellare and Bjö rn Tackmann. 2016. The Multi-user Security of Authenticated Encryption: AES-GCM in TLS 1.3. In CRYPTO 2016, Vol. 9814. Springer, 247--276.
[6]
Karthikeyan Bhargavan and Gaë tan Leurent. 2016. On the Practical (In-)Security of 64-bit Block Ciphers: Collision Attacks on HTTP over TLS and OpenVPN. IACR Cryptol. ePrint Arch. (2016), 798. http://eprint.iacr.org/2016/798
[7]
Eli Biham. 2002. How to decrypt or even substitute DES-encrypted messages in $2^28$ steps. Inf. Process. Lett., Vol. 84, 3 (2002), 117--124.
[8]
Soumya Chattopadhyay, Ashwin Jha, and Mridul Nandi. 2021. Fine-Tuning the ISO/IEC Standard LightMAC. In ASIACRYPT 2021 (LNCS, Vol. 13092). Springer, 490--519.
[9]
Yuanxi Dai, Jooyoung Lee, Bart Mennink, and John P. Steinberger. 2014. The Security of Multiple Encryption in the Ideal Cipher Model. In CRYPTO 2014, Vol. 8616. Springer, 20--38.
[10]
Jean Paul Degabriele, Jérôme Govinden, Felix Günther, and Kenneth G. Paterson. 2021. The Security of ChaCha20-Poly1305 in the Multi-User Setting. In CCS 2021 (Virtual Event, Republic of Korea). ACM, 1981--2003.
[11]
Morris Dworkin. 2016. NIST Special Publication 800--38 Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800--38B.pdf. Accessed: 2022-05-02.
[12]
The Electronic Frontier Foundation (John Gilmore Eds.). 1998. Cracking DES: Secrets of Encryption Research, Wiretap Politics & Chip Design. O'Reilly and Associates (1998).
[13]
EMVCo. 2011. EMV Integrated Circuit Card Specifications for Payment Systems, Book2, Security and Key Management Version 4.3.
[14]
Google. 2021. Titan H1D3 Secure Microcontroller with Crypto Library v0.1.4 Security Target Lite Version: 2.4. https://www.commoncriteriaportal.org/files/epfiles/[STL][2.4]%20Titan%20H1D3%20Security%20Target%20Lite%20v2.4.pdf. Accessed: 2022-05-02.
[15]
Tim Gü neysu, Timo Kasper, Martin Novotný, Christof Paar, and Andy Rupp. 2008. Cryptanalysis with COPACOBANA. IEEE Trans. Computers, Vol. 57, 11 (2008), 1498--1513.
[16]
Viet Tung Hoang and Stefano Tessaro. 2016. Key-Alternating Ciphers and Key-Length Extension: Exact Bounds and Multi-user Security. In CRYPTO 2016, Vol. 9814. Springer, 3--32.
[17]
Viet Tung Hoang and Stefano Tessaro. 2017. The Multi-user Security of Double Encryption. In EUROCRYPT 2017, Vol. 10211. 381--411.
[18]
Viet Tung Hoang, Stefano Tessaro, and Aishwarya Thiruvengadam. 2018. The Multi-user Security of GCM, Revisited: Tight Bounds for Nonce Randomization. In CCS 2019. ACM, 1429--1440.
[19]
Infeneon. 2021. Public Security Target IFX_CCI_000011h, IFX_CCI_00001Bh, IFX_CCI_00001Eh, IFX_CCI_000025h G12 Rev. 1.5. https://www.commoncriteriaportal.org/files/epfiles/1025V4b_pdf.pdf. Accessed: 2022-05-02.
[20]
ISO. 2005. ISO/TR 19038:2005 Banking and related financial services - Triple DEA - Modes of operation - Implementation guidelines. (2005).
[21]
ISO. 2010a. ISO/IEC 18033--3:2010 Information Technology - Security Techniques - Encryption Algorithms - Part 3: Block Ciphers. (2010).
[22]
ISO. 2010b. ISO/TR 14742:2010 Financial services - Recommendations on Cryptographic Algorithms and Their Use. (2010).
[23]
Joe Kilian and Phillip Rogaway. 2001. How to Protect DES Against Exhaustive Key Search (an Analysis of DESX). J. Cryptology, Vol. 14, 1 (2001), 17--35.
[24]
Atul Luykx, Bart Mennink, and Kenneth G. Paterson. 2017. Analyzing Multi-key Security Degradation. In ASIACRYPT 2017, Vol. 10625. Springer, 575--605.
[25]
Nicky Mouha and Atul Luykx. 2015. Multi-key Security: The Even-Mansour Construction Revisited. In CRYPTO 2015, Vol. 9215. Springer, 209--223.
[26]
Yusuke Naito, Yu Sasaki, Takeshi Sugawara, and Kan Yasuda. 2022. The Multi-User Security of Triple Encryption, Revisited: Exact Security, Strengthening, and Application to TDES (Full Version).
[27]
NIST. 1999. FIPS Pub. 46--3: Data encryption standard. https://csrc.nist.gov/csrc/media/publications/fips/46/3/archive/1999--10--25/documents/fips46--3.pdf. Accessed: 2022-05-02.
[28]
Jacques Patarin. 2008. The "Coefficients H" Technique. In SAC 2008, Vol. 5381. Springer, 328--345.
[29]
Eric Rescorla. 2018. RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3. https://doi.org/10.17487/RFC8446.
[30]
Eric Rescorla, Hannes Tschofenig, and Nagendra Modadugu. 2021. The Datagram Transport Layer Security (DTLS) Protocol Version 1.3 -- draft-ietf-tls-dtls13--43. https://tools.ietf.org/html/draft-ietf-tls-dtls13--43.
[31]
Rich Salz. 2016. The SWEET32 Issue, CVE-2016--2183. https://www.openssl.org/blog/blog/2016/08/24/sweet32/.
[32]
Martin Thomson and Sean Turner. 2021. Using TLS to Secure QUIC. RFC, Vol. 9001 (2021), 1--52. https://doi.org/10.17487/RFC9001
[33]
Michael Ward. 2021. How EMVCo is Supporting Card Data Encryption Advancements for Card Personalisation. https://www.emvco.com/emv_insights_post/how-emvco-is-supporting-card-data-encryption-advancements-for-card-personalisation. Accessed: 2022-05-02. io
Index Terms
- The Multi-User Security of Triple Encryption, Revisited: Exact Security, Strengthening, and Application to TDES
Recommendations
The Exact Multi-user Security of 2-Key Triple DES
Topics in Cryptology – CT-RSA 2024AbstractWe study the tight multi-user (mu) security of 2-key triple encryption (2kTE) with its application to 2-key TDES. With an n-bit block and k-bit key primitive block cipher, our new mu lower bound regarding the number of primitive queries is
The Exact Multi-user Security of (Tweakable) Key Alternating Ciphers with a Single Permutation
Advances in Cryptology – EUROCRYPT 2024AbstractWe prove the tight multi-user (mu) security of the (tweakable) key alternating cipher (KAC) for any round r with a single permutation and r-wise independent subkeys, providing a more realistic provable-security foundation for block ciphers. After ...
Multi-user Security of the Elephant v2 Authenticated Encryption Mode
Selected Areas in CryptographyAbstractOne of the finalists in the NIST Lightweight Cryptography competition is v2, a parallelizable, permutation-based authenticated encryption scheme. The original first/second-round submission v1/v1.1 was proven secure against nonce-...
Comments
Information & Contributors
Information
Published In
November 2022
3598 pages
ISBN:9781450394505
DOI:10.1145/3548606
- General Chairs:
- Heng Yin,
- Angelos Stavrou,
- Program Chairs:
- Cas Cremers,
- Elaine Shi
Copyright © 2022 Owner/Author.
This work is licensed under a Creative Commons Attribution International 4.0 License.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 07 November 2022
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
CCS '22
Sponsor:
CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security
November 7 - 11, 2022
CA, Los Angeles, USA
Acceptance Rates
Overall Acceptance Rate 1,261 of 6,999 submissions, 18%
Upcoming Conference
CCS '25
- Sponsor:
- sigsac
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 663Total Downloads
- Downloads (Last 12 months)232
- Downloads (Last 6 weeks)47
Reflects downloads up to 13 Jan 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in