From: Joe Thomas <jthomas@pawpaw.mitre.org>
Date: Thu, 14 Oct 93 11:16:58 PDT
To: cypherpunks@toad.com
Subject: Re: DES
Message-ID: <9310141814.AA14779@pawpaw.mitre.org>
MIME-Version: 1.0
Content-Type: text/plain


> > 2) How much longer would it take to break triple DES versus  
standard DES
> > using one of the key-breaking machines described? 

> 

> Using brute force, it would take the cube of the
> time it takes to break single DES.

Hmm...  I can't figure out what it would mean to cube time.  For  
two-key (112 bit) triple DES, it should be 2^56 times longer to  
exhaustively search the keyspace, with three keys, 2^112 times  
longer.  This assumes the keysearch engine is pipelined, so each  
trial encryption takes the same amount of time, despite the  
additional rounds.  Such a machine would cost more, of course, since  
it would have a longer pipeline, but wouldn't otherwise be  
significantly different in design.

Back-of-the-envelope calculation:  a design like the "7-hour  
exhaustive keysearch" engine for 2-key triple DES would take 50  
trillion years or so to exhaust the keyspace.  That's for a cost on  
the order of $1 million (it should be buildable for less than three  
times the cost of the 56-bit key version).

Seems secure, but as Perry says,

> Whether a more sophisticated techinque is possible is unknown. 

 

Joe