RELATED-KEY ATTACK AGAINST TRIPLE ENCRYPTION BASED ON FIXED POINTS

Triple encryption was proposed to increase the security of single encryption when the key is too short. In the past, there have been several attacks in this encryption mode. When triple encryption is based on two keys, Merkle and Hellman proposed a subtle meet-in-the-middle attack which can break it at a price similar to breaking single encryption (but with nearly all the code book). When triple encryption is based on three keys, Kelsey, Schneier, and Wagner proposed a related-key attack which can break it at a price similar to breaking single encryption. In this paper, we propose a new related-key attack against triple encryption which compares to breaking single encryption in the two cases. Our attack against two-key triple-encryption has exactly the same performances as a meet-in-the-middle on double-encryption. It is based on the discovery of fixed points in a decrypt-encrypt sequence using related keys. In the two-key case, it is comparable to the Merkle-Hellman attack (except that is uses related keys). In the three-key case, it has a higher complexity than the Kelsey-Schneier-Wagner attack but can live with known plaintexts.