Cryptography and Network Security

Mekelle Inistitute of Technology

By: Brhane Kiros

February 20, 2020

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 1 / 63
 Unit-I: Security and Conventional Encryptions

Outlines:
1 Security
2 Attacks
3 Security services
4 security mechanisms
5 Some basic definitions
6 Substitution techniques
Caesar cipher
Monoalphabetic ciphers
Playfair cipher
Hill cipher
One-time pad

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 2 / 63
 Lesson Objective

Understand the need of Security

Identify and discuss basic security services
Describe security mechanisms
Understand and discuss various attacks
Understand basic definitions related to conventional
encryption
Understand some encryption schemes
Learn how to break the encryption schemes in order to build
better schemes

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 3 / 63
Mekelle Inistitute of Technology (By: Brhane Kiros)
Cryptography and Network Security February 20, 2020 4 / 63
 Network Security Model

A model is a simplified
version of the reality to
study.
Security services
Security attacks
Security mechanisms

A security service is implemented through one or more security

mechanisms and is used as a countermeasure for security
attacks.

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 5 / 63
 Security services

Security services are implemented through security mechanisms.

A security mechanism is any process that is designed to detect,
prevent, or recover from a security attack.
Security Services
Confidentiality Security Mechanisms
Authentication Encryption
Non-repudiation Hash
Integrity Digital signature
Availability ...
Access control

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 6 / 63
 Attacks

Attacks are prevented using security services.

Attacks can be classified as passive and active

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 7 / 63
 Security Services: Confidentiality

Threat
an unauthorized entity gain access to data.
Security Service
ensuring that information is accessible only to those authorized
to have access.
Security mechanism
Encryption

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 8 / 63
 Security Services: Authentication

Threat
Insertion of “counterfeit” messages
Security Service
Authentication: the entity is whom he claims to be
Security Mechanisms
Authentication protocols

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 9 / 63
 Security Services: Integrity

Threat
Modification: Gain access and “tampers” with messages
Security Service
Integrity: the message is received as it was sent
Security Mechanisms
Digital signature

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 10 / 63
 Security Services: Non-repudiation

Threat
Repudiation attempt
Security Service
Non-repudiation: the entity cannot deny sending/receiving a
message
Security Mechanisms
Digital signature

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 11 / 63
 Security Services: access control

Threat
unauthorized use of the resources
Security Service
access control: The prevention of unauthorised use of resources (
service controls who can have access to resources, under what
conditions,. . . )
Security Mechanisms
Access control list, role based access control

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 12 / 63
 Security Service: Availability

Threat
Interruption: loss of communication
Security Service
Availability: services are always available to authorized users.
Security Mechanisms
Improve the infrastructure: Replication, increase bandwidth,
hardware, . . .

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 13 / 63
 Basic definitions

Plaintext: This is the intelligible message that need to be sent

Ciphertext: This is the encrypted message that is
unintelligible by a human or a computer
Encryption: The process of converting the a plaintext to a
ciphertext
Decryption: The process of restoring the plaintext from the
ciphertext
Cryptography: the area of study of different schemes used for
encryption
Cipher: a scheme

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 14 / 63
 Cryptanalysis: the techniques used to decrypt the message
without the complete knowledge of the cipher details.
Cryptology= Cryptography + Cryptanalysis
Symmetric encryption is often referred to as conventional
encryption or single key encryption.

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 15 / 63
 Encryption: performs various substitution and transposition
on the plain text.
Secret key: it is an input to the encryption algorithm. The
exact substitution and transposition performed by the
algorithm depend on the key. Sender and receiver have the
same key.
Ciphertext: A scrambled message that depends on the
plaintext and secret key. For a given message two different
keys produce two different ciphertexts.
Decryption: the encryption algorithm running in reverse. It
takes the ciphertext and the secret key and produces the
original plaintext

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 16 / 63
 Breaking the code(Cryptanalysis )

The objective is to recover key not just message

general approaches:
1 Brute force attack
All possible keys are tried until the ciphertext can be understood
2 cryptanalytic attack
The nature of the encryption is considered together with
characteristics of the plaintext or even some plaintext-cipher
couples
The algorithm is studied in order to deduce the plaintext or the
key

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 17 / 63
 Cipher Strength

unconditional security
no matter how much computer power or time is available, the
cipher cannot be broken since the ciphertext provides
insufficient information to uniquely determine the
corresponding plaintext
computational security
given limited computing resources (e.g. time needed for
calculations is greater than age of universe), the cipher cannot
be broken

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 18 / 63
 Symmetric Cipher Model

plaintext - original message

encryption algorithm – performs substitutions/transformations
on plaintext
secret key – control exact substitutions/transformations used
in encryption algorithm
ciphertext - scrambled message
decryption algorithm – inverse of encryption algorithm
Mekelle Inistitute of Technology (By: Brhane Kiros)
Cryptography and Network Security February 20, 2020 19 / 63
 Substitution techniques

A substitution technique is one in which the letters of plaintext

are replaced by other letters or by numbers or symbols.
Caesar’s code
The need of concealing a message is very
old.
Julius Caesar (13 July 100 BC – 15 March
44 BC) was a Roman general. He played a
critical role in the gradual transformation
of the Roman Republic into the Roman
Empire.
Julius Caesar invented a cipher code and
used it to protect messages of military
significance.

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 20 / 63
 Goal: Julius wants to send messages to his general through a
guard.
Threat: If the attacker “meets” the guard he can intercept the
message.
Caesar implemented the confidentiality service using the
Caesar’s code (i.e., the mechanisms).
It is a substitution chiper in which a letter in the plain text is
replaced by a letter some fixed number of positions down the
alphabet

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 21 / 63
 The earliest known, and the simplest, use of a substitution
cipher was by Julius Caesar.
The Caesar cipher involves replacing each letter of the
alphabet with the letter standing three places further down the
alphabet.
For example

The number equal to 3 is the key of the encryption.

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 22 / 63
 The algorithm can be expressed as follows. For each plaintext
”p” and ciphertext ”C”
C = E(3, p) = (p + 3) mod 26
A shift may be of any amount, so that the general Caesar
algorithm is
C = E(k, p) = (p + k) mod 26 where ”k” takes on a value in the
range 1 to 25.
The decryption algorithm is simply p = D(k, C) = (C - k) mod 26
ciphertext: PHHW PH DIWHU WKH WRJD SDUWB
Plaintext = ?

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 23 / 63
 The algorithm can be expressed as follows. For each plaintext
”p” and ciphertext ”C”
C = E(3, p) = (p + 3) mod 26
A shift may be of any amount, so that the general Caesar
algorithm is
C = E(k, p) = (p + k) mod 26 where ”k” takes on a value in the
range 1 to 25.
The decryption algorithm is simply p = D(k, C) = (C - k) mod 26
ciphertext: PHHW PH DIWHU WKH WRJD SDUWB
Plaintext = ? meet me after the toga party

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 23 / 63
 breaking Caesar’s code

Is it easy to break?
YES: brute force attack i.e. try all possible keys (25)
The encryption scheme is not computationally secure
Three important characteristics of this problem enabled us to use a
bruteforce cryptanalysis:
1 The encryption and decryption algorithms are known.
2 There are only 25 keys to try.
3 The language of the plaintext is known and easily recognizable.

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 24 / 63
 Figure 1: Brute-Force Cryptanalysis of Caesar Cipher
Mekelle Inistitute of Technology (By: Brhane Kiros)
Cryptography and Network Security February 20, 2020 25 / 63
 Monoalphabetic Cipher

Monoalphabetic Cipher improves the Caesar cipher.

The “cipher” line can be any permutation of the 26 alphabetic
characters.

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 26 / 63
 There are about 400000000000000000000000000 possible keys.
Brute force is not feasible anymore.
Is that secure?
We know the nature of the plain text that is English
Analysts can take advantage of regularities of the language
The relative frequency of the letters in the ciphertext can be
determined and compared to a standard frequency distribution
in English

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 27 / 63
 Playfair Cipher
The best-known multiple-letter encryption cipher is the
Playfair, which treats diagrams in the plaintext as single units
and translates these units into ciphertext.
The Playfair algorithm is based on the use of a 5 by 5 matrix of
letters constructed using a keyword.

In this case, the keyword is monarchy.

The matrix is constructed by filling in the letters of the
keyword (minus duplicates) from left to right and from top to
bottom, and then filling in the remainder of the matrix with
the remaining letters in alphabetic order. The letters I and J
count as one letter.
Mekelle Inistitute of Technology (By: Brhane Kiros)
Cryptography and Network Security February 20, 2020 28 / 63
 Plaintext is encrypted two letters at a time, according to the
following rules:
1 Repeating plaintext letters that are in the same pair are
separated with a filler letter, such as x, so that balloon would
be treated as ba lx lo on.
2 if both letters fall in the same row, replace each with letter to
right (wrapping back to start from end) For example, ar is
encrypted as RM.
3 if both letters fall in the same column, replace each with the
letter below it (wrapping to top from bottom) For example, mu
is encrypted as CM.
4 Otherwise, each plaintext letter in a pair is replaced by the
letter that lies in its own row and the column occupied by the
other plaintext letter. Thus, hs becomes BP and ea becomes IM
(or JM, as the encipherer wishes).

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 29 / 63
 Transposition Techniques

All the techniques examined so far involve the substitution of a

ciphertext symbol for a plaintext symbol.
A very different kind of mapping is achieved by performing
some sort of permutation on the plaintext letters. This
technique is referred to as a transposition cipher.
The simplest such cipher is the rail fence technique, in which
the plaintext is written down as a sequence of diagonals and
then read off as a sequence of rows.
For example, to encipher the message “NOTHING IS AS IT
SEEMS ” with a rail fence of depth 2, we write the following:

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 30 / 63
 Transposition Techniques

Ciphertext: NTIGS STEMO HNIAI SES.

Columnar Transposition
This sort of thing would be trivial to cryptanalyze. A more
complex scheme is to write the message in a rectangle, row by
row, and read the message off, column by column, but permute
the order of the columns.
The order of the columns then becomes the key to the
algorithm.
For example,to encrypt ”THE QUICK BROWN FOX
JUMPED OVER THE LAZY DOG” if the keyword is 1675234

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 31 / 63
 in this example, the key is 1675234.
To encrypt, start with the column that is labeled 1, in this case
column 1. Write down all the letters in that column. Proceed to
column 5, which is labeled 2, then column 6, column 7, column
4, column 2, and column 3.
Ciphertext: TKODEGUWMRYINPTDCFEHOQOUEZHBXO
LERJV A

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 32 / 63
 One time pad

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 33 / 63
 Block vs Stream Ciphers

Block ciphers work a on block / word at a time, which is some

number of bits.
All of these bits have to be available before the block can be
processed.
or block cipher is one in which a block of plaintext is treated as
a whole and used to produce a ciphertext block of equal length.
Typically, a block size of 64 or 128 bits is used.
A stream cipher is one that encrypts a digital data stream one
bit or one byte at a time.
an example of stream cipher is one-time pad in which the key
stream (k ) is as long as the plaintext bit stream (p).

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 34 / 63
Mekelle Inistitute of Technology (By: Brhane Kiros)
Cryptography and Network Security February 20, 2020 35 / 63
 Block Cipher Principles(1)

All conventional block encryption algorithms, including DES

have a structure first described by Horst Feistel of IBM in 1973
It is a practical application of cipher proposed by Claude
Shannon 1945
most symmetric block ciphers are based on a Feistel Cipher
Structure
needed since must be able to decrypt ciphertext to recover
messages efficiently
block ciphers look like an extremely large substitution
The cipher alternates diffusion and confusion

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 36 / 63
 Block Cipher Principles(2)

DIFFUSION:It hides the relationship between the ciphertext

and the plaintext
In diffusion the statistical structure of the plain text is
dissipated into long range statistics of the ciphertext.
This is achieved by repeatedly applying a permutation followed
by the application of a function. t
Confusion seeks two make the statistical relationship between
ciphertext and key complex. It hides the relationship between
the ciphertext and the key.
This is achieved by using a complex substitution algorithm. A
simple liner substitution would not do.

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 37 / 63
 Feistel Cipher Structure

Horst Feistel devised the feistel cipher

In particular, Feistel proposed the use of a cipher that
alternates substitutions and permutations, where these terms
are defined as follows:
Substitution: Each plaintext element or group of elements is
uniquely replaced by a corresponding ciphertext element or
group of elements.
Permutation: A sequence of plaintext elements is replaced by
a permutation of that sequence. That is, no elements are added
or deleted or replaced in the sequence, rather the order in which
the elements appear in the sequence is changed.
partitions input block into two halves
process through multiple rounds which
perform a substitution on left data half
based on round function of right half and subkey
then have permutation swapping halves

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 38 / 63
Mekelle Inistitute of Technology (By: Brhane Kiros)
Cryptography and Network Security February 20, 2020 39 / 63
 Feistel Cipher Structure
The previous figure illustrates the classical feistel cipher
structure.
The left hand side of this figure shows the flow during
encryption and the right hand side sows the flow during
decryption.
The inputs to the encryption algorithm are a plaintext block of
length 2w bits and a key K.
The plaintext block is divided into two halves, L0 and R0.
The two halves of the data pass through n rounds of processing
and then combine to produce the ciphertext block.
Each round i has as inputs Li–1 and Ri–1 , derived from the
previous round, as well as a subkey Ki , derived from the overall
K.
In general, the subkeys K are different from K and from each
other.
Mekelle Inistitute of Technology (By: Brhane Kiros)
Cryptography and Network Security February 20, 2020 40 / 63
 The process of decryption with a Feistel cipher is essentially
the same as the encryption process.
The rule is as follows:
Use the ciphertext as input to the algorithm, but use the
subkeys Ki in reverse order.
That is, use Kn in the first round, Kn–1 in the second round, and
so on until K1 is used in the last round.
This is a nice feature because it means we need not implement
two different algorithms, one for encryption and one for
decryption.

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 41 / 63
 Feistel Cipher Design Elements

The exact realization of a Feistel network depends on the choice of

the following parameters and design features:
block size - increasing size improves security, but slows
cipher
key size - increasing size improves security, makes exhaustive
key searching harder, but may slow cipher
number of rounds - increasing number improves security,
but slows cipher
subkey generation algorithm - greater complexity can make
analysis harder, but slows cipher
round function - greater complexity can make analysis
harder, but slows cipher
fast software en/decryption - more recent concern for
practical use

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 42 / 63
 Data Encryption Standard (DES)

DES History
most widely used block cipher in world
adopted in 1977 by NBS (now NIST)
encrypts 64-bit data using 56-bit key
has widespread use
IBM developed Lucifer cipher
by team led by Feistel in late 60’s
used 64-bit data blocks with 128-bit key
then redeveloped as a commercial cipher with input from NSA
and others
in 1973 NBS issued request for proposals for a national cipher
standard
IBM submitted their revised Lucifer which was eventually
accepted as the DES

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 43 / 63
 DES encryption Overview

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 44 / 63
 The overall scheme for DES encryption is illustrated in the figure
which takes as input 64-bits of data and of a key.
The left side shows the basic process for enciphering a 64-bit
data block which consists of:
an initial permutation (IP) which shuffles the 64-bit input block
16 rounds of a complex key dependent round function involving
substitutions & permutations
a final permutation, being the inverse of IP
The right side shows the handling of the 56-bit key and
consists of:
an initial permutation of the key (PC1) which selects 56-bits out
of the 64-bits input, in two 28-bit halves
16 stages to generate the 48-bit subkeys using a left circular
shift and a permutation of the two 28-bit halves

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 45 / 63
 Plaintext: X
Initial Permutation:
IP( )
Roundi: 1 <= i <= 16
32-bit switch: SW( )
Inverse IP: IP-1( )
Ciphertext: Y

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 46 / 63
 DES Encryption

The 64 bits of the input block to be enciphered are first

subjected to the initial permutation IP
The initial permutation and its inverse are defined by tables.
The tables are to be interpreted as follows.
The input to a table consists of 64 bits numbered left to right
from 1 to 64.
The 64 entries in the permutation table contain a permutation
of the numbers from 1 to 64.
Each entry in the permutation table indicates the position of a
numbered input bit in the output, which also consists of 64 bits.

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 47 / 63
 That is the permuted input has bit 58 of the input as its first
bit, bit 50 as its second bit, and so on with bit 7 as its last bit.
The permuted input block is then the input to a complex
key-dependent computation as it is shown in the figure.
The output of the computation, called the preoutput(after 32
bit swap), is then subjected to the inverse of the initial
permutation.

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 48 / 63
 DES encryption

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 49 / 63
 DES encryption

uses two 32-bit L and R halves

as for any Feistel cipher can describe as:
Li = Ri–1
Ri = Li–1 XOR F(Ri–1 , Ki )
F takes 32-bit R half and 48-bit subkey:
expand R to 48-bits using permutation (E-table)
adds to subkey using XOR
passes through 8 S-boxes to get 32-bit result
finally permutes using 32-bit permutation (P table)

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 50 / 63
 DES encryption

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 51 / 63
 DES encryption

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 52 / 63
 DES Encryption

The previous slide illustrates the internal structure of the DES

round function F.
The R input is first expanded to 48 bits by using expansion
table E that defines a permutation plus an expansion that
involves duplication of 16 of the R bits.
The resulting 48 bits are XORed with key Ki .
This 48-bit result passes through a substitution function
comprising 8 S-boxes which each map 6 input bits to 4 output
bits, producing a 32-bit output.
Finally it will be permuted by permutation P-table

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 53 / 63
 DES encryption

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 54 / 63
 DES encryption

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 55 / 63
Mekelle Inistitute of Technology (By: Brhane Kiros)
Cryptography and Network Security February 20, 2020 56 / 63
Mekelle Inistitute of Technology (By: Brhane Kiros)
Cryptography and Network Security February 20, 2020 57 / 63
 DES Key generation

The DES Key Schedule generates the subkeys needed for each
data encryption round.
A 64-bit key is used as input to the algorithm, though every
eighth bit is ignored, as it is first processed by Permuted
Choice One.
The resulting 56-bit key is then treated as two 28-bit
quantities C & D. In each round, these are separately
processed through a circular left shift (rotation) of 1 or 2 bits.
These shifted values serve as input to Permuted Choice which
produces a 48-bit output that serves as input to the round
function F.
They also serve as input to the next round of the key schedule.

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 58 / 63
 DES Key Generation

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 59 / 63
 Multiple Encryption and DES

clear a replacement for DES was needed

theoretical attacks that can break it
demonstrated exhaustive key search attacks
AES is a new cipher alternative
prior to this alternative was to use multiple encryption with
DES implementations
Triple-DES is the chosen form

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 60 / 63
 Double DES

The simplest form of multiple encryption has two encryption

stages and two keys.
Given a plaintext P and two encryption keys K1 and K2 ,
ciphertext C is generated as
C = E(K2 , E(K1 , P))
Decryption requires that the keys be applied in reverse order
P = D(K1 , D(K2 , C))

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 61 / 63
 Strength of Double DES

meet-in-the-middle attack
It is based on the observation that, if we have C = E(K2 , E(K1 ,
P)) then X = E(K1 , P) = D(K2 , C)
Given a known pair (P, C) , the attack proceeds as follows.
1 First, encrypt P for all 256 possible values of K1 .
2 Store these results in a table and then sort the table by the
values of X.
3 Next, decrypt C using all 256 possible values of K2 .
4 As each decryption is produced, check the result against the
table for a match.
5 If a match occurs, then test the two resulting keys against a new
known plaintext–ciphertext pair.
6 If the two keys produce the correct ciphertext, accept them as
the correct keys.

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 62 / 63
 Triple-DES with Three-Keys

C = E(K3 , D(K2 , E(K1 , P)))

P = D(K3 , E(K2 , D(K1 , C)))
there is no practical attacks on three-key Triple-DES

Mekelle Inistitute of Technology (By: Brhane Kiros)

Cryptography and Network Security February 20, 2020 63 / 63