Data Encryption Standard and 3DES

The purpose of this document is to explain how Data Encryption Standard (DES) works and why 3 DES is now used. Also included within this document is an explanation of why the middle portion of 3DES is a decryption instead of an encryption. The last item talked about within this document is a nonce and a key distribution center.

IBM developed the Data Encryption Standard (DES) in 1974 and submitted to the National Bureau of Standards as a Lucifer encryption algorithm (Tropical Software, 2007). IBM also solicited assistance from the National Security Agency (NSA) to evaluate the security of the Lucifer algorithm. In 1976, the National Institute of Standards and Technology (NIST) changed the name of the Lucifer algorithm to the Data Encryption Standard (DES) where it was widely used in a short amount of time. Over time as computers became more powerful the amount of time needed to crack the DES key was greatly reduced. In 1997 the NIST abandoned the DES and started working on a replacement.

DES encryption works by running a line of plain text through a block cipher sixteen times and then outputting a cipher text. The DES encryption has 64-bit blocks, however the 8th bit is a parity bit, so it makes the DES actually a 56-bit encryption. Prior to running the plain text through the block cipher there is an initial phase that does not play a part with encryption, but rather with ensuring compatibility with older equipment. There is also a final phase that undoes the block facilitation, which took place in the initial phase. Although DES was used for quite a long period of time it was found that as computers became more powerful, DES could be cracked with a brute force attack. DES successfully protected data by putting data through 16 rounds of data encryption, however it was eventually outgrown as it became easy to break with a brute force attack.

Triple DES was a successor to DES and it even uses the same encryption algorithm. The triple DES uses a key length of 168 bits. It is essentially the same as a DES, however it performs three rounds of encryption that is the same as 48 DES equivalent rounds. The triple DES was anticipated to only be a temporary solution until the completion of the AES encryption in 2001, however the NIST anticipates triple DES to be used until the year 2030. The triple DES is susceptible to a meet-in-the-middle attack, however for this attack to work there needs to be a 232 known plaintexts, which is not very practical (Wikipedia, 2009). The triple DES works by passing data through a 56-bit key in the initial phase, then decrypting using a 56-bit key in the second phase, and then encrypting again using a 56-bit key in the last phase of encryption.

Nonce’s and key distribution centers ensure communications on a network are secure by encrypting data. A nonce is an encryption key that is used one time to establish a secure communication and then never used again. A good use of a nonce is for establishing secure communications between a client and a server via authentication protocols because any previous keys or communications are obsolete and cannot be used in the event a replay attack is staged. Key Distribution Centers (KDC) use encryption techniques to authenticate users when a user requests a service. The KDC will then verify the user has authorization to use the requested service. Once the verification has taken place the KDC will then issue a ticket to the requestor so that secure communications can begin. A KDC is typically found in symmetric encryption techniques like on networks that use Kerberos (Microsoft, 2007). Nonce’s and key distribution centers ensure there is secure communication between a client and server by using encryption techniques.

In conclusion, the Data Encryption Standard was created to ensure private data is secure. DES worked effectively, however as the power of computers grew DES was outgrown and was superseded by triple DES. Triple DES works by using the same encryption algorithm that can be found in DES, but it passes data through three rounds of encryption. The triple DES was developed to be temporary solution until a newer encryption technology came out. Both nonce’s and key distribution centers ensure communications are secure between a client and a server by using encryption techniques.

1. (2007). DES Encryption. Retrieved February 21, 2009, from DES Encryption Web site:
2. (2009, February 3rd). Triple DES – Wikipedia, the free encyclopedia. Retrieved February 21, 2009, from Triple DES – Wikipedia, the free encyclopedia Web site:
3. (2007, November 30th). Kerberos Key Distribution Center. Retrieved February 22, 2009, from Kerberos Key Distribution Center Web site:

Spread the love