Quintuple-DES
The concept is introduced here of extending Triple-DES to five keys, rather than three keys, named Quintuple-DES.
Algorithm
Quintuple-DES uses a "key bundle" which comprises five DES keys, K<sub>1</sub>, K<sub>2</sub>, K<sub>3</sub>, K<sub>4</sub> and K<sub>5</sub>, each of 56 bits (excluding parity bits). The encryption algorithm is:
:ciphertext = E<sub>K5</sub>(D<sub>K4</sub>(E<sub>K3</sub>(D<sub>K2</sub>(E<sub>K1</sub>(plaintext)))))
I.e., DES encrypt with K<sub>1</sub>, DES decrypt with K<sub>2</sub>, DES encrypt with K<sub>3</sub>, DES decrypt with K<sub>4</sub>, then DES encrypt with K<sub>5</sub>.
Decryption is the reverse:
:plaintext = D<sub>K1</sub>(E<sub>K2</sub>(D<sub>K3</sub>(E<sub>K4</sub>(D<sub>K5</sub>(ciphertext)))))
I.e., decrypt with K<sub>5</sub>, encrypt with K<sub>4</sub>, decrypt with K<sub>3</sub>, encrypt with K<sub>2</sub>, then decrypt with K<sub>1</sub>.
Each quintuple encryption encrypts one block of 64 bits of data.
In each case the second and fourth operations are the reverse of the first, third, and last. This improves the strength of the algorithm.
Keying options
The standards define three keying options:
*Keying option 1: All five keys are independent.
*Keying option 2: K<sub>1</sub>, K<sub>2</sub>, and K<sub>3</sub> are independent, and K<sub>4</sub> K<sub>3</sub>, and K<sub>5</sub> K<sub>3</sub>.
Keying option 1 is the strongest, with 5 × 56 = 280 independent key bits.
Keying option 2 provides less security, with 3 × 56 168 key bits. Keying option 2 is equivalent to Triple-DES, with only 3 × 56 168 key bits. This option provides backward compatibility with Triple-DES, because the last two DES operations cancel out.
Each DES key is nominally stored or transmitted as 8 bytes, each of odd parity. According to ANSI X3.92-1981 (one of the standards that defines the DES algorithm), section 3.5: "One bit in each 8-bit byte of the KEY may be utilized for error detection in key generation, distribution, and storage. Bits 8, 16,..., 64 are for use in ensuring that each byte is of odd parity."
so a key bundle requires 40 or 24 bytes, for keying option 1 or 2 respectively.
Considerations
The Quintuple-DES and Triple-DES algorithms may be considered slow and cumbersome, and there are better alternatives. However, DES and Triple-DES have a long history of analysis and have survived the test-of-time without being cracked. New algorithms carry the risk of being cracked.
 
< Prev   Next >
[ Back ]

Main Menu

Home
Articles
Search
Submit Article
Contact Us
Donate to Wikibin
All text is available under the terms of the GNU Free Documentation License.