Paper 2014/015

Tight Security Bounds for Triple Encryption

Jooyoung Lee


In this paper, we revisit the old problem asking the exact provable security of triple encryption in the ideal cipher model. For a blockcipher with key length k and block size n, triple encryption is known to be secure up to 2^{k+min{k/2,n/2}} queries, while the best attack requires 2^{k+min{k,n/2}} query complexity. So there is a gap between the upper and lower bounds for the security of triple encryption. We close this gap by proving the security up to 2^{k+min{k,n/2}} query complexity. With the DES parameters, triple encryption is secure up to 2^{82.5} queries, greater than the current bound of 2^{78.3} and comparable to 2^{83.5} for 2-XOR-cascade. We also analyze the security of two-key triple encryption, where the first and the third keys are identical. We prove that two-key triple encryption is secure up to 2^{k+min{k,n/2}} queries to the underlying blockcipher and 2^{min{k,n/2}} queries to the outer permutation. For the DES parameters, this result is interpreted as the security of two-key triple encryption up to 2^{32} plaintext-ciphertext pairs and 2^{81.7} blockcipher encryptions.

Available format(s)
Secret-key cryptography
Publication info
Preprint. MINOR revision.
block ciphers
Contact author(s)
jlee05 @ sejong ac kr
2014-02-08: revised
2014-01-07: received
See all versions
Short URL
Creative Commons Attribution


      author = {Jooyoung Lee},
      title = {Tight Security Bounds for Triple Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2014/015},
      year = {2014},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.