Message-Id: <9305272105(_dot_)AA07073(_at_)transfer(_dot_)stratus(_dot_)com>
Subject: Re: Triple DES
Date: Thu, 27 May 93 17:05:16 -0400
From: Steve Kent <kent(_at_)BBN(_dot_)COM>
Steve,
I appreciate your desire to preserve the current CBC interface and
IV handling. I have done software development in my life and I can see the
advantages in not changing an interface.
However, the lingering question is whether the three-pass CBC
is as good as the EDE codebook CBC. History is littered with examples
of "more complex" crypto approaches. that turn out not to be as secure
as more straightforward approaches. I don't claim to be a
cryptographer, but I have some concerns that this may be yet another
case of simple is better.
I, too, am not a professional cryptologist. I have published only
one paper in the field and have merely sat in on MIT's two semesters of
cryptography classes (as well as having done reading on my own). I know
what you mean about the dangers of being wowed by complexity and ending up
with an easier algorithm to break. My readings in the history of
cryptography drive that point home over and over again.
However, I believe that it should be possible to prove (gut feel,
not yet a real proof on my part, for lack of time to do it) that if
(DES-CBC)**3 is weaker than (DES**3)-CBC, then you have found a method of
attacking single DES. I may work on that proof for kicks, in my free time,
but I'm very busy right now so I can't promise it for this debate.
- Carl