How is it that the attack in this pdf is deemed feasible, at 2 to the power of 88/89 des calculations?

Stefan N

8/22/24, 5:45 PM

in the following pdf, several attacks on double key length triple des are deemed feasible at 2 to the power of 88/89 des calculations.

if we take the record of cracking des at 2 to the power of 56 calculations in 23 or so hours as the example, according to my estimate, this should take hundreds of years and definitly isnt feasible.

what am i overlooking?

link: https://www.researchgate.net/publication/301898398_On_the_security_of_2-key_triple_DES

1 + 0

des

Score:0

Crypto

poncho

8/22/24, 6:33 PM

You didn't attach a PDF, but I assume you're talking about Stephan Luck's work.

Your question appears to be "if $2^{56}$ level of effort takes almost a full day, why are we worried about something that might take circa $2^{88}$ level of effort?"

The point you're missing is that $2^{56}$ level of effort need not take a full day - that's only with the computational power that anyone ever tried to attack DES with (and published it). We could break DES faster than that - however, breaking it in a day is quite sufficient to demonstrate that breaking it is feasible, and breaking it faster wouldn't really make that point much better. Putting together a larger amount of computation is nontrivial, and for a demonstration project (which is what breaking DES is now; hopefully no one uses it to protect anything) it's not worth the effort.

That being said, $2^{88}$ work is quite a lot of effort (and to get that low, you need quite a lot of other non-DES auxiliary computation). In addition, Luck's work doesn't only depend on the computation, but also requires quite a lot of known plaintext; it's been a while since I read that paper, but depending on how much, that might be a bigger practical obstacle than the work effort itself.

+ 3

Stefan N

8/22/24, 6:51 PM

I added the pdf by now.. but it clearly mentions this gives way to actual practical dangers, and to replace triple des with aes. while with a supercomputer it would still take hundreds of years. or do you think some nation with bad intentions would target payment cards, as in the example in the pdf? and that they have a supercomputer powerfull enough?

poncho

8/22/24, 8:14 PM

@StefanN: I see now it's not Lucks' results, but instead another one specifically targeting 2 key 3DES. As for "it's an imminent threat", well, it's not that unusual for published attacker to oversell their impact (with their handwaving to reduce $2^{88}$ work to $2^{80}$, that is, a factor of 256). On the other hand, it might be within the budget of a TLA who is willing to throw their entire resources at the problem - I doubt that attacking payment cards would fall into that category, but sitll it's enough of an excuse for many people not to use it

Stefan N

8/22/24, 8:45 PM

I understand, i was just confused because he spoke of only about 4 terabyte of memory used for 1 table, and the computational complexity being feasible. making it feasible in many practical scenarios. for this reason i was wondering how this could be. im completely new to cryptography btw.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How is it that the attack in this pdf is deemed feasible, at 2 to the power of 88/89 des calculations?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.