DES and 3DES
I run a World-leaders in Cryptography podcast, and I have invited some of the great people who have built the foundation for security on the Internet. But, there’s one person that I would have loved speaking with: Horst Feistel. He was a physicist turned cryptographer and whose work led to the creation of the Lucifer and DES (Data Encryption Standard) ciphers.
Horst’s original patent was filed in 1971 and then published in 1974. It was then officially announced on 17 March 1975 with the Federal Register [here]:
But, within two years, Marty Hellman and Whitfield Diffie publicly criticised DES as it only had an encryption key of 56 bits.
Goodbye DES
In 2017, NIST outlined that the use of Triple DES (aka TDEA/TDES) would be gone by the end of 2023. And, in June 2023, the industry was put on a warning that DES and 3DES should be gone by the start of 2024 [here]:
But, the magical cipher still exists in smart cards for the banking industry, and in many other areas. The industry was told in 2019, that it would be deprecated throughout 2023, and disallowed after 31 December 2023. But, still, it exists, especially with smart cards. Overall, TDEA will still be allowed for the decryption, key unwrapping, and verification of MACs that have already been used to protect data.
But, for most applications, the migration is fairly easy, but in finance cryptography, we need to beware of disruptions, and so in the use of 3DES in finance, especially with smart bank cards, the advancement to AES has been slow. We also have a long-tail of migrations, and you just can’t just flick a switch and migrate all the smart cards in the world to AES.
A bit of history: DES
In the 1960s, most of the cryptography research was conducted by governments, but IBM spotted a commercial opportunity and set up a cryptography research group in their Yorktown Heights, NY laboratory (named after IBM’s founder — Thomas J. Watson Sr.). The lab went on to produce amazing advancements such as DRAM, the relational database, and the FORTRAN programming language:
Thomas J Watson Research Center — Yorktown Heights
One of their best recruits was Horst Feistel, a physicist turned cryptographer, who joined them in the 1970s. His work led to the creation of the Lucifer and DES (Data Encryption Standard) ciphers:
In the early 1970s, IBM patented the Lucifer cipher and which was then used by Lloyds Bank within some of the first ATM cash dispensers. After an evaluation by the NSA, Lucifer’s key size was reduced from 112 bits to 56 bits, after which it was published as the DES standard in 1975. DES then became mandatory within its usage within US government electronic fund transfers and went on to become a de-facto international standard.
The Feistel cipher
A Feistel cipher essentially uses the same encryption and decryption process, where the key application is just reversed. The basic structure is given below and where we split the input data into blocks. Each block is then split into two (left and right). Each round is then:
The function applied (F) does not have to be reversible, which is unlike the case for AES. With AES we have S-boxes with are used to scramble the rounds with defined mappings between byte values. Also, in AES, we have an inverse function between the encryption and the decryption process, while Feistel just applies the key in the reverse order.
Typical modes are ECB (Electronic Code Book) and CBC (Cipher Block Chain). ECB adds a counter value within each round, whereas CBC takes the output from a previous round and feeds into the present round.
AWS Payment Cryptography uses 3DES
While the smart cards need to migrate to supporting both AES and 3DES, 3DES is still the most supported method for encrypting data on bank cards. In fact, AWS has just released its latest payment service and which implements 3DES [here]:
and where you can store 3DES keys in an HSM (Hardware Security Module):
Here is an outline of its usage:
https://medium.com/asecuritysite-when-bob-met-alice/moving-payments-to-the-cloud-6b6952924907
And so, while the world has generated migrated to AES, the finance industry still hangs on to 3DES in certain places. But, what’s the problem? Well, the security of DES/3DES is still excellent, but the 112-bit equivalent key size is a worry. Although 112 bits for the encryption key is still ultrasecure, the advancement of computing devices — especially GPUs — might push us towards this key size.
So what are DES and 3DES?
With 3DES encryption, we use a 128-bit key and a 64-bit IV value. The two modes supported are ECB (without salt) and CBC (with salt). The DES algorithm has been around for a long time, and the 56-bit version is now easily crackable (in less than a day on fairly modest equipment). An enhancement, and one which is still fairly compatible with DES, is the 3-DES algorithm. It has three phases and splits the key into two. Overall the key size is typically 112 bits (with a combination of the three keys — of which two of the keys are the same). In this case, we will use PKCS7 padding, and which fills the input data with a value that is equal to the number of padding bytes. Overall, DES has a 64-bit block size, and which equates to eight ASCII characters.
In Python, we can implement 3DES with [here]:
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
import os
import sys
from cryptography.hazmat.primitives import padding
mode=0
message="This is a test"
if (len(sys.argv)>1):
message=sys.argv[1]
if (len(sys.argv)>2):
mode=int(sys.argv[2])
iv = os.urandom(8)
key = os.urandom(16)
padder = padding.PKCS7(64).padder()
unpadder = padding.PKCS7(64).unpadder()
algorithm = algorithms.TripleDES(key)
cipher = None
if (mode==0):
cipher = Cipher(algorithms.TripleDES(key), modes.CBC(iv))
if (mode==1):
cipher = Cipher(algorithms.TripleDES(key), modes.OFB(iv))
if (mode==2):
cipher = Cipher(algorithms.TripleDES(key), modes.CFB(iv))
if (mode==3):
cipher = Cipher(algorithms.TripleDES(key), modes.CFB8(iv))
if (mode==4):
cipher = Cipher(algorithms.TripleDES(key), modes.ECB())
str=padder.update(message.encode())+padder.finalize()
encryptor = cipher.encryptor()
ct = encryptor.update(str)
decryptor = cipher.decryptor()
rtn=unpadder.update(decryptor.update(ct) + decryptor.finalize())+unpadder.finalize()
print("Type:\t\t",cipher.algorithm.name)
print("Mode:\t\t",cipher.mode.name)
print("Message:\t",message)
print("Key:\t\t",key.hex())
if (mode!=4): print("\nIV:\t\t",iv.hex())
print("\nCipher:\t\t",ct.hex())
print("Decrypted:\t",rtn.decode())
For CBC, we get [here]:
Type: 3DES
Mode: CBC
Message: Hello
Key: 7f5d7c3d2b2bfb8e4427122f7570dd52
IV: 0bc58cdb57a5f607
Cipher: 2d2e5ab595c79d21
Decrypted: Hello
An outline of 3DES is here:
Conclusions
We have generally successfully moved away from 3DES, but in the finance industry there is perhaps a need to steady in its approaches, and it make take a bit more time before we see AES becoming the standard method for banking cards. The AWS service shows that there is still strong demand for 3DES in banking transactions.