LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

How does 3DES work, and what is the actual security difference between 3DES with 2 keys vs 3 keys?

3DES with 2 keys (EDE mode, 112-bit key) provides roughly $2^{60}$ actual security. 3DES with 3 keys (168-bit key) provides about $2^{112}$ security — much stronger but still not what the key size suggests.

3DES Encrypt-Decrypt-Encrypt

* 3DES runs Encrypt–Decrypt–Encrypt; setting all three keys equal collapses it to single DES for legacy compatibility. *

3DES with 2 keys ($K_1, K_2$):

  • Encrypt-Decrypt-Encrypt: $C = E_{K_1}(D_{K_2}(E_{K_1}(M)))$
  • Nominal key: 112 bits → expected brute force $2^{112}$
  • Actual security: ~$2^{60}$ operations + $2^{60}$ storage (chosen-plaintext TMTO)
  • The security gain over single DES is real but not substantial

3DES with 3 keys ($K_1, K_2, K_3$):

  • $C = E_{K_1}(D_{K_2}(E_{K_3}(M)))$
  • Nominal key: 168 bits → expected brute force $2^{168}$
  • Actual security: ~$2^{112}$ (meet-in-the-middle reduces it)
  • Much stronger than the 2-key variant
  • 112 bits is considered sufficient until 2030

Why use Decrypt (D) in the middle? For backward compatibility — if $K_1 = K_2 = K_3$, then 3DES reduces to single DES: $E_K(D_K(E_K(M))) = E_K(M)$.

Bottom line: With AES available (128/256-bit keys, faster, no meet-in-the-middle vulnerability), multiple-DES is no longer necessary. 3DES is allowed until 2030 but AES is the standard.

Go deeper:

From Quiz: KRYPTOG / Cryptanalysis | Updated: Jul 14, 2026