A Related-Key Attack against Multiple Encryption based on Fixed Points

In order to alleviate the burden of short keys, encrypting a multiple times has been proposed. In the multiple encryption mode, there may be encryptions under the same or different keys. There have been several attacks against this encryption mode. When triple encryption is based on two keys, for instance, Merkle and Hellman proposed a subtle meet-in-the-middle attack with a complexity similar to breaking a single encryption, requiring nearly all the codebook. In the case of triple encryption with three keys, Kelsey, Schneier, and Wagner proposed a related-key attack with complexity similar to breaking a single encryption.\ % In this paper, we propose a new related-key attack against triple encryption which compares to breaking single encryption in the two aforementioned cases. Based on finding fixed points in a decrypt-encrypt sequence, we propose a related-key attack against a two-key triple encryption. Our attack has exactly the same performance as a meet-in-the-middle on double encryption. When considering two keys, it is comparable to the Merkle-Hellman attack, except that uses related keys. And, when considering three keys, it has a higher complexity than the Kelsey-Schneier-Wagner attack, but has the advantage that it can live with known plaintexts.