# Triple DES

The operation of the Triple DES where M is the Plaintext, C is the Ciphertext and {k1, k2, k3} is the set of the three encryption keys.

In cryptography, Triple DES is a block cipher created from the Data Encryption Standard (DES) cipher by using it three times. Triple DES is also known as TDES or, more standard, TDEA (Triple Data Encryption Algorithm [1]).

When it was discovered that a 56-bit key of DES is not enough to protect from brute force attacks, TDES was chosen as a simple way to enlarge the key space without a need to switch to a new algorithm. The use of three steps is essential to prevent meet-in-the-middle attacks that are effective against double DES encryption.

In general TDES with three different keys (3-key {k1, k2, k3} TDES) has a key length of 168 bits: three 56-bit DES keys (with parity bits 3-key TDES has the total storage length of 192 bits), but due to the meet-in-the-middle attack the effective security it provides is only 112 bits. Another version, called two-key TDES (2-key TDES), uses k1 = k3, thus reducing the key size to 112 bits and the storage length to 128 bits. However, this mode can be taken advantage of through certain chosen-plaintext or known-plaintext attacks [2][3] and so TDES is treated by NIST to have only 80 bits of security.[4]

By design, DES and therefore TDES, suffer from slow performance in software.[5] TDES is better suited to hardware implementations,[5] which are many of the places it is still used.

TDES is slowly disappearing from use, largely replaced by the Advanced Encryption Standard (AES). One large-scale exception is within the electronic payments industry, which still uses 2TDES extensively and continues to develop and spread standards based upon it (e.g. EMV, the standard for inter-operation of IC cards; also called "Chip cards", and IC capable POS terminals and ATM's). This guarantees that TDES will remain an active cryptographic standard well into the future.