Tag: DES

Blog Entry (c) Monday, February 24, 2026, by James Pate Williams, Jr. TDES Verification

I wrote my Triple-DES C source code a number of years ago. Today, I verified my Cipher Block Chaining version using the NIST online reference document:

Click to access TDES_CBC.pdf

CBC-TDES (Encryption)

Key1 is
        01234567 89ABCDEF
Key2 is
        23456789 ABCDEF01
Key3 is
        456789AB CDEF0123
IV is
        F69F2445 DF4F9B17

Block #1
Plaintext       6BC1BEE2 2E409F96
InputBlock      9D5E9AA7 F10F0481
OutputBlock     2079C3D5 3AA763E1
Ciphertext      2079C3D5 3AA763E1

Block #2
Plaintext       E93D7E11 7393172A
InputBlock      C944BDC4 493474CB
OutputBlock     93B79E25 69AB5262
Ciphertext      93B79E25 69AB5262

Block #3
Plaintext       AE2D8A57 1E03AC9C
InputBlock      3D9A1472 77A8FEFE
OutputBlock     51657048 1F25B50F
Ciphertext      51657048 1F25B50F

Block #4
Plaintext       9EB76FAC 45AF8E51
InputBlock      CFD21FE4 5A8A3B5E
OutputBlock     73C0BDA8 5C8E0DA7
Ciphertext      73C0BDA8 5C8E0DA7

CBC-TDES (Decryption)

Key1 is
        01234567 89ABCDEF
Key2 is
        23456789 ABCDEF01
Key3 is
        456789AB CDEF0123
IV is
        F69F2445 DF4F9B17

Block #1
Ciphertext      2079C3D5 3AA763E1
InputBlock      2079C3D5 3AA763E1
OutputBlock     9D5E9AA7 F10F0481
Plaintext       6BC1BEE2 2E409F96
Block #2
Ciphertext      93B79E25 69AB5262
InputBlock      93B79E25 69AB5262
OutputBlock     C944BDC4 493474CB
Plaintext       E93D7E11 7393172A
Block #3
Ciphertext      51657048 1F25B50F
InputBlock      51657048 1F25B50F
OutputBlock     3D9A1472 77A8FEFE
Plaintext       AE2D8A57 1E03AC9C
Block #4
Ciphertext      73C0BDA8 5C8E0DA7
InputBlock      73C0BDA8 5C8E0DA7
OutputBlock     CFD21FE4 5A8A3B5E
Plaintext       9EB76FAC 45AF8E51

D:\Triple_DES_CBC\Triple_DES_CBC\Release\Triple_DES_CBC.exe (process 43728) exited with code 0 (0x0).
Press any key to close this window . . .

Five Stream Ciphers Created from Five Pseudorandom Number Generators Built Using the Tests of FIPS 140-1 by James Pate Williams, BA, BS, MSwE, PhD

The five pseudorandom number generators are:

  1. Triple-AES based ANSI X9.17 PRNG
  2. Triple-DES based ANSI x9.17 PRNG
  3. RSA based PRNG
  4. Micali-Schnorr PRNG
  5. Blum-Blum-Shub PRNG

Five stream ciphers were created using 1 to 5. Screenshots of the C# application follow:

sc aessc dessc rsasc mssc bbs

The pass phrase optimally should consist of 147 ASCII characters. If the number of pass phrase ASCII characters is less than 147 then more random ASCII characters are added using the standard C# pseudorandom number generator seeded with the parameter named Seed. The user defined parameter k is used by RSA, Micali-Schnorr, and Blum-Blum-Shub pseudorandom number generators. It is the approximate bit length of the large composite number composed of two large probable prime numbers. The real key lengths of all the stream ciphers is about 1024-bits for 1, 3, 4, and 5 and 296-bits for 2. I’d strongly suggest using 1 and/or 5.

Tests of Six Pseudorandom Number Generators (PRNGs) Using the Now Superseded FIPS 140-1 by James Pate Williams, Jr. BA, BS, MSwE, PhD

This blog explores six pseudorandom number generators which are enumerated as follows:

  1. Standard C# PRNG
  2. Triple-AES PRNG
  3. Triple-DES PRNG
  4. RSA Based PRNG
  5. Micali-Schnorr PRNG
  6. Blum-Blum-Shub PRNG

PT 00PT 01PT 02PT 03PT 04PT 05

Here is the order in terms of run-times from the fastest to the slowest: 1, 2, 3, 6, 5, 4.

 

Triple-DES Stream Cipher Using the ANSI X9.17 Pseudorandom Number Generator (PRNG) by James Pate Williams, Jr. BA, BS, MSwE, PhD

In this blog post we give some information about my implementation of a C# triple-DES stream cipher using the ANSI X9.17 pseudorandom number generator of 5.11 Algorithm in the Handbook of Applied Cryptography by Alfred J. Menezes, ET AL. page 173. This is about as close as I can come to a one time pad (perfect security) utilizing a triple-DES based function for key generation. I suspect the security is pretty tight as long as one does not stupidly reuse a key. Recall from my previous blogs on the ANSI X9.17 matrix cipher that key space is 168-bits for triple-DES in E-D-E mode and an additional 128-bits in other key parameters for a total of 296-bits.

DES3 SC Encrypt

DES3 SC Encrypt Histogram

DES3 SC Encrypt Statistics

DES3 SC Decrypt Histogram

DES3 SC Decrypt Statistics

It would be nice if the index of coincidence was 0, but this index is probably satisfactory.

Some Statistics for Another Matrix Cipher by James Pate Williams, Jr. BA, BS, MSwE, PhD

We first encipher the string “This is a test of the emergency broadcasting system!” which is a English language sample of length 52 ASCII characters.

New Matrix Cipher Encrypt 0

Below is a histogram of the plaintext characters.

New Matrix Cipher Encrypt 1

Here are the counts of the different plaintext characters and the statistic known as the index of coincidence. English has an index of coincidence of approximately 0.065, so this short sample is in that ballpark at 0.06067.

New Matrix Cipher Encrypt 2

Next we display part of the key material (upper triangular matrix elements), the ASCII encoded plaintext and the last column is the resulting ciphertext.

New Matrix Cipher Encrypt 3

We now display a histogram of the ciphertext.

New Matrix Cipher Decrypt 1

New Matrix Cipher Decrypt 2

The index of coincidence is 0. Each of the 52 plaintext characters map to a different ciphertext number in the range 2 to 977 inclusive. Now we show the decryption matrix, ciphertext, and plaintext.

New Matrix Cipher Decrypt 3

We now say a few more words about the cryptanalysis of this matrix cipher. Since the PRNG has a large key space, a direct brute force attack on the PRNG would probably be futile in a milieu without a quantum computer. We can guess values of N and we know that key matrix inverse has n * (n + 1) / 2 elements instead of n * n elements since it is an upper triangular matrix. In our sample the key matrix inverse has 52 * 53 / 2 = 26 * 53 = 1,378 matrix elements. Each matrix element is in the inclusive range 0 to 996 or 997 values. So we would need to brute force test N * n * (n + 1) / 2 possible key matrix inverses. In our case the number is 997 * 1,378 = 1,373,866 which is not a very large number by cryptanalytic standards but how many of those decryptions would make perfectly good sense? A reasonably adept adversary would not reuse the PRNG key and N for a new 52 ASCII character string so each message would require a new  cryptanalytic attack.

Using the upper triangular nature of the key matrix inverse and a further assumption that the plaintext is in the range 32 to 127 or 96 different values, we can reduce the brute force attack to 96 * 1,378 = 132,288 possibilities. Again the adversary could somewhat thwart these cryptanalytic efforts by choosing a much larger N and n.

However, all of this mental masturbation amounts to a mute point since no modern and sane adversary would utilize such an easy cipher to break. Just use a one time pad based on the ANSI X9.17 PRNG utilizing triple-AES instead of triple-DES with three 256-bit E-D-E keys or an astounding 768-bits of key material for the cipher core alone plus 256 bits in additional secret information. The final keyspace of such a scheme would be 1024-bits!

 

Another Matrix Cipher by James Pate Williams, Jr. BA, BS, MSwE, PhD

This is perhaps an improvement on the matrix cipher of a previous blog post of mine. In that post I introduced a matrix cipher whose keys were generated by selection of a seed such that 1 <= seed <= 2147483647, a number N such that 2 <= N <= 1000, and plaintext of length n such that 1 <= n <= N -1.

This matrix cipher relies on the ANSI X9.17 pseudorandom number generator (PRNG) of 5.11 Algorithm of the Handbook of Applied Cryptography by Alfred J. Menezes, et al. The PRNG uses triple-DES with a potential 168-bit (56 * 3 = 168) key space using E-D-E (Encryption key 1 – Decryption key 2 – Encryption key 3). Also, a 64-bit date related number and a 64-bit random seed are needed to initialize the PRNG.

The key space for the algorithm is (168 + 128) bits which is 296 bits. Here is the encryption and decryption of the ASCII ten characters string “ATTACK NOW”.

New Matrix Cipher 0

New Matrix Cipher 1

New Matrix Cipher 2

New Matrix Cipher 3

New Matrix Cipher 4

The first step in the cryptanalysis of this cipher would be to determine the modulus of the matrix and vector calculations N. I don’t know how many ciphertexts would be necessary to perform this task. From the preceding known ciphertext we find that N is at least 991. From traffic analysis we may have determined that the maximum value of N is 1000. That means would we only need to try 10 values of N.