Triple DES is a family of symmetric (or "secret key") block ciphers. A triple DES cipher consists of three DES operations chained together. There are several methods of chaining the three operations.

The triple DES systems were originally proposed after it was shown that double DES (two encryptions with different keys) only increased the effective security by one key bit^{1} under an attack called "meet in the middle". This attack is detailed here. Triple DES doubles the security of single DES, while tripling it's key size. So while Triple DES has a key size of 168 bits, it's *effective* key size is 112 bits.

Triple DES normally operates with an 8-bit block size. A triple DES key consists of a 24-byte array - three 8-byte single DES keys.

The most common system (and that which is commonly referred to as Triple DES) is DES-EDE3. EDE stands for Encrypt Decrypt Encrypt.

It is outlined below:

`C = E`_{k3}(E^{-1}_{k2}(E_{k1}(P)))

P = E^{-1}_{k3}(E_{k2}(E^{-1}_{k1}(C)))

The alternating stages of encryption and decryption in DES-EDE3 ensures compatibility with single DES if all three keys are equal.

There are three keying options for triple DES:

- Keys 1, 2 and 3 are independent
- Keys 1 and 2 are independent, but key 1 is equal to key 3.
- all three keys are identical

It is this last mode of keying which provides output-compatibility with single DES.

Triple DES is one of the most trusted algorithms around today, and is required in correct implementations of OpenPGP and TLS (aka SSL)^{3}. However, triple DES is rarely used in modern cryptosystems for two main reasons:

The key size. Not only is the key size of triple DES fixed, while modern algorithms have variable key sizes, it is also too small. Modern algorithms such as Twofish or AES can support key sizes of up to 256 bits.^{2}

Speed. DES has a reasonable throughput. However, triple DES, with the speed reduced by approximately two thirds, is relatively slow. It is possible to parellise the process in hardware using DES chips. In recent benchmarking tests, the proposed NIST standard achieved a throughput of 30Mb/s, compared to 4Mb/s for Triple DES.

Triple DES and it's various modes of operations was standardised in ANSI X9.52 and adopted in the ANSI X9.17 standard for key management; DES-EDE3 in CBC mode was adopted by ISO 10116.

1: Thanks to -brazil- for pointing this out.

2: 256 bits is estimated to be large enough to prevent keysearch by quantum computers. ^{3}

3: Thanks to randombit.

Sources:

Applied Cryptography - Bruce Schneier

Handbook of Applied Cryptography - Alfred J. Menezes, *et al*

Cryptix V2.3.0 API Specification - (http://www.cryptix.org)

"The ESP Triple DES Transform" - rfc1851 (expired)

"Triple-DES: A Brief Report(draft)" - Burt Kaliski, RSA Laboratories, October 29, 1993

http://www.rsasecurity.com/rsalabs/faq/3-2-6.html