On the security of the XOR sandwiching paradigm for multiple keyed block ciphers

Ruth Ng Ii-Yung, Khoongming Khoo, Raphael C.W. Phan

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review


While block cipher design is relatively mature, advances in computational power mean that the keylength of block ciphers, upon which the security relies entirely, becomes less resistant to cryptanalysis over time. Therefore, the security for a block cipher with a particular keylength typically is seen to last for at most some decades. One common approach to strengthen a block cipher's security is based on increasing its keylength. In the literature, two strategies have emerged: multiple keyed multiple encryption and multiple keyed XOR sandwiching. Known attacks on these such as Meet-in-the-Middle(Merkle and Hellman, 1981; van Oorschot and Wiener, 1991; Lucks, 1998) and Related-Key (J. Kelsey and Wagner, 1996; Choi et al., 1996; Vaudenay, 2011; Phan, 2004) attacks, show that Triple Encryption is significantly weaker than a brute-force attack would suggest, especially for block ciphers with small keys, such as the Data Encryption Standard (DES). This paper provides a comprehensive analysis on the security of the XOR sandwiching paradigm against known attacks for the case of multiple keyed triple encryption, without loss of generality, using DES as the underlying block cipher. In particular, we focus on DES-XEXEXEX variants, based on 2-Key and 3-Key Triple-DES, which involve performing the XOR for key-whitening before and after each encryption with an additional 64-bit key. One of the conclusions to be drawn from this work is the increased strength obtained from the XOR sandwiching paradigm while requiring little in terms of additional computational resources.

Original languageEnglish
Title of host publicationICETE 2013 - 10th International Joint Conference on E-Business and Telecommunications; SECRYPT 2013 - 10th International Conference on Security and Cryptography, Proceedings
Number of pages8
Publication statusPublished - 2013
Externally publishedYes
EventInternational Conference on Information Security and Cryptography 2013 - Reykjavik, Iceland
Duration: 29 Jul 201331 Jul 2013
Conference number: 10th


ConferenceInternational Conference on Information Security and Cryptography 2013
Abbreviated titleSECRYPT 2013
OtherSECRYPT is part of ICETE, the 10th International Joint Conference on e-Business and Telecommunications.
Registration to SECRYPT allows free access to all other ICETE conferences.

ICETE 2013 will be held in conjunction with DATA 2013, ICSOFT 2013 and SIMULTECH 2013.
Registration to ICETE allows free access to the DATA, ICSOFT and SIMULTECH conferences (as a non-speaker).
Internet address


  • Block ciphers
  • Data-encryption standard
  • Meet-in-the-middle
  • Related-key

Cite this