Related-Key Attacks on Triple-DES and DESX Variants

In this paper, we present related-key slide attacks on 2-key and 3-key triple DES, and related-key differential and slide attacks on two variants of DESX. First, we show that 2-key and 3-key triple-DES are susceptible to related-key slide attacks. The only previously known such attacks are related-key differential attacks on 3-key triple-DES. Second, we present a related-key differential attack on DESX+, a variant of the DESX with its preand post-whitening XOR operations replaced with addition modulo 2. Our attack shows a counter-intuitive result, that DESX+ is weaker than DESX against a related-key attack. Third, we present the first known attacks on DES-EXE, another variant of DESX where the XOR operations and DES encryptions are interchanged. Further, our attacks show that DES-EXE is also weaker than DESX against a related-key attack. This work suggests that extreme care has to be taken when proposing variants of popular block ciphers, that it is not always newer variants that are more resistant to attacks.