A chosen-plaintext attack on two-key triple encryption noted by Merkle and Hellman is extended to a known-plaintext attack. The known-plaintext attack has lower memory requirements than the chosen-plaintext attack, but has a greater running time. The new attack is a significant improvement over a known-plaintext brute-force attack, but is still not seen as a serious threat to two-key triple encryption. Key Words. triple encryption, cryptanalysis, DES.
Paul C. van Oorschot, Michael J. Wiener