Is DES/2DES/3DES still used?

Question

I checked a related question, but I still did not find the answer I was looking for.

Specifically, do we have any statistics on the usage of DES/2DES/3DES? It seems from here that credit card systems are relying on 3DES. Is this still the case?

Also, I guess that many old satellites are still relying on some DES for their operations. Is it true?

In general, is there any overview on how many physical systems still rely on the DES symmetric cryptographic scheme?

EDIT: funnily enough, I posted the question on the 49th DES anniversary. Happy birthday, DES!

For SSL/TLS statistics there are sites that keep usage statistics. Satellites cannot live too long, however, if we consider their lifespan as 10-15 years and production steps, we may consider that sone have DESx. I'm not sure that we can find information list for the satellites, easily. Your in general question is too broad. — kelalaka, Mar 16 '24 at 20:49
Banks still use it to my knowledge, not just for banking cards as stated in the answer. That's a very conservative market. — Maarten Bodewes, Mar 17 '24 at 20:50
@MaartenBodewes-modelection I second this. (Work in the industry for 25 years). All banks/acquirers in the UK using the so-called Standard 70 for Terminal-to-Acquirer communication (authorization request/response) still use Single DES to calculate a MAC for Auth Request/Response. — tum_, Mar 18 '24 at 17:22
Thank you all! @kelaka do you know any good and up-to-date website showing those statistics? Also, considering that are satellites launched previous to 2001, it doesn't seem unlikely for them to rely on some form of DES. — tigerjack, Mar 19 '24 at 09:57
@MaartenBodewes-modelection and tum_ Thanks! Again, this seems to be common knowledge, but up to now there is no official survey, am I right? — tigerjack, Mar 19 '24 at 09:59
As newer chipcards tend not to have any DES-coprocessor anymore, I had to implement the DES in SW last year for an iSIM/eSIM by Qualcomm, and a colleague is currently doing the same for a future AppleSIM. — garfunkel, Mar 22 '24 at 13:06
@garfunkel wow! Do you mean SW like in firmware? Is it somehow mandated by the iSIM/eSIM specifications? Do you have any additional reference? — tigerjack, Mar 22 '24 at 16:39
@tigerjack Not sure what it will be used for, but you can search on commoncriteria.org how popular triple des (often short "TDES") still is. — garfunkel, Mar 26 '24 at 13:37
@garfunkel I'm not familiar with it. Do you mean performing a search through the commoncriteriaportal.org website? — tigerjack, Mar 26 '24 at 16:00
@tigerjack I simply googled 'site:commoncriteriaportal.org "triple des"'. — garfunkel, Mar 27 '24 at 16:46

score 6 · Answer 1 · answered Mar 17 '24 at 14:07

To my knowledge, there's still some "hangers on" applications on the hardware-side of things, but not in satellites. The only place I know these to be used is IC-card billing systems, and this is because of all of the legacy hardware. My IC-card that I used in the Tokyo subway in 1999 still works.

Satellites often have a strongly encrypted control channel, AES for example, but the data channel has something else that's less secure. This is a function of transfer windows and memory. Due to time delay, we have 64-Mbit frames for data, so you end up with weak stream cipher and you just change the key often via the control channel. It's been 10 years since I've looked at this, but it hadn't changed much in the 10 before it.

I believe that 3DES could still used in some power constrained, silicon implementations. The cost of make a 3DES IC is on the order of 260k~ transistors (pulling from memory here, so corrections are welcome), which is about 65k~ logic gates. It's easy to get enough power to run this off NFC power from magnetic sources. My passively-powered RFID tags only have 260k~ transistors so generally cryptographic cores are really expensive from a transistor point of view. This is particularly true with a Flip-Flop that stores a bit, which takes 78-transistors (not counting clock drivers), which gives you 20k~ transistors for AES128 just to hold state, not event to move the data into and out of the key and data registers.

Another note why an engineer (not a cryptographer) would want to use DES/SIMON or something else that is shorter for the keys is that when you are "loading" data, you aren't collecting power in passively powered systems. The area cost of an analog front-end is a lower for fewer bits. I always thought that SIMON48/96 would be a better choice for passively-powered near field (NFC) or far field (RFID) than the other ciphers for this reason.

I don't know, it seems that there are quite a lot of satellites launched before 2001 and still active, so maybe it's not so unlikely.
Thanks a lot for the detailed engineering explanation as well, there's a lot of food for thought. — tigerjack, Mar 19 '24 at 10:06
@tigerjack I don't know how many are still functional from that time. Space is a difficult environment. It used to be that 10-years was the operational target. UCS Satellite Database has a database of what/when was launched. I didn't sort through, but the older satellites generally are just COMS relays and they're probably DES. I saw one from 1997 in there. — b degnan, Mar 20 '24 at 11:12

Is DES/2DES/3DES still used?

1 Answers1