Will TripleDes alter the Datasize

Question

I have a code that encrpyts and decrypts the data using Triple DES. Everything works fine with the code.

I have a query with the Triple Des. Will Triple DES alter the data size while it does the encyption process. I googled and was totally confused of the answers that i got.

will it alter. If Yes means how to find the size of the encrpyted data.

Here is the code :

unsigned char   initVector[8];
unsigned char*  block;
int     j;

    memset(initVector, 0xEE, sizeof(initVector));
    nBlocks = dwDataSize / 8;

    for (i=0; i < nBlocks; i++)
    {
        block = (unsigned char*) pData + i*8;
        memset(initVector, 0xEE, sizeof(initVector));
        des_ede3_cbc_encrypt((unsigned char *)block,(unsigned char *)block, 8,
                m_Schedule1 , m_Schedule2, m_Schedule3, (C_Block *)initVector, DES_ENCRYPT);

I saw in another one discussion that the size will change.

Here is the link. Length of Encrypted String

Regards, Siva./

Answer 1

TripleDES is a block cipher primitive. Block ciphers work by creating a permutation of a block of input data (which is supposed to be indistinguishable from random data) based on a key, which can only be reversed if the key is known.

As such, the encrypted data occupies exactly the same amount of space as the input data (except perhaps for padding of the final block). Typical block sizes are any powers of two from 4 to 32 bytes.

(A thought experiment: It would be impossible for the cipher text to be shorter than the input, because then two distinct inputs would have to map to the same cipher text, which is impossible. Conversely, if the cipher text were longer, then there would be certain cipher texts than can never be the result of an encryption, thus not being "indistinguishable from random data".)

Answer 2

It depends. To be more precise, it depends on the following elements:

1. the encoding of the cipher text and plain text
2. the encryption mode
3. the padding mode & block size
4. the NONCE or IV
5. the (optional) authentication tag

3DES is a block cipher. It is a seemingly random permutation on bits (mostly using bytes as minimum element). A single 3DES uses 64 bit/8 bytes as input and generated the same size

To start with the first one: if you encrypt a piece of text (a character string) then you need to encode the string to bytes first. If you expect the cipher text to be stored in a string, you will need to convert the result into a string.

Next is the encryption mode: if this is a mode that converts the 3DES block cipher into a stream cipher (e.g. CTR) then the input size is identical to the output size, excluding the NONCE.

Then there is padding mode. If you use ECB or CBC mode encryption then you must pad if the plain text has length x, x % n != 0 and n is the block size in bytes. If you can distinguish the plain text from the padding, then you can add 0 to n - 1 bytes of padding. If you cannot, then you need to always pad, adding 1 to n bytes of padding. PKCS#5 padding (the most common one) always pads.

Normally you need to transfer the IV or NONCE as well. Both of them are normally about the same as the block size. A common option is to prepend the IV to the cipher text. This is often performed for CBC mode encryption which you apply. The only time you should not create a new (random) IV is when you use the key only a single time.

Most of the time you should add integrity protection to cipher text. If you use e.g. GCM mode encryption, then you need some additional space for the authentication tag. If you use a MAC or HMAC then this should be included on top of the cipher text.

There is also such a thing as cipher text stealing, which can be used to do away with padding. Finally, you may not need an IV for certain modes of single block encryption.

In your case:

If you work with bytes, use CBC mode encryption, prepend the IV and use PKCS#5 padding then the calculation would be (n) + ((x) + (n - x % n)). For 3DES, n = 8.