DES / 3DES (Triple DES)
Older encryption algorithms still used in some NFC chips. DES (56-bit key) is considered obsolete. Triple DES applies DES three times for effectively 112 or 168-bit security. Used in MIFARE Ultralight C and DESFire EV1.
DES / 3DES (Triple DES)
DES (Data Encryption Standard) and Triple DES (3DES) are symmetric-key encryption algorithms that appear in legacy NFC chips predating the widespread adoption of AES. While DES is considered cryptographically obsolete, 3DES still provides adequate security for many applications and remains in active use in deployed NFC infrastructure — particularly transit systems and access control installations that cannot easily migrate to newer hardware.
DES: The Original Standard
DES, standardized by NIST in 1977, operates on 64-bit data blocks with a 56-bit key (8 parity bits bring the stored key to 64 bits). Its small key size makes it vulnerable to brute-force attacks — a 56-bit keyspace of approximately 7.2 x 10^16 combinations was demonstrated to be exhaustible in under 24 hours as early as 1999 using specialized hardware.
In NFC, single DES appears primarily in the MIFARE Ultralight C, which uses 3DES authenticationauthenticationApplicationsIdentity verification of NFC tags/readers via passwords or cryptographyClick to view → (technically two-key Triple DES with a 112-bit effective key derived from a 16-byte stored key).
Triple DES (3DES)
3DES applies the DES algorithm three times in sequence (Encrypt-Decrypt-Encrypt) to achieve stronger security without requiring a new cipher design:
- 2-key 3DES (EDE2): Uses two independent 56-bit keys (K1, K2). Effective security is approximately 112 bits. Sequence: Encrypt with K1, Decrypt with K2, Encrypt with K1.
- 3-key 3DES (EDE3): Uses three independent 56-bit keys. Effective security is approximately 168 bits (though meet-in-the-middle attacks reduce this to ~112 bits in practice).
NFC Chips Using DES/3DES
| Chip | Algorithm | Key Length | Notes |
|---|---|---|---|
| MIFARE Ultralight C | 2-key 3DES | 112 bits (16 bytes) | Mutual authenticationMutual authenticationSecurityTwo-way identity verification between reader and tagClick to view → |
| MIFARE DESFire EV1 | 2-key/3-key 3DES or AES | 112/168 bits | Supports AES migration |
| MIFARE Classic 1K | Crypto-1 (not DES) | 48 bits | Proprietary, broken |
Migration Path to AES
NIST deprecated 3DES for new applications and announced its complete disallowance after 2023. For NFC deployments, the migration path is clear:
- New projects: Use AES-128 exclusively. Choose NTAG 424 DNA for tag authentication or MIFARE DESFire EV3 for multi-application smart card use cases.
- Existing 3DES deployments: MIFARE DESFire EV1 supports both 3DES and AES on the same chip, allowing gradual backend migration without replacing physical cards.
- Legacy Crypto-1Crypto-1SecurityBroken proprietary cipher in MIFARE Classic (reverse-engineered 2008)Click to view → systems: These must be replaced entirely — Crypto-1 was proprietary and broken, not based on DES at all.
Performance Comparison
3DES is approximately three times slower than single DES (since it runs DES three times) and roughly 2-3 times slower than AES-128 on dedicated hardware. On modern NFC chips with hardware crypto acceleration, both complete within microseconds, so the performance difference is imperceptible during a tap interaction. The migration to AES is driven by security requirements, not speed.
Related Terms
Related Guides
Sıkça Sorulan Sorular
The NFC glossary is a comprehensive reference of technical terms, acronyms, and concepts used in Near Field Communication technology. It is designed for developers, product managers, and engineers who work with NFC and need clear definitions of terms like NDEF, APDU, anti-collision, and ISO 14443.
Each glossary term is cross-referenced with related NFC chips, standards, and other terms. For example, the term 'AES-128' links to chips that support AES encryption (NTAG 424 DNA, DESFire EV2/EV3), and the term 'ISO 14443' links to all chips compliant with that standard.
Yes. NFCFYI provides glossary definitions in 15 languages including English, Korean, Japanese, Chinese, Spanish, Portuguese, Hindi, Arabic, French, Russian, German, Turkish, Vietnamese, Indonesian, and Thai. Use the language selector in the header to switch languages.