17 Dec
2003
17 Dec
'03
11:17 p.m.
Even if you assume complete independence of key setup, if a successful decryption at each layer can be independently detected and verified (which seems likely in your example), there're only about 3 * (2 ^ 40) total operations in the worst case, NOT 2 ^ (3 * 40) operations needed to expose the plaintext. This is an effective 41.5 bits, not 120.
Of course. It comes down to whether each encryption step plans some known plaintext to be used for brute force testing of any next layer.