2 : Data Encryption Standard(DES)

Fall 2014

2014 T.A


e-mail : eom_je@korea.ac.kr

2.1 DES
DES(Data Encryption Standard)
1973 (National Bureau of Standards,
NBS, ) DES
IBM (Lucifer)
1977 DES
FIPS PUB 46
(National Security Agency, NSA)
64 56, S-Box
considerable controversy over its security

most widely used block cipher in world

64-bit , 56-bit
2 2
3-DES(triple DES) AES(Advanced Encryption Standard)

2.2 (Confusion) (Diffusion)

(Claude Shannon)
1. (Confusion) :

(Substitution)

2. (Diffusion) :

DES (Permutation)
, AES
MixColumn

Shannon

2.2 (Confusion) (Diffusion)

(Product Cipher)



(Round)

2.2 (Confusion) (Diffusion)

DES :
Design principle : S-Box
1.
S-Box

2
.
2. S-Box

S-Box

.

Note: 2

2.3 DES
64 56 64

2.4 (Feistel)

(Feistel) : (Invertible) (NonInvertible)

(Non-Feistel) :
Note : :
(Inverse Function)
: .

2.4 (Feistel)
1 (Feistel)
:
:
;

2.4 (Feistel)
2 (Feistel)

,
,

,

,


,

,
,

,
,

2.4 (Feistel)

(Feistel)

2
SPN
1


,


.

2.5 DES
IP/ FP ( = IP

2.5 DES
( )

(Mixer) : 32
, 32
XOR .
(Swapper): XOR ,
32
.

2.5 DES
( )

2.5 DES

2.5 DES
(XOR) : 48 XOR

(S-Box)
1.
2.
3.

48 6 8 .
6 8 S-Box .
S-Box 6 4 .

2.5 DES
(S-Box)

1. 6 1 6
0 3 ,
.
2. 2 5 4
0 15 ,
.

2.5 DES
(S-Box)

S A S B
S A B .

....

2.5 DES

64

16 48

2.5 DES
(Parity Bit Drop)
DES 64 8
, DES 56

57
58
59
60
31
30
29

49
50
51
52
23
22
21

41
42
43
44
15
14
13

33
34
35
36
07
06
05

25
26
27
63
62
61
28

17
18
19
55
54
53
20

09
10
11
47
46
45
12

01
02
03
39
38
37
04

2.5 DES
(Shift)
,

2.2

10

11

12

13 14

15

16

2.5 DES
(Compression P-Box)
2.3 (Compression P-Box)

14
15
26
41
51
34

17
06
08
52
45
53

11
21
16
31
33
46

24
10
07
37
48
42

01
23
27
47
44
50

05
19
20
55
49
36

03
12
13
30
39
29

28
04
02
40
56
32

2.6 DES

2.7 DES
(Weak Key)
64

[ 2.1]
56

0101 0101 0101 0101

0000000 0000000

1F1F 1F1F 0E0E 0E0E

0000000 FFFFFFF

E0E0 E0E0 F1F1 F1F1

FFFFFFF 0000000

FEFE FEFE FEFE FEFE

FFFFFFF FFFFFFF

2.7 DES
(Semi-Weak Key):
2

4
DES 4, 12, 48
2 64 4 12
48 /2
8.8 x 10
01FE 01FE 01FE 01FE

FE01 FE01 FE01 FE01

1FE0 1FE0 0EF1 0EF1

E01F E01F F10E F10E

0EF0 0EF1 01F1 01F1

E001 E001 F101 F101

1FFE 1FFE 0EFE 0EFE

FE1F FE1F FE0E FE0E

011F 011F 010E 010E

1F01 1F01 0E01 0E01

E0FE E0FE F1FE F1FE

FEE0 FEE0 FEF1 FEF1

2.7 DES
(Brute Force Attack)
1981:estimatedbreakablein2daysby$50Mmachine
DESChallengeI(1997):brokenin96daysby70000machines,testing7
billionkeys/s(DESCHALLproject)
DESChallengeII1(1998):brokenbydistributed.netin41days
DESChallengeII2(1998):lessthan56hoursbyspecialhardware,$250K
incl designanddevelopment(DeepCrack)
DESChallengeIII(1999):22h15min,DeepCrack+100000machines,
testing245billionkeys/s
2007:6.4days,$10Khardware,120FPGAs(COPACOBANAproject)

(Complementation Property)
KeyComplement
C=Ek(P) =comp(C)=Ecomp(k)comp(P)

keydomainof256. 255.

2.7 DES
DifferentialCryptanalysis
Biham andShamirhaveshownhowa13rounditerated
characteristiccanbreakthefull16roundDES,requiresaneffort
ontheorderof247encryptions,requiring247 chosenplaintextsto
beencrypted,withaconsiderableamountofanalysis inpractise
exhaustivesearchisstilleasier,eventhoughupto255 encryptions
arerequiredforthis.

LinearCryptanalysis
canattackDESwith243 knownplaintexts,easierbutstillinpractise
infeasible

2.8 DES
56 DES
DES DES
2 DES (Double DES)

2.8 DES
2 DES (Double DES)
(Meet-in-the-Middle Attack)

2.8 DES
3 DES (Triple DES)