Professional Documents
Culture Documents
Des
Des
• 1975: DES: Lucifer by IBM, modified by NSA (key reduced from 128 to 56 bits)
• Encryption is fast
– DES chips
– DES software: a 500-MIP CPU can encrypt at about 30K octets per second
• Security
Description:
• Encoding is in 16 rounds
64-bit plaintext
Initial Permutation DES
Key1
Round 1 48-bit
Key2 Round –
Round 2
48-bit Key
Generator
Round 16 Key16
48-bit
Final Permutation
56-bit
Cipher key
64-bit ciphertext
Fig: General Structure of DES
• The f function mixes the bits of the R portion using the subkey for the current round.
• First the 32-bit R value is expanded to 48 bits using a permutation E. That value is then
exclusive-or'ed with the subkey.
• The 48 bits are then divided into eight 6-bit chunks, each of which is fed into a S-Box
that mixes the bits and produces a 4-bit output.
• Those 4-bit outputs are combined into a 32-bit value, and permuted once again to
produce the f-function output.
Sub-key Generation
• To generate the sub-keys, start with the 56-bit key (64 bits if you include the parity bits).
• These are permuted and divided into two halves called C and D.
• For each round, C and D are each shifted left circularly one or two bits (the number of
bits depending on the round).
• The 48-bit subkey is then selected from the current C and D bits.
• Expand right side from 32
to 48 bits (some get
reused)
1. Take the plain text input and break it into blocks of 64 bits. For this reason, DES is a block
based encryption method.
2. Derive - from the 56 bit encryption key - 16 sub keys of length 48 bits. This is again based on
bit shuffling. The process is fairly straightforward. For generating each sub key, the previous
sub key is halved and the bits of each half are moved one bit to the left. The first bits are
wrapped around to the end. The two new halves are rejoined to make a new key. The 56 bit key
that you provide to the encryption method is only used to generate the first sub key, and isn't
directly used to encrypt the data.
3. Once the plain text has been broken up into a series of 64 bit blocks, it is shuffled (a process
also called permutation) based on a known 'shuffle' table that specifies how the bit are shuffled.
That is, bit 1 is placed in bit 40, bit 2 is placed in bit 23 and so on. This doesn't actually help
making the encryption any more secure. In fact, it makes the process more difficult to achieve
using a software based algorithm.
4. Once this shuffle has been done, the bits then are passed through 16 steps, or rounds, using
one of the generated 16 sub keys.
5. The shuffled 64 bits created in step 3 are passed to a round, where it is split into two blocks of
32 bits each and processed against the corresponding key for that round. The process conducted
in the round is covered later.
6. Step 4 is repeated 16 times, once for each sub key. The output of each round is fed into the
following round.
7. Once the 16th round is complete, the resulting two 32 bit halves are switched and then
rejoined back into a 64 bit block.
8. Finally, the 64 bit block is then reshuffled (permutated) using the inverse shuffle that was
applied in step 3. Again, this doesn't make any great difference to the effectiveness of the
encryption method.
All the blocks of the plain text go through this process. Once all the blocks have been processed
they are combined; and that's the encrypted cipher text.
Figure 1: DES Symmetric Encryption
Triple-DES (3DES)
• C = DESk3(DESk2(DESk1(P))).
• Key size: 168-bit key; effective key size: 112 (due to man-in-the-middle attack)