Chapter Three-1

Symmetric Cryptosystems (Private key Encryption- DES)

Symmetric Cryptosystems also known as secret/private key encryption, Encryption methods in
which both the sender and receiver uses the same key to encrypt and decrypt a message. The
key is called secret key or the private key. P = D K [EK (P) ]. Only the sender and receiver know
the key.To preserve the security, the key can only be transmitted via a secure channel. E.g. in
person, over an encrypted network, etc. Symmetric cryptosystem are still in use in combination
with public key cryptosystems due to some of their advantages. Both Data Encryption Standard
(DES) and Advanced Encryption Standard (AES) algorithm are Symmetric cryptosystems.

Data Encryption Standard (DES)

The Data Encryption Standard(DES) is a symmetric-key block cipher that it operates on a
plaintext block of 64-bit and returns cipher text of the same size, which it is published in 1977
and standardized in 1979. Encryption and Decryption of DES

The block size of plaintext and cipher text is 64-bit, 64-bit of key from that 8-bit is parity bit
(8,18,24,32,40,48,56,64) so 56-bit key, number of round is 16, 16 number of sub key, each round
used 48-bit of sub key. Bits 8,7, 21, 24 of Left-Key are omitted each round and Bit 6, 8 ,14 ,25 of
Right-key are omitted each round in order to compression permutation yields 48-bit sub-key Ki
from bits of Left-key and Right-key. The messages encryption process is made of two
permutations which named initial permutation and final permutation. Here is below DES
structure of Initial and final permutation step.

1
Computer Security _ Compiled –Zufan W. OBU- - 2016 _E.C
Permutation means rearranges the bits to produce the permuted input; no elements are added or
deleted or replaced, rather the order in which the elements appear in the sequence is changed.
Extracts and permutes only 56-bit of the original 64-bit key (excluding parity bits
8,16,24,32,40,48,56,64)

Table: Initial permutation

Selects or extracts the 48-bit subkey for each round from the 56-bit key-schedule

2
Computer Security _ Compiled –Zufan W. OBU- - 2016 _E.C
Table: Permutation Choice 2 -------Final permutation

How DES Algorithm Encrypt Plaintext?

The DES Algorithm to Encrypt Plaintext have three steps, these are sub key generation,
Message goes through different permutations and Message Encrytion.

3
Computer Security _ Compiled –Zufan W. OBU- - 2016 _E.C
  1st Sub-key Generation
 Example: Let K be the hexadecimal key K= 133457799BBCDFF1--- original 64-bit
key. Binary form of the given key
 This gives us as the binary key (setting 1 = 0001, 3 = 0011, etc., and grouping together
every eight bits, of which the last one in each group will be unused):
 K= 00010011 00110100 01010111 01111001 10011011 10111100 11011111 11110001
 K= 00010011 00110100 01010111 01111001 10011011 10111100 11011111 11110001
 It drops the parity bits(8,16,24,32,40,48,56,64) from 64-bit key.
 K= 0001001 0011010 0101011 0111100 1001101 1011110 1101111 1111000 we get 56-bit
 This remaining 56-bit values is the actual cipher key which is used to generate round
keys.
Next Permutation the 56-bit to Initial Permutation choose 1
Create 16 subkeys, each of which is 48-bits long.
 The 64-bit key is permuted according to the following table, PC-1.
Since the first entry in the table is "57", this means that the 57th bit of the original key K
becomes the first bit of the permuted key K+.
 The 49th bit of the original key becomes the second bit of the permuted key.
 The 4th bit of the original key is the last bit of the permuted key.
 Note only 56 bits of the original key appear in the permuted key.
 Principles -1: Permutation Choice 1

 Extracts and permutes only 56-bit of the original 64-bit key (excluding parity bits
8,16,24,32,40,48,56,64)

4
Computer Security _ Compiled –Zufan W. OBU- - 2016 _E.C
Permutation Choice 1
 K= 00010011 00110100 01010111 01111001 10011011 10111100 11011111 11110001
 K= 0001001 0011010 0101011 0111100 1001101 1011110 1101111 1111000 56-bit
 K+ = 1111000 0110011 0010101 0101111 0101010 1011001 1001111 0001111
we get the 56-bit IP
Next, split this key into left and right halves, L0 and R0, where each half has 28 bits.

 K+=1111000 0110011 0010101 0101111 0101010 1011001 1001111 0001111

 K+ classify into Left and right
 Lk0=1111000 0110011 0010101 0101111
 Rk0=0101010 1011001 1001111 0001111
 With L0 and R0 defined, we now create sixteen blocks Ln and Rn, 1<=n<=16.
 Each pair of blocks Ln and Rn is formed from the previous pair Ln-1 and Rn-1,
respectively, for n = 1, 2, ..., 16, using the following schedule of "left shifts" of the
previous block.
 To do a left shift, move each bit one place to the left, except for the first bit, which
is cycled to the end of the block.
Principle of left shift to generate DES sub-key: Round Left K+ and Right K+ 1, 2, 9 and
16 the shift Ri is 1 and in all other round Ri is 2
5
Computer Security _ Compiled –Zufan W. OBU- - 2016 _E.C
This means, for example, L3 and R3 are obtained from L2 and R2, respectively, by two left shifts,
and L16 and R16 are obtained from L15 and R15, respectively, by one left shift. In all cases, by a
single left shift is meant a rotation of the bits one place to the left, so that after one left shift
the bits in the 28 positions are the bits that were previously in positions 2, 3,..., 28, 1.
Example: From original pair pair L0 and R0 we obtain:
L0 = 1111 0000 1100 1100 1010 1010 1111
R0 = 0101 0101 0110 0110 0111 1000 1111
L1 = 1110000110011001010101011111 L4 = 0011001100101010101111111100
R1 = 1010101011001100111100011110 R4 = 0101100110011110001111010101
L2 = 1100001100110010101010111111 L5 = 1100110010101010111111110000
R2 = 0101010110011001111000111101 R5 = 0110011001111000111101010101
L3 = 0000110011001010101011111111 L6 = 0011001010101011111111000011
R3 = 0101011001100111100011110101 R6 = 1001100111100011110101010101

6
Computer Security _ Compiled –Zufan W. OBU- - 2016 _E.C
 L7 = 1100101010101111111100001100
R7 = 0110011110001111010101010110
L8 = 0010101010111111110000110011
R8 = 1001111000111101010101011001
L9 = 0101010101111111100001100110
R9 = 0011110001111010101010110011
L10 = 0101010111111110000110011001
R10 = 1111000111101010101011001100
L11 = 0101011111111000011001100101
R11 = 1100011110101010101100110011
L12 = 0101111111100001100110010101
R12 = 0001111010101010110011001111
L13 = 0111111110000110011001010101
R13 = 0111101010101011001100111100
L14 = 1111111000011001100101010101
R14 = 1110101010101100110011110001
L15 = 1111100001100110010101010111
R15 = 1010101010110011001111000111
L16 = 1111000011001100101010101111
R16 = 0101010101100110011110001111

After generating the 16 sub-key, Next go to Permutation choose2

Table: Permutation choose2, 56-bit input permutated into 48-bit output, Bits 8,7, 21, 24 of
Left-Key are omitted each round and Bit 6 8 14 25 of Right-key.

 So for the first Sub-key we have LK1&RK1=

 L1=111000 0110011 0010101 01011111
 R1=101010 1011001 1001111 00011110
 L1R1= 1110000 1100110 0101010 1011111 1010101 0110011 0011110 0011110
which, after we apply the permutation PC-2, Sub-key1 becomes
 K1 = 000110 110000 001011 101111 111111 000111 000001 110010---- K1 =48-bit
 For the other keys we have

 K2 = 011110 011010 111011 011001 110110 111100 100111 100101

K3 = 010101 011111 110010 001010 010000 101100 111110 011001
K4 = 011100 101010 110111 010110 110110 110011 010100 011101
K5 = 011111 001110 110000 000111 111010 110101 001110 101000

7
Computer Security _ Compiled –Zufan W. OBU- - 2016 _E.C
  K6 = 011000 111010 010100 111110 010100 000111 101100 101111
K7 = 111011 001000 010010 110111 111101 100001 100010 111100
K8 = 111101 111000 101000 111010 110000 010011 101111 111011

 K9 = 111000 001101 101111 101011 111011 011110 011110 000001

 K10 = 101100 011111 001101 000111 101110 100100 011001 001111

K11 = 001000 010101 111111 010011 110111 101101 001110 000110
K12 = 011101 010111 000111 110101 100101 000110 011111 101001
K13 = 100101 111100 010111 010001 111110 101011 101001 000001
K14 = 010111 110100 001110 110111 111100 101110 011100 111010
K15 = 101111 111001 000110 001101 001111 010011 111100 001010
K16 = 110010 110011 110110 001011 000011 100001 011111 110101

Fig: Key Generation

2nd step: Message go through different Permutation
 Example: Let M be the plain text message M = 0123456789ABCDEF, where M is in
hexadecimal (base 16) format.

8
Computer Security _ Compiled –Zufan W. OBU- - 2016 _E.C
  Rewriting M in binary format, we get the 64-bit block of text:
 M = 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 1111
 The first bit of M is "0". The last bit is "1". We read from left to right.
 Applying the initial permutation to the block of text M
 M = 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 1111
Applying the initial permutation to the block of text M
M = 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 1111
IP = 1100 1100 0000 0000 1100 1100 1111 1111 1111 0000 1010 1010 1111 0000 1010 1010

 Here the 58th bit of M is "1", which becomes the first bit of IP.
 The 50th bit of M is "1", which becomes the second bit of IP.
 The 7th bit of M is "0", which becomes the last bit of IP.

Initial permutation

58 50 42 34 26 18 10 02

60 52 44 36 28 20 12 04

62 54 46 38 30 22 14 06

64 56 48 40 32 24 16 08

57 49 41 33 25 17 09 01

59 51 43 35 27 19 11 03

61 53 45 37 29 21 13 05

63 55 47 39 31 23 15 07

9
Computer Security _ Compiled –Zufan W. OBU- - 2016 _E.C
Next divide the permuted block IP into a left half L0 of 32 bits, and a right half R0 of 32 bits.
Example: From IP, we get L0 and R0
L0=1100 1100 0000 0000 1100 1100 1111 1111
R0=1111 0000 1010 1010 1111 0000 1010 1010
Message GO Though Expansion Permutation---R0

Expansion Permutation or Permutation box(P-box)

 R0=1111 0000 1010 1010 1111 0000 1010 1010

 R0+= 011110 100001 010101 010101 011110 100001 010101 010101

Message GO Though ---- Whitener (XOR)

 After the expansion permutation, DES uses the XOR operation on the expanded right
section and the round key.
10
Computer Security _ Compiled –Zufan W. OBU- - 2016 _E.C
  Note that both the Right section(R0+ ) and the key are 48-bit in length.
 Also note that the round key is used only in this operation.
XOR
1 1 0 0
1 0 1 0
0 1 1 0

 R0+= 011110 100001 010101 010101 011110 100001 010101 010101

XOR
 K1 = 000110 110000 001011 101111 111111 000111 000001 110010

Message GO Though Substation Box

 The substation box(S-box) do the real mixing.
 DES uses 8 S-boxs, each with a 6-bit input and a 4-bit output.

S-Box Rule

11
Computer Security _ Compiled –Zufan W. OBU- - 2016 _E.C
Permutation for S-box1 there are 8-S-box

 Cipher -XOR=011000 010001 011110 111010 100001 100110 010100 100111

 If we write the first and the sixth bits together, we get 00 in binary, which is 0 in decimal.
 The remaining bits 1100 in binary, which is 12 in decimal.
 We look for the value in row 0, column 12 in the table (S-box1).
 The result is 5 in decimal, which in binary is 0101, so the input 011000 yields the output
0101

12
Computer Security _ Compiled –Zufan W. OBU- - 2016 _E.C
 Cipher -XOR=011000 010001 011110 111010 100001 100110 010100 100111 48-
bit S-box8
 S-box= 0101 1100----------32-bit

 Cipher -XOR=011000 010001 011110 111010 100001 100110 010100 100111 48-
bit S-box8
 S-box= 0101 1110 1000 0010---------------32-bit

 Cipher -XOR=011000 010001 011110 111010 100001 100110 010100 100111 48-bit S-box8

 S-box= 0101 1110 1000 0010 1101 0101------------- 32-bit

13
Computer Security _ Compiled –Zufan W. OBU- - 2016 _E.C
  Cipher -XOR=011000 010001 011110 111010 100001 100110 010100 100111 48-bit S-box8

 S-box= 0101 1110 1000 0010 1101 0101 1001 0111=32-bit

2nd Message GO Though -----Straight Permutation

 The last operation in the DES function is a straight permutation with a 32-bit input and a
32-bit output.
 It follows the same general rule a previous permutation table.
 The input/output relationship for this operation is shown below ON next page.

 3rd Message Encryption right bit message ( RM-bit) merge with right bit message (RM-
bit) go head through the progress
 Cipher -XOR=011000 010001 011110 111010 100001 100110 010100 100111 S-box8
 S-box= 0101 1110 1000 0010 1101 0101 1001 0111=32-bit= R0+ bit

 R0+= 0101 1110 1000 0010 1101 0101 1001 0111------S-box

XOR
 L0 = 1100 1100 0000 0000 1100 1100 1111 1111
14
Computer Security _ Compiled –Zufan W. OBU- - 2016 _E.C
  XOR=1001 0010 1000 0010 0001 1101 0110 1000 --- Straight Permutation
 XOR= = R0+= assigned to right bit
R0+=1001 0010 1000 0010 0001 1101 0110 1000
L0 = = R0=1111 0000 1010 1010 1111 0000 1010 1010

 3rd Message Encryption RM-bit merge with RM-bit

 R0+=1001 0010 1000 0010 0001 1101 0110 1000
 L0 = = R0=1111 0000 1010 1010 1111 0000 1010 1010
 L0 merge R0+ = Message = L0 Merge with R0+ -----next goto Final Permutation
 Merged Message =1001 0010 1000 0010 0001 1101 0110 1000 1111 0000 1010
1010 1111 0000 1010 1010

 Encrypted Message = Merged Message’ = Merged Message Permutation

15
Computer Security _ Compiled –Zufan W. OBU- - 2016 _E.C
 DES encryption Plain text using key

DES cipher and reverse cipher for the first approach

Fig: DES Algorithm Structure

16
Computer Security _ Compiled –Zufan W. OBU- - 2016 _E.C