Data Encryption Standard
Data Encryption StandardIntroductionDES developed in 1970sBased
on IBM Lucifier cipherFederal Information processing
standard(FIPS)DES development was controversial:Design process was
not openKey length was small(56 bits)
DESDES is a feistel cipher64 bit block length56 bit key length16
rounds48 bits of key used each round(subkey)Each round is
simpleSecurity depends on primarily on S-BoxesEach S-Boxes maps6
bits to 4 bitsInitial PermutationsDES has an initial permutations
and a final permutation after 16 rounds.These permutations are
inverse of each other and operate on 64 bitsThe designers did not
disclose their purpose.Single round
DES ExpansionOutput 48 bits32
12345456789891011121312131415161716171819202120212223242524252627282928293031321Input
32 bits0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
23 24 25 26 27 28 29 30 31
DES S-box (Substitution Box)8 Substitution boxes or S-boxesEach
S-box maps 6 bits to 4 bits
There are 8 s-boxes in DES round.Each S box maps 6 bits into 4
bits out put.This input 6 bits serve as a look up or serve as a
index to look up in this table.In that 6 bits (0,1,2,3,4,5)-First
and last bits represents row index.Remaining middle 4 bits
represents column index.ExampleInput bits are101000First and last
bits are1 0=2(row). 0100=4(column).
Output is :13- (1101)
Properties of S-boxesThere are several propertiesHere highlight
some properties:The rows are permutationsThe outputs are a non
linear combination of the inputs.Change one bit of the input, and
half of the output bits changed, which is called Avalanche
effect.Each output bit is dependent on all the input bits
DES P-box(Permutation box)Input bits 0 1 2 3 4 5 6 7 8 9 10 11
12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31Out
bits15 6 19 20 28 11 27 16 0 14 22 25 4 17 30 91 7 23 13 31 26 2 8
18 12 29 5 21 10 3 24DES SubkeyInput Key size: 64 bits, of which 8
are parity bits.0,1,2,3.55 -56 bit key.Left half key bits, LK49 42
35 28 21 14 70 30 43 36 29 22 158 15 14 4 37 30 23 16 9 2 52 45 38
31
Right half key bits, RK55 48 41 34 27 20 136 54 47 40 3326 1912
5 53 46 39 32 2518 11 4 24 17 10 313DES Sub keyFor rounds
i=1,2,..nLet LK=(LK circular shift left by ri)Let RK=(RK circular
shift left by ri)Left half of sub key Ki is of 24 bits13 16 10 23 0
4 2 27 14 5 20 9 22 18 11 3 25 7 15 6 26 19 12 1Right half of sub
key Ki is of 24 bits 12 23 2 8 18 26 1 11 22 16 4 19 15 20 10 27 5
24 17 13 21 7 0 3DES SubkeyFor rounds 1,2,9 and 16 the shift ri is
1,and in all other rounds ri is 2.Bits 8,17,21,24 of LK omitted
each roundBits 6,9,14,25 of RK omitted each roundCompression
permutation yields 48 bit subkey ki from 56 bits of LK and RKKey
schedule generates subkey.
Weak KeysA weak key is the one which after parity drop
operation, consists either of all 0s, all 1s or half 0s or half
1s.Four out of the 256 keys are weak keys.Example:00000000
0000000000000000 FFFFFFFFConsequence of weak keysThe round keys are
created from any of these weak keys are the same.For example, for
the first weak key, all the round keys are 0.The second key leads
to half 0s, and half 1s.If we encrypt a block with a weak key and
subsequently encrypt the result with the same weak key, we get the
original block.Semi Weak KeysA semi weak keys creates only two
different round keys and each of them is repeated eight times.There
are six key pairs that are called semi weak keys.The round keys
created from each pair arethe same in different order.Multiple
DESThe major criticism against DES is the key length.So, we may try
cascading several DES applications.The total key size is
56*2=112bits.However 2DES is vulnerable to a known plaintext.Man in
middle attack is possible.
Security of 2 DESThen the attacker checks for a match in the
table in the value of M.Here note the key pair of (k1,k2)If there
are more than one keys, takes another p,c value.The attacker
continues until there is only ley left.Attack complexity is around
257 .
Tr
