DES Algorithm

DES AlgorithmDES Algorithm

Data Encryption StandardData Encryption Standard

DES FeaturesDES Features

Block cipher, 64 bits per blockBlock cipher, 64 bits per block

64-bit key, with only 56 bits effective64-bit key, with only 56 bits effective

ECB mode and CBC modeECB mode and CBC mode

DES – Key SchedulingDES – Key Scheduling

Specify a 64-bit keySpecify a 64-bit key

There are eight parity bitsThere are eight parity bits

The key structure is in the next pageThe key structure is in the next page

Bit 0Bit 0 Bit 1Bit 1 Bit 2Bit 2 Bit 3Bit 3 Bit 4Bit 4 Bit 5Bit 5 Bit 6Bit 6 Bit 7Bit 7

Bit Bit 0~70~7

Effective KeyEffective Key Parity BitParity Bit

Bit Bit 8~158~15


Bit Bit 16~2316~23


Bit Bit 24~3124~31


Bit Bit 32~3932~39


Bit Bit 40~4740~47


Bit Bit 48~5548~55


Bit Bit 56~6356~63



Key permutation according to “Permuted Key permutation according to “Permuted Choice 1”(PC-1)Choice 1”(PC-1)

After permutation, the key length will be After permutation, the key length will be only 56 bitsonly 56 bits

64 bits → 56 bits? Why?64 bits → 56 bits? Why?

The explanation is in the next pageThe explanation is in the next page

Permuted Choice 1Permuted Choice 1Bit 0 1 2 3 4 5 6

1 57 49 41 33 25 17 9

8 1 58 50 42 34 26 18

15 10 2 59 51 43 35 27

22 19 11 3 60 52 44 36

29 63 55 47 39 31 23 15

36 7 62 54 46 38 30 22

43 14 6 61 53 45 37 29

50 21 13 5 28 20 12 4

Note: The 8n-th bit is disappeared!!


We separate the 56-bit key to two 28-bit kWe separate the 56-bit key to two 28-bit keys: Leys: Lkk and R and Rkk

““Left rotate” the LLeft rotate” the Lkk and R and Rkk according to SR according to SR

T (Subkey Rotation Table)T (Subkey Rotation Table)

After rotation, merge LAfter rotation, merge Lkk and R and Rkk

Permutation according to Permuted ChoicPermutation according to Permuted Choice 2 (PC-2)e 2 (PC-2)

We get a 48-bit subkey nowWe get a 48-bit subkey now


Repeat the operation 16 times to get 16 suRepeat the operation 16 times to get 16 subkeysbkeys

Use rotated LUse rotated Lkk and R and Rkk

Why each subkey has length of only 48 bitWhy each subkey has length of only 48 bits instead of 56 bits?s instead of 56 bits?

The answer is similar to PC-1The answer is similar to PC-1

Subkey Rotation TableSubkey Rotation TableRound Round NumberNumber

11 22 33 44 55 66 77 88 99 1010 1111 1212 1313 1414 1515 1616

Bits to Bits to RotateRotate

11 11 22 22 22 22 22 22 11 22 22 22 22 22 22 11

Bit 0 1 2 3 4 5

1 14 17 11 24 1 5

7 3 28 15 6 21 10

13 23 19 12 4 26 8

19 16 7 27 20 13 2

25 41 52 31 37 47 55

31 30 40 51 45 33 48

37 44 49 39 56 34 53

43 46 42 50 36 29 32

Permuted Choice 2

DES – Key Scheduling Flow ChartDES – Key Scheduling Flow Chart

““<<<” is the operation <<<” is the operation of SRTof SRT

We will call the subkeWe will call the subkeys K[1], K[2], …, K[16] ys K[1], K[2], …, K[16] laterlater

Plaintext PreparationPlaintext Preparation

Cut the plaintext into 64-bit blocksCut the plaintext into 64-bit blocks

Each 64-bit block should be permuted Each 64-bit block should be permuted according to Initial Permutation Table (IP according to Initial Permutation Table (IP Table)Table)

Besides, we make an Inverse Initial Besides, we make an Inverse Initial Permutation Table (IPPermutation Table (IP-1-1), which has effect ), which has effect opposite to IPopposite to IP

IP: Initial Permutation

Bit 0 1 2 3 4 5 6 7

1 58 50 42 34 26 18 10 2

9 60 52 44 36 28 20 12 4

17 62 54 46 38 30 22 14 6

25 64 56 48 40 32 24 16 8

33 57 49 41 33 25 17 9 1

41 59 51 43 35 27 19 11 3

49 61 53 45 37 29 21 13 5

57 63 55 47 39 31 23 15 7

IP-1: Inverse Initial Permutation

Bit 0 1 2 3 4 5 6 7

1 40 8 48 16 56 24 64 32

9 39 7 47 15 55 23 63 31

17 38 6 46 14 54 22 62 30

25 37 5 45 13 53 21 61 29

33 36 4 44 12 52 20 60 28

41 35 3 43 11 51 19 59 27

49 34 2 42 10 50 18 58 26

57 33 1 41 9 49 17 57 25

DES – Core FunctionDES – Core Function

L[0] to L[15], R[0] to R[15]L[0] to L[15], R[0] to R[15]

Feistel (F) functionFeistel (F) function

Inverse Initial PermutationInverse Initial Permutation

Feistel FunctionFeistel Function

Expansion: using E-bit Selection TableExpansion: using E-bit Selection Table

Key Mixing: XOR with subkeysKey Mixing: XOR with subkeys

Substitution: S-boxSubstitution: S-box

Permutation: P-boxPermutation: P-box

Feistel Function - ExpansionFeistel Function - Expansion

Copy R[0] to a bCopy R[0] to a buffer Ruffer Rbb

RRbb: 32 bits → 48 : 32 bits → 48

bitsbits

E-Bit Selection Table

Bit 0 1 2 3 4 5

1 32 1 2 3 4 5

7 4 5 6 7 8 9

13 8 9 10 11 12 13

19 12 13 14 15 16 17

25 16 17 18 19 20 21

31 20 21 22 23 24 25

37 24 25 26 27 28 29

43 28 29 30 31 32 1

Feistel Function – Key MixingFeistel Function – Key Mixing

After the expansion operation, just “XOR” After the expansion operation, just “XOR” with subkey K[1]with subkey K[1]

Feistel Function - SubstitutionFeistel Function - Substitution

48-bit buffer becomes eight 6-bit blocks48-bit buffer becomes eight 6-bit blocks

8 S-boxes have output from 0 to 15 which 8 S-boxes have output from 0 to 15 which can be represented with 4 bitscan be represented with 4 bits

How do S-boxes work? Wait and see…How do S-boxes work? Wait and see…

8 4-bit outputs can be merged, and store it 8 4-bit outputs can be merged, and store it in a 32-bit bufferin a 32-bit buffer

How do S-boxes Work?How do S-boxes Work?

Bit 0Bit 0 Bit 1Bit 1 Bit 2Bit 2 Bit 3Bit 3 Bit 4Bit 4 Bit 5Bit 5

Row Column

Use the Row and Column number to find the corresponding output number from the S-box.Besides, the n-th block must use the n-th S-box.

S-Box 1: Substitution Box 1

Row / Column 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

0 14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7

1 0 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8

2 4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0

3 15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13


Row / Column 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

0 15 1 8 14 6 11 3 4 9 7 2 13 12 0 5 10

1 3 13 4 7 15 2 8 14 12 0 1 10 6 9 11 5

2 0 14 7 11 10 4 13 1 5 8 12 6 9 3 2 15

3 13 8 10 1 3 15 4 2 11 6 7 12 0 5 14 9


Row / Column 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

0 10 0 9 14 6 3 15 5 1 13 12 7 11 4 2 8

1 13 7 0 9 3 4 6 10 2 8 5 14 12 11 15 1

2 13 6 4 9 8 15 3 0 11 1 2 12 5 10 14 7

3 1 10 13 0 6 9 8 7 4 15 14 3 11 5 2 12


Row / Column 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

0 7 13 14 3 0 6 9 10 1 2 8 5 11 12 4 15

1 13 8 11 5 6 15 0 3 4 7 2 12 1 10 14 9

2 10 6 9 0 12 11 7 13 15 1 3 14 5 2 8 4

3 3 15 0 6 10 1 13 8 9 4 5 11 12 7 2 14


Row / Column 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

0 2 12 4 1 7 10 11 6 8 5 3 15 13 0 14 9

1 14 11 2 12 4 7 13 1 5 0 15 10 3 9 8 6

2 4 2 1 11 10 13 7 8 15 9 12 5 6 3 0 14

3 11 8 12 7 1 14 2 13 6 15 0 9 10 4 5 3


Row / Column 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

0 12 1 10 15 9 2 6 8 0 13 3 4 14 7 5 11

1 10 15 4 2 7 12 9 5 6 1 13 14 0 11 3 8

2 9 14 15 5 2 8 12 3 7 0 4 10 1 13 11 6

3 4 3 2 12 9 5 15 10 11 14 1 7 6 0 8 13


Row / Column 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

0 4 11 2 14 15 0 8 13 3 12 9 7 5 10 6 1

1 13 0 11 7 4 9 1 10 14 3 5 12 2 15 8 6

2 1 4 11 13 12 3 7 14 10 15 6 8 0 5 9 2

3 6 11 13 8 1 4 10 7 9 5 0 15 14 2 3 12


Row / Column 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

0 13 2 8 4 6 15 11 1 10 9 3 14 5 0 12 7

1 1 15 13 8 10 3 7 4 12 5 6 11 0 14 9 2

2 7 11 4 1 9 12 14 2 0 6 10 13 15 3 5 8

3 2 1 14 7 4 10 8 13 15 12 9 0 3 5 6 11

Feistel Function - PermutationFeistel Function - Permutation

After the substitution, do After the substitution, do permutation according to permutation according to the P-boxthe P-box

P Permutation

Bit 0 1 2 3

1 16 7 20 21

5 29 12 28 17

9 1 15 23 26

13 5 18 31 10

17 2 8 24 14

21 32 27 3 9

25 19 13 30 6

29 22 11 4 25


After one round of Feistel After one round of Feistel Function is completed, the Function is completed, the buffer is “XORed” with L, bbuffer is “XORed” with L, becoming the next Recoming the next R

Previous R becomes the nPrevious R becomes the next Lext L

Repeat the operations meRepeat the operations mentioned above 16 timesntioned above 16 times


When 16 rounds are When 16 rounds are finished, L and R are finished, L and R are swapped and merged, swapped and merged, then becomes a 64-bit then becomes a 64-bit “pre-output”“pre-output”

Use IPUse IP-1-1 to become the to become the final cipher outputfinal cipher output

DES - DecryptionDES - Decryption

Almost all operations are the same as thosAlmost all operations are the same as those of encryptione of encryption

Only one is different: use the subkeys in dOnly one is different: use the subkeys in descending orderescending order

DES – Other FormDES – Other Form

Triple-DES: quite literally. A Triple-DES Triple-DES: quite literally. A Triple-DES key has length of 192 bits. It can be key has length of 192 bits. It can be considered three 64-bit DES key.considered three 64-bit DES key.

DES40: a key is pre-processed to make it DES40: a key is pre-processed to make it a 40-bit effective keya 40-bit effective key

DES - ModesDES - Modes

ECB (Electronic Code Book)ECB (Electronic Code Book)

CBC (Cipher Block Chaining)CBC (Cipher Block Chaining)

DES – CryptanalysisDES – Cryptanalysis

Documents

DES Algorithm