Data Encryption Standard - DES Algorithm

The Data Encryption Standard (DES) was the most widely used encryption scheme. DES was issued in 1977 by the National Bureau of Standards, now the National Institute of Standards and Technology (NIST), as Federal Information Processing Standard 46 (FIPS PUB 46). The algorithm itself is referred to as the Data Encryption Algorithm (DEA). For DEA, data are encrypted in 64-bit blocks using a 56-bit key. The algorithm transforms 64-bit input in a series of steps into a 64-bit output. The same steps, with the same key, are used to reverse the encryption.

Key Concepts of DES

  1. Symmetric Key Algorithm:

    • In DES, the same key is used for both encryption and decryption. This key must be shared between the sender and receiver securely.

  2. Block Cipher:

    • DES operates on fixed-length groups of bits, called blocks. The block size for DES is 64 bits.
    • The input data is divided into 64-bit blocks, which are encrypted one block at a time.

  3. Key Length:

    • DES uses a 56-bit key (though 64 bits are supplied, 8 bits are for parity checks). The strength of DES relies on the secrecy of this key.
High-Level Process of DES

The DES algorithm encrypts data using a series of permutations and substitutions over 16 rounds, transforming a 64-bit input block of plaintext into a 64-bit ciphertext block. Let's break down the steps involved:

Encryption and Decryption in DES

  • Encryption: As described, the plaintext is processed in 16 rounds of substitution, permutation, and key mixing, eventually producing the ciphertext.

  • Decryption: Decrypting a ciphertext is essentially the reverse of encryption. Since DES is a Feistel cipher, the same process is used for both encryption and decryption—except the round keys are applied in reverse order (starting with the last subkey and working backward).

Step-by-Step Breakdown of DES

1. Initial Permutation (IP)

  • The first step of DES is to rearrange (permute) the 64-bit plaintext using a fixed permutation table. This is called the Initial Permutation (IP).
  • The result is two 32-bit halves, which we'll call the left half (L0) and the right half (R0).

2. 16 Rounds of Encryption

After the initial permutation, DES performs 16 rounds of encryption, each involving key-dependent operations like substitution and permutation. Each round takes the current left and right halves as inputs and produces new left and right halves as outputs.

Each round consists of the following operations:

  • Round Function (F): The core of DES is the F function, which operates on the right half and the round key.

    • Key Scheduling: For each round, a 48-bit subkey is derived from the original 56-bit key using a process known as key scheduling. These subkeys are different for each round.

    • Expansion (E-box): The right half (32 bits) is expanded to 48 bits using a fixed expansion permutation, which allows it to be XORed with the 48-bit subkey.

    • XOR with Subkey: The expanded right half is XORed with the 48-bit subkey derived for the current round.

    • Substitution (S-boxes): The result of the XOR is passed through 8 S-boxes. These S-boxes (Substitution boxes) compress the 48-bit output back into 32 bits. The S-boxes perform non-linear substitution, adding complexity to the algorithm.

    • Permutation (P-box): The 32-bit output from the S-boxes is permuted again using a fixed table to further mix the bits.

  • Combining Left and Right Halves:

    • The left half (L) for the next round is simply the current right half (R).
    • The right half (R) for the next round is the result of XORing the current left half (L) with the output of the round function (F). Mathematically: 
                    $L_{i+1} = R_i​$
$R_{i+1}=L_i⊕F(R_i,K_i)$

This process is repeated for 16 rounds, with different subkeys and transformations in each round.

3. Final Permutation (FP)/ Inverse Initial Permutation($IP^{-1}$)

  • After the 16 rounds of transformation, the left and right halves are concatenated (combined back together) into a 64-bit block.
  • This block is then subjected to the Final Permutation (FP), which is the inverse of the initial permutation (IP). The output is the 64-bit ciphertext.

The right-hand portion of Figure above  shows the way in which the 56-bit key is used. Initially, the key is passed through a permutation function.Then, for each of the sixteen rounds, a subkey ($K_i$) is produced by the combination of a left circular shift and a permutation. The permutation function is the same for each round, but a different subkey is produced because of the repeated shifts of the key bits.

The following Figure shows a single round of DES Algorithm

The Permutations tables used are shown below


The round key $K_i$ is 48 bits. The $R$ input is 32 bits. This $R$ input is first expanded to 48 bits by using a table that defines a permutation plus an expansion that involves duplication of 16 of the $R$ bits (Table 3.2c).The resulting 48 bits are XORed with $K_i$. This 48-bit result passes through a substitution function that produces a 32-bit output, which is permuted as defined by Table 3.2d. 

The role of the S-boxes in the function F is illustrated in Figure 3.7.The substitution consists of a set of eight S-boxes, each of which accepts 6 bits as input and produces 4 bits as output. These transformations are defined in Table 3.3, which is interpreted as follows:The first and last bits of the input to box $S_i$ form a 2-bit binary number to select one of four substitutions defined by the four rows in the table for $S_i$.The middle four bits select one of the sixteen columns.The decimal value in the cell selected by the row and column is then converted to its 4-bit representation to produce the output. For example, in $S_1$, for input 011001, the row is 01 (row 1) and the column is 1100 (column 12).The value in row 1, column 12 is 9, so the output is 1001.





KEY GENERATION 
We see that a 64-bit key is used as input to the algorithm.The bits of the key are numbered from 1 through 64; every eighth bit is ignored, as indicated by the lack of shading in Table 3.4a.The key is first subjected to a permutation governed by a table labeled Permuted Choice One (Table 3.4b).The resulting 56-bit key is then treated as two 28-bit quantities, labeled $C_0$ and $D_0$. At each round, $C_{i-1}$  and $D_{i-1}$ are separately subjected to a circular left shift or (rotation) of 1 or 2 bits, as governed by Table 3.4d.These shifted values serve as input to the next round. They also serve as input to the part labeled Permuted Choice Two (Table 3.4c), which produces a 48-bit output that serves as input to the function .





Comments

Post a Comment

Popular posts from this blog

Cryptographic Algorithms CST 393 KTU CS Honour Notes Semester V -Dr Binu V P

About Me About the Course and Scheme Syllabus Model Question Paper University Question Papers ******************************************************** Module-1 (Introduction to the Concepts of Security) Introduction CIA Triad  OSI Security Architecture Security Attacks Security Services Security Mechanisms Model for Network Security Classical Encryption Techniques     Symmetric Cipher Model     Cryptography -  Crypt Analysis Substitution Ciphers-Caesar Cipher     Mono-alphabetic Ciphers     Playfair Cipher     Hill Cipher Poly Alphabetic Ciphers- Vigenere Cipher     Vernam Cipher- One Time Pad Transposition Ciphers Module-2 (Symmetric Key Crypto Systems) Stream Cipher Vs Block Cipher Traditional Block Cipher Structure- Fiestel Structure Data Encryption Standard - DES Algorithm Differential and Linear Cryptanalysis Double DES and Triple DES International Data Encryption Algorithm ( IDEA) Advanced Encryption Standard ( AES) Block Cipher Modes of Operation Stream Cipher and RC4 Module-3
Read more

Syllabus CST 393 Cryptographic Algorithms

Syllabus Module-1 (Introduction to the Concepts of Security) Need for security, Security approaches, Principles of security, Types of attacks, OSI Security Architecture, Classical encryption techniques - Substitution techniques, Transposition techniques. Stream cipher, Block cipher, Public key cryptosystems vs. Symmetric key cryptosystems, Encrypting communication channels. Module-2 (Symmetric Key Cryptosystems) Overview of symmetric key cryptography, Block cipher principles, Data Encryption Standard (DES), Differential and Linear cryptanalysis, Double DES, Triple DES, International Data Encryption Algorithm (IDEA), Advanced Encryption Algorithm (AES),Block cipher modes of operation, Stream cipher, RC4. Module-3 (Public Key Cryptosystems) Principles of public key cryptosystems, RSA algorithm, RSA illustration, Attacks, ElGamal cryptographic system, Knapsack algorithm, Diffie-Hellman key exchange algorithm, Elliptic curve cryptosystems. Module-4 (Key Management) Symmetric key distributi
Read more

Computer Security Concept- CIA Triad

Image
Definition of Computer Security The NIST Computer Security Handbook [NIST95] defines the term computer security as follows: Computer Security: The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability,and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).   This definition introduces three key objectives that are at the heart of computer  security: Confidentiality: This term covers two related concepts:             Data confidentiality: Assures that private or confidential information is not made available or disclosed to unauthorized individuals.      Privacy: Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.   Integrity: This term covers two related concepts:      Data integrity: Assures that information
Read more