SlideShare a Scribd company logo

DES (Data Encryption Standard) Algorithm

S
SamEhlinger

This ppt covers the information about DES (Data Encryption Standard) algorithm of cryptography. This will include: 1. Introduction to Cryptography 2. History and Development of DES 3. Architecture of DES 4. The Working Process (Step-by-Step) 5. Strengths and Weaknesses 6. Use Cases of DES 7. Comparison with Other Algorithms (like AES) 8. Conclusion 1. Introduction to Cryptography and DES Cryptography is the science of securing information by transforming it into an unreadable format, ensuring confidentiality, integrity, and authenticity. Among the various cryptographic algorithms developed, the Data Encryption Standard (DES) holds a significant place as one of the pioneering symmetric-key block ciphers. Developed in the 1970s, DES became a cornerstone in the evolution of data security practices.  ⸻ 2. Historical Background of DES The origins of DES trace back to the early 1970s when IBM developed a cipher named Lucifer, designed by cryptographer Horst Feistel. Recognizing the need for a standardized encryption method, the National Bureau of Standards (now NIST) initiated a public request for proposals for a secure encryption algorithm. IBM submitted a modified version of Lucifer, which, after evaluation and modifications (including input from the National Security Agency (NSA)), was adopted as the Data Encryption Standard in 1977. It was published as Federal Information Processing Standard (FIPS) 46 and became widely used across various industries.   ⸻ 3. Technical Architecture of DES 3.1. Symmetric-Key Block Cipher DES is a symmetric-key algorithm, meaning the same key is used for both encryption and decryption. It operates on fixed-size blocks of data, specifically 64-bit blocks, transforming plaintext into ciphertext using a series of complex operations.  3.2. Key Structure Although DES uses a 64-bit key, only 56 bits are actually used for encryption; the remaining 8 bits are utilized for parity checks to ensure key integrity. This 56-bit key size was considered secure at the time of DES’s inception but has become vulnerable to brute-force attacks with advancements in computing power.   3.3. Feistel Network Structure DES employs a Feistel network, a symmetric structure used in many block ciphers. In this structure, the data block is divided into two halves, and a series of transformations are applied over multiple rounds. Each round involves substitution and permutation operations, enhancing the diffusion and confusion properties essential for secure encryption.  ⸻ 4. Operational Process of DES 4.1. Initial Permutation (IP) The encryption process begins with an Initial Permutation (IP), where the 64-bit plaintext block undergoes a fixed permutation of its bits. This step doesn’t add cryptographic strength but prepares the data for the subsequent rounds. 4.2. Division into Halves Post-IP, the permuted block is divided into two 32-bit halves: Left (L0) and Right (R0). These halves are processed through 16 round.

Technology
1 of 77
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
Chapter 2 Data Encryption Standard (DES)
❏ To review a short history of DES ❏ To define the basic structure of DES ❏ To describe the details of building elements of DES ❏ To describe the round keys generation process ❏ To analyze DES Objectives:
Introduction The Data Encryption Standard (DES) is a symmetric-key block cipher published by the National Institute of Standards and Technology (NIST).
 In 1973, NIST published a request for proposals for a national symmetric-key cryptosystem. A proposal from IBM, a modification of a project called Lucifer, was accepted as DES.  DES was published in the Federal Register in March 1975 as a draft of the Federal Information Processing Standard (FIPS). History
DES is a block cipher, as shown in Figure DES Figure Encryption and decryption with DES
DES •The Data Encryption Standard (DES) is a symmetric-key block cipher •DES is an implementation of a Feistel Cipher. It uses 16 round Feistel structure.
Feistel Cipher Structure Horst Feistel devised the Feistel cipher  based on concept of invertible product cipher partitions input block into two halves Process halves through multiple rounds which perform a substitution on left half based on round function of right half & subkey Then have permutation swapping halves. 6.7
Feistel Cipher Structure
Feistel Cipher Design Elements block size key size number of rounds subkey generation algorithm round function fast software en/decryption ease of analysis
Confusion and Diffusion cipher needs to completely obscure statistical properties of original message more practically Shannon suggested combining S & P elements to obtain: diffusion – dissipates statistical structure of plaintext over bulk of ciphertext confusion – makes relationship between ciphertext and key as complex as possible
General structure of DES Figure General structure of DES
Initial and Final Permutation •The initial and final permutations are straight Permutation boxes (P-boxes) that are inverses of each other. •They have no cryptography significance in DES.
Initial and Final Permutations Initial and final permutation steps in DES
6.14
Round Function •The heart of this cipher is the DES function, f. •The DES function applies a 48-bit key to the rightmost 32 bits to produce a 32-bit output.
DES uses 16 rounds. Each round of DES is a Feistel cipher. A round in DES (encryption site) Rounds
DES Function DES function
Expansion P Box •Since right input is 32-bit and round key is a 48-bit, we first need to expand right input to 48 bits.
Expansion P-box Expansion permutation
Although the relationship between the input and output can be defined mathematically, DES uses Table to define this P-box. Continue Table Expansion P-box table
Whitener (XOR)  After the expansion permutation, DES uses the XOR operation on the expanded right section and the round key.  Note that both the right section and the key are 48-bits in length.  Also the round key is used only in this operation. Continue
Substitution Boxes. − The S-boxes carry out the real mixing (confusion). DES uses 8 S-boxes, each with a 6-bit input and a 4-bit output. Continue S-boxes
Continue S-box rule
Following Table shows the permutation for S-box 1. Continue S-box 1
Continued Example : The input to S-box 1 is 100011. What is the output? If we write the first and the sixth bits together, we get 11 in binary, which is 3 in decimal. The remaining bits are 0001 in binary, which is 1 in decimal. We look for the value in row 3, column 1, in Table 6.3 (S-box 1). The result is 12 in decimal, which in binary is 1100. So the input 100011 yields the output 1100. Solution
Straight Permutation − The 32 bit output of S-boxes is then subjected to the straight permutation with rule shown in the following illustration: Continue Straight permutation table
S1 S2 S3 S4 S5 S6 S7 S8 16 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 16 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Permutation Box P P-box applied at end of each round
1 2 3 4 5 6 7 8 11 12 13 14 15 16 17 18 9 10 21 22 23 24 25 26 27 28 19 20 31 32 29 30 1 2 3 4 5 6 7 8 11 12 13 14 15 16 17 18 9 10 21 22 23 24 25 26 27 28 19 20 31 32 29 30 28 29 24 25 21 20 16 17 13 12 4 5 8 9 32 1 1 2 3 4 5 6 7 8 11 12 13 14 15 16 17 18 9 10 21 22 23 24 25 26 27 28 19 20 31 32 29 30 33 34 35 36 37 38 41 42 43 44 45 46 47 48 39 40 1 2 3 4 5 6 7 8 11 12 13 14 15 16 17 18 9 10 21 22 23 24 25 26 27 28 19 20 31 32 29 30 33 34 35 36 37 38 41 42 43 44 45 46 47 48 39 40 S4 control input symbol output symbol 1 2 3 4 5 6 7 8 11 12 13 14 15 16 17 18 9 10 21 22 23 24 25 26 27 28 19 20 31 32 29 30 S3 control input symbol output symbol input symbol S5 control input symbol output symbol input symbol S6 control input symbol output symbol input symbol S7 control input symbol output symbol input symbol S8 control input symbol output symbol input symbol S1 control input symbol output symbol input symbol S2 control input symbol output symbol input symbol 1 2 3 4 5 6 7 8 11 12 13 14 15 16 17 18 9 10 21 22 23 24 25 26 27 28 19 20 31 32 29 30 Right Half i-1 Round Key i 1 2 3 4 5 6 7 8 11 12 13 14 15 16 17 18 9 10 21 22 23 24 25 26 27 28 19 20 31 32 29 30 1 2 3 4 5 6 7 8 11 12 13 14 15 16 17 18 9 10 21 22 23 24 25 26 27 28 19 20 31 32 29 30 1 2 3 4 5 6 7 8 11 12 13 14 15 16 17 18 9 10 21 22 23 24 25 26 27 28 19 20 31 32 29 30 O + O + Left Half i-1 Right Half i DES round in full
1 2 3 4 5 6 7 8 11 12 13 14 15 16 17 18 9 10 21 22 23 24 25 26 27 28 19 20 31 32 29 30 33 34 35 36 37 38 41 42 43 44 45 46 47 48 39 40 51 52 53 54 55 56 57 58 49 50 61 62 59 60 63 64 1 2 3 4 5 6 7 8 11 12 13 14 15 16 17 18 9 10 21 22 23 24 25 26 27 28 19 20 31 32 29 30 33 34 35 36 37 38 41 42 43 44 45 46 47 48 39 40 51 52 53 54 55 56 49 50 64-bit key with parity bits 56-bit key 1 2 3 4 5 6 7 11 12 13 14 15 17 18 9 10 21 22 23 25 26 27 28 19 20 31 29 30 33 34 35 36 37 38 41 42 43 44 45 46 47 39 51 52 53 54 55 49 50 57 58 61 62 59 60 63 permuted choice 1 1 2 3 4 5 6 7 8 11 12 13 14 15 16 17 18 9 10 21 22 23 24 25 26 27 28 19 20 31 32 29 30 33 34 35 36 37 38 41 42 43 44 45 46 47 48 39 40 51 52 53 54 55 56 49 50 1 2 3 4 5 6 7 8 11 12 13 14 15 16 17 18 9 10 21 22 23 24 25 26 27 28 19 20 31 32 29 30 33 34 35 36 37 38 41 42 43 44 45 46 47 48 39 40 51 52 53 54 55 56 49 50 Left Shift 1 2 3 4 5 6 7 8 11 12 13 14 15 16 17 18 9 10 21 22 23 24 25 26 27 28 19 20 31 32 29 30 33 34 35 36 37 38 41 42 43 44 45 46 47 48 39 40 51 52 53 54 55 56 49 50 1 2 3 4 5 6 7 8 11 12 13 14 15 16 17 10 21 23 24 26 27 28 19 20 31 32 29 30 33 34 36 37 41 42 44 45 46 47 48 39 40 51 52 53 55 56 49 50 1 2 3 4 5 6 7 8 11 12 13 14 15 16 17 18 9 10 21 22 23 24 25 26 27 28 19 20 31 32 29 30 33 34 35 36 37 38 41 42 43 44 45 46 47 48 39 40 permuted choice 2 48-bit subkey DES Key Schedule
Using mixers and swappers, we can create the cipher and reverse cipher, each having 16 rounds. Cipher and Reverse Cipher First Approach To achieve this goal, one approach is to make the last round (round 16) different from the others; it has only a mixer and no swapper.
Continued DES cipher and reverse cipher for the first approach
Continued Algorithm Pseudocode for DES cipher
Continued Algorithm Pseudocode for DES cipher (Continued)
Continued Algorithm Pseudocode for DES cipher (Continued)
Continued Algorithm Pseudocode for DES cipher (Continued)
Alternative Approach Continued We can make all 16 rounds the same by including one swapper to the 16th round and add an extra swapper after that (two swappers cancel the effect of each other). Key Generation The round-key generator creates sixteen 48-bit keys out of a 56-bit cipher key.
Key Generation Process
Continued Key generation
Continued • Parity bit drop: it drops parity bits (bits 8,16,24,…64) from 64 bit key and permutes the rest of the bits according to Parity-bit drop table.
Continued Table Parity-bit drop table
continued • Shift left: 1. Key is divided into two 28 bit parts. 2. Each part is shifted left (circular) one or two bits. 3. The two parts are then combined to form a 56-bit part.
Continued Table Key-compression table Compression D-Box: It changes 56 bits to 48 bits which are used as a key for a round. (drops bits 9,18,22,25,35,38,43,54)
DES (Data Encryption Standard) Algorithm
Continued Algorithm Algorithm for round-key generation
Continued Algorithm Algorithm for round-key generation (Continue)
We choose a random plaintext block and a random key, and determine what the ciphertext block would be (all in hexadecimal): Trace of data for Example Example
Trace of data for Example (Conintued ) Continued
Continued Let us see how Bob, at the destination, can decipher the ciphertext received from Alice using the same key. Table shows some interesting points. Example:
DES Design Controversy DES was subjected to intense and continuing criticism over : choice of 56-bit key (vs Lucifer 128-bit) the classified design criteria subsequent events and public analysis show in fact design was appropriate use of DES has flourished especially in financial applications still standardized for legacy application use 3DES still strong (112 bit key) 6.49
DES ANALYSIS Critics have used a strong magnifier to analyze DES. Tests have been done to measure the strength of some desired properties in a block cipher.
Two desired properties of a block cipher are the avalanche effect and the completeness. Properties •Avalanche effect − A small change in plaintext results in the very great change in the ciphertext. •Completeness − Each bit of ciphertext depends on many bits of plaintext.
avalanche effect Properties (continued…) To check the avalanche effect in DES, let us encrypt two plaintext blocks (with the same key) that differ only in one bit and observe the differences in the number of bits in each round. Example
Continued Although the two plaintext blocks differ only in the rightmost bit, the ciphertext blocks differ in 29 bits. This means that changing approximately 1.5 percent of the plaintext creates a change of approximately 45 percent in the ciphertext. Number of bit differences for Example
Design Criteria S-Boxes The design provides confusion and diffusion of bits from each round to the next. D-Boxes They provide diffusion of bits. Number of Rounds DES uses sixteen rounds of Feistel ciphers. the ciphertext is thoroughly a random function of plaintext and ciphertext.
During the last few years critics have found some weaknesses in DES. DES Weaknesses Weaknesses in Cipher Design 1. Weaknesses in S-boxes 2. Weaknesses in D-boxes 3. Weaknesses in Key
Continued Double encryption and decryption with a weak key
Continued Let us try the first weak key in previous table to encrypt a block two times. After two encryptions with the same key the original plaintext block is created. Note that we have used the encryption algorithm two times, not one encryption followed by another decryption. Example
Continued
Continued
Continued A pair of semi-weak keys in encryption and decryption
Possible weak keys There are 48 keys that are called possible weak keys. It is a key that creates only four distinct round keys.
Continued What is the probability of randomly selecting a weak, a semi- weak, or a possible weak key? Solution DES has a key domain of 256. The total number of the above keys are 64 (4 + 12 + 48). The probability of choosing one of these keys is 8.8 × 10−16, almost impossible. Example
6.63 Key Compliment • It is observed that half of the keys are compliment of the other half. • It simplifies job of the cryptanalysis
Multiple DES  The major criticism of DES regards its key length.  We can use double or triple DES to increase the key size.
The first approach is to use double DES (2DES). Double DES Meet-in-the-Middle Attack However, using a known-plaintext attack called meet-in-the-middle attack proves that double DES improves this vulnerability slightly (to 257 tests), but not tremendously (to 2112).
Continued Figure Meet-in-the-middle attack for double DES
Continued Figure Tables for meet-in-the-middle attack
6.68 Triple DES There are two variants of Triple DES known as 3-key Triple DES (3TDES) and 2-key Triple DES (2TDES).
Triple DES Figure Triple DES with two keys
6.70 Continuous Triple DES with Three Keys  Before using 3TDES, user first generate and distribute a 3TDES key K, which consists of three different DES keys K1, K2 and K3.  This means that the actual 3TDES key has length 3×56 = 168 bits.
Figure Triple DES with three keys Continued…
• Encrypt the plaintext blocks using single DES with key K1. •Now decrypt the output of step 1 using single DES with key K2. •Finally, encrypt the output of step 2 using single DES with key K3. •The output of step 3 is the ciphertext. •Decryption of a ciphertext is a reverse process. User first decrypt using K3, then encrypt with K2, and finally decrypt with K1. The encryption-decryption process Continued…
Security of DES DES, as the first important block cipher, has gone through much scrutiny. Among the attempted attacks, three are of interest: brute-force, differential cryptanalysis, and linear cryptanalysis.
Combining key size weakness with the key complement weakness, it is clear that DES can be broken using 255 encryptions. Brute-Force Attack
• It has been revealed that the designers of DES already knew about this type of attack and designed S-boxes and chose 16 as the number of rounds to make DES specifically resistant to this type of attack. • It has been shown that DES can be broken using 247 pairs of chosen plaintexts or 255 known plaintexts. • Differential Cryptanalysis
6.76 • Linear cryptanalysis is newer than differential cryptanalysis. DES is more vulnerable to linear cryptanalysis than to differential cryptanalysis. • S-boxes are not very resistant to linear cryptanalysis. • It has been shown that DES can be broken using 243 pairs of known plaintexts. • However, from the practical point of view, finding so many pairs is very unlikely. Linear Cryptanalysis
References: 1. Stallings 2. Forouzan

More Related Content

PPT
ch03_block_ciphers_nemo (2) (1).ppt
MrsPrabhaBV
 
PPTX
information security lecture 7 & 8 .pptx
NasirAli233814
 
PDF
1 DES.pdf
nitin571047
 
PPTX
Information and network security 20 data encryption standard des
Vaibhav Khanna
 
PDF
3-Block Ciphers and DES.pdf
MuhammadShoaibHussai2
 
PPTX
Data Encryption Standards (1).pptx
Santhosh Prabhu
 
PDF
sheet4.pdf
aminasouyah
 
PDF
paper4.pdf
aminasouyah
 
ch03_block_ciphers_nemo (2) (1).ppt
MrsPrabhaBV
 
information security lecture 7 & 8 .pptx
NasirAli233814
 
1 DES.pdf
nitin571047
 
Information and network security 20 data encryption standard des
Vaibhav Khanna
 
3-Block Ciphers and DES.pdf
MuhammadShoaibHussai2
 
Data Encryption Standards (1).pptx
Santhosh Prabhu
 
sheet4.pdf
aminasouyah
 
paper4.pdf
aminasouyah
 

Similar to DES (Data Encryption Standard) Algorithm (20)

PDF
lecture3.pdf
aminasouyah
 
PDF
doc4.pdf
aminasouyah
 
PDF
doc4.pdf
aminasouyah
 
PDF
cryptography2 WHICH IS VERY IMPOTRANT.pdf
gadisagemechu1
 
PDF
2 DES.pdf
nitin571047
 
PDF
4-DES.pdf
ShimoFcis
 
PPT
Data encryption standard
Vasuki Ramasamy
 
PPT
Chapter 3: Block Ciphers and the Data Encryption Standard
Shafaan Khaliq Bhatti
 
PPTX
DES Presentation.pptx for Information Security, A common Subject
kashafbutt72
 
PPT
Cryptography Symmetric Key Algorithm (CSE)
SoumyaBhattacharyya14
 
ODP
Des
Anshul Sharma
 
PPTX
Block Cipher.cryptography_miu_year5.pptx
HodaAhmedBekhitAhmed
 
PPTX
Trible data encryption standard (3DES)
Ahmed Mohamed Mahmoud
 
PPT
block ciphers
Asad Ali
 
PDF
Proposing an Encryption Algorithm based on DES
International Journal of Science and Research (IJSR)
 
PPT
CNS_06 DES ALGORITHM AND ITS IMPLEMENTAT
tpvvsreenivasarao
 
PPTX
data ebncryption standard with example.pptx
ajajkhan16
 
PPTX
Cryptographic algorithms
Anamika Singh
 
PPTX
Cryptographic algorithms
Anamika Singh
 
PDF
chap3.pdf
NickySanthosh1
 
lecture3.pdf
aminasouyah
 
doc4.pdf
aminasouyah
 
doc4.pdf
aminasouyah
 
cryptography2 WHICH IS VERY IMPOTRANT.pdf
gadisagemechu1
 
2 DES.pdf
nitin571047
 
4-DES.pdf
ShimoFcis
 
Data encryption standard
Vasuki Ramasamy
 
Chapter 3: Block Ciphers and the Data Encryption Standard
Shafaan Khaliq Bhatti
 
DES Presentation.pptx for Information Security, A common Subject
kashafbutt72
 
Cryptography Symmetric Key Algorithm (CSE)
SoumyaBhattacharyya14
 
Des
Anshul Sharma
 
Block Cipher.cryptography_miu_year5.pptx
HodaAhmedBekhitAhmed
 
Trible data encryption standard (3DES)
Ahmed Mohamed Mahmoud
 
block ciphers
Asad Ali
 
Proposing an Encryption Algorithm based on DES
International Journal of Science and Research (IJSR)
 
CNS_06 DES ALGORITHM AND ITS IMPLEMENTAT
tpvvsreenivasarao
 
data ebncryption standard with example.pptx
ajajkhan16
 
Cryptographic algorithms
Anamika Singh
 
Cryptographic algorithms
Anamika Singh
 
chap3.pdf
NickySanthosh1
 
Ad

Recently uploaded (20)

PDF
GamePlan Trading System Review: Professional Trader's Honest Take
SOFTTECHHUB
 
PPTX
breach-and-attack-simulation-cybersecurity-india-chennai-defenderrabbit-2025....
defencerabbit Team
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
AI And Its Effect On The Evolving IT Sector In Australia - Elevate
Elevate
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
solutions_manual_-_materials___processing_in_manufacturing__demargo_.pdf
AbdullahSani29
 
PDF
Advanced IT Governance
University of Hertfordshire
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PPTX
Telecom Fraud Prevention Guide | Hyperlink InfoSystem
danielle hunter
 
GamePlan Trading System Review: Professional Trader's Honest Take
SOFTTECHHUB
 
breach-and-attack-simulation-cybersecurity-india-chennai-defenderrabbit-2025....
defencerabbit Team
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
AI And Its Effect On The Evolving IT Sector In Australia - Elevate
Elevate
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
solutions_manual_-_materials___processing_in_manufacturing__demargo_.pdf
AbdullahSani29
 
Advanced IT Governance
University of Hertfordshire
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Cloud computing and distributed systems.
kkkkkhan
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
Telecom Fraud Prevention Guide | Hyperlink InfoSystem
danielle hunter
 
Ad

DES (Data Encryption Standard) Algorithm

  • 1. Chapter 2 Data Encryption Standard (DES)
  • 2. ❏ To review a short history of DES ❏ To define the basic structure of DES ❏ To describe the details of building elements of DES ❏ To describe the round keys generation process ❏ To analyze DES Objectives:
  • 3. Introduction The Data Encryption Standard (DES) is a symmetric-key block cipher published by the National Institute of Standards and Technology (NIST).
  • 4.  In 1973, NIST published a request for proposals for a national symmetric-key cryptosystem. A proposal from IBM, a modification of a project called Lucifer, was accepted as DES.  DES was published in the Federal Register in March 1975 as a draft of the Federal Information Processing Standard (FIPS). History
  • 5. DES is a block cipher, as shown in Figure DES Figure Encryption and decryption with DES
  • 6. DES •The Data Encryption Standard (DES) is a symmetric-key block cipher •DES is an implementation of a Feistel Cipher. It uses 16 round Feistel structure.
  • 7. Feistel Cipher Structure Horst Feistel devised the Feistel cipher  based on concept of invertible product cipher partitions input block into two halves Process halves through multiple rounds which perform a substitution on left half based on round function of right half & subkey Then have permutation swapping halves. 6.7
  • 9. Feistel Cipher Design Elements block size key size number of rounds subkey generation algorithm round function fast software en/decryption ease of analysis
  • 10. Confusion and Diffusion cipher needs to completely obscure statistical properties of original message more practically Shannon suggested combining S & P elements to obtain: diffusion – dissipates statistical structure of plaintext over bulk of ciphertext confusion – makes relationship between ciphertext and key as complex as possible
  • 11. General structure of DES Figure General structure of DES
  • 12. Initial and Final Permutation •The initial and final permutations are straight Permutation boxes (P-boxes) that are inverses of each other. •They have no cryptography significance in DES.
  • 13. Initial and Final Permutations Initial and final permutation steps in DES
  • 14. 6.14
  • 15. Round Function •The heart of this cipher is the DES function, f. •The DES function applies a 48-bit key to the rightmost 32 bits to produce a 32-bit output.
  • 16. DES uses 16 rounds. Each round of DES is a Feistel cipher. A round in DES (encryption site) Rounds
  • 18. Expansion P Box •Since right input is 32-bit and round key is a 48-bit, we first need to expand right input to 48 bits.
  • 20. Although the relationship between the input and output can be defined mathematically, DES uses Table to define this P-box. Continue Table Expansion P-box table
  • 21. Whitener (XOR)  After the expansion permutation, DES uses the XOR operation on the expanded right section and the round key.  Note that both the right section and the key are 48-bits in length.  Also the round key is used only in this operation. Continue
  • 22. Substitution Boxes. − The S-boxes carry out the real mixing (confusion). DES uses 8 S-boxes, each with a 6-bit input and a 4-bit output. Continue S-boxes
  • 24. Following Table shows the permutation for S-box 1. Continue S-box 1
  • 25. Continued Example : The input to S-box 1 is 100011. What is the output? If we write the first and the sixth bits together, we get 11 in binary, which is 3 in decimal. The remaining bits are 0001 in binary, which is 1 in decimal. We look for the value in row 3, column 1, in Table 6.3 (S-box 1). The result is 12 in decimal, which in binary is 1100. So the input 100011 yields the output 1100. Solution
  • 26. Straight Permutation − The 32 bit output of S-boxes is then subjected to the straight permutation with rule shown in the following illustration: Continue Straight permutation table
  • 27. S1 S2 S3 S4 S5 S6 S7 S8 16 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 16 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Permutation Box P P-box applied at end of each round
  • 28. 1 2 3 4 5 6 7 8 11 12 13 14 15 16 17 18 9 10 21 22 23 24 25 26 27 28 19 20 31 32 29 30 1 2 3 4 5 6 7 8 11 12 13 14 15 16 17 18 9 10 21 22 23 24 25 26 27 28 19 20 31 32 29 30 28 29 24 25 21 20 16 17 13 12 4 5 8 9 32 1 1 2 3 4 5 6 7 8 11 12 13 14 15 16 17 18 9 10 21 22 23 24 25 26 27 28 19 20 31 32 29 30 33 34 35 36 37 38 41 42 43 44 45 46 47 48 39 40 1 2 3 4 5 6 7 8 11 12 13 14 15 16 17 18 9 10 21 22 23 24 25 26 27 28 19 20 31 32 29 30 33 34 35 36 37 38 41 42 43 44 45 46 47 48 39 40 S4 control input symbol output symbol 1 2 3 4 5 6 7 8 11 12 13 14 15 16 17 18 9 10 21 22 23 24 25 26 27 28 19 20 31 32 29 30 S3 control input symbol output symbol input symbol S5 control input symbol output symbol input symbol S6 control input symbol output symbol input symbol S7 control input symbol output symbol input symbol S8 control input symbol output symbol input symbol S1 control input symbol output symbol input symbol S2 control input symbol output symbol input symbol 1 2 3 4 5 6 7 8 11 12 13 14 15 16 17 18 9 10 21 22 23 24 25 26 27 28 19 20 31 32 29 30 Right Half i-1 Round Key i 1 2 3 4 5 6 7 8 11 12 13 14 15 16 17 18 9 10 21 22 23 24 25 26 27 28 19 20 31 32 29 30 1 2 3 4 5 6 7 8 11 12 13 14 15 16 17 18 9 10 21 22 23 24 25 26 27 28 19 20 31 32 29 30 1 2 3 4 5 6 7 8 11 12 13 14 15 16 17 18 9 10 21 22 23 24 25 26 27 28 19 20 31 32 29 30 O + O + Left Half i-1 Right Half i DES round in full
  • 29. 1 2 3 4 5 6 7 8 11 12 13 14 15 16 17 18 9 10 21 22 23 24 25 26 27 28 19 20 31 32 29 30 33 34 35 36 37 38 41 42 43 44 45 46 47 48 39 40 51 52 53 54 55 56 57 58 49 50 61 62 59 60 63 64 1 2 3 4 5 6 7 8 11 12 13 14 15 16 17 18 9 10 21 22 23 24 25 26 27 28 19 20 31 32 29 30 33 34 35 36 37 38 41 42 43 44 45 46 47 48 39 40 51 52 53 54 55 56 49 50 64-bit key with parity bits 56-bit key 1 2 3 4 5 6 7 11 12 13 14 15 17 18 9 10 21 22 23 25 26 27 28 19 20 31 29 30 33 34 35 36 37 38 41 42 43 44 45 46 47 39 51 52 53 54 55 49 50 57 58 61 62 59 60 63 permuted choice 1 1 2 3 4 5 6 7 8 11 12 13 14 15 16 17 18 9 10 21 22 23 24 25 26 27 28 19 20 31 32 29 30 33 34 35 36 37 38 41 42 43 44 45 46 47 48 39 40 51 52 53 54 55 56 49 50 1 2 3 4 5 6 7 8 11 12 13 14 15 16 17 18 9 10 21 22 23 24 25 26 27 28 19 20 31 32 29 30 33 34 35 36 37 38 41 42 43 44 45 46 47 48 39 40 51 52 53 54 55 56 49 50 Left Shift 1 2 3 4 5 6 7 8 11 12 13 14 15 16 17 18 9 10 21 22 23 24 25 26 27 28 19 20 31 32 29 30 33 34 35 36 37 38 41 42 43 44 45 46 47 48 39 40 51 52 53 54 55 56 49 50 1 2 3 4 5 6 7 8 11 12 13 14 15 16 17 10 21 23 24 26 27 28 19 20 31 32 29 30 33 34 36 37 41 42 44 45 46 47 48 39 40 51 52 53 55 56 49 50 1 2 3 4 5 6 7 8 11 12 13 14 15 16 17 18 9 10 21 22 23 24 25 26 27 28 19 20 31 32 29 30 33 34 35 36 37 38 41 42 43 44 45 46 47 48 39 40 permuted choice 2 48-bit subkey DES Key Schedule
  • 30. Using mixers and swappers, we can create the cipher and reverse cipher, each having 16 rounds. Cipher and Reverse Cipher First Approach To achieve this goal, one approach is to make the last round (round 16) different from the others; it has only a mixer and no swapper.
  • 31. Continued DES cipher and reverse cipher for the first approach
  • 33. Continued Algorithm Pseudocode for DES cipher (Continued)
  • 34. Continued Algorithm Pseudocode for DES cipher (Continued)
  • 35. Continued Algorithm Pseudocode for DES cipher (Continued)
  • 36. Alternative Approach Continued We can make all 16 rounds the same by including one swapper to the 16th round and add an extra swapper after that (two swappers cancel the effect of each other). Key Generation The round-key generator creates sixteen 48-bit keys out of a 56-bit cipher key.
  • 39. Continued • Parity bit drop: it drops parity bits (bits 8,16,24,…64) from 64 bit key and permutes the rest of the bits according to Parity-bit drop table.
  • 41. continued • Shift left: 1. Key is divided into two 28 bit parts. 2. Each part is shifted left (circular) one or two bits. 3. The two parts are then combined to form a 56-bit part.
  • 42. Continued Table Key-compression table Compression D-Box: It changes 56 bits to 48 bits which are used as a key for a round. (drops bits 9,18,22,25,35,38,43,54)
  • 44. Continued Algorithm Algorithm for round-key generation
  • 45. Continued Algorithm Algorithm for round-key generation (Continue)
  • 46. We choose a random plaintext block and a random key, and determine what the ciphertext block would be (all in hexadecimal): Trace of data for Example Example
  • 47. Trace of data for Example (Conintued ) Continued
  • 48. Continued Let us see how Bob, at the destination, can decipher the ciphertext received from Alice using the same key. Table shows some interesting points. Example:
  • 49. DES Design Controversy DES was subjected to intense and continuing criticism over : choice of 56-bit key (vs Lucifer 128-bit) the classified design criteria subsequent events and public analysis show in fact design was appropriate use of DES has flourished especially in financial applications still standardized for legacy application use 3DES still strong (112 bit key) 6.49
  • 50. DES ANALYSIS Critics have used a strong magnifier to analyze DES. Tests have been done to measure the strength of some desired properties in a block cipher.
  • 51. Two desired properties of a block cipher are the avalanche effect and the completeness. Properties •Avalanche effect − A small change in plaintext results in the very great change in the ciphertext. •Completeness − Each bit of ciphertext depends on many bits of plaintext.
  • 52. avalanche effect Properties (continued…) To check the avalanche effect in DES, let us encrypt two plaintext blocks (with the same key) that differ only in one bit and observe the differences in the number of bits in each round. Example
  • 53. Continued Although the two plaintext blocks differ only in the rightmost bit, the ciphertext blocks differ in 29 bits. This means that changing approximately 1.5 percent of the plaintext creates a change of approximately 45 percent in the ciphertext. Number of bit differences for Example
  • 54. Design Criteria S-Boxes The design provides confusion and diffusion of bits from each round to the next. D-Boxes They provide diffusion of bits. Number of Rounds DES uses sixteen rounds of Feistel ciphers. the ciphertext is thoroughly a random function of plaintext and ciphertext.
  • 55. During the last few years critics have found some weaknesses in DES. DES Weaknesses Weaknesses in Cipher Design 1. Weaknesses in S-boxes 2. Weaknesses in D-boxes 3. Weaknesses in Key
  • 56. Continued Double encryption and decryption with a weak key
  • 57. Continued Let us try the first weak key in previous table to encrypt a block two times. After two encryptions with the same key the original plaintext block is created. Note that we have used the encryption algorithm two times, not one encryption followed by another decryption. Example
  • 60. Continued A pair of semi-weak keys in encryption and decryption
  • 61. Possible weak keys There are 48 keys that are called possible weak keys. It is a key that creates only four distinct round keys.
  • 62. Continued What is the probability of randomly selecting a weak, a semi- weak, or a possible weak key? Solution DES has a key domain of 256. The total number of the above keys are 64 (4 + 12 + 48). The probability of choosing one of these keys is 8.8 × 10−16, almost impossible. Example
  • 63. 6.63 Key Compliment • It is observed that half of the keys are compliment of the other half. • It simplifies job of the cryptanalysis
  • 64. Multiple DES  The major criticism of DES regards its key length.  We can use double or triple DES to increase the key size.
  • 65. The first approach is to use double DES (2DES). Double DES Meet-in-the-Middle Attack However, using a known-plaintext attack called meet-in-the-middle attack proves that double DES improves this vulnerability slightly (to 257 tests), but not tremendously (to 2112).
  • 67. Continued Figure Tables for meet-in-the-middle attack
  • 68. 6.68 Triple DES There are two variants of Triple DES known as 3-key Triple DES (3TDES) and 2-key Triple DES (2TDES).
  • 69. Triple DES Figure Triple DES with two keys
  • 70. 6.70 Continuous Triple DES with Three Keys  Before using 3TDES, user first generate and distribute a 3TDES key K, which consists of three different DES keys K1, K2 and K3.  This means that the actual 3TDES key has length 3×56 = 168 bits.
  • 71. Figure Triple DES with three keys Continued…
  • 72. • Encrypt the plaintext blocks using single DES with key K1. •Now decrypt the output of step 1 using single DES with key K2. •Finally, encrypt the output of step 2 using single DES with key K3. •The output of step 3 is the ciphertext. •Decryption of a ciphertext is a reverse process. User first decrypt using K3, then encrypt with K2, and finally decrypt with K1. The encryption-decryption process Continued…
  • 73. Security of DES DES, as the first important block cipher, has gone through much scrutiny. Among the attempted attacks, three are of interest: brute-force, differential cryptanalysis, and linear cryptanalysis.
  • 74. Combining key size weakness with the key complement weakness, it is clear that DES can be broken using 255 encryptions. Brute-Force Attack
  • 75. • It has been revealed that the designers of DES already knew about this type of attack and designed S-boxes and chose 16 as the number of rounds to make DES specifically resistant to this type of attack. • It has been shown that DES can be broken using 247 pairs of chosen plaintexts or 255 known plaintexts. • Differential Cryptanalysis
  • 76. 6.76 • Linear cryptanalysis is newer than differential cryptanalysis. DES is more vulnerable to linear cryptanalysis than to differential cryptanalysis. • S-boxes are not very resistant to linear cryptanalysis. • It has been shown that DES can be broken using 243 pairs of known plaintexts. • However, from the practical point of view, finding so many pairs is very unlikely. Linear Cryptanalysis