DES is a block cipher that encrypts 64-bit plaintext blocks into ciphertext blocks of the same length using a 56-bit key. It operates by applying an initial permutation, expansion/substitution using S-boxes, and final permutation. The algorithm uses 16 rounds of these operations to transform the plaintext using a subkey generated from the main key. DES has some minor cryptanalytic properties like the complementation property and weak/semiweak keys, but these do not present vulnerabilities if random keys are chosen.
Copyright:
Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOC, PDF, TXT or read online from Scribd
DES is a block cipher that encrypts 64-bit plaintext blocks into ciphertext blocks of the same length using a 56-bit key. It operates by applying an initial permutation, expansion/substitution using S-boxes, and final permutation. The algorithm uses 16 rounds of these operations to transform the plaintext using a subkey generated from the main key. DES has some minor cryptanalytic properties like the complementation property and weak/semiweak keys, but these do not present vulnerabilities if random keys are chosen.
DES is a block cipher that encrypts 64-bit plaintext blocks into ciphertext blocks of the same length using a 56-bit key. It operates by applying an initial permutation, expansion/substitution using S-boxes, and final permutation. The algorithm uses 16 rounds of these operations to transform the plaintext using a subkey generated from the main key. DES has some minor cryptanalytic properties like the complementation property and weak/semiweak keys, but these do not present vulnerabilities if random keys are chosen.
Copyright:
Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOC, PDF, TXT or read online from Scribd
DES is a block cipher that encrypts 64-bit plaintext blocks into ciphertext blocks of the same length using a 56-bit key. It operates by applying an initial permutation, expansion/substitution using S-boxes, and final permutation. The algorithm uses 16 rounds of these operations to transform the plaintext using a subkey generated from the main key. DES has some minor cryptanalytic properties like the complementation property and weak/semiweak keys, but these do not present vulnerabilities if random keys are chosen.
Copyright:
Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOC, PDF, TXT or read online from Scribd
Download as doc, pdf, or txt
You are on page 1/ 7
Abstract
DES is the archetypal block cipher — an algorithm that takes a fixed-length string of plaintext bits and transforms it through a series of complicated operations into another ciphertext bitstring of the same length. In the case of DES, the block size is 64 bits. DES also uses a key to customize the transformation, so that decryption can only be performed by those who know the particular key used to encrypt. The key ostensibly consists of 64 bits; however, only 56 of these are actually used by the algorithm. Eight bits are used solely for checking parity, and are thereafter discarded. Hence the effective key length is 56 bits, and it is usually quoted as such.
Keywords
DES -Block Cipher-Symmetric Cipher-Feistel Cipher-Permutation-Substitution-
Encryption-Decryption
Introduction
The origins of DES go back to the early 1970s. In 1972, after concluding a study on the US government's computer security needs, the US standards body NBS (National Bureau of Standards) — now named NIST (National Institute of Standards and Technology) — identified a need for a government-wide standard for encrypting unclassified, sensitive information. Accordingly, on 15 May 1973, after consulting with the NSA, NBS solicited proposals for a cipher that would meet rigorous design criteria. None of the submissions, however, turned out to be suitable. A second request was issued on 27 August 1974. This time, IBM submitted a candidate which was deemed acceptable, a cipher developed during the period 1973–1974 based on an earlier algorithm, Horst Feistel's Lucifer cipher. The team at IBM involved in cipher design and analysis included Feistel, Walter Tuchman, Don Coppersmith, Alan Konheim, Carl Meyer, Mike Matyas, Roy Adler, Edna Grossman, Bill Notz, Lynn Smith, and Bryant Tuckerman. DES Algorithm
The basic operations are
1 Initial permutation (IP) 2 Final permutation (IP-1) 3 Expansion function (E) 4 Permutation (P) 5 Permuted choice 1 (PC-1) 6 Permuted choice 2 (PC-2) 7 Substitution boxes (S-boxes) 8 Rotations in the key-schedule
This table specifies the input permutation on a 64-bit block. The meaning is as follows: the first bit of the output is taken from the 58th bit of the input; the second bit from the 50th bit, and so on, with the last bit of the output taken from the 7th bit of the input.
The expansion function is interpreted as for the initial and final permutations. Note that some bits from the input are duplicated at the output; e.g. the fifth bit of the input is duplicated in both the sixth and eighth bit of the output. Thus, the 32-bit half-block is expanded to 48 bits.
Permuted choice 1 (PC-1)
PC-1 Left 57 49 41 33 25 17 9 1 58 50 42 34 26 18 10 2 59 51 43 35 27 19 11 3 60 52 44 36 Right 63 55 47 39 31 23 15 7 62 54 46 38 30 22 14 6 61 53 45 37 29 21 13 5 28 20 12 4 The "Left" and "Right" halves of the table show which bits from the input key form the left and right sections of the key schedule state. Note that only 56 bits of the 64 bits of the input are selected; the remaining eight were specified for use as parity bits. Permuted choice 2 (PC-2) PC-2 14 17 11 24 1 5 3 28 15 6 21 10 23 19 12 4 26 8 16 7 27 20 13 2 41 52 31 37 47 55 30 40 51 45 33 48 44 49 39 56 34 53 46 42 50 36 29 32
This permutation selects the 48-bit subkey for each round from the 56-bit key-schedule state.
Rotations in the key-schedule
Rotations Round Number of number left rotations 1 1 2 1 3 2 4 2 5 2 6 2 7 2 8 2 9 1 10 2 11 2 12 2 13 2 14 2 15 2 16 1 Before the round subkey is selected, each half of the key schedule state is rotated left by a number of places. This table specifies the number of places rotated.
This table lists the eight S-boxes used in DES. Each S-box replaces a 6-bit input with a 4- bit output. Given a 6-bit input, the 4-bit output is found by selecting the row using the outer two bits, and the column using the inner four bits. For example, an input "011011" has outer bits "01" and inner bits "1101"; the corresponding output for S-box S5 would be "1001".
Minor cryptanalytic properties
DES exhibits the complementation property, namely that
where is the bitwise complement of x. EK denotes encryption with key K. P and C
denote plaintext and ciphertext blocks respectively. The complementation property means that the work for a brute force attack could be reduced by a factor of 2 (or a single bit) under a chosen-plaintext assumption.
DES also has four so-called weak keys. Encryption (E) and decryption (D) under a weak key have the same effect (see involution):
EK(EK(P)) = P or equivalently, EK = DK
There are also six pairs of semi-weak keys. Encryption with one of the pair of semiweak keys, K1, operates identically to decryption with the other, K2:
or equivalently,
It is easy enough to avoid the weak and semiweak keys in an implementation, either by testing for them explicitly, or simply by choosing keys randomly; the odds of picking a weak or semiweak key by chance are negligible. The keys are not really any weaker than any other keys anyway, as they do not give an attack any advantage. DES has also been proved not to be a group, or more precisely, the set {EK} (for all possible keys K) under functional composition is not a group, nor "close" to being a group (Campbell and Wiener, 1992). This was an open question for some time, and if it had been the case, it would have been possible to break DES, and multiple encryption modes such as Triple DES would not increase the security.
It is known that the maximum cryptographic security of DES is limited to about 64 bits, even when independently choosing all round subkeys instead of deriving them from a key, which would otherwise permit a security of 768 bits.
Conclusions
Concerns about security and the relatively slow operation of DES in software motivated researchers to propose a variety of alternative block cipher designs, which started to appear in the late 1980s and early 1990s; for example RC5, Blowfish, IDEA, NewDES, SAFER, CAST5 and FEAL. Most of these designs kept the 64-bit block size of DES, and could act as a "drop-in" replacement, although they typically used a 64-bit or 128-bit key. In the USSR the GOST 28147-89 algorithm was introduced, with a 64-bit block size and a 256-bit key, which was also used in Russia later.
DES itself can be adapted and reused in a more secure scheme. Many former DES users now use Triple DES (TDES) which was described and analysed by one of DES's patentees (see FIPS Pub 46-3); it involves applying DES three times with two (2TDES) or three (3TDES) different keys. TDES is regarded as adequately secure, although it is quite slow. A less computationally expensive alternative is DES-X, which increases the key size by XORing extra key material before and after DES. GDES was a DES variant proposed as a way to speed up encryption, but it was shown to be susceptible to differential cryptanalysis.
In 2001, after an international competition, NIST selected a new cipher: the Advanced Encryption Standard (AES), as a replacement. The algorithm which was selected as the AES was submitted by its designers under the name Rijndael.
