DES Algorithm Data Encryption Standard

DES Features Block cipher, 64 bits per block 64-bit key, with only 56 bits effective ECB mode and CBC mode

DES – Key Scheduling Specify a 64-bit key There are eight parity bits The key structure is in the next page

Bit 0 Bit 1 Bit 2 Bit 3 Bit 4 Bit 5 Bit 6 Bit 7 Bit 0~7 Effective Key Parity Bit Bit 8~15 Effective Key Parity Bit Bit 16~23 Effective Key Parity Bit Bit 24~31 Effective Key Parity Bit Bit 32~39 Effective Key Parity Bit Bit 40~47 Effective Key Parity Bit Bit 48~55 Effective Key Parity Bit Bit 56~63 Effective Key Parity Bit

DES – Key Scheduling Key permutation according to “Permuted Choice 1”(PC-1) After permutation, the key length will be only 56 bits 64 bits → 56 bits? Why? The explanation is in the next page

Permuted Choice 1 Bit Note: The 8n-th bit is disappeared!!

DES – Key Scheduling We separate the 56-bit key to two 28-bit keys: L k and R k “Left rotate” the L k and R k according to SRT (Subkey Rotation Table) After rotation, merge L k and R k Permutation according to Permuted Choice 2 (PC-2) We get a 48-bit subkey now

DES – Key Scheduling Repeat the operation 16 times to get 16 subkeys Use rotated L k and R k Why each subkey has length of only 48 bits instead of 56 bits? The answer is similar to PC-1

Subkey Rotation Table Round Number Bits to Rotate Bit Permuted Choice 2

DES – Key Scheduling Flow Chart “<<<” is the operation of SRT We will call the subkeys K[1], K[2], …, K[16] later

Plaintext Preparation Cut the plaintext into 64-bit blocks Each 64-bit block should be permuted according to Initial Permutation Table (IP Table) Besides, we make an Inverse Initial Permutation Table (IP -1 ), which has effect opposite to IP

IP: Initial Permutation Bit IP -1 : Inverse Initial Permutation Bit

DES – Core Function L[0] to L[15], R[0] to R[15] Feistel (F) function Inverse Initial Permutation

Feistel Function Expansion: using E-bit Selection Table Key Mixing: XOR with subkeys Substitution: S-box Permutation: P-box

Feistel Function - Expansion Copy R[0] to a buffer R b R b : 32 bits → 48 bits E-Bit Selection Table Bit

Feistel Function – Key Mixing After the expansion operation, just “XOR” with subkey K[1]

Feistel Function - Substitution 48-bit buffer becomes eight 6-bit blocks 8 S-boxes have output from 0 to 15 which can be represented with 4 bits How do S-boxes work? Wait and see… 8 4-bit outputs can be merged, and store it in a 32-bit buffer

How do S-boxes Work? Bit 0 Bit 1 Bit 2 Bit 3 Bit 4 Bit 5 Row Column Use the Row and Column number to find the corresponding output number from the S-box. Besides, the n-th block must use the n-th S-box.

S-Box 1: Substitution Box 1 Row / Column S-Box 2: Substitution Box 2 Row / Column

S-Box 3: Substitution Box 3 Row / Column S-Box 4: Substitution Box 4 Row / Column

S-Box 5: Substitution Box 5 Row / Column S-Box 6: Substitution Box 6 Row / Column

S-Box 7: Substitution Box 7 Row / Column S-Box 8: Substitution Box 8 Row / Column

Feistel Function - Permutation After the substitution, do permutation according to the P-box P Permutation Bit

DES – Core Function After one round of Feistel Function is completed, the buffer is “XORed” with L, becoming the next R Previous R becomes the next L Repeat the operations mentioned above 16 times

DES – Core Function When 16 rounds are finished, L and R are swapped and merged, then becomes a 64-bit “pre-output” Use IP -1 to become the final cipher output

DES - Decryption Almost all operations are the same as those of encryption Only one is different: use the subkeys in descending order

DES – Other Form Triple-DES: quite literally. A Triple-DES key has length of 192 bits. It can be considered three 64-bit DES key. DES40: a key is pre-processed to make it a 40-bit effective key

DES - Modes ECB (Electronic Code Book) CBC (Cipher Block Chaining)

DES – Cryptanalysis