1. Data Encryption Standard (DES) Financial companies found the need for a cryptographic algorithm that would have the blessing of the US government (=NSA) First call for candidates in May 73, followed by a new call in August 74 Not very many submissions (Why?) –IBM submitted Lucifer NSA worked with IBM in redesigning the algorithm

2. DES DES became a federal standard in November 76 –NBS (NIST) hardware standard in January 77 –ANSI X3.92-1981 (hardware + software) –ANSI X3.106-1983 (modes of operation) –Australia AS2805.5-1985 Used in most EFT and EFTPOS from banking industry –It was reconfirmed as a standard for 5 years twice –Currently 3DES is recommended

3. DES The standard is public, the design criteria is classified One of the biggest controversies is the key size (56 bits) –W Diffie, M Hellman "Exhaustive Cryptanalysis of the NBS Data Encryption Standard" IEEE Computer 10(6), June 1977, pp74-84 –M Hellman "DES will be totally insecure within ten years" IEEE Spectrum 16(7), Jul 1979, pp 31-41 Another controversy: is there a back door?

4. DES DES has proven a well designed code 56 bits has been proven inadequate –EFF built a cracker for around $200,000 –Increase the key to 112 bits? The best way known to cryptanalyze DES is (after brute force) the differential analysis –NSA new this from the design??

5. DES Uses Feistel principle Many similarities with Lucifer Improves on the S-Boxes

6. Simple DES 8 bits block with a 10 bits key The encryption process is : –Initial Permutation –Function f k1 –Switch of the key halves –Function f k2 –Final Permutation (inverse of initial permutation)

7. Simple DES Key generation –Initial permutation P10 –Divide in left and right parts –Left shift and Merge –An 8 bits permutation, resulting in a 8 bits K1 –Divide in left and right parts –Double left shift and Merge –An 8 bits permutation, resulting in a 8 bits K2

8. Simple DES Structure of S-P boxes –S-Boxes

9. Simple DES P-Boxes –P10 –P8 –P4

10. Simple DES Example of key generation: –Key: 1010000010 –P10: 1000001100 –Split:10000 01100 –Lshift:00001 11000 –P8:10100100K1 –2 Lshift: 00100 00011 –P8: 01000011K2

11. Simple DES Initial Permutation –IP The substitution function Expansion:

12. Simple DES The function F is taken from S0 and S1, such as: –R is expanded by E –The expansion is xored with the subkey –The first 4 bits are the input for S0 the last are input to S1 –If the input is I 1 I 2 I 3 I 4, then I 1 I 3 is the row to consider and I 2 I 3 is the column –The output goes then through P4

13. DES It operates in 64 bits blocks with 56 bits keys Uses 16 rounds, each round computed by a function f

14. DES A round can be described as: –L i = R i-1 The key generation is performed –An initial permutation PC1 which selects 56 bits and divide them in two halves –In each round Select 24 bits from each half using a permutation function PC2 Rotate left each half by one or two position

15. DES Properties of DES (per NSA) –All rows of all the S-boxes are permutations of 0, 1, …, 15 –S-Boxes are not affine transformations of their input –Change in an input bit changes at least two output bits of the S-box –For any x and any S-box S, S(x), S(x  001100) differs by at least two bits