Q1.

Explain DES(Data Encryption Standard) and its

round function.
Ans. The Data Encryption Standard (DES) is a symmetric-key block cipher
published by the National Institute of Standards and Technology (NIST).
DES is an implementation of a Feistel Cipher. It uses 16 round Feistel structure.
The block size is 64-bit. Though, key length is 64-bit, DES has an effective key
length of 56 bits, since 8 of the 64 bits of the key are not used by the encryption
algorithm (function as check bits only). General Structure of DES is depicted in
the following illustration −

Since DES is based on the Feistel Cipher, All that is required to specify DES is −

 Round function
 Key schedule
 Any additional processing − Initial and final permutation

Initial and Final Permutation

The initial and final permutations are straight Permutation boxes (P-boxes) that
are inverses of each other. They have no cryptography significance in DES. The
initial and final permutations are shown as follows –
Round Function

The heart of this cipher is the DES function, f. The DES function applies a 48-bit
key to the rightmost 32 bits to produce a 32-bit output.

 Expansion Permutation Box − Since right input is 32-bit and round key
is a 48-bit, we first need to expand right input to 48 bits.
 XOR (Whitener). − After the expansion permutation, DES does XOR
operation on the expanded right section and the round key. The round
key is used only in this operation.
 Substitution Boxes. − The S-boxes carry out the real mixing (confusion).
DES uses 8 S-boxes, each with a 6-bit input and a 4-bit output. Refer the
following illustration −
  There are a total of eight S-box tables. The output of all eight s-boxes is
then combined in to 32 bit section.
 Straight Permutation − The 32 bit output of S-boxes is then subjected
to the straight permutation with rule shown in the following illustration:

Key Generation

The round-key generator creates sixteen 48-bit keys out of a 56-bit cipher key.
The process of key generation is depicted in the following illustration −

The logic for Parity drop, shifting, and Compression P-box is given in the DES
description.

Q2. Mention some advantages and disadvantages of

DES(Data Encryption Standard)
The DES satisfies both the desired properties of block cipher. These two
properties make cipher very strong.
 Avalanche effect − A small change in plaintext results in the very
great change in the ciphertext.
 Completeness − Each bit of ciphertext depends on many bits of
plaintext.
During the last few years, cryptanalysis have found some weaknesses in
DES when key selected are weak keys. These keys shall be avoided.
DES has proved to be a very well designed block cipher. There have been
no significant cryptanalytic attacks on DES other than exhaustive key
search.
Q3. Explain 2-DES and 3-DES.
Ans. The speed of exhaustive key searches against DES began to cause
discomfort amongst users of DES. However, users did not want to replace
DES as it takes an enormous amount of time and money to change
encryption algorithms that are widely adopted and embedded in large
security architectures.
The pragmatic approach was not to abandon the DES completely, but to
change the manner in which DES is used. This led to the modified
schemes of Triple DES (sometimes known as 3DES).

3-KEY Triple DES

Before using 3TDES, user first generate and distribute a 3TDES key K,
which consists of three different DES keys K 1, K2 and K3. This means that
the actual 3TDES key has length 3×56 = 168 bits. The encryption
scheme is illustrated as follows −

The encryption-decryption process is as follows −

 Encrypt the plaintext blocks using single DES with key K1.
 Now decrypt the output of step 1 using single DES with key K2.
 Finally, encrypt the output of step 2 using single DES with key K3.
 The output of step 3 is the ciphertext.
 Decryption of a ciphertext is a reverse process. User first decrypt
using K3, then encrypt with K2, and finally decrypt with K1.
Due to this design of Triple DES as an encrypt–decrypt–encrypt process,
it is possible to use a 3TDES (hardware) implementation for single DES by
setting K1, K2, and K3 to be the same value. This provides backwards
compatibility with DES.
Second variant of Triple DES (2TDES) is identical to 3TDES except that
K3is replaced by K1. In other words, user encrypt plaintext blocks with key
K1, then decrypt with key K2, and finally encrypt with K1 again. Therefore,
2TDES has a key length of 112 bits.
Triple DES systems are significantly more secure than single DES, but
these are clearly a much slower process than encryption using single
DES.

Q4. Explain AES (Advanced Encryption Standard) along

with its operations.
Ans. The more popular and widely adopted symmetric encryption
algorithm likely to be encountered nowadays is the Advanced Encryption
Standard (AES). It is found at least six time faster than triple DES.
A replacement for DES was needed as its key size was too small. With
increasing computing power, it was considered vulnerable against
exhaustive key search attack. Triple DES was designed to overcome this
drawback but it was found slow.
The features of AES are as follows −

 Symmetric key symmetric block cipher

 128-bit data, 128/192/256-bit keys
 Stronger and faster than Triple-DES
 Provide full specification and design details
 Software implementable in C and Java

Operation of AES

AES is an iterative rather than Feistel cipher. It is based on ‘substitution–

permutation network’. It comprises of a series of linked operations, some
of which involve replacing inputs by specific outputs (substitutions) and
others involve shuffling bits around (permutations).
Interestingly, AES performs all its computations on bytes rather than bits.
Hence, AES treats the 128 bits of a plaintext block as 16 bytes. These 16
bytes are arranged in four columns and four rows for processing as a
matrix −
Unlike DES, the number of rounds in AES is variable and depends on the
length of the key. AES uses 10 rounds for 128-bit keys, 12 rounds for
192-bit keys and 14 rounds for 256-bit keys. Each of these rounds uses a
different 128-bit round key, which is calculated from the original AES key.
The schematic of AES structure is given in the following illustration −
Encryption Process

Here, we restrict to description of a typical round of AES encryption. Each

round comprise of four sub-processes. The first round process is depicted
below −

Byte Substitution (SubBytes)

The 16 input bytes are substituted by looking up a fixed table (S-box)
given in design. The result is in a matrix of four rows and four columns.
Shiftrows
Each of the four rows of the matrix is shifted to the left. Any entries that
‘fall off’ are re-inserted on the right side of row. Shift is carried out as
follows −
 First row is not shifted.
 Second row is shifted one (byte) position to the left.
 Third row is shifted two positions to the left.
 Fourth row is shifted three positions to the left.
 The result is a new matrix consisting of the same 16 bytes but
shifted with respect to each other.
MixColumns
Each column of four bytes is now transformed using a special
mathematical function. This function takes as input the four bytes of one
column and outputs four completely new bytes, which replace the
original column. The result is another new matrix consisting of 16 new
bytes. It should be noted that this step is not performed in the last round.
Addroundkey
The 16 bytes of the matrix are now considered as 128 bits and are
XORed to the 128 bits of the round key. If this is the last round then the
output is the ciphertext. Otherwise, the resulting 128 bits are interpreted
as 16 bytes and we begin another similar round.

Decryption Process

The process of decryption of an AES ciphertext is similar to the

encryption process in the reverse order. Each round consists of the four
processes conducted in the reverse order −

 Add round key

 Mix columns
 Shift rows
 Byte substitution
Since sub-processes in each round are in reverse manner, unlike for a
Feistel Cipher, the encryption and decryption algorithms needs to be
separately implemented, although they are very closely related.

Q5. Memtion some advantages and disadvantages of

AES(Advanced Encryption Standard).
Ans. In present day cryptography, AES is widely adopted and supported
in both hardware and software. Till date, no practical cryptanalytic
attacks against AES has been discovered. Additionally, AES has built-in
flexibility of key length, which allows a degree of ‘future-proofing’ against
progress in the ability to perform exhaustive key searches.
However, just as for DES, the AES security is assured only if it is correctly
implemented and good key management is employed.