Cryptography(CS F463)

BITS Pilani Dr. Raja Muthalagu

Dubai Campus Department of Computer Science
Chapter 4- DES( Data encryption Standard)

BITS Pilani, Dubai Campus

INTRODUCTION

The Data Encryption Standard (DES) is a symmetric-

key block cipher published by the National Institute of
Standards and Technology (NIST).

6.4
BITS Pilani, Dubai Campus
 History

In 1973, NIST published a request for proposals for a

national symmetric-key cryptosystem. A proposal from
IBM, a modification of a project called Lucifer, was
accepted as DES. DES was published in the Federal
Register in March 1975 as a draft of the Federal
Information Processing Standard (FIPS).

6.5
BITS Pilani, Dubai Campus
 Overview

DES is a block cipher

Encryption and decryption with DES

6.6
BITS Pilani, Dubai Campus
DES STRUCTURE

The encryption process is made of two permutations (P-

boxes), which we call initial and final permutations, and
sixteen Feistel rounds.

6.7
BITS Pilani, Dubai Campus
General structure of DES

6.8
BITS Pilani, Dubai Campus
Initial and Final Permutations

6.9
BITS Pilani, Dubai Campus
 Initial and final permutation tables

Initial Permutation : A B

•1st bit of output = 58th bit of input

•2nd bit from 50th bit, and so on,
•last bit (64th) of the output = 7th bit of the input.
Final Permutation C D

•1st bit of output = 40th bit of input

•2nd bit from 8th bit, and so on,
•last bit (64th) of the output = 25th bit of the input.
6.10
BITS Pilani, Dubai Campus
 Example

1-4 5-8 9-12 13-16 17-20 61-64

0..0 0..0 0..0 0010 0001

Solution

1-4 5-8 9-12 13-16 17-20 21-24 25-28 61-64

0..0 0..0 0..0 0..0 1000 0010

6.11
BITS Pilani, Dubai Campus
 Example

Prove that the initial and final permutations are the inverse of
each other by finding the output of the initial permutation if the
input is

Solution
The input has only two 1s; the output must also have only two 1s.
Using Table 6.1, we can find the output related to these two bits.
Bit 15 in the input becomes bit 63 in the output. Bit 64 in the
input becomes bit 25 in the output. So the output has only two 1s,
bit 25 and bit 63. The result in hexadecimal is

6.12
BITS Pilani, Dubai Campus
Note

The initial and final permutations are

straight P-boxes that are inverses
of each other.
They have no cryptography significance in
DES.

6.13
BITS Pilani, Dubai Campus
 Rounds
DES uses 16 rounds. Each round of DES is a Feistel
cipher.

Figure 6.4 Figure 6.5

A round in DES DES function
6.14
(encryption site) BITS Pilani, Dubai Campus
 DES Function
The heart of DES is the DES function. The DES function
applies a 48-bit key to the rightmost 32 bits to produce a
32-bit output.

6.15
BITS Pilani, Dubai Campus
Expansion P-box
Since RI−1 is a 32-bit input and KI is a 48-bit key, we first
need to expand RI−1 to 48 bits.
Expansion permutation

6.16
BITS Pilani, Dubai Campus
Although the relationship between the input and output
can be defined mathematically, DES uses Table 6.2 to
define this P-box.
Table 6.6 Expansion P-box table

6.17
BITS Pilani, Dubai Campus
Whitener (XOR)
After the expansion permutation, DES uses the XOR
operation on the expanded right section and the round
key. Note that both the right section and the key are 48-
bits in length. Also note that the round key is used only in
this operation.

6.18
BITS Pilani, Dubai Campus
S-Boxes
The S-boxes do the real mixing (confusion). DES uses 8
S-boxes, each with a 6-bit input and a 4-bit output. See
Figure 6.7.

6.19
BITS Pilani, Dubai Campus
 S-box rule

Table 6.3 shows the permutation for S-box 1. For the rest of the boxes see the textbook.
6.20
BITS Pilani, Dubai Campus
 Example
The input to S-box 1 is 100011. What is the output?

Solution
If we write the first and the sixth bits together, we get 11 in
binary, which is 3 in decimal. The remaining bits are 0001 in
binary, which is 1 in decimal. We look for the value in row 3,
column 1, in Table 6.3 (S-box 1). The result is 12 in decimal,
which in binary is 1100. So the input 100011 yields the output
1100.
6.21
BITS Pilani, Dubai Campus
 Example

The input to S-box 8 is 000000. What is the output?

Solution
If we write the first and the sixth bits together, we get 00 in
binary, which is 0 in decimal. The remaining bits are 0000 in
binary, which is 0 in decimal. We look for the value in row 0,
column 0, in Table 6.10 (S-box 8). The result is 13 in decimal,
which is 1101 in binary. So the input 000000 yields the output
1101.

6.22
BITS Pilani, Dubai Campus
Straight Permutation

Straight permutation table

6.23
BITS Pilani, Dubai Campus
 Cipher and Reverse Cipher

Using mixers and swappers, we can create the cipher and

reverse cipher, each having 16 rounds.

First Approach
To achieve this goal, one approach is to make the last
round (round 16) different from the others; it has only a
mixer and no swapper.

Note

In the first approach, there is no swapper in

the last round.
6.24
DES cipher and reverse
cipher for the first
approach

6.25
Alternative Approach

We can make all 16 rounds the same by including one

swapper to the 16th round and add an extra swapper after
that (two swappers cancel the effect of each other).

Key Generation
The round-key generator creates sixteen 48-bit keys out
of a 56-bit cipher key.

6.26
BITS Pilani, Dubai Campus
Key generation

6.27
BITS Pilani, Dubai Campus
Parity-bit drop table

Number of bits shifts

6.28
BITS Pilani, Dubai Campus
Key-compression table

14 17 11 24 01 05 03 28 15 06 21 10 23 19 12 04 ..... 34 53 46 42 50 36 29 32

6.29
BITS Pilani, Dubai Campus
 Example 6.5
We choose a random plaintext block and a random key, and
determine what the ciphertext block would be (all in
hexadecimal):

Table 6.15 Trace of data for Example 6.5

6.30
BITS Pilani, Dubai Campus
Example 6.5

Table 6.15 Trace of data for Example 6.5 (Conintued

6.31
BITS Pilani, Dubai Campus
Example

Let us see how Bob, at the destination, can decipher the

ciphertext received from Alice using the same key. Table 6.16
shows some interesting points.

6.32
BITS Pilani, Dubai Campus
DES ANALYSIS

Critics have used a strong magnifier to analyze DES.

Tests have been done to measure the strength of some
desired properties in a block cipher.

6.33
BITS Pilani, Dubai Campus
Properties

Two desired properties of a block cipher are the

avalanche effect and the completeness.

To check the avalanche effect in DES, let us encrypt two

plaintext blocks (with the same key) that differ only in one bit
and observe the differences in the number of bits in each round.

6.34
BITS Pilani, Dubai Campus
Example

Number of bit differences for Example 6.7

6.35
BITS Pilani, Dubai Campus
 Continued

Completeness effect
Completeness effect means that each bit of the ciphertext
needs to depend on many bits on the plaintext. ( D-box
and S- box will provide strong completeness effect)

6.36
BITS Pilani, Dubai Campus
 Weaknesses in Key Example 6.8

Let us try the first weak key in Table 6.18 to encrypt a block two times.
After two encryptions with the same key the original plaintext block is
created. Note that we have used the encryption algorithm two times, not
one encryption followed by another decryption.

6.37
BITS Pilani, Dubai Campus
Double encryption and decryption with a weak key

6.38
BITS Pilani, Dubai Campus
Semi weak key creates only 2 different round keys, each is
repeated 8 times. Also, round keys are the same, with different
order.

6.39
BITS Pilani, Dubai Campus
Continued

6.40
BITS Pilani, Dubai Campus
A pair of semi-weak keys in encryption and decryption

6.41
BITS Pilani, Dubai Campus
Security of DES

DES, as the first important block cipher, has gone through

much scrutiny. Among the attempted attacks, three are of
interest: brute-force, differential cryptanalysis, and linear
cryptanalysis.

6.42
BITS Pilani, Dubai Campus
Brute-Force Attack

We have discussed the weakness of short cipher key in

DES. Combining this weakness with the key complement
weakness, it is clear that DES can be broken using 2 55
encryptions.

6.43
BITS Pilani, Dubai Campus
 Differential Cryptanalysis

It has been revealed that the designers of DES already

knew about this type of attack and designed S-boxes and
chose 16 as the number of rounds to make DES
specifically resistant to this type of attack.

6.44
BITS Pilani, Dubai Campus
Linear Cryptanalysis

Linear cryptanalysis is newer than differential

cryptanalysis. DES is more vulnerable to linear
cryptanalysis than to differential cryptanalysis.

S-boxes are not very resistant to linear cryptanalysis. It

has been shown that DES can be broken using 2 43 pairs
of known plaintexts. However, from the practical point of
view, finding so many pairs is very unlikely.

6.45
BITS Pilani, Dubai Campus
3-key Triple DES

BITS Pilani, Dubai Campus

BITS Pilani, Dubai Campus