Data Encryption Standard (DES)

Data Encryption Standard

(DES)
History, method, application and
strength

KEY TRANSFORMS IN BLOCK

CIPHERS
For a k-bit block cipher
- Substitution
For every k-bit i/p specify a k-bit o/p
k
This requires k.2 bits
- Permutation
For every bit specify new position in block
This requires k.log2k bits

Published 1977 NBS

Original IBM design
64 bit input 64 bit encrypted output
56 bit key with odd parity (total 64 bits)
Suitable for hardware not software
56 bits no longer secure

Round Structure for Block

Encryption

Take 64-bit i/p

Break into 8x8-bit blocks
Perform substitution and reassemble into 64 bits
Perform permutation and repeat
After several rounds single i/p bit affects every
o/p bit
Optimum number of rounds
Can be run in reverse for decryption

DES Overview (Encryption)

64 bit input

DES Overview (Decryption)

56 bit key

64 bit input

Initial permutation

56 bit key
Initial permutation

Gen 16 per round keys

Gen 16 per round keys

48 bit key k1

Round 1

Round 1

48 bit key k2

Round 2

48 bit key k15

Round 2

48 bit key k16

Round 16

48 bit key k16

48 bit key k1

Round 16

Left/right reversal

Left/right reversal

Final permutation (inverse of initial)

Final permutation (inverse of initial)

DES Overview (decryption)

28 bits

28 bits

Encryption run in reverse

i.e. Initial permutation
Round 1 with k16
Round 2 with k15

The 16 Per Round Keys

d i-1

c i-1
Rotate left
Same keys as for
Encryption but in
Reverse order

ci

Rotate left

28 bits

di

28 bits

Round 16 with k 1
Left/right reversal
Final permutation
NB Initial and final permutations are inverses
of each other and have no security value

ki k
k

24 bits

24 bits

NB Initial permutation to produce c0 and d0 is not random

and has no security value

A DES Round (encryption)

A DES Round (decryption)

64 bit input

L n 32 bits

64 bit output

Rn 32 bits
Mangler

L n 32 bits

Rn 32 bits
Mangler

kn

+
R n+132 bits

L n+132 bits

From encryption Ln+1 = R n and

R n+132 bits

L n+132 bits

64 bit output

Encrypt/Decrypt in a DES Round

64 bit input

Mangler Overview
R = 32 bits = 8 x 4 bits 8 x 6 bits by copying last 2 bits in every 4
Take 48 bit key k and add mod 2 to expanded 48 bit R

Rn+1 = Ln

MK (Rn )
n

Result is 48 bits = 8 x 6 bits

Compress each 6 bits to 4 bits through S box giving 32 bits

Therefore
Rn+1

Permute 32 bit result

Mk (Rn ) = L n and hence decryption

n

NB Mangler function does not require an inverse

kn

NB Importance of permutation to influence next round

International Data Encryption

Algorithm (IDEA)

International Data Encryption

Algorithm

Established 1991
64-bit plaintext 64-bit ciphertext
128-bit key
Round structure and Mangler similar to
DES

IDEA Primitive Operations

Two 16-bit numbers one 16 bit number

Bitwise exclusive or +
+
16
Addition + modulo 2
Multiplication xx modulo 2 16+1
All operations are reversible

IDEA Overview
64-bit input

128-bit key
key expansion

Xa X b X c Xd

K1 K2 K 3 K 4

Round 1

Round 2

Round 17

64-bit output

K5 K6
K49K50K 51K 52

IDEA Odd Round

IDEA Even Round

Xa

Xa

Xb

Ka

Xc

Kb

Xd

Kc

Xb

Yin

Zin

Mangler
Function

Kd

Ke

kf

Yout Zout

Xa

Xb

Xc

Xd

Xa

Xb

Xc

Xd

IDEA Decryption
All processes the same
Even round is its own inverse (use same
keys)
Odd rounds use inverse keys

Advanced Encryption
Standard

Advanced Encryption Standard

Uses Rijndael system
In a pure Rijndael system block and key
sizes may be chosen independently(128,
160, 192, 224 and 256 bits) but AES
specifies 128-bit block size
Number of rounds = 6 + max (block, key
size expressed in 32-bit words}