Nomadic

Computing
(IT-416)
ASSIGNME
NT

SUBMITTED BY – HARSHIT MEENA

ROLL NO – 2K16/IT/045
SUBMITTED TO – PANCHAL SIR
TOPIC NAME – DES, AES
SLOT – R

-
Q1. Explain DES (Data Encryption Standard) and its round
function.
Ans. The Data Encryption Standard (DES) is a symmetric-key block cipher published by the National
Institute of Standards and Technology (NIST).
DES is an implementation of a Feistel Cipher. It uses 16 round Feistel structure. The block size is 64-
bit. Though, key length is 64-bit, DES has an effective key length of 56 bits, since 8 of the 64 bits of
the key are not used by the encryption algorithm (function as check bits only). General Structure of
DES is depicted in the following illustration −

Since DES is based on the Feistel Cipher, All that is required to specify DES is −

 Round function
 Key schedule
 Any additional processing − Initial and final permutation

Initial and Final Permutation

The initial and final permutations are straight Permutation boxes (P-boxes) that are inverses of each
other. They have no cryptography significance in DES. The initial and final permutations are shown
as follows –
 Round Function

The heart of this cipher is the DES function, f. The DES function applies a 48-bit key to the rightmost
32 bits to produce a 32-bit output.

 Expansion Permutation Box − Since right input is 32-bit and round key is a 48-bit, we first
need to expand right input to 48 bits.
 XOR (Whitener). − After the expansion permutation, DES does XOR operation on the
expanded right section and the round key. The round key is used only in this operation.
 Substitution Boxes. − The S-boxes carry out the real mixing (confusion). DES uses 8 S-
boxes, each with a 6-bit input and a 4-bit output. Refer the following illustration –

 There are a total of eight S-box tables. The output of all eight s-boxes is then combined in to
32 bit section.
 Straight Permutation − The 32 bit output of S-boxes is then subjected to the straight
permutation with rule shown in the following illustration:
 Key Generation

The round-key generator creates sixteen 48-bit keys out of a 56-bit cipher key. The process of key
generation is depicted in the following illustration −

The logic for Parity drop, shifting, and Compression P-box is given in the DES description.

Q2. Mention some advantages and disadvantages of DES(Data

Encryption Standard).
Ans. The DES satisfies both the desired properties of block cipher. These two properties make
cipher very strong.
 Avalanche effect − A small change in plaintext results in the very great change in the
ciphertext.
 Completeness − Each bit of ciphertext depends on many bits of plaintext.
During the last few years, cryptanalysis have found some weaknesses in DES when key selected are
weak keys. These keys shall be avoided.
DES has proved to be a very well designed block cipher. There have been no significant
cryptanalytic attacks on DES other than exhaustive key search.

Q3. Explain 2-DES and 3-DES.

Ans. The speed of exhaustive key searches against DES began to cause discomfort amongst users
of DES. However, users did not want to replace DES as it takes an enormous amount of time and
money to change encryption algorithms that are widely adopted and embedded in large security
architectures.
The pragmatic approach was not to abandon the DES completely, but to change the manner in
which DES is used. This led to the modified schemes of Triple DES (sometimes known as 3DES).

3-KEY Triple DES

Before using 3TDES, user first generate and distribute a 3TDES key K, which consists of three
different DES keys K1, K2 and K3. This means that the actual 3TDES key has length 3×56 = 168 bits.
The encryption scheme is illustrated as follows −

The encryption-decryption process is as follows −

 Encrypt the plaintext blocks using single DES with key K1.
 Now decrypt the output of step 1 using single DES with key K2.
 Finally, encrypt the output of step 2 using single DES with key K3.
 The output of step 3 is the ciphertext.
 Decryption of a ciphertext is a reverse process. User first decrypt using K 3, then encrypt with
K2, and finally decrypt with K1.
Due to this design of Triple DES as an encrypt–decrypt–encrypt process, it is possible to use a
3TDES (hardware) implementation for single DES by setting K 1, K2, and K3 to be the same value. This
provides backwards compatibility with DES.
Second variant of Triple DES (2TDES) is identical to 3TDES except that K3is replaced by K1. In other
words, user encrypt plaintext blocks with key K 1, then decrypt with key K2, and finally encrypt with
K1 again. Therefore, 2TDES has a key length of 112 bits.
Triple DES systems are significantly more secure than single DES, but these are clearly a much
slower process than encryption using single DES.

Q4. Explain AES (Advanced Encryption Standard) along with its

operations.
Ans. The more popular and widely adopted symmetric encryption algorithm likely to be
encountered nowadays is the Advanced Encryption Standard (AES). It is found at least six time
faster than triple DES.
A replacement for DES was needed as its key size was too small. With increasing computing power,
it was considered vulnerable against exhaustive key search attack. Triple DES was designed to
overcome this drawback but it was found slow.
The features of AES are as follows −

 Symmetric key symmetric block cipher

 128-bit data, 128/192/256-bit keys
 Stronger and faster than Triple-DES
 Provide full specification and design details
 Software implementable in C and Java

Operation of AES

AES is an iterative rather than Feistel cipher. It is based on ‘substitution–permutation network’. It

comprises of a series of linked operations, some of which involve replacing inputs by specific
outputs (substitutions) and others involve shuffling bits around (permutations).
Interestingly, AES performs all its computations on bytes rather than bits. Hence, AES treats the 128
bits of a plaintext block as 16 bytes. These 16 bytes are arranged in four columns and four rows for
processing as a matrix −
Unlike DES, the number of rounds in AES is variable and depends on the length of the key. AES uses
10 rounds for 128-bit keys, 12 rounds for 192-bit keys and 14 rounds for 256-bit keys. Each of these
rounds uses a different 128-bit round key, which is calculated from the original AES key.
The schematic of AES structure is given in the following illustration −

Encryption Process

Here, we restrict to description of a typical round of AES encryption. Each round comprise of four
sub-processes. The first round process is depicted below −
 Byte Substitution (SubBytes)
The 16 input bytes are substituted by looking up a fixed table (S-box) given in design. The result is
in a matrix of four rows and four columns.
Shiftrows
Each of the four rows of the matrix is shifted to the left. Any entries that ‘fall off’ are re-inserted on
the right side of row. Shift is carried out as follows −
 First row is not shifted.
 Second row is shifted one (byte) position to the left.
 Third row is shifted two positions to the left.
 Fourth row is shifted three positions to the left.
 The result is a new matrix consisting of the same 16 bytes but shifted with respect to each
other.
MixColumns
Each column of four bytes is now transformed using a special mathematical function. This function
takes as input the four bytes of one column and outputs four completely new bytes, which replace
the original column. The result is another new matrix consisting of 16 new bytes. It should be noted
that this step is not performed in the last round.
Addroundkey
The 16 bytes of the matrix are now considered as 128 bits and are XORed to the 128 bits of the
round key. If this is the last round then the output is the ciphertext. Otherwise, the resulting 128
bits are interpreted as 16 bytes and we begin another similar round.

Decryption Process

The process of decryption of an AES ciphertext is similar to the encryption process in the reverse
order. Each round consists of the four processes conducted in the reverse order −

 Add round key

 Mix columns
 Shift rows
 Byte substitution
Since sub-processes in each round are in reverse manner, unlike for a Feistel Cipher, the encryption
and decryption algorithms needs to be separately implemented, although they are very closely
related.
Q5. Mention some advantages and disadvantages of
AES(Advanced Encryption Standard).
Ans. In present day cryptography, AES is widely adopted and supported in both hardware and
software. Till date, no practical cryptanalytic attacks against AES has been discovered. Additionally,
AES has built-in flexibility of key length, which allows a degree of ‘future-proofing’ against progress
in the ability to perform exhaustive key searches.
However, just as for DES, the AES security is assured only if it is correctly implemented and good
key management is employed.