DES –

Data Encryption Standard

Assoc. Prof. Do Trong Tuan

 Contents

1. Introduction to DES cipher

2. DES architecture
3. DES Operation Modes

8/4/2020 2
0 Introduction to Block Cipher
Concept of Block Cipher

Block
Cipher
Input: x1, x2, …, xn Output: y1, y2, …, yn

➢ A block cipher takes a block of plaintext bits and generates a block of ciphertext bits,
generally of same size
➢ The size of block is fixed in the given scheme
➢ The strength of cipher depends up on the key length
➢ Are common for Internet applications

8/4/2020 3
0 Introduction to Block Cipher
Block cipher design criteria

➢ Completeness
▪ Each bit of the output block should depend on each bit of the input block and on each bit of
the key

➢ Avalanche effect
▪ Changing one bit in the input block should change approximately half of the bits in the output
block similarly, changing one key bit should result in the change of approximately half of the
bits in the output block

➢ Statistical independence
▪ Input and output should appear to be statistically independent

8/4/2020 4
0 Introduction to Block Cipher
Block cipher design criteria

➢ Completeness
▪ Each bit of the output block should depend on each bit of the input block and on each bit of
the key

➢ Avalanche effect
▪ Changing one bit in the input block should change approximately half of the bits in the output
block similarly, changing one key bit should result in the change of approximately half of the
bits in the output block

➢ Statistical independence
▪ Input and output should appear to be statistically independent

8/4/2020 5
0 Introduction to Block Cipher
How to satisfy the design criteria ?

➢ Complex encryption function can be built by composing several simple operations which offer
complementary – but individually insufficient – protection

➢ Simple operations

▪ Elementary arithmetic operations

▪ Logical operations (e.g., XOR)

▪ Modular multiplication

▪ Transpositions

▪ Substitutions

➢ Combine two or more transformations in a manner that the resulting cipher is more secure than the
individual components

8/4/2020 6
1 Introduction to DES cipher

What is DES ?
The Data Encryption Standard (DES) is a symmetric-key block
cipher published by the National Institute of Standards and
Technology (NIST).

➢ Most popular block cipher for most of the last 30 years

➢ Nowadays considered insecure due to the small key length of 56 bit
➢ But: 3DES yields very secure cipher, still widely used today
➢ Replaced by the Advanced Encryption Standard(AES) in 2000

8/4/2020 7
2 DES architecture

DES is a block cipher

Plaintext Plaintext
64 - bit 64 - bit

Decryption
Encryption

DES Cipher key DES

56 - bit reverse cipher
cipher

Ciphertext Ciphertext
64 - bit 64 - bit

8/4/2020 8
 64-bit Plaintext
2 DES architecture
DES
Initial permutation

K1

Round-key Generator
ROUND 1
48-bit
The encryption process is
made of two permutations (P K2
ROUND 2 56-bit
boxes), which we call initial 48-bit
Cipher key
and final permutations, and

…
sixteen Feistel rounds.
K16
ROUND 16
48-bit

Final permutation

8/4/2020 64-bit Ciphertext

9
2 DES architecture
Initial and Final Permutation steps in DES

1 2 8 25 40 58 64
... ... ... ... ...
Initial
Permutation

... ... ... ... ...

1 2 8 25 40 58 64

16 ROUNDS

1 2 8 25 40 58 64
... ... ... ... ...
Final
Permutation

... ... ... ... ...

1 2 8 25 40 58 64

8/4/2020 10
2 DES architecture
Initial and Final Permutation steps in DES

Initial Permutation Final Permutation

58 50 42 34 26 18 10 2 40 8 48 16 56 24 64 32
60 52 44 36 28 20 12 4 39 7 47 15 55 23 63 31
62 54 46 38 30 22 14 6 38 6 46 14 54 22 62 30
64 56 48 40 32 24 16 8 37 5 45 13 53 21 61 29
57 49 41 33 25 17 9 1 36 4 44 12 52 20 60 28
59 51 43 35 27 19 11 3 35 3 43 11 51 19 59 27
61 53 45 37 29 21 13 5 34 2 42 10 50 18 58 26
63 55 47 39 31 23 15 7 33 1 41 9 49 17 57 25

8/4/2020 11
2 DES architecture

❖ Example:

Find the output of the final permutation box when the input is given in hexadecimal
as:

0x0000 0080 0000 0002

final permutation box

0x0002 0000 0000 0001

8/4/2020 12
2 DES architecture

The initial and final permutations are straight P-boxes that

are inverses of each other.
They have no cryptography significance in DES.

8/4/2020 13
2 DES architecture 32 bits 32 bits
LI-1 RI-1

DES uses 16 rounds.

f(RI-1,KI) KI

Mixer
Each round of DES is a Feistel cipher.

ROUND

Swapper
LI RI
32 bits 32 bits

8/4/2020 14
2 DES architecture
RI-1 INPUT
f(RI-1,KI)
❖ DES function
(32 bits)
Expansion P-box
(48 bits)
▪ The heart of DES is the DES function. + KI
(48 bits) (48 bits)
▪ The DES function applies a 48-bit key to S - Boxes

the rightmost 32 bits to produce a 32-bit s1 s2 s3 s4 s5 s6 s7 s8

output.
(32 bits)
Straight P-box
(32 bits)

OUTPUT

8/4/2020 15
2 DES architecture

Since RI−1 is a 32-bit input and KI is a 48-bit key. It needs to expand RI−1 to 48 bits.

Expansion P-Box

From bit 32 From bit 1

32- bit input

48- bit output

8/4/2020 16
2 DES architecture
From bit 32 From bit 1
32- bit input

48- bit output

DES uses this table to define this P-Box

32 1 2 3 4 5
4 5 6 7 8 9
8 9 10 11 12 13
12 13 14 45 16 17
16 17 18 19 20 21
20 21 22 23 24 25
24 25 26 27 28 29
28 29 30 31 32 1
8/4/2020 17
2 DES architecture
❖ Whitener (XOR)

▪ After the expansion permutation, DES uses the XOR operation

on the expanded right section and the round key.

▪ Note that:
• Both the right section and the key are 48-bits in length.
• The round key is used only in this operation.

8/4/2020 18
2 DES architecture 48 – bit input

Array of S-Boxes

S - Box S - Box S - Box S - Box S - Box S - Box S - Box S - Box

Bit 1 Bit 2 Bit 3 Bit 4 Bit 5 Bit 6

0 1 2 15
0
1
2
3 Table
entry

8/4/2020 Bit 1 Bit 2 Bit 3 Bit 4 19

2 DES architecture

❖S-boxes

8/4/2020 21
2 DES architecture
❖ Straight Permutation

Ri-1 INPUT
f(Ri-1,Ki)
P-Box table
(32 bits)
Expansion P-box 16 7 20 21 29 12 28 17
(48 bits)
(48 bits)
+ Ki
1 15 23 26 5 18 31 10
(48 bits)
S - Boxes

s1 s2 s3 s4 s5 s6 s7 s8 2 8 24 14 32 27 3 9

(32 bits) 9 13 30 6 22 11 4 25

Straight P-box
(32 bits)

OUTPUT
8/4/2020 22
 64-bit Plaintext 64-bit Plaintext

2 DES architecture Initial Permutation Final Permutation

L0 R0 L0 R0

ROUND 16
f K1

ROUND 1
f
32 bits 32 bits
LI-1 RI-1 ▪ Using mixers and swappers,
we can create the cipher and

ROUND 15
reverse cipher, each having f K2 f

ROUND 2
f(RI-1,KI) KI
Mixer

16 rounds.
ROUND

Decryption
...

...
Encryption
Swapper

...

...

ROUND 2
ROUND 15
f K15 f

LI RI
32 bits 32 bits

ROUND 1
ROUND 16
f K16
f

L16 R16 L16 R16

Final Permutation Initial Permutation

8/4/2020 64-bit Ciphertext 23

64-bit Ciphertext
 64-bit Plaintext 64-bit Plaintext

2 DES architecture Initial Permutation Final Permutation

L0 R0 L0 R0

ROUND 16
K1

❖ First Approach
f

ROUND 1
f

▪ To achieve this goal, one approach is to make

ROUND 15
the last round (round 16) different from the f K2 f

ROUND 2
others; it has only a mixer and no swapper.

Decryption
...

...
Encryption

...

...

ROUND 2
In the first approach, there is no swapper

ROUND 15
f K15 f

in the last round.

ROUND 1
ROUND 16
f K16
f

L16 R16 L16 R16

Final Permutation Initial Permutation
8/4/2020 24
64-bit Ciphertext 64-bit Ciphertext
2 DES architecture Key with Parity
bits (64 bits)

Parity drop
❖ Key Generation Cipher Key
56 bits

28 bits 28 bits
Shift left Shift left
▪ The round-key generator creates sixteen
28 bits 28 bits
48-bit keys out of a 56-bit cipher key. Compression
P-box
48 bits
Round key 1

Round Key Generator

Shift left Shift left
28 bits 28 bits

Shifting Compression
P-box
48 bits
Round key 2
Rounds Shift
1, 2, 9, 16 One bit

...

...
...
Others Two bits Shift left Shift left
28 bits 28 bits
Compression
P-box
Round key 16 48 bits
8/4/2020 25
2 DES architecture

Parity drop table Key-compression table

57 49 41 33 25 17 09 01 14 17 11 24 01 05 03 28
58 50 42 34 26 18 10 02 15 06 21 10 23 19 12 04
59 51 43 35 27 19 11 03
26 08 16 07 27 20 13 02
60 52 44 36 63 55 47 39
41 52 31 37 47 55 30 40
31 23 15 07 62 54 46 38
30 22 14 06 61 53 45 37 51 45 33 48 44 49 39 56

29 21 13 05 28 20 12 04 34 53 46 42 50 36 29 32

8/4/2020 26
2 DES architecture

▪ Example: We choose a random plaintext block and a random key, and determine
what the ciphertext block would be (all in hexadecimal):

Plaintext: 123456ABCD132536

Key: AABB09182736CCDD

Ciphertext: ?

8/4/2020 27
 2 DES architecture

▪ Example:

• Initial Permutation

58 50 42 34 26 18 10 2
Plaintext After initial permutation
60 52 44 36 28 20 12 4
62 54 46 38 30 22 14 6
123456ABCD132536 64 56 48 40 32 24 16 8 ?
57 49 41 33 25 17 9 1
(Block 64 bit) 59 51 43 35 27 19 11 3 (Block 64 bit)
61 53 45 37 29 21 13 5
63 55 47 39 31 23 15 7

8/4/2020 28
 2 DES architecture

▪ Example:

• Initial Permutation

58 50 42 34 26 18 10 2
Plaintext After initial permutation
60 52 44 36 28 20 12 4
62 54 46 38 30 22 14 6
123456ABCD132536 64 56 48 40 32 24 16 8 14A7D67818CA18AD
57 49 41 33 25 17 9 1
(Block 64 bit) 59 51 43 35 27 19 11 3 (Block 64 bit)
61 53 45 37 29 21 13 5
63 55 47 39 31 23 15 7

8/4/2020 29
2 DES architecture

▪ Example:
• Round 1

o After Initial Permutation and Spliting o Expansion P - Box

L0 R0 R0 = 18CA18AD
14A7D678 18CA18AD
(32 bits)
o After Round 1
Expansion P-box
L1 R1 (48 bits)
? 5A78E394
?

8/4/2020 30
2 DES architecture

▪ Example:
• Round 1

o After Initial Permutation and Spliting o Expansion P - Box

L0 R0 R0 = 18CA18AD
14A7D678 18CA18AD
(32 bits)
o After Round 1
Expansion P-box
L1 R1 (48 bits)
18CA18AD 5A78E394
8F16540F155A

8/4/2020 31
2 DES architecture
▪ Example:
▪ Whitener (XOR) Output of Exp P-Box K1
(32 bits) 8F16540F155A 194CD072DE8C
Expansion P-box
(48 bits)
(48 bits)
+ Ki
(48 bits)

XOR 0 1
0 0 1
?
1 1 0

8/4/2020 32 32
2 DES architecture
▪ Example:
▪ Whitener (XOR) Output of Exp P-Box K1
(32 bits) 8F16540F155A 194CD072DE8C
Expansion P-box
(48 bits)
(48 bits)
+ Ki
(48 bits)

XOR 0 1
0 0 1
965A847DCBD6
1 1 0

8/4/2020 33 33
2 DES architecture
▪ Example: Row index
▪ S - Boxes
100101
965A847DCBD6 Column index
(48 bits)
S - Boxes
s1
s1 s2 s3 s4 s5 s6 s7 s8 8
(32 bits)

8/4/2020 34
2 DES architecture
▪ Example: Row index
▪ S - Boxes
100101
965A847DCBD6 Column index
(48 bits)
S - Boxes
s1
s1 s2 s3 s4 s5 s6 s7 s8 8
(32 bits)

8AFE657E

8/4/2020 35
2 DES architecture
▪ Example:
• Straight P - Box
8AFE657E

(32 bits)
Straight P-box
(32 bits)

?
Output of DES function in Round 1

8/4/2020 36
2 DES architecture
▪ Example:
• Straight P - Box
8AFE657E

(32 bits)
Straight P-box
(32 bits)

4EDF35EC
Output of DES function in Round 1

8/4/2020 37
 L0 R0
𝐑 𝟏 = 𝐋𝟎 𝒇(𝐑 𝟎 , 𝐊 𝟏 )
ቐ
K1 𝐋𝟏 = 𝐑 𝟎
f Output
Round 1

of DES function
𝒇(𝐑 𝟎 , 𝐊 𝟏 ) 𝐑 𝟏 = ′14A7D678′ ′4EDF35EC′
ቐ
𝐋𝟏 = ′18CA18AD′

L1 R1 𝐑 𝟏 = ′?′
ቐ
𝐋𝟏 = ′18CA18AD′
 L0 R0
𝐑 𝟏 = 𝐋𝟎 𝒇(𝐑 𝟎 , 𝐊 𝟏 )
ቐ
K1 𝐋𝟏 = 𝐑 𝟎
f Output
Round 1

of DES function
𝒇(𝐑 𝟎 , 𝐊 𝟏 ) 𝐑 𝟏 = ′14A7D678′ ′4EDF35EC′
ቐ
𝐋𝟏 = ′18CA18AD′

L1 R1 𝐑 𝟏 = ′5A78E394′
ቐ
𝐋𝟏 = ′18CA18AD′
 2 DES architecture
▪ Example:
• Result

Round 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

'194CD0 '456858 '06EDA4 'DA2D03 '69A629 'C1948E '708AD2 '34F822 '84BB44 '027657 '6D5560 'C2C1E9 '99C313 '251B8B '3330C5 '181C5D
Key 72DE8C' 1ABCCE' ACF5B5' 2B6EE3' FEC913' 87475E' DDB3C0' F0C66D' 73DCCC' 08B5BF' AF7CA5' 6A4BF3' 97C91F' C717D0' D9A36D' 75C66D'

'18CA18 '5A78E3 '4A1210 'B80895 '236779 'A15A4B '2E8F9C 'A9FC20 '308BEE '10AF9D '6CA6CB 'FF3C48 '22A596 '387CCD 'BD2DD2 '19BA92
L
AD' 94' F6' 91' C2' 87' 65' A3' 97' 37' 20' 5F' 3B' AA' AB' 12'

'5A78E3 '4A1210 'B80895 '236779 'A15A4B '2E8F9C 'A9FC20 '308BEE '10AF9D '6CA6CB 'FF3C48 '22A596 '387CCD 'BD2DD2 'CF26B4 'CF26B4
R
94' F6' 91' C2' 87' 65' A3' 97' 37' 20' 5F' 3B' AA' AB' 72' 72'

Output '4EDF35 '52D808 'E27076 '697569 '1952DE '0DE8E5 '08A66B '1E0472 'B953BD '5C2D25 'EF93D5 '4E035D 'C74085 '9F8844 'F75A79 'A49740
of f EC' 5B' 05' 34' 16' A7' 24' F2' 94' B7' 68' 1B' F5' 90' D8' B9'

8/4/2020 40
2 DES architecture
▪ Example:
• Result

Round 16

Left
'19BA9212' 19BA9212CF26B472 Final Ciphertext
Permutation
Right C0B7A8D05F3A829C
'CF26B472'

8/4/2020 41
2 DES architecture

▪ Example: We choose a random plaintext block and a random key, and determine
what the ciphertext block would be (all in hexadecimal):

Plaintext: 123456ABCD132536

Key: AABB09182736CCDD

Ciphertext: C0B7A8D05F3A829C

8/4/2020 42
3 DES architecture

▪ Two desired properties of a block cipher are the avalanche effect and the completeness.

• Plaintext: 0000000000000000 Key: 22234512987ABB23

• Ciphertext: 4789FD76E82A5F1

• Plaintext: 0000000000000001 Key: 22234512987ABB23

• Ciphertext: 0A4ED5C15A63FEA3

▪ Completeness effect
Completeness effect means that each bit of the ciphertext needs to depend on many bits
on the plaintext.

8/4/2020 43
3 DES Weaknesses
During the last few years critics have found some weaknesses in DES.

❖ Weaknesses in Cipher Design

▪ S-boxes

At least three weaknesses are mentioned in the literature for S-boxes.

1. In S-box 4, the last three output bits can be derived in the same way as the
first output bit by complementing some of the input bits.
2. Two specifically chosen inputs to an S-box array can create the same output.
3. It is possible to obtain the same output in a single round by changing bits in
only three neighboring S-boxes.

8/4/2020 44
3 DES Weaknesses
During the last few years critics have found some weaknesses in DES.

❖ Weaknesses in Cipher Design

▪ P-boxes

One mystery and one weakness were found in the design of P-boxes:
1. It is not clear why the designers of DES used the initial and final
permutations; these have no security benefits.
2. In the expansion permutation (inside the function), the first and
fourth bits of every 4-bit series are repeated.

8/4/2020 45
3 DES Weaknesses
▪ Key Size
Critics believe that the most serious weakness of DES is in its key size (56 bits). To do a brute-
force attack on a given ciphertext block, the adversary needs to check 256 keys.

a. With available technology, it is possible to check one million keys per second. This means
that we need more than two thousand years to do brute-force attacks on DES using only a
computer with one processor.
b. If we can make a computer with one million chips (parallel processing), then we can test
the whole key domain in approximately 20 hours. When DES was introduced, the cost of
such a computer was over several million dollars, but the cost has dropped rapidly. A
special computer was built in 1998 that found the key in 112 hours.
c. Computer networks can simulate parallel processing. In 1977 a team of researchers used
3500 computers attached to the Internet to fi nd a key challenged by RSA Laboratories in
120 days. The key domain was divided among all of these computers, and each computer
was responsible to check the part of the domain.
d. If 3500 networked computers can find the key in 120 days, a secret society with 42,000
members can find the key in 10 days.

8/4/2020 46
3 DES Weaknesses
▪ Weak Keys

• Four out of 256 possible keys are called weak keys. A weak key is the one that, after
parity drop operation, consists either of all 0s, all 1s, or half 0s and half 1s. These keys
are shown in this Table:

Keys before parities drop (64 bits) Actual key (56 bits)
0101 0101 0101 0101 0000000 0000000
1F1F 1F1F 0E0E 0E0E 0000000 FFFFFFF
E0E0 E0E0 F1F1 F1F1 FFFFFFF 0000000
FEFE FEFE FEFE FEFE FFFFFFF FFFFFFF

8/4/2020 47
3 DES Weaknesses
▪ Weak Keys

P 64-bit text C 64-bit text

DES inverse
DES cipher cipher

A weak key
DES inverse
DES cipher cipher

P 64-bit text C 64-bit text

Fig. Double Encryption and Decryption with a weak key

8/4/2020 48
3 DES Weaknesses
▪ Weak Keys
• Let’s try the first weak key to encrypt a block two times. After two encryptions with
the same key the original plaintext block is created. Note that we have used the
encryption algorithm two times, not one encryption followed by another decryption.

• Plaintext: 0x1234567887654321 Key: 0x1234567887654321

• Ciphertext: 0x814FE938589154F7

• Plaintext: 0x814FE938589154F7 Key: 0x0101010101010101

• Ciphertext: 0x1234567887654321

Weak key should be avoided

8/4/2020 49
3 DES Weaknesses
▪ Semi – weak keys

First key in the pair Second key in the pair

01FE 01FE 01FE 01FE FE01 FE01 FE01 FE01
1FE0 1FE0 0EF1 0EF1 E01F E01F F10E F10E
01E0 01E1 01F1 01F1 E001 E001 F101 F101
1FFE 1FFE 0EFE 0EFE FE1F FE1F FE0E FE0E
011F 011F 010E 010E 1F01 1F01 0E01 0E01
E0FE E0FE F1FE F1FE FEE0 FEE0 FEF1 FEF1

8/4/2020 50
3 DES Weaknesses
▪ Semi – weak keys
• A semi-weak key creates only two different round keys and each of them is repeated eight
times. In addition, the round keys created from each pair are the same with different orders.
To show the idea, we have created the round keys from the fi rst pairs as shown below:

First key in the pair Second key in the pair

01FE 01FE 01FE 01FE
1FE0 1FE0 0EF1 0EF1
01E0 01E1 01F1 01F1
1FFE 1FFE 0EFE 0EFE
011F 011F 010E 010E
E0FE E0FE F1FE F1FE
FE01 FE01 FE01 FE01
E01F E01F F10E F10E
E001 E001 F101 F101
FE1F FE1F FE0E FE0E
1F01 1F01 0E01 0E01
FEE0 FEE0 FEF1 FEF1

8/4/2020 51
3 DES Weaknesses
▪ Semi – weak keys
Round key 1: 9153E54319BD 6EAC1ABCE642
Round key 2: 6EAC1ABCE642 9153E54319BD
Round key 3: 6EAC1ABCE642 9153E54319BD
Round key 4: 6EAC1ABCE642 9153E54319BD
Round key 5: 6EAC1ABCE642 9153E54319BD
Round key 6: 6EAC1ABCE642 9153E54319BD
Round key 7 : 6EAC1ABCE642 9153E54319BD
Round key 8 : 6EAC1ABCE642 9153E54319BD
8/4/2020
Round key 9 : 9153E54319BD 6EAC1ABCE642
Round key 10: 9153E54319BD 6EAC1ABCE642
Round key 11: 9153E54319BD 6EAC1ABCE642
Round key 12: 9153E54319BD 6EAC1ABCE642
Round key 13: 9153E54319BD 6EAC1ABCE642
Round key 14 : 9153E54319BD 6EAC1ABCE642
Round key 15: 9153E54319BD 6EAC1ABCE642
Round key 16 : 6EAC1ABCE642 9153E54319BD
52
3 DES Weaknesses
▪ Semi – weak keys
• A pair of semi – weak keys in encryption and decryption

P 64-bit text

DES Cipher

A pair of semi-
weak keys

DES Cipher

P 64-bit text

8/4/2020 53
3 DES Weaknesses
▪ Semi – weak keys

• Possible Weak Keys

o There are also 48 keys that are called possible weak keys. A possible weak key is a key
that creates only four distinct round keys; in other words, the sixteen round keys are
divided into four groups and each group is made of four equal round keys.

o Example: What is the probability of randomly selecting a weak, a semi-weak, or a

possible weak key?

o Solution: DES has a key domain of 256.

The total number of the above keys are 64 (4 + 12 + 48).
The probability of choosing one of these keys is 8.8 *10−16, almost impossible.

8/4/2020 54
3 DES Weaknesses
▪ Key Complement

• In the key domain (256), definitely half of the keys are complement of the other half. A
key complement can be made by inverting (changing 0 to 1 or 1 to 0) each bit in the key.
Does a key complement simplify the job of the cryptanalysis? It happens that it does.
Eve can use only half of the possible keys (255) to perform brute-force attack. This is
because:

ഥ = 𝐄(𝑲
𝑪 = 𝑬 𝑲, 𝑷 → 𝑪 ഥ, 𝑷
ഥ)

8/4/2020 55
3 DES Weaknesses
▪ Key Complement
• In other words, if we encrypt the complement of plaintext with the complement of the
key, we get the complement of the ciphertext. Eve does not have to test all 256 possible
keys, she can test only half of them and then complement the result.

• Example: Let us test the claim about the complement keys. We have used an arbitrary
key and plaintext to find the corresponding ciphertext. If we have the key complement
and the plaintext, we can obtain the complement of the previous ciphertext:

Original Complement
Key 1234123412341234 EDCBEDCBEDCBEDCB
Plaintext 12345678ABCDEF12 EDCBA987543210ED
Ciphertext E112BE1DEFC7A367 1EED41E210385C98

8/4/2020 56
 Bài tập
Hãy diễn giải quá trình mật mã hóa bản tin rõ:
“BachKhoa” sử dụng hệ mật DES với khóa
có giá trị “12345678"

8/4/2020 57
 MoDES of Operation

ECB
CBC OFB
CFB
8/4/2020 58
2. DES Cipher
2.6 MoDES of Operation

ECB: Electronic CodeBook mode

• Encrypt each 64-bit block independently

• Attacker could build codebook

P1 P2 P3 P4 C1 C2 C3 C4

EK EK EK EK DK DK DK DK

C1 C2 C3 C4 P1 P2 P3 P4
2. DES Cipher
2.6 MoDES of Operation

ECB: Electronic CodeBook mode

• Encrypt each 64-bit block independently

• Attacker could build codebook
2. DES Cipher
2.6 MoDES of Operation

CBC: Cipher Block Chaining mode:

• Encryption: Ci = EK(Pi  Ci-1)

• Decryption: Pi = Ci-1  DK(Ci)

Plaintext Plaintext Ciphertext Ciphertext

IV CIPHER-1
KEY CIPHER-1

KEY CIPHER CIPHER

IV

Ciphertext Ciphertext Plaintext Plaintext

 2. DES Cipher
2.6 MoDES of Operation

CBC: Cipher Block Chaining mode:

• Encryption: Ci = EK(Pi  Ci-1)

• Decryption: Pi = Ci-1  DK(Ci)

Plaintext Plaintext Plaintext Ciphertext Ciphertext Ciphertext

Initialization Vector (IV)

Block cipher Block cipher Block cipher

Key Key Key
decryption decryption decryption
Block cipher Block cipher Block cipher
Key Key Key
encryption encryption encryption Initialization Vector (IV)

Ciphertext Ciphertext Ciphertext

Plaintext Plaintext Plaintext

Cipher Block Chaining (CBC) mode encryption Cipher Block Chaining (CBC) mode decryption
 2. DES Cipher
2.6 MoDES of Operation

CFB: Cipher FeedBack

• Allow byte-wise encryption

IV IV

KEY CIPHER CIPHER KEY CIPHER CIPHER

Plaintext Plaintext Ciphertext Ciphertext

Ciphertext Ciphertext Plaintext Plaintext

 2. DES Cipher
2.6 MoDES of Operation

CFB: Cipher FeedBack

• Allow byte-wise encryption

Initialization Vector (IV) Initialization Vector (IV)

Block cipher Block cipher Block cipher Block cipher Block cipher Block cipher
Key Key Key Key Key Key
encryption encryption encryption encryption encryption encryption

Plaintext Plaintext Plaintext Ciphertext Ciphertext Ciphertext

Ciphertext Ciphertext Ciphertext Plaintext Plaintext Plaintext

Output Feedback (CFB) mode encryption

Output Feedback (CFB) mode decryption
2. DES Cipher
2.6 MoDES of Operation

OFB: Output FeedBack

• Allow byte-wise encryption

IV IV

KEY CIPHER CIPHER KEY CIPHER CIPHER

Plaintext Plaintext Ciphertext Ciphertext

Ciphertext Ciphertext Plaintext Plaintext

 2. DES Cipher
2.6 MoDES of Operation

OFB: Output FeedBack

• Allow byte-wise encryption

Initialization Vector (IV)

Initialization Vector (IV)

Block cipher Block cipher Block cipher Block cipher Block cipher Block cipher
Key Key Key Key Key Key
encryption encryption encryption encryption encryption encryption

Plaintext Plaintext Plaintext Plaintext Plaintext Plaintext

Ciphertext Ciphertext Ciphertext Ciphertext Ciphertext Ciphertext

Output Feedback (OFB) mode encryption Output Feedback (OFB) mode encryption
THANK YOU!