What is the DES algorithm?

Data Encryption Standard (DES) is a block cipher algorithm that takes plain text
in blocks of 64 bits and converts them to ciphertext using keys of 48 bits. It is a
symmetric key algorithm, which means that the same key is used for encrypting
and decrypting data.

Encryption and decryption using the DES algorithm.

Steps for generating keys

There are 16 rounds of encryption in the algorithm, and a different key is used for
each round. How keys are generated is listed below.

Bits are labeled from 1 to 64 starting from the most significant bit and going to the
least significant bit.

1. Compress and transpose the given 64-bit key into a 48-bit key using the
following table:

PC-1 table

2. Divide the result into two equal parts: C and D.

3. C and D are left-shifted circularly. For encryption rounds 1, 2, 9, and 16 they
are left shifted circularly by 1 bit; for all of the other rounds, they are left-
circularly shifted by 2.
4. The result is compressed to 48 bits in accordance with the following rule:

PC-2 table

5. The result of step 3 is the input for the next round of key generation.

Steps for encryption

 1. Transpose the bits in the 64-block according to the following:

The initial permutation table

2. Divide the result into equal parts: left plain text (1-32 bits) and right plain
text (33-64 bits)
3. The resulting parts undergo 16 rounds of encryption in each round.

The right plain text is expanded using the following expansion table:

4. The expanded right plain text now consists of 48 bits and is XORed with the
48-bit key.
5. The result of the previous step is divided into 8 boxes. Each box contains 6
bits. After going through the eight substitution boxes, each box is reduced
from 6 bits to 4 bits. The first and last bit of each box provides the row
index, and the remaining bits provide the column index. These indices are
used to look-up values in a substitution box. A substitution box has 4 rows,
16 columns, and contains numbers from 0 to 15.
6. The result is transposed in accordance with the following rule:

The permutation table

7. XOR the left half with the result from the above step. Store this in the right
plain text.
8. Store the initial right plain text in the left plain text.
9. These halves are inputs for the next round. Remember that there are different
keys for each round.
10.After the 16 rounds of encryption, swap the left plain text and the right plain
text.
11.Finally, apply the inverse permutation (inverse of the initial permutation),
and the ciphertext will be generated.

Steps for decryption

The order of the 16 48-bit keys is reversed such that key 16 becomes key 1, and so
on. Then, the steps for encryption are applied to the ciphertext.

What is the DES Algorithm in Cyber Security?

The DES (Data Encryption Standard) algorithm is a symmetric-key block cipher

created in the early 1970s by an IBM team and adopted by the National Institute of
Standards and Technology (NIST). The algorithm takes the plain text in 64-bit
blocks and converts them into ciphertext using 48-bit keys.

Since it’s a symmetric-key algorithm, it employs the same key in both encrypting
and decrypting the data. If it were an asymmetrical algorithm, it would use
different keys for encryption and decryption.

PGP in Cyber Security With Modules From MIT SCC

Your Cyber Security Career Success Starts Here!View Course

History of DES Algorithm

DES is based on the Feistel block cipher, called LUCIFER, developed in 1971 by
IBM cryptography researcher Horst Feistel. DES uses 16 rounds of the Feistel
structure, using a different key for each round.

DES became the approved federal encryption standard in November 1976 and was
subsequently reaffirmed as the standard in 1983, 1988, and 1999.

DES’s dominance came to an end in 2002, when the Advanced Encryption

Standard (AES) replaced the DES encryption algorithm as the accepted standard,
following a public competition to find a replacement. The NIST officially
withdrew FIPS 46-3 (the 1999 reaffirmation) in May 2005, although Triple DES
(3DES), remains approved for sensitive government information through 2030.

Gain expertise in IT Security including security and risk management, and more
with CISSP Certification Training Course. Check out course curriculum.

Triple DES Algorithm

Triple DES is a symmetric key-block cipher which applies the DES cipher in
triplicate. It encrypts with the first key (k1), decrypts using the second key (k2),
then encrypts with the third key (k3). There is also a two-key variant, where k1 and
k3 are the same keys.

Key Takeaways

 The NIST had to replace the DES algorithm because its 56-bit key lengths
were too small, considering the increased processing power of newer
computers. Encryption strength is related to the key size, and DES found
itself a victim of the ongoing technological advances in computing. It
reached a point where 56-bit was no longer good enough to handle the new
challenges to encryption.
 Note that just because DES is no longer the NIST federal standard, it doesn’t
mean that it’s no longer in use. Triple DES is still used today, but it’s
considered a legacy encryption algorithm. Note that NIST plans to disallow
all forms of Triple-DES from 2024 onward. 

Now in our understanding of what is DES, let us next look into the DES algorithm
steps.

DES Algorithm Steps

To put it in simple terms, DES takes 64-bit plain text and turns it into a 64-bit
ciphertext. And since we’re talking about asymmetric algorithms, the same key is
used when it’s time to decrypt the text.

The algorithm process breaks down into the following steps:

1. The process begins with the 64-bit plain text block getting handed over to an
initial permutation (IP) function.
2. The initial permutation (IP) is then performed on the plain text.
3. Next, the initial permutation (IP) creates two halves of the permuted block,
referred to as Left Plain Text (LPT) and Right Plain Text (RPT).
4. Each LPT and RPT goes through 16 rounds of the encryption process.
5. Finally, the LPT and RPT are rejoined, and a Final Permutation (FP) is
performed on the newly combined block.
6. The result of this process produces the desired 64-bit ciphertext.

FREE Course: Introduction to Cyber Security

Learn and master the basics of cybersecurityEnrol Now
The encryption process step (step 4, above) is further broken down into five stages:

1. Key transformation
2. Expansion permutation
3. S-Box permutation
4. P-Box permutation
5. XOR and swap

For decryption, we use the same algorithm, and we reverse the order of the 16
round keys.

Next, to better understand what is DES, let us learn the various modes of operation
for DES.

DES Modes of Operation

Experts using DES have five different modes of operation to choose from.

 Electronic Codebook (ECB). Each 64-bit block is encrypted and decrypted

independently
 Cipher Block Chaining (CBC). Each 64-bit block depends on the previous
one and uses an Initialization Vector (IV)
 Cipher Feedback (CFB). The preceding ciphertext becomes the input for the
encryption algorithm, producing pseudorandom output, which in turn is
XORed with plaintext, building the next ciphertext unit
 Output Feedback (OFB). Much like CFB, except that the encryption
algorithm input is the output from the preceding DES
 Counter (CTR). Each plaintext block is XORed with an encrypted counter.
The counter is then incremented for each subsequent block

We will next improve our understanding of what DES is, let us look into the DES
implementation and testing.

DES Implementation and Testing

DES implementation requires a security provider. However, there are many

available providers to choose from, but selecting one is the essential initial step in
implementation. Your selection may depend on the language you are using, such as
Java, Python, C, or MATLAB.
Once you decide on a provider, you must choose whether to have a random secret
key generated by the KeyGenerator or create a key yourself, using a plaintext or
byte array.

It’s also essential to test the encryption to make sure it is properly implemented.
You can find a testing procedure that will do the trick using the recurrence relation
found on GitHub.     

Now that we have come so far in our understanding of what is DES, let us next
look into the reasons to learn DES.

Free Course: CISSP

Free Introduction to Information SecurityStart Learning

If DES is Becoming Irrelevant, Why Learn It?

Despite DES losing the lofty position of being the go-to data encryption standard
algorithm, it’s still worth learning. There will always be room for the DES
algorithm in cryptography because it was the foundation for subsequent encryption
algorithms. If you understand the origins of data encryption, you will consequently
have an easier time grasping the basics of current encryption methods.

Have a look at the video below which explains steps for encryption and decryption
in detail, future of the Data Encryption Standard in cryptography and live example
to further highlight the characteristics of DES encryption.

After having gone through and understanding what is DES, let us look into ways to
improve our cybersecurity skills.

Do You Want to Improve Your Cybersecurity Skills?

Encryption is just one aspect of cybersecurity. There is so much to learn in this

vast field beginning, and the more you know, the more marketable a candidate you
become when looking for a career in the field. One can never possess too much
knowledge!

To that end, Simplilearn offers an impressive variety of cybersecurity-related

courses for your benefit. You can learn to become a “white hat hacker” through the
CEH (v10) Certified Ethical Hacking course, or become a security systems auditor
with CISA certification. You can gain a deeper understanding of managing and
governing enterprise IT environments with the COBIT Certification Training
course or learn the principles of network security and risk management through the
CompTIA Security+ Certification - SY0-501 Exam Training course.

If, on the other hand, you won’t settle for anything less than becoming a full-
fledged cybersecurity professional, go for the Cybersecurity Expert Master’s
program. The program features a half-dozen courses that will impart the necessary
foundational, intermediate and advanced security skills for you to become a
cybersecurity expert.

Test yourself in information security concepts and other aspects of IT security with
these CISSP Exam Prep Questions. Try answering now!

How Would You Like a Career in Cybersecurity?

After having learned all about what is DES, if you need a good launching point for
a cybersecurity career, then you should check out Simplilearn’s CISSP
Certification course. This outstanding Certified Information Systems Security
Professional (CISSP) course teaches you how to define a secure IT architecture,
and subsequently, design, build and maintain a secure business environment using
globally approved information security standards. The course explores the industry
best practices for IT and prepares you for the CISSP certification exam
administered by (ISC)².

You receive more than 60 hours of in-depth learning, five simulation test papers
for CISSP certification exam preparation, the requisite 30 CPEs needed for taking
the exam, and a CISSP exam voucher. According to Payscale, a Security
Operations Specialist earns an annual average of USD 80,000. Today, there is a
growing shortage of cybersecurity professionals, so if you want a career that offers
security and excellent compensation, visit Simplilearn and get started!

Triple DES

Last updated: August 18, 2011

What Does Triple DES Mean?

Triple Data Encryption Standard (DES) is a type of computerized cryptography

where block cipher algorithms are applied three times to each data block. The key
size is increased in Triple DES to ensure additional security through encryption
capabilities. Each block contains 64 bits of data. Three keys are referred to as
bundle keys with 56 bits per key. There are three keying options in data encryption
standards:

1. All keys being independent

2. Key 1 and key 2 being independent keys
3. All three keys being identical

Key option #3 is known as triple DES. The triple DES key length contains 168 bits
but the key security falls to 112 bits.

Advertisement

Techopedia Explains Triple DES

Triple DES is advantageous because it has a significantly sized key length, which
is longer than most key lengths affiliated with other encryption modes. However,
the DES algorithm was replaced by the Advanced Encryption Standard by the
National Institute of Standards and Technology (NIST). Thus, the Triple DES is
now considered to be obsolete. Yet, it is often used in conjunction with Triple
DES. It derives from single DES but the technique is used in triplicate and involves
three sub keys and key padding when necessary, such as instances where the keys
must be increased to 64 bits in length. Known for its compatibility and flexibility,
software can easily be converted for Triple DES inclusion. Therefore, it may not be
nearly as obsolete as deemed by NIST.

Triple DES encrypts input data three times. The three keys are referred to as k1, k2
and k3. This technology is contained within the standard of ANSIX9.52. Triple
DES is backward compatible with regular DES.

According to draft guidance published by NIST on July 19, 2018, the Triple Data
Encryption Algorithm (TDEA or 3DES) is officially being retired. The guidelines
propose that, after a period of public consultation, 3DES is deprecated for all new
applications and usage is disallowed after 2023.

Background on the 3DES Guidance

First introduced in 1998, the 3DES algorithm is still broadly adopted in finance,
payment and other private industry to encrypt data in-transit and at-rest, including
EMV keys for protecting credit card transactions. The proposal to formally retire
the algorithm is not entirely surprising, especially considering historical
movements by NIST:

 The Advanced Encryption Standard (AES) was introduced in 2001 to

replace 3DES
 Data Encryption Standard (DES), the algorithm 3DES is based on, was
retired in 2005
 The two-key variant of 3DES was retired in 2015

In July 2017, NIST initially proposed retiring 3DES following a security analysis
and practical demonstration of attacks on 3DES in several real-world protocols. In
November 2017, NIST restricted usage to 220 64-bit blocks (8 MB of data) using a
single key bundle, so it could no longer effectively be used for TLS, IPsec, or large
file encryption.

NIST Terminology

 Deprecated means “the use of the algorithm and key length is allowed, but
the user must accept some risk.”

 Disallowed means an “algorithm or key length is no longer allowed for the

indicated use.”

The designation of a major encryption algorithm as a security risk has implications

to US Federal Institutions and vendors subject to NIST guidelines. This
announcement is also a reflection on best practices for institutions in the finance
industry, and could impact PCI cryptography recommendations.  

What is 3DES?

The Triple Data Encryption Algorithm, alternately referred to as Triple DES (Data
Encryption Standard), 3DES, TDES, Triple DEA, or TDEA, is a symmetric key-
block cipher which applies the DES cipher in triplicate by encrypting with the first
key (k1), decrypting with the second key (k2), and encrypting with the third key
(k3). A two-key variant also exists, where k1 and k3 are the same.

Why 3DES is Likely to Be Disallowed after 2023

3DES is a ciphersuite based on the Data Encryption Standard developed by IBM in

the early 1970s and adopted by NIST (with minor changes) in 1977. 3DES was
introduced during a period of transition between two major algorithms. In 1997,
NIST announced a formal search for candidate algorithms to replace DES. In 2001,
AES was released with the intention of coexisting with 3DES until 2030,
permitting a gradual transition. However, the retirement of 3DES has been likely
accelerated by research which has revealed significant vulnerabilities and is, by
some accounts, long overdue.

NIST first initiated discussion of deprecating 3DES following the analysis and
demonstration of attacks on 3DES. The Sweet32 vulnerability was made public by
researchers Karthikeyan Bhargavan and Gaëtan Leurent. This research exploited a
known vulnerability to collision attacks in 3DES and other 64-bit block cipher
suites which are greatest during lengthy transmissions, the exchange of content
files, or transmissions vulnerable to text injection. After the exposure of this
vulnerability, NIST proposed 3DES be deprecated, and soon thereafter, restricted
its usage.  

Understanding the Implications of 3DES’ Deprecation

3DES is a major algorithm, and one which is deeply embedded into payment
systems, standards and technology in the finance industry. The five-year timeline
proposed by NIST to disallow the use of 3DES could present challenges for the
industry due to non-upgradable infrastructure, billions of credit cards in circulation
and potential interoperability issues.

Organizations using 3DES should be aware of how this algorithm is used within
their network environment and the cloud, including its use by vendors. Working to
develop an understanding of 3DES implementations can enable organizations to
proactively manage 3DES risks with regards to discovered vulnerabilities within
the algorithm and the sensitivity of business data.

To protect mission-critical data during the transition period to AES or another

method of encryption, organizations can adopt stop-gap measures, such as
changing 3DES keys more frequently.

Achieving Crypto-Agility

Organizations should be aware of the dangers created by inertia or accepting the

business risks of deeply-embedded ciphersuites which are insecure. With the threat
of quantum computing on the horizon, threatening to break many of today’s most
popular algorithms, NIST’s recommendation is for organizations to “plan for
cryptographic agility to facilitate transitions to quantum-resistant algorithms where
needed in the future.“

As firms consider compliance and threats, crypto-agility can enable fast response
to emerging research and recommendations by supporting the transition from one
encryption standard to another at a moment’s notice. Solutions for cryptography as
a service enable organizations in highly-regulated industries to protect business-
critical data with globally compliant solutions for encryption.