What Is The DES Algorithm? Data Encryption Standard (DES) Is A Block Cipher Algorithm That Takes Plain Text
What Is The DES Algorithm? Data Encryption Standard (DES) Is A Block Cipher Algorithm That Takes Plain Text
Data Encryption Standard (DES) is a block cipher algorithm that takes plain text
in blocks of 64 bits and converts them to ciphertext using keys of 48 bits. It is a
symmetric key algorithm, which means that the same key is used for encrypting
and decrypting data.
There are 16 rounds of encryption in the algorithm, and a different key is used for
each round. How keys are generated is listed below.
Bits are labeled from 1 to 64 starting from the most significant bit and going to the
least significant bit.
1. Compress and transpose the given 64-bit key into a 48-bit key using the
following table:
PC-1 table
PC-2 table
5. The result of step 3 is the input for the next round of key generation.
2. Divide the result into equal parts: left plain text (1-32 bits) and right plain
text (33-64 bits)
3. The resulting parts undergo 16 rounds of encryption in each round.
The right plain text is expanded using the following expansion table:
4. The expanded right plain text now consists of 48 bits and is XORed with the
48-bit key.
5. The result of the previous step is divided into 8 boxes. Each box contains 6
bits. After going through the eight substitution boxes, each box is reduced
from 6 bits to 4 bits. The first and last bit of each box provides the row
index, and the remaining bits provide the column index. These indices are
used to look-up values in a substitution box. A substitution box has 4 rows,
16 columns, and contains numbers from 0 to 15.
6. The result is transposed in accordance with the following rule:
7. XOR the left half with the result from the above step. Store this in the right
plain text.
8. Store the initial right plain text in the left plain text.
9. These halves are inputs for the next round. Remember that there are different
keys for each round.
10.After the 16 rounds of encryption, swap the left plain text and the right plain
text.
11.Finally, apply the inverse permutation (inverse of the initial permutation),
and the ciphertext will be generated.
Since it’s a symmetric-key algorithm, it employs the same key in both encrypting
and decrypting the data. If it were an asymmetrical algorithm, it would use
different keys for encryption and decryption.
DES is based on the Feistel block cipher, called LUCIFER, developed in 1971 by
IBM cryptography researcher Horst Feistel. DES uses 16 rounds of the Feistel
structure, using a different key for each round.
DES became the approved federal encryption standard in November 1976 and was
subsequently reaffirmed as the standard in 1983, 1988, and 1999.
Gain expertise in IT Security including security and risk management, and more
with CISSP Certification Training Course. Check out course curriculum.
Triple DES is a symmetric key-block cipher which applies the DES cipher in
triplicate. It encrypts with the first key (k1), decrypts using the second key (k2),
then encrypts with the third key (k3). There is also a two-key variant, where k1 and
k3 are the same keys.
Key Takeaways
The NIST had to replace the DES algorithm because its 56-bit key lengths
were too small, considering the increased processing power of newer
computers. Encryption strength is related to the key size, and DES found
itself a victim of the ongoing technological advances in computing. It
reached a point where 56-bit was no longer good enough to handle the new
challenges to encryption.
Note that just because DES is no longer the NIST federal standard, it doesn’t
mean that it’s no longer in use. Triple DES is still used today, but it’s
considered a legacy encryption algorithm. Note that NIST plans to disallow
all forms of Triple-DES from 2024 onward.
Now in our understanding of what is DES, let us next look into the DES algorithm
steps.
To put it in simple terms, DES takes 64-bit plain text and turns it into a 64-bit
ciphertext. And since we’re talking about asymmetric algorithms, the same key is
used when it’s time to decrypt the text.
1. The process begins with the 64-bit plain text block getting handed over to an
initial permutation (IP) function.
2. The initial permutation (IP) is then performed on the plain text.
3. Next, the initial permutation (IP) creates two halves of the permuted block,
referred to as Left Plain Text (LPT) and Right Plain Text (RPT).
4. Each LPT and RPT goes through 16 rounds of the encryption process.
5. Finally, the LPT and RPT are rejoined, and a Final Permutation (FP) is
performed on the newly combined block.
6. The result of this process produces the desired 64-bit ciphertext.
1. Key transformation
2. Expansion permutation
3. S-Box permutation
4. P-Box permutation
5. XOR and swap
For decryption, we use the same algorithm, and we reverse the order of the 16
round keys.
Next, to better understand what is DES, let us learn the various modes of operation
for DES.
Experts using DES have five different modes of operation to choose from.
We will next improve our understanding of what DES is, let us look into the DES
implementation and testing.
It’s also essential to test the encryption to make sure it is properly implemented.
You can find a testing procedure that will do the trick using the recurrence relation
found on GitHub.
Now that we have come so far in our understanding of what is DES, let us next
look into the reasons to learn DES.
Despite DES losing the lofty position of being the go-to data encryption standard
algorithm, it’s still worth learning. There will always be room for the DES
algorithm in cryptography because it was the foundation for subsequent encryption
algorithms. If you understand the origins of data encryption, you will consequently
have an easier time grasping the basics of current encryption methods.
Have a look at the video below which explains steps for encryption and decryption
in detail, future of the Data Encryption Standard in cryptography and live example
to further highlight the characteristics of DES encryption.
After having gone through and understanding what is DES, let us look into ways to
improve our cybersecurity skills.
If, on the other hand, you won’t settle for anything less than becoming a full-
fledged cybersecurity professional, go for the Cybersecurity Expert Master’s
program. The program features a half-dozen courses that will impart the necessary
foundational, intermediate and advanced security skills for you to become a
cybersecurity expert.
Test yourself in information security concepts and other aspects of IT security with
these CISSP Exam Prep Questions. Try answering now!
After having learned all about what is DES, if you need a good launching point for
a cybersecurity career, then you should check out Simplilearn’s CISSP
Certification course. This outstanding Certified Information Systems Security
Professional (CISSP) course teaches you how to define a secure IT architecture,
and subsequently, design, build and maintain a secure business environment using
globally approved information security standards. The course explores the industry
best practices for IT and prepares you for the CISSP certification exam
administered by (ISC)².
You receive more than 60 hours of in-depth learning, five simulation test papers
for CISSP certification exam preparation, the requisite 30 CPEs needed for taking
the exam, and a CISSP exam voucher. According to Payscale, a Security
Operations Specialist earns an annual average of USD 80,000. Today, there is a
growing shortage of cybersecurity professionals, so if you want a career that offers
security and excellent compensation, visit Simplilearn and get started!
Triple DES
Key option #3 is known as triple DES. The triple DES key length contains 168 bits
but the key security falls to 112 bits.
Advertisement
Triple DES is advantageous because it has a significantly sized key length, which
is longer than most key lengths affiliated with other encryption modes. However,
the DES algorithm was replaced by the Advanced Encryption Standard by the
National Institute of Standards and Technology (NIST). Thus, the Triple DES is
now considered to be obsolete. Yet, it is often used in conjunction with Triple
DES. It derives from single DES but the technique is used in triplicate and involves
three sub keys and key padding when necessary, such as instances where the keys
must be increased to 64 bits in length. Known for its compatibility and flexibility,
software can easily be converted for Triple DES inclusion. Therefore, it may not be
nearly as obsolete as deemed by NIST.
Triple DES encrypts input data three times. The three keys are referred to as k1, k2
and k3. This technology is contained within the standard of ANSIX9.52. Triple
DES is backward compatible with regular DES.
According to draft guidance published by NIST on July 19, 2018, the Triple Data
Encryption Algorithm (TDEA or 3DES) is officially being retired. The guidelines
propose that, after a period of public consultation, 3DES is deprecated for all new
applications and usage is disallowed after 2023.
First introduced in 1998, the 3DES algorithm is still broadly adopted in finance,
payment and other private industry to encrypt data in-transit and at-rest, including
EMV keys for protecting credit card transactions. The proposal to formally retire
the algorithm is not entirely surprising, especially considering historical
movements by NIST:
In July 2017, NIST initially proposed retiring 3DES following a security analysis
and practical demonstration of attacks on 3DES in several real-world protocols. In
November 2017, NIST restricted usage to 220 64-bit blocks (8 MB of data) using a
single key bundle, so it could no longer effectively be used for TLS, IPsec, or large
file encryption.
NIST Terminology
Deprecated means “the use of the algorithm and key length is allowed, but
the user must accept some risk.”
What is 3DES?
The Triple Data Encryption Algorithm, alternately referred to as Triple DES (Data
Encryption Standard), 3DES, TDES, Triple DEA, or TDEA, is a symmetric key-
block cipher which applies the DES cipher in triplicate by encrypting with the first
key (k1), decrypting with the second key (k2), and encrypting with the third key
(k3). A two-key variant also exists, where k1 and k3 are the same.
NIST first initiated discussion of deprecating 3DES following the analysis and
demonstration of attacks on 3DES. The Sweet32 vulnerability was made public by
researchers Karthikeyan Bhargavan and Gaëtan Leurent. This research exploited a
known vulnerability to collision attacks in 3DES and other 64-bit block cipher
suites which are greatest during lengthy transmissions, the exchange of content
files, or transmissions vulnerable to text injection. After the exposure of this
vulnerability, NIST proposed 3DES be deprecated, and soon thereafter, restricted
its usage.
3DES is a major algorithm, and one which is deeply embedded into payment
systems, standards and technology in the finance industry. The five-year timeline
proposed by NIST to disallow the use of 3DES could present challenges for the
industry due to non-upgradable infrastructure, billions of credit cards in circulation
and potential interoperability issues.
Organizations using 3DES should be aware of how this algorithm is used within
their network environment and the cloud, including its use by vendors. Working to
develop an understanding of 3DES implementations can enable organizations to
proactively manage 3DES risks with regards to discovered vulnerabilities within
the algorithm and the sensitivity of business data.
Achieving Crypto-Agility
As firms consider compliance and threats, crypto-agility can enable fast response
to emerging research and recommendations by supporting the transition from one
encryption standard to another at a moment’s notice. Solutions for cryptography as
a service enable organizations in highly-regulated industries to protect business-
critical data with globally compliant solutions for encryption.