Q. 162 what are the various types of DES? what are the types of operations performed in DES?

Ans. 1. The Data Encryption Standard (DES) shall consist of the following Data Encryption Algorithm to be implemented in special purpose electronic devices. These devices shall be designed in such a way that they may be used in a computer system or network to provide cryptographic protection to binary coded data. The method of implementation will depend on the application and environment. The devices shall be implemented in such a way that they may be tested and validated as accurately performing the transformations specified in the following algorithm. DATA ENCRYPTION ALGORITHM Introduction The algorithm is designed to encipher and decipher blocks of data consisting of 64 bits under control of a 64-bit key.** Deciphering must be accomplished by using the same key as for enciphering, but with the schedule of addressing the key bits altered so that the deciphering process is the reverse of the enciphering process. A block to be enciphered is subjected to an initial permutation IP, then to a complex key-dependent computation and finally to a permutation which is the inverse of the initial permutation IP . The key-dependent computation can be simply defined in terms of a function f, called the cipher function, and a function KS, called the key schedule. A description of the computation is given first, along with details as to how the algorithm is used for encipherment. Next, the use of the algorithm for decipherment is described. Finally, a definition of the cipher function f is given in terms of primitive functions which are called the selection functions S and the permutation function P. S , P and KS of the algorithm are contained in the Appendix.
-1 i i

The following notation is convenient: Given two blocks L and R of bits, LR denotes the block consisting of the bits of L followed by the bits of R. Since concatenation is associative, B B ...B , for example, denotes the block consisting of the bits of B followed by the bits of B ...followed by the bits of B .
1 2 8 1 2 8

Figure 1. Enciphering computation. Enciphering A sketch of the enciphering computation is given in Figure 1. The 64 bits of the input block to be enciphered are first subjected to the following permutation, called the initial permutation IP:
IP 58 60 62 64 57 59 61 63 50 52 54 56 49 51 53 55 42 44 46 48 41 43 45 47 34 36 38 40 33 35 37 39 26 28 30 32 25 27 29 31 18 20 22 24 17 19 21 23 10 12 14 16 9 11 13 15 2 4 6 8 1 3 5 7

That is the permuted input has bit 58 of the input as its first bit, bit 50 as its second bit, and so on with bit 7 as its last bit. The permuted input block is then the input to a complex key-dependent computation described below. The output of

that computation, called the preoutput, is then subjected to the following permutation which is the inverse of the initial permutation:
IP-1 40 39 38 37 36 35 34 33 8 7 6 5 4 3 2 1 48 47 46 45 44 43 42 41 16 15 14 13 12 11 10 9 56 55 54 53 52 51 50 49 24 23 22 21 20 19 18 17 64 63 62 61 60 59 58 57 32 31 30 29 28 27 26 25

That is, the output of the algorithm has bit 40 of the preoutput block as its first bit, bit 8 as its second bit, and so on, until bit 25 of the preoutput block is the last bit of the output. The computation which uses the permuted input block as its input to produce the preoutput block consists, but for a final interchange of blocks, of 16 iterations of a calculation that is described below in terms of the cipher function f which operates on two blocks, one of 32 bits and one of 48 bits, and produces a block of 32 bits. Let the 64 bits of the input block to an iteration consist of a 32 bit block L followed by a 32 bit block R. Using the notation defined in the introduction, the input block is then LR. Let K be a block of 48 bits chosen from the 64-bit key. Then the output L'R' of an iteration with input LR is defined by:
(1) L' = R R' = L(+)f(R,K)

where (+) denotes bit-by-bit addition modulo 2. As remarked before, the input of the first iteration of the calculation is the permuted input block. If L'R' is the output of the 16th iteration then R'L' is the preoutput block. At each iteration a different block K of key bits is chosen from the 64-bit key designated by KEY. With more notation we can describe the iterations of the computation in more detail. Let KS be a function which takes an integer n in the range from 1 to 16 and a 64-bit block KEY as input and yields as output a 48-bit block K which is a permuted selection of bits from KEY. That is
n

(2)

Kn = KS(n,KEY)

with K determined by the bits in 48 distinct bit positions of KEY. KS is called the key schedule because the block K used in the n'th iteration of (1) is the block K determined by (2).
n n

As before, let the permuted input block be LR. Finally, let L and R be respectively L and R and let Ln and Rn be respectively L' and R' of (1) when L and R are respectively L and R and K is K ; that is, when n is in the range from 1 to 16,
() () n-1 n-1 n

(3)

Ln = Rn-1 Rnn = Ln-1(+)f(Rn-1,Kn)

16 16

The preoutput block is then R L . The key schedule KS of the algorithm is described in detail in the Appendix. The key schedule produces the 16 K which are required for the algorithm.
n

Deciphering The permutation IP applied to the preoutput block is the inverse of the initial permutation IP applied to the input. Further, from (1) it follows that:
-1

(4)

R = L' L = R' (+) f(L',K)

Consequently, to decipher it is only necessary to apply the very same algorithm to an enciphered message block, taking care that at each iteration of the computation the same block of key bits K is used during decipherment as was used during the encipherment of the block. Using the notation of the previous section, this can be expressed by the equations:
(5) Rn-1 = Ln Ln-1 = Rn (+) f(Ln,Kn)
16 16

where now R L is the permuted input block for the deciphering calculation and L and R is the preoutput block. That is, for the decipherment calculation with R L as the permuted input, K is used in the first iteration, K in the second, and so on, with K used in the 16th iteration.
() () 16 16 16 15 1

The Cipher Function f A sketch of the calculation of f(R,K) is given in Figure 2.

Figure 2. Calculation of f(R,K). Let E denote a function which takes a block of 32 bits as input and yields a block of 48 bits as output. Let E be such that the 48 bits of its output, written as 8 blocks of 6 bits each, are obtained by selecting the bits in its inputs in order according to the following table:
E BIT-SELECTION TABLE 32 4 8 12 16 20 24 28 1 5 9 13 17 21 25 29 2 6 10 14 18 22 26 30 3 7 11 15 19 23 27 31 4 8 12 16 20 24 28 32 5 9 13 17 21 25 29 1

The Data Encryption Standard (DES), is the name of the Federal Information Processing Standard (FIPS) 46-3, which describes the data encryption algorithm (DEA). The DEA is also defined in the ANSI standard X3.92. DEA is an improvement of the algorithm Lucifer developed by IBM in the early 1970s. IBM, the National Security Agency (NSA) and the National Bureau of Standards (NBS now National Institute of Standards and Technology NIST) developed the algorithm. The DES has been extensively studied since its publication and is the most widely used symmetric algorithm in the world. The DES has a 64-bit block size and uses a 56-bit key during execution (8 parity bits are stripped off from the full 64-bit key). DES is a symmetric cryptosystem, specifically a 16-round Feistel cipher. When used for communication, both sender and receiver must know the same secret key, which can be used to encrypt and decrypt the message, or to

generate and verify a Message Authentication Code (MAC). The DES can also be used for single-user encryption, such as to store files on a hard disk in encrypted form. Modes of Operation

ECB (Electronic Code Book) o This is the regular DES algorithm. o Data is divided into 64-bit blocks and each block is encrypted one at a time. o Separate encryptions with different blocks are totally independent of each other. o This means that if data is transmitted over a network or phone line, transmission errors will only affect the block containing the error. o It also means, however, that the blocks can be rearranged, thus scrambling a file beyond recognition, and this action would go undetected. o ECB is the weakest of the various modes because no additional security measures are implemented besides the basic DES algorithm. o However, ECB is the fastest and easiest to implement, making it the most common mode of DES.

CBC (Cipher Block Chaining) o In this mode of operation, each block of ECB encrypted ciphertext is XORed with the next plaintext block to be encrypted, thus making all the blocks dependent on all the previous blocks. o This means that in order to find the plaintext of a particular block, you need to know the ciphertext, the key, and the ciphertext for the previous block. o The first block to be encrypted has no previous ciphertext, so the plaintext is XORed with a 64-bit number called the Initialization Vector, or IV for short. o So if data is transmitted over a network or phone line and there is a transmission error, the error will be carried forward to all subsequent blocks since each block is dependent upon the last. o This mode of operation is more secure than ECB because the extra XOR step adds one more layer to the encryption process.

CFB (Cipher Feedback) o In this mode, blocks of plaintext that are less than 64 bits long can be encrypted. o Normally, special processing has to be used to handle files whose size is not a perfect multiple of 8 bytes, but this mode removes that necessity

o o

(Stealth handles this case by adding several dummy bytes to the end of a file before encrypting it). The plaintext itself is not actually passed through the DES algorithm, but merely XORed with an output block from it, in the following manner: A 64-bit block called the Shift Register is used as the input plaintext to DES. This is initially set to some arbitrary value, and encrypted with the DES algorithm. The ciphertext is then passed through an extra component called the M-box, which simply selects the left-most M bits of the ciphertext, where M is the number of bits in the block we wish to encrypt. This value is XORed with the real plaintext, and the output of that is the final ciphertext. Finally, the ciphertext is fed back into the Shift Register, and used as the plaintext seed for the next block to be encrypted. As with CBC mode, an error in one block affects all subsequent blocks during data transmission. This mode of operation is similar to CBC and is very secure, but it is slower than ECB due to the added complexity.

OFB (Output Feedback) o This is similar to CFB mode, except that the ciphertext output of DES is fed back into the Shift Register, rather than the actual final ciphertext. o The Shift Register is set to an arbitrary initial value, and passed through the DES algorithm. o The output from DES is passed through the M-box and then fed back into the Shift Register to prepare for the next block. o This value is then XORed with the real plaintext (which may be less than 64 bits in length, like CFB mode), and the result is the final ciphertext. o Note that unlike CFB and CBC, a transmission error in one block will not affect subsequent blocks because once the recipient has the initial Shift Register value, it will continue to generate new Shift Register plaintext inputs without any further data input. o This mode of operation is less secure than CFB mode because only the real ciphertext and DES ciphertext output is needed to find the plaintext of the most recent block. o Knowledge of the key is not required.

VOCAL's embedded software libraries include a complete range of ETSI / ITU / IEEE compliant algorithms, in addition to many other standard and proprietary algorithms. Our software is optimized for execution on ANSI C and leading DSP architectures (TI, ADI, AMD, ARM, MIPS, CEVA, LSI Logic ZSP, etc.). These libraries are modular and can be executed as a single task under a variety of operating systems or standalone with its own microkernel.
DES Datasheet