The Data Encryption Standard (DES) is a symmetric-key block cipher published by

the National Institute of Standards and Technology (NIST).

DES is an implementation of a Feistel Cipher. It uses 16 round Feistel structure.
The block size is 64-bit. Though, key length is 64-bit, DES has an effective key
length of 56 bits, since 8 of the 64 bits of the key are not used by the encryption
algorithm (function as check bits only). General Structure of DES is depicted in the
following illustration −

Since DES is based on the Feistel Cipher, all that is required to specify DES is −

 Round function
 Key schedule
 Any additional processing − Initial and final permutation

Initial and Final Permutation

The initial and final permutations are straight Permutation boxes (P-boxes) that are
inverses of each other. They have no cryptography significance in DES. The initial
and final permutations are shown as follows −
Round Function
The heart of this cipher is the DES function, f. The DES function applies a 48-bit key
to the rightmost 32 bits to produce a 32-bit output.
 Expansion Permutation Box − Since right input is 32-bit and round key is a
48-bit, we first need to expand right input to 48 bits. Permutation logic is
graphically depicted in the following illustration −

 The graphically depicted permutation logic is generally described as table in

DES specification illustrated as shown −
 XOR (Whitener). − After the expansion permutation, DES does XOR
operation on the expanded right section and the round key. The round key is
used only in this operation.
 Substitution Boxes. − The S-boxes carry out the real mixing (confusion).
DES uses 8 S-boxes, each with a 6-bit input and a 4-bit output. Refer the
following illustration −

 The S-box rule is illustrated below −

  There are a total of eight S-box tables. The output of all eight s-boxes is then
combined in to 32 bit section.
 Straight Permutation − The 32 bit output of S-boxes is then subjected to the
straight permutation with rule shown in the following illustration:

Key Generation
The round-key generator creates sixteen 48-bit keys out of a 56-bit cipher key. The
process of key generation is depicted in the following illustration −
The logic for Parity drop, shifting, and Compression P-box is given in the DES
description.

DES Analysis
The DES satisfies both the desired properties of block cipher. These two properties
make cipher very strong.
 Avalanche effect − A small change in plaintext results in the very great
change in the ciphertext.
 Completeness − Each bit of ciphertext depends on many bits of plaintext.
During the last few years, cryptanalysis have found some weaknesses in DES when
key selected are weak keys. These keys shall be avoided.
DES has proved to be a very well designed block cipher. There have been no
significant cryptanalytic attacks on DES other than exhaustive key search.
The more popular and widely adopted symmetric encryption algorithm likely to be
encountered nowadays is the Advanced Encryption Standard (AES). It is found at
least six time faster than triple DES.
A replacement for DES was needed as its key size was too small. With increasing
computing power, it was considered vulnerable against exhaustive key search
attack. Triple DES was designed to overcome this drawback but it was found slow.
The features of AES are as follows −

 Symmetric key symmetric block cipher

 128-bit data, 128/192/256-bit keys
 Stronger and faster than Triple-DES
 Provide full specification and design details
 Software implementable in C and Java

Operation of AES
AES is an iterative rather than Feistel cipher. It is based on ‘substitution–
permutation network’. It comprises of a series of linked operations, some of which
involve replacing inputs by specific outputs (substitutions) and others involve
shuffling bits around (permutations).
Interestingly, AES performs all its computations on bytes rather than bits. Hence,
AES treats the 128 bits of a plaintext block as 16 bytes. These 16 bytes are
arranged in four columns and four rows for processing as a matrix −
Unlike DES, the number of rounds in AES is variable and depends on the length of
the key. AES uses 10 rounds for 128-bit keys, 12 rounds for 192-bit keys and 14
rounds for 256-bit keys. Each of these rounds uses a different 128-bit round key,
which is calculated from the original AES key.
The schematic of AES structure is given in the following illustration −
Encryption Process
Here, we restrict to description of a typical round of AES encryption. Each round
comprise of four sub-processes. The first round process is depicted below −

Byte Substitution (SubBytes)

The 16 input bytes are substituted by looking up a fixed table (S-box) given in
design. The result is in a matrix of four rows and four columns.
Shiftrows
Each of the four rows of the matrix is shifted to the left. Any entries that ‘fall off’ are
re-inserted on the right side of row. Shift is carried out as follows −
 First row is not shifted.
 Second row is shifted one (byte) position to the left.
 Third row is shifted two positions to the left.
 Fourth row is shifted three positions to the left.
 The result is a new matrix consisting of the same 16 bytes but shifted with
respect to each other.
MixColumns
Each column of four bytes is now transformed using a special mathematical
function. This function takes as input the four bytes of one column and outputs four
completely new bytes, which replace the original column. The result is another new
matrix consisting of 16 new bytes. It should be noted that this step is not performed
in the last round.
Addroundkey
The 16 bytes of the matrix are now considered as 128 bits and are XORed to the
128 bits of the round key. If this is the last round then the output is the ciphertext.
Otherwise, the resulting 128 bits are interpreted as 16 bytes and we begin another
similar round.

Decryption Process
The process of decryption of an AES ciphertext is similar to the encryption process
in the reverse order. Each round consists of the four processes conducted in the
reverse order −

 Add round key

 Mix columns
 Shift rows
 Byte substitution
Since sub-processes in each round are in reverse manner, unlike for a Feistel
Cipher, the encryption and decryption algorithms needs to be separately
implemented, although they are very closely related.