DATA ENCRYPTION STANDARD (DES)

History
In 1971, IBM developed an algorithm, named LUCIFER which
operates on a block of 64 bits, using a 128-bit key

Walter Tuchman, an IBM researcher, refined LUCIFER and

reduced the key size to 56-bit, to fit on a chip.

In 1977, the results of Tuchman’s project of IBM was adopted

as the Data Encryption Standard by NSA (NIST).
DES is a block cipher, as shown in Figure 6.1.

Figure .Encryption and decryption with DES

6.3
Encryption

[1]
Figure . Initial and final permutation steps in DES
 Encryption (cont.)
64-bit plaintext (X)

Initial Permutation (IP)

64-bit key (K)

Key i
Round (i) Key Generation (KeyGen)

32-bit Switch (SW)

Inversion of Initial Permutation (IP-1)

64-bit ciphertext (Y)

Table Initial permutation table
 Encryption (Round) (cont.)

• Separate plaintext as L0R0

– L0: left half 32 bits of plaintext
– R0: right half 32 bits of plaintext
• Expansion/permutation: E( )
• Substitution/choice: S-box( F)
• Permutation: P( )
•
•
Ri  Li 1 ~ P ( S _ box ( E ( Ri 1 ) ~ Keyi ))
Li  Ri 1
Encryption (Round)
(Key Generation)

[1]
Encryption (Round) (cont.)
Li-1 Ri-1

Expansion/permutation (E_table)

XOR Ki

F Substitution/choice (S-box)

Permutation (P)

XOR

Li Ri
 DES Function
The heart of DES is the DES function. The DES function
applies a 48-bit key to the rightmost 32 bits to produce a
32-bit output.

Figure. DES Function

Expansion P-box
Since RI−1 is a 32-bit input and KI is a 48-bit key, we first
need to expand RI−1 to 48 bits.
Figure . Expansion permutation

Table . Expansion P-box table

 E
32 1 2 3 4 5
4 5 6 7 8 9
8 9 10 11 12 13
12 13 14 45 16 17
16 17 18 19 20 21
20 21 22 23 24 25
24 25 26 27 28 29
28 29 30 31 32 1

Expansion Expansion
 Key Generation (cont.)
• Original Key: Key0
• Permuted Choice One: PC_1( )
• Permuted Choice Two: PC_2( )
• Schedule of Left Shift: SLS( )
•
(C0 , D0 )  PC _ 1( Key 0 )
•
(Ci , Di )  SLS (Ci 1 , Di 1 )
•
Keyi  PC _ 2( SLS (Ci 1 , Di 1 ))
 Key Generation

(Encryption)

[1]
Key Generation

The round-key generator creates sixteen 48-bit keys out of a 56-bit cipher key.
 Key Generation (cont.)
Input Key

Permuted Choice One (PC-1)

C0 D0
▪ ▪
▪ ▪
▪ ▪
Ci-1 Di-1
Permuted Choice Two (PC-2)

Schedule of Left Shifts

Keyi
Ci Di
Whitener (XOR)
After the expansion permutation, DES uses the XOR
operation on the expanded right section and the round
key. Note that both the right section and the key are 48-
bits in length. Also note that the round key is used only in
this operation.
 Encryption (Round) (cont.)
F

S-box

[1]
S-Boxes
The S-boxes do the real mixing (confusion). DES uses 8 S-
boxes, each with a 6-bit input and a 4-bit output. See
Figure 6.7.

Figure 6.7 S-boxes

Figure . S-box rule
 Table . S-box 1

The input to S-box 1 is 100011. What is the output?

Solution:
If we write the first and the sixth bits together, we get 11 in
binary, which is 3 in decimal. The remaining bits are 0001 in
binary, which is 1 in decimal. We look for the value in row 3,
column 1, in Table 6.3 (S-box 1). The result is 12 in decimal,
which in binary is 1100. So the input 100011 yields the output
1100.
 Encryption (Round) (cont.)

 S-box

[1]
Table. Straight permutation table
An Inverse Initial Permutation:-
is a permutation which you will get by inserting position of an element at the
position specified by the element value in the array. ... Basically, An inverse
permutation is a permutation in which each number and the number of the place
which it occupies is exchanged.
 Decryption
• The same algorithm as
encryption.
• Reversed the order of key
(Key16, Key15, … Key1).
• For example:
– IP undoes IP-1 step of
encryption.
– 1st round with SK16 undoes
16th encrypt round.

[1]