Scribd Logo
Upload

Welcome to Scribd!

  • 86 views

    Digital Encryption Standard

    Uploaded by

    Manoj Sunchauri
    The document summarizes the Data Encryption Standard (DES) block cipher. It was developed in the 1970s and standardized in 1977. DES uses a 56-bit key and operates on 64-bit blocks. It employs a Feistel network structure with 16 rounds, using 48-bit round keys generated from the original key. While DES was popular for many years, modern computers can brute force the 56-bit key, so it is no longer considered secure for most uses. Triple DES remains more secure by applying the DES cipher three times.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd

    Digital Encryption Standard

    Uploaded by

    Manoj Sunchauri
    86 views30 pages
    The document summarizes the Data Encryption Standard (DES) block cipher. It was developed in the 1970s and standardized in 1977. DES uses a 56-bit key and operates on 64-bit blocks. It employs a Feistel network structure with 16 rounds, using 48-bit round keys generated from the original key. While DES was popular for many years, modern computers can brute force the 56-bit key, so it is no longer considered secure for most uses. Triple DES remains more secure by applying the DES cipher three times.

    Original Description:

    Digital Encryption Standard

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document summarizes the Data Encryption Standard (DES) block cipher. It was developed in the 1970s and standardized in 1977. DES uses a 56-bit key and operates on 64-bit blocks. It employs a Feistel network structure with 16 rounds, using 48-bit round keys generated from the original key. While DES was popular for many years, modern computers can brute force the 56-bit key, so it is no longer considered secure for most uses. Triple DES remains more secure by applying the DES cipher three times.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Download as pptx, pdf, or txt
    86 views30 pages

    Digital Encryption Standard

    Uploaded by

    Manoj Sunchauri
    The document summarizes the Data Encryption Standard (DES) block cipher. It was developed in the 1970s and standardized in 1977. DES uses a 56-bit key and operates on 64-bit blocks. It employs a Feistel network structure with 16 rounds, using 48-bit round keys generated from the original key. While DES was popular for many years, modern computers can brute force the 56-bit key, so it is no longer considered secure for most uses. Triple DES remains more secure by applying the DES cipher three times.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Download as pptx, pdf, or txt
    of 30

    DES

    Developed in early 1970s at IBM and based on


    an earlier design by Horst Feistel.
    Standardized in 1977 by National Bureau of
    Standards
    Most popular block cypher for most of the last
    30 years
    Nowadays, insecure due to small key length,
    56bit
    But: 3DES yields very secure cipher, still used
    today.
    Replaced by AES in 2000

    Overview of DES Algorithm


    x
    64

    DES
    64
    y

    56

    Iterative
    Structure of
    DES

    First step is IP

    Then, encryption done


    in 16 rounds

    So, Key K is divided into


    16 sub-keys.

    Finally, permutation
    again

    Initial and Final


    Permutations
    Bitwise Permutation
    Can be viewed as simple cross-wiring
    Easily implemented in hardware, but no
    so fast in software

    Initial Permutation
    (1)

    Initial Permutation
    (2)

    The initial permutation


    adds no strength to DES,
    so undoing the
    permutation is trivial for
    attacker
    First bit of output is form
    58th bit
    Second bit from 50th bit
    And so on

    Final
    Permutation
    Concept is same as Initial
    only the table used is
    different which is shown
    here.

    Note:
    IP(X) and IP(x are truly
    inverse operations.
    i.e. IP() = 1

    The Feistel
    Structure of
    DES(1)
    After IP of 64 bit, plaintext x
    is split into two halves Li + Ri

    Then,
    Li = Ri1,
    Ri = Li1 f ( Ri1,ki )
    where, i = 1,2,.16

    After 16th round L16 &


    are swapped and final
    permutation is done.
    For example:

    L1 = R0,
    R1 = L0 f ( R0,k1 )

    R16

    Ri-1

    The f function

    Lets consider ith round,

    Expansion E (Ri-1)

    Then taking Ri-1 and Ki


    as input XOR-masking is
    done
    i.e. Ri-1 Ki

    For example:
    R0 K1

    Fi(Ri-1,Ki)

    Expansion E
    (Ri-1)
    Special permutation where some bits are duplicated
    to expand the block from 32 bit to 48 bits.
    Here: 1,4,5,8,9,12,13,16,17,20,21,24,25,28,29,32 are
    duplicated to obtain expansion

    Substitution
    Boxes

    S-box is a lookup table that maps a


    6-bit input to a 4-bit output.

    Each s-box contains = 64 entries,


    which are represented by table with
    16 columns and 4 rows.

    All S-boxes are different

    So altogether there is 8 S- boxes in


    DES

    Reading Stables

    The input to each S-boxes are 6 bit and output are 4 bit
    The most significant bit (MSB) and the least significant bit (LSB) of
    each 6 bit input gives the row of the table, while infer 4 bits selects
    the column.
    The inter 0,1,.15 represent the decimal notation of 4 bit value
    For example: S-box 1 input = (100101)2
    Here,
    MSB = 1, LSB = 1 So, row = 112 = 3 = third row
    Inner bit : 00102 = 2 = second column
    So, the output of the S-box 1 output will be 8

    The Permutation
    within the ffunction
    Finally, the 32 bit output is
    permuted bitwise
    according to the table
    shown
    Unlike IP and IP-1, this
    function introduces
    diffusion because 4 bit
    output from S-box is
    permuted in such a way
    that every bit form plain
    text is affected in following
    rounds.

    The Feistel
    Structure of
    DES(2)

    Here,

    Li = Ri1,
    Ri = Li1 f ( Ri1,ki )
    where, i = 1,2,.16

    After Round 16 of
    encryption the output of
    Feistel Structure L16
    and R16 is swapped
    Final permutation is
    done
    i.e.
    Which yields
    Y = DESk(x)

    Key schedule
    for DES
    Encryption

    Often stated as 64 bit, but every 8th


    bit are used as odd parity over
    preceding 7 bits.

    Initial key Permutation PC-1 is done


    ignoring parity bits

    Resulting 56 bit key is split into 2


    halves Ci and Di
    Where, i = 1,2,.16

    The two 28 bits halves are cyclically


    shifted left i.e. rotated

    Rounds i = 1,2,9,16 by 1-bit

    Rounds i 1,2,9,16 by 2-bit

    Interestingly C0 = C16 and D0 =D16

    key Permutation PC-2 is done in


    each ith round to reduce subkey to
    48 bit.

    Permuted Choice 1
    (PC-1)
    The left and right halves of the table shows which bit from the input
    form the left and right section.
    Only 56 bits of 64 bits of inputs are selected.
    The remaining eight (8,16,32,40,48,56,64) are ignored which were
    specified for use as parity bits.

    Permuted
    Choice 2 (PC2)

    This permutation
    selects the 48-bit sub
    key for each round from
    56-bit key schedule
    state.

    Here bits
    (9,18,22,25,35,38,43,54
    ) are ignored to get 48
    bit sub key

    DES Encryption
    Overview

    DES
    Decryption
    Decryption ist the same
    function as Encryption
    Because DES is based on
    Feistel network, only key
    schedule has to be
    reversed.
    Thus, key schedule
    algorithm have to
    generate round keys as
    the sequence k16, k15,
    ..,k1

    Reverse Key Schedule (1)


    Since, C0 = C 16 and D0 = D16
    Hence, k16 can be directly
    derived after PC -1
    K16 = PC-2(C16,D16)
    =PC-2(C0,D0)
    =PC-2(PC-1(k))
    K15 = PC-2(C15,D15)
    =PC-2(RS2(C16),RS2(D16))
    = PC-2(RS2(C0),RS2(D0))

    Subsequently round keys K14,


    K13,K1 are derived via right
    shifts in similar fashion

    Reversed Key
    Schedule (2)

    In decryption 1, the key


    is not rotated

    In decryption round
    2,9,and 16 rotation is
    by 1 bit right

    In other round
    3,4,5,6,7,8,10,11,12,13,
    14 and 15 rotation is by
    two bits.

    Feistel Network for


    Decryption

    Here, the decryption function


    reverses the DES encryption
    by round-by-round manner.

    Means decryption round 1


    reverses encryption round 16
    and decryption round 2
    reverses encryption round 1
    and so on

    (Ld0,Rd0) = IP(Y)

    = IP(I(R16,L16))
    = (R16,L16)
    Hence,
    Ld0 = R16
    Rd0 = L16 = R15

    Feistel Network for


    Decryption(2)
    The first decryption round 1 in terms of the
    input values of the last encryption round (L15,R15)
    Here,
    Ld1 = Rd0 = L16 = R15
    Rd1= Ld0 f (Rd0,k16) = R16 f (L16,k16)
    Rd1= [L15 f (R15,k16)] f (R15,k16)
    Rd1= L15[ f (R15,k16) f (R15,k16)] = L15
    Hence
    Ld1 = R15
    Rd1== L15

    So, we can easily derive for Ld1 and Rd15


    Ld2 = R14
    Rd2== L14

    Feistel Network for Decryption(3)


    Thus
    next 15 rounds can be expressed as:

    Ldi = R16-i
    Rdi = L16-I
    i = 0,1,.16

    In particular, after the last decryption round:


    Ld16 = R16-16 = R0
    Rd16 = L16-16 = L0

    Finally, at the end of decryption process, Initial


    permutation has to be reversed.
    (Rd16,Ld16) = (L0,R0) = (IP(x)) =

    Security of DES
    Criticism towards DES:
    Key space too small (2^56 keys)
    S- box design criteria has been kept secret:
    Which lead to the idea of having backdoors,
    only known to NSA

    Analytical Attacks: Highly Resistant to


    both Differential and Linear
    Cryptanalysis. So far there is no known
    analytical attacks which breaks DES in
    realistic scenarios.
    Brute Force Attack: Relatively easy
    considering todays technology

    History of Attacks on DES


    1977 Diffie & Hillman, estimated the cost of key search machine
    1990 Biham & Shamir proposed differential cyptanalysis (2^47 chosen
    plaintexts)
    1993 -Mike Wiener proposed design of a very efficient key search
    machine: Average search requires 36h. Costs: $1.000.000
    1993 - Matsui proposes linear cryptanalysis (2^43 chosen ciphertexts)
    1997 DES Challenge I - broken through brute-force; distributed effort
    on the Internet, took 4.5 months
    1998 DES Challenge II 1 broken through brute-force; distributed effort
    on the Internet took 39 days
    1998 DES Challenge II 2 broken through brute-force; Electronic Frontier
    Foundation built the Deep Crack key-search machine for about $250,000.
    The attack took 56 h (15 days average)
    1999 - DES Challenge III broken through brute-force by distributed
    Internet effort combined with Deep Crack and a total search time of 22
    hours
    2006 - Universities of Bochum and Kiel built COPACOBANA key-search
    machine based on low-cost FPGAs for approximately $10,000. Average
    search time is 7 days

    Triple DES
    Symmetric-key, block cipher which applies the(DES)
    cipher algorithm three times to each data block
    Provides a relatively simple method of increasing key size
    of DES without need to design a completely designing a
    new cipher algorithm
    y = DESk3 (DESk2 (DESk1 (x)))

    Refrences:
    Understanding Cryptography by Christof
    Paar & Jan Pelzl
    Wikipedia

    You might also like