Data Encryption Standard (DES)
The data encryption standard also called Data Encryption
Algorithm (DEA). DES has been found vulnerable against very powerful attacks.
DES Basic
Principal: - DES is a block cipher. It encrypts data in blocks
of 64 bits each. That is, 64 bits of plain text goes as the input to DES, which
produces 64 bits of cipher text. The same algorithm and key is used for
encryption and decryption, with minor differences. The key length is 56 bits.
Before the DES process even
starts, every eighth bit of the key is discarded to produce a 56-bit key. That
is, bit position 8, 16, 24, 40, 48, 56 and 64 are discarded.
DES is based on the two
fundamental attributes of cryptography: substitution (also called confusion)
and transposition (also called diffusion). DES consists of 16 steps, each of
which is called a round. Each round performs the steps of substitution and
transposition. Let us discuss broad-level steps in DES:
1) In the
first step, the 64-bit plain text block is handed over to an initial permutation (IP) function.
2) The
initial permutation is performed on plain text.
3) Next,
the initial permutation (IP) produces two halves of the permuted block; say
Left Plain Text (LPT) and Right Plain Text (RPT).
4) Now,
each of LPT and RPT go through 16 rounds of encryption process, each with its
own key.
5) In the
end, LPT and RPT are rejoined, and a Final Permutation (FP) is performed on
combined block.
6)he result of this
process produces 64-bit cipher text.
Initial
Permutation: -
The initial permutation happens only once, and it happens
before the first round. It says that IP replace the first bit of the original plain
text with the 58th bit of original plain-text block, the second bit
with the 50th bit of the original plain text block, and so on. After
IP is done, the resulting 64-bit permuted text block is divided into two half
blocks. Each half block consists of 32 bits. We call the left block as LPT and
right block as RPT. Now, 16 rounds are performed on these blocks.
Rounds:
-
1. Key Transformation: -
The initial 64-bit key is transformed into a 56-bit key by discarding every 8th
bit of the initial key. Thus for each round, a 56-bit key is available. From
this 56-bit key, a different 48-bit subkey is generated during each round using
a process called key transformation.
For this, the 56-bit key is divided into 2 halves, each of 28 bits. These
halves are circularly shifted left by one or two positions, depending upon the
rounds.
2. Expansion Permutation: - After
initial permutation, we have two 32-bits plain text areas, called left plain
text (LPT) and right plain text (RPT). During expansion permutation, the RPT is
expanded from 32-bits to 48-bits. Before increasing the size from 32 to 48, the
bits are permuted as well.
3. S-box Substitution: - It is
a process that accepts the 48-bit input from the XOR operation involving the
compressed key and expanded RPT, and produces a 32-bit output using the
substitution technique. The substitution is performed by eight substitution
boxes also called S-boxes. Each of S-box has a 6-bit input and 4-bit output.
The S-box transforms the 6-bit input into 4-bit output.
4. Final Permutation: - At
the end of the 16 rounds, the final permutation is performed. This is simple
transposition. The output of the final permutation is 64-bit encrypted block.