Brain Dump

Data Encryption Standard

Tags
cryptography

The most widely-known and [see page 7, controversial] block cipher algorithm based on a Feistel network, using a 56-bit key (64-bit with check-bits).

DES was issued in 1976 and has been the first choice for commerce (example banking) since.

[see page 15, Operation]

  1. Permute the 64-bit input block (this is the Initial Permutation).
  2. Split it into two 32-bit left and right blocks.
  3. Pass each through 16 rounds of processing, each using some 48-bit subkey.
  4. Swap the left and right blocks after the final round.
  5. Reverse the initial permutation process from step 1.

Subkey Generation

Each subkey in DES is [see page 28, derived] from the full-key 56-bit key by splitting it into two 28-bit halves and then cycling forward by 1 or 2 bits (depending on the round) for each round.

The combined result is then passed through a compression-permutation to get a 48-bit subkey from 56-bit output.

The means by which the 16 round subkeys are generated from the larger DES system is referred to as its key schedule.

Round Function

The \( f \) function used to set the right sub-block output for a round. The overall affect of the round-function is to take a 32-bit input and a 48 bit subkey and use it to produce a 32-bit output.

In DES it is [see page 25, implemented] by:

  1. Expanding the 32 bit input (from the right side) into 48-bits, matching the subkey length, by expanding every 6 bits into 8 bits This is done by copying the first and last bits of each 6-bit block.
  2. XOring this expanded input block with the 48-bit subkey
  3. Splitting the result into 8 groups of 6 bits which're passed through distinct S-boxes, each of which maps into 4-bits leading to a final 32-bit output.
  4. Passing the result through a P-box which simply reorders the bit positions.

Note: The specific S-box used varies from round to round, and adds another degree of complexity to the encryption process.

S-Box Implementation

The S-box implementation used by DES is implemented as a [see page 26, lookup table]. The first and last bits \( b_1 b_6 \) are used to determine the row of the lookup table (as an integer in the range \( 0 \ldots 3 \)) and the bits \( b_2 b_3 b_4 b_5 \) indexes the column of the table .

Advantages/Disadvantages

DES is [see page 29, resilient] to differential cryptanalysis, but is vulnerable to linear cryptanalysis and is generally vulnerable to anything with large compute-power.