Data Encryption Standard

(DES)

Dr. Bimal Kumar Meher

Associate Professor
Dept. of CSE

BKM/SIT
 INTRODUCTION

• DES is a symmetric-key block cipher for

encrypting digital data.
• Developed by IBM in early 1970s.
• It was a modified form of the project
called Lucifer by Horst Feistel.
• The cipher was first published by NIST
in 1973.
• It was finally published in FIPS in 1977.
NIST: National Institute of Standards and Technology
FIPS: Federal Information Processing Standard
BKM/SIT
 DES Overview

BKM/SIT
 DES Basics
 It takes plain text of size 64-bits &
produces Ciphertext of size 64-bits.
 But it has a cipher key of size 56-bits.
 Building blocks of DES
 P-Box
 S-Box
 XOR
 Sixteen Feistel rounds
BKM/SIT
General Structure of DES

BKM/SIT
 Initial and Final Permutations

BKM/SIT
 Initial and final permutation tables(Contd…)

Note: The indices (1 - 64) of the table (not shown)

represents output bits positions. The values
BKM/SIT
shown in the table represent input bit positions
 Note

The initial and final permutations are

straight P-boxes that are inverses
of each other.

BKM/SIT
 Rounds

• DES uses 16
rounds.
• Each round of
DES is a Feistel
cipher.
• A Feistel cipher
has both invertible
and non-invertible
components
• Figure shows a
single round in
DES encryption
BKM/SIT
 DES Function

• The heart of
DES is the DES
function.
• The DES
function applies
a 48-bit key to
the rightmost 32
bits to produce a
32-bit output.
BKM/SIT
 Expansion P-box in the Function

30

BKM/SIT
 Expansion P-box (Cont…)

Expansion P-box
Since RI−1 is a 32-bit input and KI is a 48-bit key,
we first need to expand RI−1 to 48 bits.

BKM/SIT
 Whitener (XOR)

• After the expansion permutation, DES uses

the XOR operation on the expanded right
section and the round key.
• Note that both the right section and the key
are 48-bits in length.
• Also note that the round key is used only in
this operation.

BKM/SIT
 S-Boxes

• S-box provides the substitution function i.e. each

6-bit input block is replaced by a 4-bit output
block from the S-box.
• DES uses 8 such S-boxes

BKM/SIT
 S-Box(Contd…)
S-box rule: The substitution in each box follows a
predefined rule based on a 4-row by 16-column table.

BKM/SIT
 S-Box(Contd…)
• Following Table shows the contents for S-box 1.
• Refer textbook for the rest of the boxes .

Table: S-box 1

BKM/SIT
 Continued
Example

The input to S-box 1 is 100011. What is the output?

Solution
• If we write the first and the sixth bits together, we
get 11 in binary, which is 3 in decimal.
• The remaining bits are 0001 in binary, which is 1 in
decimal.

• Now, check the value in row 3 & column 1 in S-box 1.

• The result is 12 in decimal, which in binary is 1100.
So the input 100011 yields the output 1100.

BKM/SIT
 Straight Permutation Table(P Box)

BKM/SIT
General Structure of DES

BKM/SIT
Key Generation
The round-key
generator creates
sixteen 48-bit keys
s out of a 56-bit
cipher key.

BKM/SIT
 Key Generation(Contd…)
Parity Drop: It is a compression transposition step.
It drops the parity bit (bit 8, 16, 24, 32,…, 64) from the
64-bit key and permutes the rest of the bits according to
the following table
Parity-bit drop table

BKM/SIT
 Key Generation(Contd…)
The 56-bit key is now divided into two 28-bit parts.
Then each part is left shifted(circularly) by either
one or two bits in each round as shown in the table.
Number of bits shifts

Key-compression table of size 56x48

BKM/SIT
 Analysis of DES
• The desired property of a block cipher is the
Avalanche effect.
• Avalanche effect means a small change in the
plaintext(or Key) should create a significant
change in the ciphertext (diffusion & confusion).
• Diffusion: The idea of diffusion is to hide the
relationship between the ciphertext and the plaintext.
• Confusion: The idea of confusion is to hide the
relationship between the ciphertext and the key.

BKM/SIT
 Example
Let us encrypt two plaintext blocks (with
the same key) that differ only in one bit and
observe the differences in the number of
bits in each round.

BKM/SIT
 Example (Contd…)
• Although the two plaintext blocks differ only
in the rightmost bit, the ciphertext blocks
differ in 29 bits.
• This means that changing approximately 1.5
percent of the plaintext creates a change of
approximately 45 percent in the ciphertext.
Number of bit differences for each round

BKM/SIT
 Design Criteria

S-Boxes
The design provides confusion of bits from each round to
the next.
P-Boxes
They provide diffusion of bits.

Number of Rounds
DES uses sixteen rounds of Feistel ciphers. the ciphertext
is thoroughly a random function of plaintext and
ciphertext.

BKM/SIT
 DES Weaknesses
• During the last few years researchers have found some
weaknesses in DES.
1. Weaknesses in S-boxes
2. Weaknesses in P-boxes
3. Weaknesses in Key
• What is the key domain of DES ?
• It is 256 number of possible keys.
Facts
• For a processor checking 1million keys/sec., it would take
more than 2000 years for brute-force attack.
• But, if we have 3500 networked computers, it may
find the key in 120 days!!!
BKM/SIT
 Multiple DES
• The major criticism of DES regards its
key length.
• Techniques like Differential(1980) and
Linear Cryptanalysis(1992) could able to
break the cipher
• But, Linear Cryptanalysis needs 247
known plaintexts to break the cipher
• Therefore, the designer proposed the
double or triple DES to increase the key
size and security.
BKM/SIT
 Double DES (2DES)

BKM/SIT
 Meet-in-the-Middle Attack

• A major drawback of 2DES is MIM attack.

• It is a known-plaintext attack.
• Because 2DES improves the vulnerability
slightly (to 257 tests), but not tremendously
(to 2112).

BKM/SIT
 Triple DES(with two keys)

BKM/SIT
BKM/SIT
 Triple DES with Three Keys

• The possibility of known-plaintext attacks

on triple DES with two keys has enticed
some applications to use triple DES with
three keys.
• Triple DES with three keys is used by
many applications such as PGP.

BKM/SIT