DES is an encryption standard that adheres to #Symmetric Cryptography. It utilises Feistel Cipher Structure#, by doing 16 rounds of encrypting, where the underlying encryption method also exhibits Avalanche Effect# (34 bits and 35 bits difference for the plaintext and the key). Both 64-bit plaintext and the 64-bit key will undergo permutation before going through the Feistel cipher structure where only 56 bits of the key selected. The key will be left circular shifted in order to produce subkeys (in 48 bits), which will be done 16 rounds like the main encryption process. After 16 rounds, a 32-bit swap follows by an inverse initial permutation will produce a 64-bit ciphertext.
Note: Avoid using key where its value is all 1s or 0s as the subkey generated from the algorithm remained the same. And because of that, the order for the subkeys in encryption and decryption doesn’t matter since they are all the same. Meaning, if we put the ciphertext encrypted with the key into encryption algorithm once again, we’ll get back the plaintext.
The initial permutation (\(IP\)) on the plaintext could be done by simply finding the byte corresponding value in the table according to its position in the table. The inverse of it (\(IP^{-1}\)) is just finding back the byte using the table.
The substitution on the left half is done by XORing the output of the rounding function with the right half and a subkey as parameters. The right half, size of 32-bit, will be expanded or permuted using Expansion table (E table) to produce a 48-bit data which then XORs with the subkey. After that, substitution# will be done on the data with 8 S-boxes (which is the backbone for the DES security guarantees) that map 6 to 4 bits producing a 32-bit data which feed it to another permutation (XOR with the left half later).
Working behind the S-boxes is by the logic that 2 outer bits (left and right most bits) are map to the row of the S-box, and the inner bits are map to the column of the S-box. For example, if the input bit sequence is 100110, then we know the outer bits are 10, which is 2, illustrating the row number 2 in S-box. The inner bits are 0011, which is 3, illustrating the column number 3 in S-box. Referring to the row and column number, we could find the corresponding value in the S-box, which we could substitute the bit sequence with its bit value.
Note: S-box is 0-index.
The subkey generation algorithm consists of three parts: initial permutation (PC1), left cycle shift, and permutation with discards (PC2). PC1 will select 56-bits from the 64-bit key by discarding the \((8 \times n)\)th bits, and halve them into 28-bits, which then be feed into 16-round of left cycle shifts plus PC2. For rounds 1, 2, 9, and 16, it shifts only one bit, while others shift two bits. In PC2, it only selects each 24-bits from 28-bit halves by discarding the \((9 \times n)\)th bits, and permutes them with the PC2 table, which will then used to XORs the permuted (by E table) right half of the data.
Note: The working on PC1 and PC2 are similar to IP. The corresponding bit is found from referring to the row and column number of the bit located.
For decrypting, see Feistel Cipher Structure# in detail. In short, just encrypt the ciphertext with unwind subkeys order.
DES encrypts 64-bit of data using 56-bit key, which has been criticised of having poor security due to the small key size, making it vulnerable to possible Brute Force Attack. Analytic Attacks are possible to crack DES. Other than that, smart-card implementation of DES is susceptible to Timing Attack.
It is widely adopted by financial institution and other applications such as Secure Electronic Transaction (SET)# and Kerberos#.
DES has several modes of operations which could be use depending on the situation:
- Electronic Codebook (ECB)#
- Cipher Block Chaining (CBC)#
- Cipher Feedback (CFB)#
- Output Feedback (OFB)#
- Counter (CTR)#
It has several implementations as shown below: