A Cryptographic algorithm

 It is a cryptographic algorithm.
 Also known as Data Encryption Algorithm (DEA)
 It is generally used in ECB, CBC or CFB mode.
 Basic Principle:

 DES is a Block Cipher. It encrypts blocks of size 64

bits each.
 64 bits of plain text goes as input to DES which
produces 64 bits cipher text.
 The same algorithm is used for encryption and
decryption.
 The Key length is 56 bits
 64-bit
Plain text

………

56 bit key
DES

64-bit
Cipher text

Block 1 Block 2 Block n

 The initial key consists of 64 bits.
 Before DES process starts, every eighth bit of key is discarded
to produce a 56-bit key.
 Before discarding these bits can be used for parity checking to
ensure that the key does not contain any error.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
 Original 64-bit key

Key discarding process

Resulting 56-bit key

 DES is based on two fundamental attributes of
cryptography:
Substitution (also called confusion)
Transposition (also called diffusion)
 DES consists of 16 steps each of which is called a
round.
 Each round performs the steps of substitution and
transposition.
1. In the first step 64-bit plain text is handed over to an
Initial Permutation (IP) function.
2. The Initial Permutation is performed on plain text.
3. Next, the Initial Permutation (IP) produces two halves of
the permuted block: Left Plain Text (LPT) and Right
Plain Text (RPT)
4. Now, each of LPT and RPT goes through 16 rounds of
encryption process.
5. In the end, LPT and RPT are rejoined and a Final
Permutation (FP) is performed on the combined block.
6. The result of this process produces 64-bit Cipher text.
Step 1

Step 2

Step 3

Step 4 Key Key

Step 5

Step 6
 IP happens only once and it happens before the first
round.
 It suggests how the transposition should proceed.
 For eg. IP replaces the first bit of original plain text block
with the 58th bit of the original plain text block, second
bit with the 50th bit of original plain text block and so on.

58 50 42 34 26 18 10 2 60 52 44 36 28 20 12 4

62 54 46 38 30 22 14 6 64 56 48 40 32 24 16 8

57 49 41 33 25 17 9 1 59 51 43 35 27 19 11 3

61 53 45 37 29 21 13 5 63 55 47 39 31 23 15 7
 After IP is done the resulting 64-bit permuted text
block is divided into two half blocks
 Each half block consists of 32 bits
 Left block is called as LPT
 Right block is called as RPT
 Now, 16 rounds are performed on these two blocks.
 Each of the 16 rounds, in turn, consists of broad level
steps as shown:

Details of one round in DES

  For each round a 56-bit key is available from which a
different 48-bit sub key is generated during each
round using a process called as Key Transformation.
 For this the 56-bit key is divided into two halves, each
of 28 bits.
 These halves are circularly shifted left by one or two
positions, depending on the round.

Round 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

No. of key 1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1
bits shifted
 For selecting 48 of the 56 bits, the table shown below is
used.
14 17 11 24 1 5 3 28 15 6 21 10
23 19 12 4 26 8 16 7 27 20 13 2
41 52 31 37 47 55 30 40 51 45 33 48
44 49 39 56 34 53 46 42 50 36 29 32

 After the shift, bit number 14 moves into the first position,
bit number 17 moves into second position and so on.
 Since the key transformation involves permutation as well
as selection of a 48-bit sub-set of the original 56 bit key, it
is called as compression permutation.
 After Initial Permutation we had two 32-bit plain text areas,
called as LPT and RPT.
 During Expansion Permutation the RPT is expanded from
32-bits to 48-bits. Besides increasing size the bits are
permuted as well and hence the name expansion
permutation.
 This happens as shown below:
1) The 32-bit RPT is divided into 8 blocks, with each block
consisting of 4 bits.
2) Each 4-bit block of the previous step is then expanded
to a corresponding 6-bit block as shown below
 Now 48-bit key is XORed with 48-bit RPT and the
resulting output is given to S-box Substitution.
 It is a process that accepts 48-bit input from XOR
operation involving the compressed key and
expanded RPT and produces a 32-bit output using
substitution technique.
 The substitution is performed by eight substitution
boxes.
 Each of the eight S-boxes has a 6-bit input and 4-bit
output.
14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7
0 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8
4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0
15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13
S-box 1

15 1 8 14 6 11 3 4 9 7 2 13 12 0 5 10
3 13 4 7 15 2 8 14 12 0 1 10 6 9 11 5
0 14 7 11 10 4 13 1 5 8 12 6 9 3 2 15
13 8 10 1 3 15 4 2 11 6 7 12 0 5 14 9
S-box 2

10 0 9 14 6 3 15 5 1 13 12 7 11 4 2 8
13 7 0 9 3 4 6 10 2 8 5 14 12 11 15 1
13 6 4 9 8 15 3 0 11 1 2 12 5 10 14 7
1 10 13 0 6 9 8 7 4 15 14 3 11 5 2 12
S-box 3
Selecting an entry in a S-box based on the 6-bit input

Example of selection of S-box output based on the input

 The output of S-box is 32-bits. These 32-bits are
permuted using a P-box.
 It involves replacement of each bit with another bit, as
specified in the P-box table, without any expansion or
compression.

16 7 20 21 29 12 28 17 1 15 23 26 5 18 31 10

2 8 24 14 32 27 3 9 19 13 30 6 22 11 4 25
  At the end of 16 rounds, the Final Permutation is
performed (only once)
 This is a Simple transposition i.e. 40th input bit takes
the position of the 1st output bit and so on.
40 8 48 16 56 24 64 32 39 7 47 15 55 23 63 31
36 6 46 14 54 22 62 30 37 5 45 13 53 21 61 29
36 4 44 12 52 20 60 28 35 3 43 11 51 19 59 27
34 2 42 10 50 18 58 26 33 1 41 9 49 17 57 25

 The output of Final Permutation is the 64-bit encrypted

block.
 The only difference between encryption and decryption
process is the reversal of key portions.
 If the original key K was divided into K1, K2, K3,…..K16
for the encryption rounds, then for decryption, the key
should be used as K16, K15, K14, ……, K1.