Unit IV: Encryption Algorithms

4.1 DES (Data Encryption Standard) Algorithm

Introduction:
The DES (Data Encryption Standard) algorithm is a symmetric-key block cipher created in the early 1970s by an IBM
team and adopted by the National Institute of Standards and Technology (NIST). The algorithm takes the plain text in
64-bit blocks and converts them into ciphertext using 48-bit keys.

Since it’s a symmetric-key algorithm, it employs the same key in both encrypting and decrypting the data

There are certain machines that can be used to crack the DES algorithm. The DES algorithm uses a key of 56-bit size.
Using this key, the DES takes a block of 64-bit plain text as input and generates a block of 64-bit cipher text.

The DES process has several steps involved in it, where each step is called a round. Depending upon the size of the
key being used, the number of rounds varies. For example, a 128-bit key requires 10 rounds, a 192-bit key requires 12
rounds, and so on.

We have mentioned that DES uses a 56-bit key.

Actually, The initial key consists of 64 bits. However, before the DES process even starts, every 8th bit of the key is
discarded to produce a 56-bit key. That is bit positions 8, 16, 24, 32, 40, 48, 56, and 64 are discarded.

Thus, the discarding of every 8th bit of the key produces a 56-bit key from the original 64-bit key.
DES is based on the two fundamental attributes of cryptography: substitution (also called confusion) and
transposition (also called diffusion). DES consists of 16 steps, each of which is called a round. Each round performs
the steps of substitution and transposition.

Steps in DES:
1. Key Generation:
o A 56-bit key is used (after removing 8 parity bits from a 64-bit key).
o Sixteen 48-bit subkeys are generated using key scheduling.
2. Initial Permutation (IP):
o The 64-bit plaintext undergoes an initial permutation based on a predefined table.
3. Rounds (16 Rounds of Encryption):
o The text is split into two halves: Left (L) and Right (R)
o Each round consists of:
▪ Expansion (E) of R to 48-bits
▪ XOR with a subkey
▪ Substitution using S-boxes (non-linear transformation)
▪ Permutation (P-box)
▪ XOR with L
▪ Swapping of halves (except in the last round)
4. Final Permutation (FP):
o The processed data undergoes a final permutation, producing the encrypted output.
The algorithm process breaks down into
the following steps:
1. The process begins with the 64-bit
plain text block getting handed over
to an initial permutation (IP)
function.
2. The initial permutation (IP) is then
performed on the plain text.
3. Next, the initial permutation (IP)
creates two halves of the permuted
block, referred to as Left Plain Text
(LPT) and Right Plain Text (RPT).
4. Each LPT and RPT goes through 16
rounds of the encryption process.
5. Finally, the LPT and RPT are rejoined, and a Final Permutation (FP) is performed on the newly combined
block.
6. The result of this process produces the desired 64-bit ciphertext.

Initial Permutation (IP)

As we have noted, the initial permutation (IP) happens only once and it happens before the first round. It suggests
how the transposition in IP should proceed, as shown in the figure. For example, it says that the IP replaces the first
bit of the original plain text block with the 58th bit of the original plain text, the second bit with the 50th bit of the
original plain text block, and so on.

This is nothing but jugglery of bit positions of the original plain text block. the same rule applies to all the other bit
positions shown in the figure.
The encryption process step (step 4, above) is further broken down into five stages:
1. Key transformation
2. Expansion permutation
3. S-Box permutation
4. P-Box permutation
5. XOR and swap
For decryption, we use the same algorithm, and we reverse the order of the 16 round keys.

Step 1: Key Transformation

We already know that the DES process uses a 56-bit key, which is obtained by eliminating all the bits present in every
8th position in a 64-bit key. In this step, a 48-bit key is generated. The 56-bit key is split into two equal halves and
depending upon the number of rounds the bits are shifted to the left in a circular fashion.

Due to this, all the bits in the key are rearranged again. We can observe that some of the bits get eliminated during
the shifting process, producing a 48-bit key. This process is known as compression permutation.

For example: if the round numbers 1, 2, 9, or 16 the shift is done by only one position for other rounds, the circular
shift is done by two positions. The number of key bits shifted per round is shown in the figure.

After an appropriate shift, 48 of the 56 bits are selected. From the 48 we might obtain 64 or 56 bits based on
requirement which helps us to recognize that this model is very versatile and can handle any range of requirements
needed or provided. for selecting 48 of the 56 bits the table is shown in the figure given below. For instance, after the
shift, bit number 14 moves to the first position, bit number 17 moves to the second position, and so on. If we observe
the table , we will realize that it contains only 48-bit positions. Bit number 18 is discarded (we will not find it in the
table), like 7 others, to reduce a 56-bit key to a 48-bit key. Since the key transformation process involves permutation
as well as a selection of a 48-bit subset of the original 56-bit key it is called Compression Permutation.
Step 2: Expansion Permutation

Let's consider an RPT of the 32-bit size that is created in the IP stage. In this step, it is expanded from 32-bit to 48-bit.
The RPT of 32-bit size is broken down into 8 chunks of 4 bits each and extra two bits are added to every chunk, later
on, the bits are permutated among themselves leading to 48-bit data. An XOR function is applied in between the 48-
bit key obtained from step 1 and the 48-bit expanded RPT.

This process results in expansion as well as a permutation of the input bit while creating output. The key
transformation process compresses the 56-bit key to 48 bits. Then the expansion permutation process expands
the 32-bit RPT to 48-bits. Now the 48-bit key is XOR with 48-bit RPT and the resulting output is given to the next step,
which is the S-Box substitution.
Transposition P Box :
• Transposition P Box is to again change the positions of 32 bits received from s- boxes with permutations
• This in turn returns right half 32 bits.
• These 32 bits from right half are to be XORed with left half to get Final 32 bit right half of 64 bit cipher text.
Applications of DES Algorithm
In this section, we are going to learn about some of the applications of the DES Algorithm.
1. It is used in random number generation
2. It is deployed when not-so-strong encryption is needed
3. It is used to develop a new form of DES, called Triple DES (using a 168-bit key formed using three keys)

Advantages and Disadvantages of DES Algorithm

The advantages of the DES algorithm:
1. It is set as a standard by the US government.
2. When compared to the software, it works faster on hardware.
3. Triple DES, used a 168-bit key which is very hard to crack.
The disadvantages of the DES algorithm:
1. Weakly secured algorithm.
2. There is a threat from Brute force attacks.
3. A DES cracker machine known as Deep Crack is available in the market.

Short Summary:

Steps for Encryption

There are multiple steps involved in the steps for data encryption. They are:
1. Permutate the 64-bits in the plain text and divide them into two equal halves.
2. These 32-bit chunks of data will undergo multiple rounds of operations.
3. Apply XOR operation in between expanded right plain text and the compressed key of 48-bit size.
4. The resultant output is sent to the further step known as S-box substitution.
5. Now apply the XOR function to the output and the left plain text and store it in the right plain text.
6. Store the initial right plain text in the left plain text.
7. Both the LPT and RPT halves are forwarded to the next rounds for further operations.
8. At the end of the last round, swap the data in the LPT and RPT.
9. In the last step, apply the inverse permutation step to get the cipher text.

Steps for Decryption

The steps involved in the steps for data decryption are:
1. The order of the 16 48-bit keys is reversed such that key 16 becomes key 1, and so on.
2. The steps for encryption are applied to the ciphertext.