Digital Encryption Standard

8/17/2019 Digital Encryption Standard

1/30

DES

• Developed in early 1970s at IBM and based onan earlier design by Horst Feistel.

• Standardized in 1977 by National Brea o!

Standards• Most poplar blo"# "yp$er !or %ost o! t$e last

&0 years

• No'adays( inse"re de to s%all #ey lengt$(

)*bit• Bt+ &DES yields very se"re "ip$er( still sed

today.

• ,epla"ed by -ES in 000


2/30

/vervie' o! DES -lgorit$%

64

64

k 56

x

y

DES


3/30

IterativeStr"tre o!DES

• First step is I

• $en( en"ryption donein 1* ronds

• So( 2ey 2 is divided into1* sb3#eys.

• Finally( per%tationagain


4/30

Initial and Final

er%tations• Bit'ise er%tation

• 5an be vie'ed as si%ple "ross3'iring

•

Easily i%ple%ented in $ard'are( bt noso !ast in so!t'are


5/30

Initial er%tation61


6/30


7/30

Finaler%tation

5on"ept is sa%e as Initialonly t$e table sed is

di:erent '$i"$ is s$o'n$ere.

Note+

I6; and I6< are trly

inverse operations.

i.e. I6 = 1


8/30

$e FeistelStr"tre o!DES61

-!ter I o! *> bit( plainte


9/30

$e ! 3!n"tion• ?ets "onsider it$ rond(

• E


10/30


11/30

SbstittionBo3bit otpt.

•

Ea"$ s3bo< "ontains = *> entries('$i"$ are represented by table 'it$1* "ol%ns and > ro's.

• -ll S3bo


12/30

,eading S3tables

$e inpt to ea"$ S3bo bit

$e %ost signi"ant bit 6MSB and t$e least signi"ant bit 6?SB o!ea"$ * bit inpt gives t$e ro' o! t$e table( '$ile in!er > bits sele"tst$e "ol%n.

$e inter 0(1(.1) represent t$e de"i%al notation o! > bit vale

For e


13/30


14/30


15/30

e er% a on'it$in t$e !3!n"tion

Finally( t$e & bit otpt isper%ted bit'isea""ording to t$e tables$o'n

nli#e I and I31( t$is!n"tion introd"esdi:sion be"ase > bitotpt !ro% S3bo< isper%ted in s"$ a 'ayt$at every bit !or% plainte


16/30

$e FeistelStr"tre o!

DES6• Here(

?i = ,iA1(

,i = ?iA1 ! 6 ,iA1(#i

'$ere( i = 1((.1*

• -!ter ,ond 1* o!en"ryption t$e otpt o!Feistel Str"tre ?1*and ,1* is s'apped

• Final per%tation isdone

i.e.

$i"$ yields

G = DES#6


17/30

2ey s"$edle!or DES

En"ryption• /!ten stated as *> bit( bt every 8t$

bit are sed as odd parity overpre"eding 7 bits.

• Initial #ey er%tation 531 is doneignoring parity bits

• ,eslting )* bit #ey is split into $alves 5i and Di

$ere( i = 1((.1*

• $e t'o 8 bits $alves are "y"li"allys$i!ted le!t i.e. rotated

• ,onds i = 1((9(1* by 13bit

• ,onds i 1((9(1* by 3bit

• Interestingly 50 = 51* and D0 =D1*

• #ey er%tation 53 is done inea"$ it$ rond to red"e sb#ey to>8 bit.

t d 5$ i 1


18/30

er%ted 5$oi"e 16531

$e le!t and rig$t $alves o! t$e table s$o's '$i"$ bit !ro% t$e inpt!or% t$e le!t and rig$t se"tion.

/nly )* bits o! *> bits o! inpts are sele"ted.

$e re%aining eig$t 68(1*(&(>0(>8()*(*> are ignored '$i"$ 'erespe"ied !or se as parity bits.


19/30

er%ted5$oi"e 653

• $is per%tation

sele"ts t$e >83bit sb#ey !or ea"$ rond !ro%)*3bit #ey s"$edlestate.

• Here bits69(18(()(&)(&8(>&()>

are ignored to get >8bit sb #ey


20/30

DES En"ryption/vervie'


21/30

DES

De"ryption

De"ryption ist t$e sa%e!n"tion as En"ryption

Be"ase DES is based on

Feistel net'or#( only #eys"$edle $as to bereversed.

$s( #ey s"$edlealgorit$% $ave togenerate rond #eys as

t$e seen"e #1*( #1)(..(#1


22/30

,everse 2ey S"$edle 61

• Sin"e( 50 = 5 1* and D0 = D1*

• Hen"e( #1* "an be dire"tlyderived a!ter 5 31

• 2 1* = 53651*(D1*

=53650(D0 =5365316#

• 2 1) = 53651)(D1)

=536,S651*(,S6D1*

= 536,S650(,S6D0

• Sbseently rond #eys 21>(21&(21 are derived via rig$ts$i!ts in si%ilar !as$ion


23/30

,eversed 2eyS"$edle 6

• In de"ryption 1( t$e #eyis not rotated

• In de"ryption rond

(9(and 1* rotation isby 1 bit rig$t

• In ot$er rond&(>()(*(7(8(10(11(1(1&(1> and 1) rotation is byt'o bits.


24/30

Feistel Net'or# !orDe"ryption

• Here( t$e de"ryption !n"tionreverses t$e DES en"ryptionby rond3by3rond %anner.

• Means de"ryption rond 1reverses en"ryption rond 1*and de"ryption rond reverses en"ryption rond 1and so on

6?d0(,d0 = I6G

= I6I6,1*(?1*

= 6,1*(?1*

Hen"e(

Ld 0 = R1*

Rd 0 = L1* = R1)

e s e e 'or or


25/30

e s e e 'or orDe"ryption6

$e rst de"ryption rond 1 in ter%s o! t$e

inpt vales o! t$e last en"ryption rond 6L1),R1)

Here(

?d1 = ,d0 = ?1* = ,1)

,d1= ?d0 ! 6,d0(#1* = ,1* ! 6?1*(#1*

,d1= J?1) ! 6,1)(#1*K ! 6,1)(#1*

,d1= ?1)J ! 6,1)(#1* ! 6,1)(#1*K = ?1)

Hen"e

?d1 = ,1)

,d1== ?1)

So( 'e "an easily derive !or ?d1 and ,d1)

?d = ,1>

,d== ?1>


26/30

Feistel Net'or# !or De"ryption6&

• $s ne


27/30

Se"rity o! DES

• 5riti"is% to'ards DES+• 2ey spa"e too s%all 6L)* #eys

• S3 bo< design "riteria $as been #ept se"ret+

$i"$ lead to t$e idea o! $aving ba"#doors(only #no'n to NS-

• -nalyti"al -tta"#s+ Hig$ly ,esistant tobot$ Di:erential and ?inear5ryptanalysis. So !ar t$ere is no #no'nanalyti"al atta"#s '$i"$ brea#s DES inrealisti" s"enarios.

• Brte For"e -tta"#+ ,elatively easy"onsidering todays te"$nology


28/30

History o! -tta"#s on DES

• 1977 DiOe C Hill%an( esti%ated t$e "ost o! #ey sear"$ %a"$ine

• 1990 Bi$a% C S$a%ir proposed di:erential "yptanalysis 6L>7 "$osenplainte.) %ont$s

• 1998 DES 5$allenge II 1 bro#en t$rog$ brte3!or"eQ distribted e:orton t$e Internet too# &9 days

• 1998 DES 5$allenge II bro#en t$rog$ brte3!or"eQ Ele"troni" FrontierFondation bilt t$e Deep 5ra"# #ey3sear"$ %a"$ine !or abot P)0(000.

$e atta"# too# )* $ 61) days average• 1999 3 DES 5$allenge III bro#en t$rog$ brte3!or"e by distribted

Internet e:ort "o%bined 'it$ Deep 5ra"# and a total sear"$ ti%e o! $ors

• 2006 3 niversities o! Bo"$% and 2iel bilt 5/-5/B-N- #ey3sear"$%a"$ine based on lo'3"ost FR-s !or appro


29/30

riple DES• Sy%%etri"3#ey( blo"# "ip$er '$i"$ applies t$e 6DES

"ip$er algorit$% t$ree ti%es to ea"$ data blo"#

• rovides a relatively si%ple %et$od o! in"reasing #ey sizeo! DES 'it$ot need to design a "o%pletely designing ane' "ip$er algorit$%

• y = DES#& 6DES# 6DES#1 6


30/30

,e!ren"es+

• nderstanding 5ryptograp$y by 5$risto!aar C an elzl

• i#ipedia

Digital Encryption Standard

Documents

Transcript of Digital Encryption Standard