Beruflich Dokumente
Kultur Dokumente
(DES)
BKM/SIT
INTRODUCTION
BKM/SIT
Overview
DES is a block cipher, as shown in Figure.
BKM/SIT
DES STRUCTURE
It takes plain text of size 64-bits & produces
Ciphertext of size 64-bits.
But the has a cipher key of size 56-bits.
The encryption process is made of two
permutations (P-boxes),
i.e. initial and final permutations, and
Sixteen Feistel rounds.
BKM/SIT
BKM/SIT
BKM/SIT
Continue
Initial and final permutation tables
BKM/SIT
Continued
Example 1
Only bit 15 and bit 64 are 1s; the other bits are 0s. In the
initial permutation, input bit 15 becomes bit 63 in the
output and input bit 64 becomes bit 25 in the output.
The result is
BKM/SIT
Continued
Example 2
The input has only two 1s; the output must also have
only two 1s.
Using Table, we can find the output of these two
bits. Bit 25 in the input becomes bit 64 in the output.
Bit 63 in the input becomes bit 15 in the output.
So the output has only two 1s, bit 15 and bit 64. The
result in hexadecimal is
BKM/SIT
Note
BKM/SIT
Rounds
DES uses 16 rounds.
Each round of DES
is a Feistel cipher.
Figure:
A round in DES
(encryption site)
BKM/SIT
DES Function
BKM/SIT
Continue
Expansion P-box
Since RI1 is a 32-bit input and KI is a 48-bit key, we first
need to expand RI1 to 48 bits.
Figure :Expansion permutation
BKM/SIT
Continue
DES uses the following Table to define the expansion
P-box.
BKM/SIT
Continue
Whitener (XOR)
After the expansion permutation, DES uses the XOR
operation on the expanded right section and the round
key.
Note that both the right section and the key are 48-bits
in length. Also note that the round key is used only in
this operation.
BKM/SIT
Continue
S-Boxes
The S-boxes do the real mixing (confusion).
DES uses 8 S-boxes, each with a 6-bit input and a 4bit output.
Figure : S-boxes
BKM/SIT
S-Box(Contd)
S-box rule: The substitution in each box follows a
predefined rule based on a 4-row by 16-column table.
BKM/SIT
Contd
Following Table shows the permutation for S-box 1.
Refer textbook for the rest of the boxes .
Table: S-box 1
BKM/SIT
Continued
Example
Continued
Straight Permutation Table
BKM/SIT
BKM/SIT
BKM/SIT
Continued
Alternative Approach
Key Generation
BKM/SIT
Continued
Parity Drop: It is a compression transposition step.
It drops the parity bit(bit 8, 16, 24, 32,, 64) from the
64-bit key and permutes the rest of the bits according to
the following table
Table : Parity-bit drop table
BKM/SIT
Continued
The 56-bit key is now divided into two 28-bit parts.
Then each part is left shifted(circularly) by either
one or two bits in each round as shown in the table.
Table : Number of bits shifts
BKM/SIT
Continued
Algorithm : Algorithm for round-key generation
BKM/SIT
Continued
BKM/SIT
Analysis of DES
Two desired properties of a block cipher are the
avalanche effect and the completeness effect.
Avalanche effect means a small change in the
plaintext(or Key) should create a significant
change in the ciphertext.
Completeness effect means that each bit of
the ciphertext needs to depend on many bits
of the plaintext.
BKM/SIT
Continued
Example
BKM/SIT
Continued
Example
BKM/SIT
Design Criteria
S-Boxes
The design provides confusion and diffusion of bits from
each round to the next.
P-Boxes
They provide diffusion of bits.
Number of Rounds
DES uses sixteen rounds of Feistel ciphers. the ciphertext
is thoroughly a random function of plaintext and
ciphertext.
BKM/SIT
DES Weaknesses
During the last few years researchers have found some
weaknesses in DES.
1. Weaknesses in S-boxes
2. Weaknesses in P-boxes
3. Weaknesses in Key
Weakness in Key
We have three categories as follows:
1. Weak key
2. Semi-weak key
3. Possibly weak key
Weak key: A weak key is that after dropping the parity
bit, consists either all 0s, all 1s or half 0s and half 1s.
Four out of 256 are weak keys(Table 1).
Semi-weak key: A semi-weak key creates only two
Different round keys and each of them repeated 8-times.
There are Six key pairs available.
Continued
1
BKM/SIT
Continued
2
BKM/SIT
Continued
BKM/SIT
Continued
Example
BKM/SIT
Multiple DES
The major criticism of DES regards its key length.
Fortunately DES is not a group.
This means that we can use double or triple DES to
increase the key size.
BKM/SIT
Double DES
The first approach is to use double DES (2DES).
Meet-in-the-Middle Attack
However, using a known-plaintext attack called meet-inthe-middle attack proves that double DES improves this
vulnerability slightly (to 257 tests), but not tremendously
(to 2112).
BKM/SIT
Continued
BKM/SIT
BKM/SIT
BKM/SIT
Security of DES
Brute-Force Attack
Differential Cryptanalysis
Linear Cryptanalysis
BKM/SIT
Brute-Force Attack
Easy because of short cipher key in DES.
Can be broken using 256 keys approximately.
BKM/SIT
Differential Cryptanalysis
It has been revealed that the designers of DES already
knew about this type of attack
Hence designed S-boxes and chose 16 as the number
of rounds to make DES specifically resistant to this
type of attack.
BKM/SIT
Linear Cryptanalysis
Linear cryptanalysis is newer than differential
cryptanalysis.
DES is more vulnerable to linear cryptanalysis than to
differential cryptanalysis.
S-boxes are not very resistant to linear cryptanalysis.
It has been shown that DES can be broken using 243
pairs of known plaintexts.
However, from the practical point of view, finding so
many pairs is very unlikely.
BKM/SIT