‫كــلــيـــة هندسة الحاسوب والمعلوماتية‬

Faculty of Computer &Informatics Engineering

Information Systems Security

LAB
Eng. Christine Zenieh

THE DATA ENCRYPTION STANDARD

The most widely used encryption scheme is based on the Data Encryption
Standard (DES). The algorithm itself is referred to as the Data Encryption
Algorithm (DEA). For DES, data are encrypted in 64-bit blocks using a
56-bit key. The algorithm transforms 64-bit input in a series of steps into
a 64-bit output. The same steps, with the same key, are used to reverse
the encryption.

DES Encryption
The overall scheme for DES encryption is illustrated in the next figure.
As with any encryption scheme, there are two inputs to the encryption
function: the plaintext to be encrypted and the key. In this case, the
plaintext must be 64 bits in length and the key is 56 bits in length.

Looking at the left-hand side of the figure, we can see that the processing
of the plaintext proceeds in three phases. First, the 64-bit plaintext passes
through an initial permutation (IP) that rearranges the bits to produce the
permuted input.

1
Syrian Private University Information Systems Security LAB
Faculty of Computer &Informatics Engineering
 This is followed by a phase consisting of sixteen rounds of the same
function, which involves both permutation and substitution functions. The
output of the last (sixteenth) round consists of 64 bits that are a function
of the input plaintext and the key. The left and right halves of the output
are swapped to produce the preoutput. Finally, the preoutput is passed
through a permutation [IP-1] that is the inverse of the initial permutation
function, to produce the 64-bit ciphertext. The right-hand portion of the
figure shows the way in which the 56-bit key is used. Initially, the key is
passed through a permutation function. Then, for each of the sixteen
rounds, a subkey (Ki ) is produced by the combination of a left circular
shift and a permutation. The permutation function is the same for each
round, but a different subkey is produced because of the repeated shifts of
the key bits.

2
Syrian Private University Information Systems Security LAB
Faculty of Computer &Informatics Engineering
 INITIAL PERMUTATION The initial permutation and its inverse are
defined by tables, as shown in the tables (a), (b), respectively. The tables
are to be interpreted as follows. The input to a table consists of 64 bits
numbered from 1 to 64. The 64 entries in the permutation table contain a
permutation of the numbers from 1 to 64.

Each entry in the permutation table indicates the position of a numbered

input bit in the output, which also consists of 64 bits.

3
Syrian Private University Information Systems Security LAB
Faculty of Computer &Informatics Engineering
 To see that these two permutation functions are indeed the inverse of each
other, consider the following 64-bit input M:

where Mi is a binary digit. Then the permutation X=(IP(M)) is as follows:

If we then take the inverse permutation Y = IP-1(X) = IP-1(IP(M)), it can be

seen that the original ordering of the bits is restored.

DETAILS OF SINGLE ROUND The next figure shows the internal

structure of a single round.
Again, begin by focusing on the left-hand side of the diagram. The left
and right halves of each 64-bit intermediate value are treated as separate
32-bit quantities, labeled L (left) and R (right). As in any classic Feistel
cipher, the overall processing at each round can be summarized in the
following formulas:
Li = Ri-1
Ri = Li-1⊕ { F(Ri-1, Ki)}
The round key Ki is 48 bits. The input is 32 bits. This R input is first
expanded to 48 bits by using a table that defines a permutation plus an
expansion that involves duplication of 16 of the R bits (Table c). The
resulting 48 bits are XORed with Ki. This 48-bit result passes through a
4
Syrian Private University Information Systems Security LAB
Faculty of Computer &Informatics Engineering
 substitution function that produces a 32-bit output, which is permuted as
defined by Table 2d.

The role of the S-boxes in the function F is illustrated in the next figure.

5
Syrian Private University Information Systems Security LAB
Faculty of Computer &Informatics Engineering
 The substitution consists of a set of eight S-boxes, each of which accepts
6 bits as input and produces 4 bits as output. These transformations are
defined in the next table, which is interpreted as follows: The first and
6
Syrian Private University Information Systems Security LAB
Faculty of Computer &Informatics Engineering
 last bits of the input to box Si form a 2-bit binary number to select one of
four substitutions defined by the four rows in the table for Si.
The middle four bits select one of the sixteen columns. The decimal value
in the cell selected by the row and column is then converted to its 4-bit
representation to produce the output. For example, in S1, for input
011001, the row is 01 (row 1) and the column is 1100 (column 12).The
value in row 1, column 12 is 9, so the output is 1001.
Each row of an S-box defines a general reversible substitution. The figure
may be useful in understanding the mapping. The figure shows the
substitution for row 0 of box S1.
The operation of the S-boxes is worth further comment. Ignore for the
moment the contribution of the key (Ki ). If you examine the expansion
table, you see that the 32 bits of input are split into groups of 4 bits and
then become groups of 6 bits by taking the outer bits from the two
adjacent groups. For example, if part of the input word is
... efgh ijkl mnop ...
this becomes
... defghi hijklm lmnopq ...

The outer two bits of each group select one of four possible substitutions
(one row of an S-box). Then a 4-bit output value is substituted for the
particular 4-bit input (the middle four input bits). The 32-bit output from
the eight S-boxes is then permuted, so that on the next round, the output
from each S-box immediately affects as many others as possible.

KEY GENERATION
Returning to the previous figures, we see that a 64-bit key is used as input
to the algorithm. The bits of the key are numbered from 1 through 64;
every eighth bit is ignored, as indicated by the lack of shading in Table a.
The key is first subjected to a permutation governed by a table labeled
Permuted Choice One (b). The resulting 56-bit key is then treated as two
28-bit quantities, labeled C0 and D0. At each round, Ci-1 and Di-1 are
separately subjected to a circular left shift or (rotation) of 1 or 2 bits, as
governed by Table d. These shifted values serve as input to the next
round. They also serve as input to the part labeled Permuted Choice Two
(Table c), which produces a 48-bit output that serves as input to the
function F(Ri-1, Ki).
7
Syrian Private University Information Systems Security LAB
Faculty of Computer &Informatics Engineering
 DES Decryption
Decryption uses the same algorithm as encryption, except that the
application of the subkeys is reversed.

8
Syrian Private University Information Systems Security LAB
Faculty of Computer &Informatics Engineering