**DES Encryption Standard - Theory and example**

By Adrian Grigorof, B.Sc., MCSE |
---|

DES - Data Encryption Standard A little bit of theory The Data Encryption Standard (DES) algorithm, adopted by the U.S. government in July 1977. It was reaffirmed in 1983, 1988, and 1993. DES is a block cipher that transforms 64-bit data blocks under a 56-bit secret key, by means of permutation and substitution. It is officially described in FIPS PUB 46. DES is a "symmetrical" encryption algorithm: same key that is used for encryption is used to decrypt the message. The DES algorithm is still widely used and is
considered reasonably secure. There is no feasible way to break DES as is using
a 64-bit (8 characters) block cipher. There are 70,000,000,000,000,000 (seventy
quadrillion) possible keys of 56 bits. However, due to the advance in the
computational power of super-computers, an exhaustive search of 2^55 steps on
average, can retrieve the key used in the encryption (if the key is changed
frequently, the risk of this event is greatly diminished). Because of this it
is common practice to protect data using Triple-DES. See
FIPS PUB 74 for more
details regarding the strength of this algorithm against various threats. Theoretical procedure (based on an article by Matthew Fischer November published in 1995):
Permuted Choice 1 (PC-1) 57 49 41 33 25 17 9 1.2.2 Split the permuted key into two halves. The first 28 bits are called C[0]
and the last 28 bits are called D[0]. Permuted Choice 2 (PC-2) 14 17 11 24 1 5 1.2.3.3 Loop back to 1.2.3.1 until K[16] has been calculated. Initial Permutation (IP) 2.3 Split the block into two halves. The first 32 bits are called L[0], and the
last 32 bits are called R[0]. Expansion (E) 2.4.2 Exclusive-or E(R[i-1]) with K[i]. Substitution Box 1 (S[1]) 2.4.4.4 Loop back to 2.4.4.1 until all 8 blocks have been replaced. Permutation P 2.4.6 Exclusive-or the resulting value with L[i-1]. Thus, all together, your
R[i] = L[i-1] xor P(S[1](B[1])...S[8](B[8])), where B[j] is a 6-bit block of
E(R[i-1]) xor K[i]. (The function for R[i] is more concisely written as, R[i] =
L[i-1] xor f(R[i-1], K[i]).) Final Permutation (IP**-1) This has been a description of how to use the DES algorithm to encrypt one
64-bit block. To decrypt, use the same process, but just use the keys K[i] in
reverse order. That is, instead of applying K[1] for the first iteration, apply
K[16], and then K[15] for the second, on down to K[1]. This is an attempt to show how it actually works in
practice - how are bits moved around to perform the theoretical encryption
presented above. While there are many applications to perform the DES
encryption, I couldn't find an actual example, as simple as it may have been.
So, armed with the theory, I went ahead of doing it myself. Please note, this
may contain mistakes - the point of this exercise is to give firewall and
VPN administrators an idea of what lies behind the DES acronyms that they use
every day. |