DATA ENCRYPTION STANDARD (DES) / lucifer
sahadcse8bu
19 views
27 slides
Mar 09, 2025
Slide 1 of 27
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
About This Presentation
DATA ENCRYPTION STANDARD (DES)
Slide Content
DATA ENCRYPTION STANDARD
(DES)
(DES)
Outline
•History
•Encryption
•Key Generation
•Decryption
•Strength of DES
•Ultimate
•History
•Encryption
•Key Generation
•Decryption
•Strength of DES
•Ultimate
History
In 1971, IBM developed an algorithm,
named LUCIFER which operates on a
block of 64 bits, using a 128-bit key
Walter Tuchman, an IBM researcher,
refined LUCIFER and reduced the key
size to 56-bit, to fit on a chip.
In 1971, IBM developed an algorithm,
named LUCIFER which operates on a
block of 64 bits, using a 128-bit key
Walter Tuchman, an IBM researcher,
refined LUCIFER and reduced the key
size to 56-bit, to fit on a chip.
History
In 1977, the results of Tuchman’s
project of IBM was adopted as the
Data Encryption Standard by NSA
(NIST).
In 1977, the results of Tuchman’s
project of IBM was adopted as the
Data Encryption Standard by NSA
(NIST).
A Simplified DES-Type Algorithm
•Suppose that a message has 12 bits and is written as L
0R
0 ,
where L
0 consists of the first 6 bits and R
0 consists of the last
6 bits.
•The key K has 9 bits. The ith round of the algorithm
transforms an input L
i-1
R
i-1
to the output L
i
R
i
using an 8-bit
key K
i
derived from K.
•The main part of the encryption process is a function f(R
i-1,K
i)
that takes a 6-bit input
•Suppose that a message has 12 bits and is written as L
0R
0 ,
where L
0 consists of the first 6 bits and R
0 consists of the last
6 bits.
•The key K has 9 bits. The ith round of the algorithm
transforms an input L
i-1
R
i-1
to the output L
i
R
i
using an 8-bit
key K
i
derived from K.
•The main part of the encryption process is a function f(R
i-1,K
i)
that takes a 6-bit input
R
i-1 and an 8-bit input K
i and produces a 6-bit
output which will be described later.
The output of the ith round is defined as:
L
i
= R
i-1
and R
i
= L
i-1
XOR f(R
i-1
,K
i
)
The decryption is the reverse of encryption.
[L
n] [R
n XOR f(L
n, K
n)] = … =[R
n-1] [L
n-1]
i-1 and an 8-bit input K
i and produces a 6-bit
output which will be described later.
The output of the ith round is defined as:
L
i
= R
i-1
and R
i
= L
i-1
XOR f(R
i-1
,K
i
)
The decryption is the reverse of encryption.
[L
n] [R
n XOR f(L
n, K
n)] = … =[R
n-1] [L
n-1]
The Operations of f Function
•E(L
i)=E(011001)=E(01010101) (Expander)
•S-boxes
S
1
101 010 001 110 011 100 111 000
001 100 110 010 000 111 101 011
S
2 100 000 110 101 111 001 011 010
101 011 000 111 110 010 001 100
The input for an S-box has 4 bits. The first
bit specifies which row will be used: 0 for 1st
•E(L
i)=E(011001)=E(01010101) (Expander)
•S-boxes
S
1
101 010 001 110 011 100 111 000
001 100 110 010 000 111 101 011
S
2 100 000 110 101 111 001 011 010
101 011 000 111 110 010 001 100
The input for an S-box has 4 bits. The first
bit specifies which row will be used: 0 for 1st
•The other 3 bits represent a binary number that specifies
the column: 000 for the 1st column, 001 for the 2nd column,
… 111 for the 7th column. For example, an input 1010 for S
1
box will yield the output 110.
•The key K consists of 9 bits. K
i is the key for the ith round
starting with the ith bit of K. Let K=010011001, then
K
4
=01100101.
the column: 000 for the 1st column, 001 for the 2nd column,
… 111 for the 7th column. For example, an input 1010 for S
1
box will yield the output 110.
•The key K consists of 9 bits. K
i is the key for the ith round
starting with the ith bit of K. Let K=010011001, then
K
4
=01100101.
R
i-1
=100110 and K
i
=01100101
•E(R
i-1) XOR K
i =10101010 XOR 01100101
= 11001111
S
1
(1100)=000
S
2(1111)=100
Thus, R
i
= f(R
i-1
,K
i
)=000100, L
i
=R
i-1
=100110
L
i-1R
i-1 = 011100100110 (
→
?) L
iR
i
100110011000
i-1
=100110 and K
i
=01100101
•E(R
i-1) XOR K
i =10101010 XOR 01100101
= 11001111
S
1
(1100)=000
S
2(1111)=100
Thus, R
i
= f(R
i-1
,K
i
)=000100, L
i
=R
i-1
=100110
L
i-1R
i-1 = 011100100110 (
→
?) L
iR
i
100110011000
Encryption
[
1
]
[
1
]
Encryption (cont.)
Inversion of Initial Permutation (IP
-
1
)
Key
i
64-bit plaintext (X)
32-bit Switch (SW)
Initial Permutation (IP)
Round
(i)
64-bit ciphertext (Y)
Key Generation (KeyGen)
64-bit key (K)
Inversion of Initial Permutation (IP
-
1
)
Key
i
64-bit plaintext (X)
32-bit Switch (SW)
Initial Permutation (IP)
Round
(i)
64-bit ciphertext (Y)
Key Generation (KeyGen)
64-bit key (K)
Encryption (cont.)
1
( ( ( ( ), )))
i i
Y IP SW Round IP X Key
•Plaintext: X
•Initial Permutation: IP( )
•Round
i
: 1 i 16
≤ ≤
•32-bit switch: SW( )
•Inverse IP: IP
-1
( )
•Ciphertext: Y
•
1
( ( ( ( ), )))
i i
Y IP SW Round IP X Key
•Plaintext: X
•Initial Permutation: IP( )
•Round
i
: 1 i 16
≤ ≤
•32-bit switch: SW( )
•Inverse IP: IP
-1
( )
•Ciphertext: Y
•
Encryption (IP, IP
-1
)
Bit01234567
1585042342618102
9605244362820124
17625446383022146
25645648403224168
3357494133251791
41595143352719113
49615345372921135
57635547393123157
•IP
Bit01234567
1408481656246432
9397471555236331
17386461454226230
25375451353216129
33364441252206028
41353431151195927
49342421050185826
5733141949175725
IP
-1
Note: IP(IP
-1
) = IP
-1
(IP) = I
-1
)
Bit01234567
1585042342618102
9605244362820124
17625446383022146
25645648403224168
3357494133251791
41595143352719113
49615345372921135
57635547393123157
•IP
Bit01234567
1408481656246432
9397471555236331
17386461454226230
25375451353216129
33364441252206028
41353431151195927
49342421050185826
5733141949175725
IP
-1
Note: IP(IP
-1
) = IP
-1
(IP) = I
Encryption (Round)
[
1
]
(Key
Generation)
[
1
]
(Key
Generation)
Encryption (Round) (cont.)
L
i
Permutation (P)
Expansion/permutation (E_table)
Substitution/choice (S-box)
XOR
R
i
L
i-1
R
i-1
XOR
K
i
F
L
i
Permutation (P)
Expansion/permutation (E_table)
Substitution/choice (S-box)
XOR
R
i
L
i-1
R
i-1
XOR
K
i
F
Encryption (Round) (cont.)
F
S-box
[
1
]
F
S-box
[
1
]
Encryption (Round) (cont.)
F
•Separate plaintext as L
0
R
0
•L
0
: left half 32 bits of plaintext
•R
0: right half 32 bits of plaintext
•Expansion/permutation: E( )
•Substitution/choice: S-box( )
•Permutation: P( )
•
•
1 1
( _ ( ( )~ ))~
ii i i
R L P S box E R Key
1i i
L R
F
•Separate plaintext as L
0
R
0
•L
0
: left half 32 bits of plaintext
•R
0: right half 32 bits of plaintext
•Expansion/permutation: E( )
•Substitution/choice: S-box( )
•Permutation: P( )
•
•
1 1
( _ ( ( )~ ))~
ii i i
R L P S box E R Key
1i i
L R
Encryption (Round) (cont.)
321 2 3 4 5
4 5 6 7 8 9
8 910111213
121314451617
161718192021
202122232425
242526272829
28293031321
167202129122817
11523265183110
282414322739
9133062211425
E
P
ExpansionExpansion
321 2 3 4 5
4 5 6 7 8 9
8 910111213
121314451617
161718192021
202122232425
242526272829
28293031321
167202129122817
11523265183110
282414322739
9133062211425
E
P
ExpansionExpansion
Encryption (Round) (cont.)
S-box
[
1
]
S-box
[
1
]
Key Generation
[
1
]
(Encryption)
[
1
]
(Encryption)
Key Generation (cont.)
D
0C
0
Input Key
Permuted Choice One (PC-1)
Permuted Choice Two (PC-
2)
Schedule of Left Shifts
D
i-1
C
i-1
D
iC
i
▪
▪
▪
▪
▪
▪
Key
i
D
0C
0
Input Key
Permuted Choice One (PC-1)
Permuted Choice Two (PC-
2)
Schedule of Left Shifts
D
i-1
C
i-1
D
iC
i
▪
▪
▪
▪
▪
▪
Key
i
Key Generation (cont.)
•Original Key: Key
0
•Permuted Choice One: PC_1( )
•Permuted Choice Two: PC_2( )
•Schedule of Left Shift: SLS( )
•
•
•
00 0
( , ) _1( )C D PC Key
1 1
( , ) ( , )
i i i i
C D SLS C D
1 1
_2( ( , ))
i i i
Key PC SLS C D
•Original Key: Key
0
•Permuted Choice One: PC_1( )
•Permuted Choice Two: PC_2( )
•Schedule of Left Shift: SLS( )
•
•
•
00 0
( , ) _1( )C D PC Key
1 1
( , ) ( , )
i i i i
C D SLS C D
1 1
_2( ( , ))
i i i
Key PC SLS C D
Decryption
•The same algorithm as
encryption.
•Reversed the order of
key (Key
16, Key
15, … Key
1).
•For example:
•IP undoes IP
-1
step of
encryption.
•1st round with SK16
undoes 16th encrypt
round.
[
1
]
•The same algorithm as
encryption.
•Reversed the order of
key (Key
16, Key
15, … Key
1).
•For example:
•IP undoes IP
-1
step of
encryption.
•1st round with SK16
undoes 16th encrypt
round.
[
1
]
Strength of DES
•Criticism
•Reduction in key size of 72 bits
•Too short to withstand with brute-force attack
•S-boxes were classified.
•Weak points enable NSA to decipher without key.
•56-bit keys have 2
56
= 7.2 x 10
16
values
•Brute force search looks hard.
•A machine performing one DES encryption per microsecond would
take more than a thousand year to break the cipher.
•Criticism
•Reduction in key size of 72 bits
•Too short to withstand with brute-force attack
•S-boxes were classified.
•Weak points enable NSA to decipher without key.
•56-bit keys have 2
56
= 7.2 x 10
16
values
•Brute force search looks hard.
•A machine performing one DES encryption per microsecond would
take more than a thousand year to break the cipher.
Strength of DES (cont.)
•Avalanche effect in DES
•If a small change in either the
plaintext or the key, the
ciphertext should change
markedly.
•DES exhibits a strong
avalanche effect.
•Avalanche effect in DES
•If a small change in either the
plaintext or the key, the
ciphertext should change
markedly.
•DES exhibits a strong
avalanche effect.
Ultimate
•DES was proved insecure
•In 1997 on Internet in a few months
•in 1998 on dedicated h/w (EFF) in a few days
•In 1999 above combined in 22hrs!
•DES was proved insecure
•In 1997 on Internet in a few months
•in 1998 on dedicated h/w (EFF) in a few days
•In 1999 above combined in 22hrs!
References
•[1] William Stallings, Cryptography and
Network Security, 1999.
•[1] William Stallings, Cryptography and
Network Security, 1999.
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 19
- Slides 27
- Age 267 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views