Data Encryption Standard (DES)

DES History
The most widely used encryption scheme is based on the Data Encryption Standard (DES) adopted in 1977 by the National Bureau of Standards. The algorithm itself is referred to as the Data Encryption Algorithm (DEA).For DES, data are encrypted in 64-bit blocks using a 56-bit key. The algorithm transforms 64-bit input in a series of steps into a 64-bit output. The same steps, with the same key, are used to reverse the encryption. The DES may be double or triple encrypted for additional security with the user employing different key after each transmission. The key size of DES is 56, so 256 combination of keys are possible, thats why it provide high security. Cryptography expert in industry and govt. agencies mention that DES is still a reliable standard. Operation in one try per microsecond it would require approx. 2284 years to break the code. Three basic parts are there: Initial and final permutation, DES function, Key arrangement algorithm.

DES Structure

Initial and final permutation steps in DES

1 2 8 ..2540..58.64

1 2 8 ..2540..58.64 16 rounds 1 2 8 ..2540..58.64

1 2 8 ..2540..58.64

Initial permutation box 58 50 42 34 26 18 10 2

60 52 44 36 28 20 12 4 62 54 46 38 30 22 14 6 64 56 48 40 32 24 16 8 40 8 39 7

Final Permutation box 48 16 56 24 64 32 47 15 55 23 63 31

38 6 37 5
36 4 35 3 34 2

46 14 54 22 62 30 45 13 53 21 61 29
44 12 52 20 60 28 43 11 51 19 59 27 42 10 50 18 58 26

57 49 41 33 25 17 9

59 51 43 35 27 19 11 3 61 53 45 37 29 21 13 5 63 55 47 39 31 23 15 7

33 1

41 9

49 17 57 25

Round block

DES Function
32 bits plaintext Sub key 48 bit Expansion P-box 48 bit 48 bit 48 bit

32 bit

Straight P-box
32 bit

Expansion P-box: the 32-bit half-block is expanded to 48 bits using the expansion permutation, it divided into 8 4bit section. The output consists of eight 6-bit(8*6=48bits) pieces, each containing a copy of 4 corresponding input bits, plus a copy of the immediately adjacent bit from each of the input pieces to either side. That means input bit 1,2,3and 4are copied to output bits 2,3,4and 5 respectively. Output bit 1 comes from the 4 bit of previous section, and the 6th bit comes form the 1st bit of the next section the same rules apply to bit 1 to 32.

32
4

1
5

2
6

3
7

4
8

5
9

8
12 16 20 24 28

9
13 17 21 25 29

10
14 18 22 26 30

11
15 19 23 27 31

12
16 20 24 28 32

13
17 21 25 29 1

Whitener (X-OR operation): After the Expansion permutation, DES uses the XOR operation on the expanded right section and the round key. Note that both right section and the key are 48 bits in length. S-Box : After mixing in the subkey, the block is divided into eight 6-bit pieces before processing by the S-boxes, or substitution boxes. Each of the eight S-boxes replaces its six input bits with four output bits according to a non-linear transformation, provided in the form of a lookup table. The S-boxes provide the core of the security of DES without them, the cipher would be linear, and trivially breakable. Permutation finally, the 32 outputs from the S-boxes are rearranged according to a fixed permutation, the P-box. This is designed so that, after expansion, each S-box's output bits are spread across 6 different S boxes in the next round. 16 29 1 5 7 12 15 18 20 28 23 31 21 17 26 10

2
32 19 22

8
27 13 11

24
3 30 4

14
9 6 25

Key Generation
Round 1,2,9,16 Others Shift One bit Two bit

Strength Of DES Algorithm

The two main components of the CES based system are an algorithm and the key. The DES algorithm are more complex comprised of substitution, permutation and normal mathematical operation. The important feature about the DES approach is that the algorithm is fixed and is public information. The actual key used is shared secretly between the originator and receiver of the transmission. Advances in DES include lengthening of key to 128 bit and the multipass DES, which involves several passes usually three of encryption and decryption using different keys. 56-bit keys have 256 = 7.2 x 1016 values thats why brute force search looks hard A machine performing one DES encryption per microsecond would take more than a thousand year to break the cipher.

Triple DES
In cryptography, Triple DES is the common name for the Triple Data Encryption Algorithm (TDEA or Triple DEA) block cipher, which applies the Data Encryption Standard (DES) cipher algorithm three times to each data block. Because of the availability of increasing computational power, the key size of the original DES cipher was becoming subject to brute force attacks; Triple DES was designed to provide a relatively simple method of increasing the key size of DES to protect against such attacks, without designing a completely new block cipher algorithm. Triple DES uses a "key bundle" which comprises three DES keys, K1, K2 and K3, each of 56 bits .The encryption algorithm is: ciphertext = EK3(DK2(EK1(plaintext))) I.e., DES encrypt with K1, DES decrypt with K2, then DES encrypt with K3. Decryption is the reverse: plaintext = DK1(EK2(DK3(ciphertext))) I.e., decrypt with K3, encrypt with K2, then decrypt with K1. Use of TDES: The electronic payment industry uses Triple DES and continues to develop and promulgate standards based upon it. Microsoft OneNote and Microsoft Outlook 2007 use Triple DES to password protect user content

Triple DES utilizes three 64-bit keys. The data is sent through the three phases of DES with the first key to produce C1. C1 is then sent through the three phases of DES with the second key to produce C2. This second ciphertext is then sent through DES a final time with the third key as described here and depicted in Figure below: E(p,k1)=C1 D(C1,k2)=C2 E(C2,k3)=C3 where E is the DES encryption algorithm, ki is the ith key, p is the original plaintext and C3 is the final ciphertext.

IDEA Encryption Algorithm

The IDEA cipher algorithm: 1. Original text is divided into 64-bit blocks. 2. Each 64-bit block is further divided into four 16-bit sub-blocks: X1, X 2, X 3, X 4. 3. The 128-bit IDEA key is divided into 52 Sub keys

4. The algorithm consist of 8 rounds followed by a final transformation function. 5. Each rounds takes four 16bits sub-blocks as input and produce four 16 bits output blocks. 6. The final transformation also produces four 16 bits blocks which are connected to form the 64 bit cipher text. 7. Each of the round also makes use of six 16 bit sub keys and final transformation uses four sub keys for a total of 52 sub keys.

Plaintext 64 bits

Plaintext block 1

Plaintext block 2

Plaintext block 3

Plaintext block 4

Round 1 (Key 1 to key 6)

Round 2 (Key 7 to key 12)

Round 8 (Key 43 to key 48)

Output transformation (Key 49 to key 52)

Ciphertext block 1

Ciphertext block 2

Ciphertext block 3

Ciphertext block 4

Ciphertext 64 bits

Round of IDEA
1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. Multiply X1 and key K1,1 Add X2 and K1,2 Add X3 and K1,3 Multiply X4 and K1,4 XOR the result of step 1 And 3 XOR the result of step 2 and 4 Multiply the result of step 5 and K1,5 Add the result of step 6 and 7 Multiply the result of step 8 and K1,6 Add the result of step 7 and step 9 XOR the result of step 1 and step 9 XOR the result of step 3 and step 9 XOR the result of step 2 and step 10 XOR the result of step 4 and step 10

Round

Output Transformation
The output of the 8th round become input to the output transformation stage. In the output transformation we use K49, K50, K51 and K52 keys. Let the output of 8th stage are X8,1 , X8,2, X8,3, X8,4 . The following stapes occur: 1. Multiply X8,1 and K49 2. Add X8,2 and K50 3. Add X8,3 and K51 4. Multiply X8,4 and K52

X8,1

X8,2

X8,3

X8,4

K 49
K 51 K 50 Multiply Add Add Multiply

K 52

Ciphertext block 1

Ciphertext block 2

Ciphertext block 3

Ciphertext block 4

Ciphertext 64 bits

Strength of IDEA
The international data encryption algorithm (IDEA) uses a 128 bit key. In order to break the IDEA, one require to perform 2128 . It believe that ,to obtain the correct keys needs to be examined and tried out, a single computer performing one IDEA encryption per microsecond would required more then 54* 1023 years to break IDEA. The following factor consider the strength of IDEA: Block length Key length Diffusion confusion

Block Cipher Modes of Operation

There are four modes of operation of block cipher: Electronic Codebook (ECB) Cipher Block Chaining (CBC) Cipher Feedback (CFB) Output Feedback (OFB) Counter (CTR)

Electronic Codebook (ECB) Mode

Plaintext is divide into block of 64 bits. Each plaintext block is independently encrypted with the same key Last block is padded appropriately Useful for transmission of a single block or a small number of blocks Called a codebook because, for a given key, each block of plaintext produces a unique ciphertext May not be secure for lengthy message
Same plaintext blocks always produce the same ciphertext block

Electronic Codebook (ECB) Mode

Cipher Block Chaining (CBC) Mode

An appropriate mode for encrypting messages of length greater than 64 bits
Same plaintext blocks produce different ciphertext blocks

Prior to encrypting a plaintext block, XOR it with the previous ciphertext block
Ci = EK(Ci-1 Pi), Pi = DK(Ci) Ci-1 For first block, need initialization vector, IV IV must be known to sender and receiver only

Each ciphertext block is dependent on all message blocks before it (so, can be used MAC) Most common mode of use when data available in advance (email, ftp, web, ) Error propagation (itself and next block)

Cipher Block Chaining (CBC) Mode

Cipher Feedback (CFB) Mode

Allows use of block cipher as a stream cipher (appropriate when data inherently arrives in bits/bytes) Standard allows any number of bit (1,8, 64 or 128 etc) to be feedback

Start with IV Encryption Decryption

denoted CFB-1, CFB-8, CFB-64, CFB-128 etc.

XOR (MSB) s bits of output with s-bit plaintext Ci = Pi Ss[EK(Ci-1)], C0 = IV XOR (MSB) s bits of output with s-bit ciphertext Pi = Ci Ss[EK(Ci-1)], C0 = IV

Can be used MAC Error propagation (several blocks)

s-bit Cipher Feedback Mode

Output Feedback (OFB) Mode

Encrypt IV Shift IV by s bits, insert s bits of EK output XOR same s bits of output with s bit plaintext
Oi = Ss[EK(Oi-1)], O0 = IV Ci = Pi Oi

Decryption reverses these steps

Oi = Ss[EK(Oi-1)], O0 = IV Pi = Ci Oi

Errors do not propagate in OFB

Stream encryption on noisy channels (Satellite)

This makes OFB vulnerable to modification

Output Feedback (OFB) Mode

Counter (CTR) Mode

A new mode, though proposed early on Similar to OFB but encrypts counter value rather than any feedback value Must have a different key & counter value for every plaintext block (never reused) Encryption
Oi = EK(i++) Ci = Pi Oi

Can be used for high-speed network encryptions

Counter (CTR) Mode

Summary of Block Cipher Mode

Conventional encryption to provide confidentiality.

Historically, the focus of cryptology has been on the use of conventional encryption to provide confidentiality. Authorization, Integrity, Digital signatures, and the use of public-key encryption, have been included in the theory only in the last several decades.

Placement of Encryption Function

The location of encryption function is needed to be decided if the encryption is to be used to counter attacks on Confidentiality. First, we have to find out the potential locations of security attacks. Second, decide where to place the encryption function.

Potential Locations for Confidentiality Attacks.

An attack can take place at any of the communications links. The communications links can be: - Cable (telephone, twisted pair, coaxial cable, or optical fiber). - Microwave links. - Satellite channels.

Potential Locations for Confidentiality Attacks

Invasive taps or inductive taps are used to monitor electromagnetic emanation with both Twisted pair and Coaxial cables. Neither type of tap is particularly useful with optical fiber. Physically breaking the cable seriously degrades signal quality and it is therefore detectable.

Placement of Encryption Function

There are two major approaches to encryption placement: 1- Link encryption. 2- End-to-end encryption.

Key Distribution
For conventional encryption to work, the two parties to an exchange must share the same key, and that key must be protected from access by others. Frequent key changes are required. Therefore, the strength of cryptographic system relays on the key distribution technique.

Key Distribution
There are a number of ways to deliver the key: 1- Physical delivery between two parties A,B. 2- Third party physically delivered the key. 3- A and B use used key to encrypt the new key and transmit it to the other party. 4- Using an encrypted connection to third party, then the third party delivers a key on encrypted links to A and B.

A Key Distribution Scenario

One scenario to deploy the key distribution assumes that each user share a unique master key with the key distribution center (KDC). Let us assume that user A wishes to establish a logical connection with B and require a one time session key to protect the data transmission over the connection. A has a secret key ka, known only to itself and the KDC; similarly, B shares the master key kb with the KDC.

A Key Distribution Scenario

Steps: 1- A issues a request to the KDC for a session key, the message includes the identity of A and B and a unique identifier N1 for this transaction. 2- the KDC responds with a message encrypted using Ka, the message includes two items intended for A: - the one time session key Ks to be used for the session. - the original request message for matching.

A Key Distribution Scenario

Steps (Continue): And two items intended for B: - the one time session key, ks - An identifier of A IDA these two items are encrypted using kb 3- A stores the session key for use in the upcoming session and forwards to B the information that originated at the KDC for B.

A Key Distribution Scenario

Steps (Continue): Because this information is encrypted with kb, it is protected. B now knows the session key ks , knows that the other party is A (from the IDA), and knows that the information originated at the KDC. At this point, a session key has been securely delivered to A and B, and they may begin their protected exchange.