Symmetric key algorithm - (1) DES

(1)Characteristics of DES

• Block Cipher: Encrypts data in fixed-size 64-bit blocks.

• Key Length: Uses a 56-bit key, making it vulnerable to brute-force attacks.

• Feistel Structure: Based on a Feistel network with 16 rounds of encryption .

• Subkeys Generation: Uses a key scheduling algorithm to generate 16 subkeys .

• S-Boxes: Implements nonlinear substitution through eight S-boxes to enhance security.

• Weaknesses: Susceptible to differential and linear cryptanalysis, and modern computing can break it quickly.

• Replacement: Superseded by AES due to its limited key size and vulnerabilities

(2) Simple DES

Before studying DES, let's first learn about Simple DES.

The simplified DES algorithm is also a block cipher. That is, before performing encryption, it divides the plaintext into blocks.

The key[K] is created with 9 bits, and the message[M] consists of 12 bits.

Just like DES, the core of Simple DES is the S-Box, where "S" stands for substitution.
In Simple DES, the input to the S-Box is 6 bits, and the output is 4 bits.

Let's look at the table below to understand the S-Box.

The values inside the table, excluding the rows and columns, are random.

If the data is 011011, the first and last bits are 01, and the middle bits are 1101.
In this case, (01)₂ represents the second row, and (1101)₂ represents the 13th column.
The intersecting value at this position is the output value.

Bit Initialization:

Half of the 12-bit message is divided into L and R.

Bit Expansion:

Each left and right block is expanded by a specific function called f.
The DES algorithm expands each 6-bit block into 8 bits.

Key Gneration:

As mentioned earlier, the master key consists of 9 bits.
In each round, an encryption key is generated using 8 bits from the master key.

Bit Encryption:

Perform an XOR operation between the expanded bits and the key.

And then, the result (8 bits) is divided into two 4-bit parts, each of which is fed into the S-Box.

• The first bit of the 4-bit input determines the row to be used.

• The remaining 3 bits determine the column to be used.

Finally, the two results are concatenated to form the final output.

(3)DES

DES is a 16-round symmetric key encryption/decryption algorithm that operates on 64-bit blocks.

• The key is also 64 bits, but only 56 bits are actually used for encryption.

• The remaining 8 bits are used for parity checking to detect errors.

• The output is also 64 bits in length.

Key Generation in DES

In DES, the key generation process derives 16 subkeys (48-bit each) from the original 64-bit key. This involves the following steps:

1. Initial Key Processing (Permuted Choice 1 - PC-1)

• The original 64-bit key is first permuted using a fixed table called PC-1.

• This permutation removes the parity bits, leaving only 56 bits for actual use.

• The 56-bit key is then divided into two 28-bit halves: C₀ (left half) and D₀ (right half).

2. Key Scheduling (Left Circular Shift - LSH)

• In each round, the halves C and D are left-rotated by 1 or 2 bits (depending on the round).

3. Subkey Generation (Permuted Choice 2 - PC-2)

• After the shifts, 48 bits are selected from the 56-bit key using a second permutation table (PC-2).

• This reduces the key size from 56 bits to 48 bits, which matches the size required for DES round functions.

4. Final Output

• At the end of the 16 rounds, 16 subkeys (K₁, K₂, ..., K₁₆) of 48 bits each are generated.

• These subkeys are used in each round of the Feistel structure during encryption and decryption.

This key scheduling process ensures that each round uses a different subkey, making the encryption more resistant to attacks.

Encryption Process in DES

After generating the keys, encryption is performed on the message.

DES encryption consists of three main steps:

1. Initial Permutation (IP)

• The 64-bit plaintext undergoes an initial permutation (IP) using a fixed table.

• This step does not enhance security but rearranges the bits to optimize later processing.

• After the permutation, the 64-bit block is split into two 32-bit halves:

  • L₀ (Left Half)

  • R₀ (Right Half)

2. Encryption Rounds (16 Rounds of Feistel Cipher)

• DES uses a Feistel structure with 16 rounds, where L and R are processed as follows:

  • The right half is processed through the Feistel function fff.

  • The function expands RnR_nRn​ from 32 bits to 48 bits.

  • It is XORed with the 48-bit subkey KnK_nKn​.

  • The result passes through S-Boxes, reducing it back to 32 bits.

  • A final P-Permutation shuffles the bits before being XORed with LnL_nLn​.

3. Final Permutation (FP)

• After 16 rounds, L₁₆ and R₁₆ are combined into a 64-bit block.

• A final permutation (FP) is applied, which is the inverse of the initial permutation (IP).

• The result is the 64-bit ciphertext.

This structured encryption process ensures that even small changes in the plaintext result in significant changes in the ciphertext (avalanche effect).

Decryption Process in DES

DES decryption is the reverse of the encryption process.

DES has a key length of 56 bits, which makes it vulnerable as computers have advanced enough to break it through brute-force computation.

3DES

The 3DES algorithm is identical to DES. The difference is that it performs the algorithm three times using three different keys.

DESX

DESX is an enhanced version of DES with a stronger key mechanism.
It follows the same DES encryption/decryption process but uses three keys.
Encryption is performed using the following logic:

First, the message M is XORed with the key K₂.
Then, the result of the XOR operation is encrypted using DES with the 56-bit key K₁.
Finally, the encrypted output is XORed with the key K₃.

As a result, the effective key length is extended from 56 bits to 184 bits (64 + 56 + 64 = 184 bits) by using a virtual key expansion technique.