Simplified DES

Encryption
Takes an 8-bit block of plaintext and a 10-bit key
as input and produces an 8-bit of cipher.
Decryption
Takes an 8-bit block of cipher and the same 10-bit
key as input and produces an 8-bit of original
plaintext.
Both substitution and transposition operations are
used
It is a complex, multi-phase algorithm

Five Functions of Simplified

DES
IP: Initial permutation
fk: Key-dependent scrambler
Use a 8-bit key
Perform both permutation and substitution

SW ( simple permutation function)

Swap the two halves of data

fk (different key)
IP-1: Inverse permutation

Key Generation

Key Generation
10-Bit Key: Make up by sender
1

P10: Permutation 10 (Constant)

3

4 10 1

P8: Permutation 8 (Constant)

6

5 10 9

Example of Key Generation

Bit Position
10-bit key
P10
split
LS-1
P8
K1

1
1
3
1
0
6
1

2
0
5
0
0
3
0

3
1
2
0
0
7
1

4
0
7
0
0
4
0

5 6 7
0 0 0
4 10 1
0 0 1
1 1 1
8 5 10
0 1 0

LS-2
P8
K2

0
6
0

0
3
1

1
7
0

0
4
0

0
8
0

8
0
9
1
0
9
0

0 0 0
5 10 9
0 1 1

9 10
1 0
8 6
0 0
0 0

Encryption
8-Bit Plaintext: Make up by sender
1

IP: Initial Permutation (constant)

2 6 3 1 4 8 5 7
IP-1: Inversed Permutation (constant)
4

Encryption
E/P: Expansion/Permutation Rule (constant)

P4: Permutation 4 (constant)

S0 Box (constant)

S1 Box (constant)

1
3
0
3

0
2
3
2

0
2
2
1

3
1
1
3

2
0
3
2

1
0
0
1

2
1
1
0

3
3
0
3

Example of Encryption
X:8-bit Plaintext
IP8: Initial permutation vector
Permutation of X
Splitting into L0,R0
E/P 8: Expansion permutation of R0
EP(0): Expanded R0
K1: Key 1
EP(R0) xor K1

1
2
1
1
4
1
1
0

1
6
0
0
1
1
0
1

1
3
1
1
2
1
1
0

1
1
1
1
3
0
0
0

0
4
1
1
2
1
0
1

0
8
1
1
3
0
1
1

1
5
0
0
4
1
0
1

1
7
1
1
1
1
0
1

Example of Encryption
EP(R0) xor K1
Re-arrange in 2X4 matrix

1
0
1

1
1
1

1
0
1

1
0
1

Mapping values from S0 and S1 Box 1

3
0
3
Subtitute with S box entry
P4: Permutation 4
F(R0,SK1)

0
2
2
1

3
1
1
3

2
0
3
2

0
2
3
2
1
2
1

1
0
0
1
1
4
1

2
1
1
0
1
3
1

3
3
0
3
1
1
1

Example of Encryption
F(R0,SK1)
L0
L0 xor F(R0,SK1)
f1,R0
Switch: L1,R1

1
1
0
0
1

1
0
1
1
1

1
1
0
0
0

1
1
0
0
1

1
0

1
1

0
0

1
0

Fk again

L1,R1
E/P 8: Expanded permutation
Expanded permutation of R1
K2: Key 2
E/P(R1) xor K2

1
4
0
0
0

1
1
0
1
1

0
2
1
0
1

1
3
0
0
0

0
2
1
0
1

1
3
0
0
0

0
4
0
1
1

0
1
0
1
1

Fk again
Re-arrange in 2X4 matrix

S0 and S1 Box

Output of S boxes
P4
F(R1,SK2)

1
3
0
3

0
2
2
1

3
1
1
3

2
0
3
2

0
1

1
0

1
1

0
1

0
2
3
2

1
0
0
1

2
1
1
0

3
3
0
3

1
2
0

0
4
1

0
3
0

1
1
1

Fk again

F(R1,SK2)
L1
L1 xor F(R1,SK2)
f2,R1 ->L2, R2
IP-1
Ciphertext

0
1
1
1
4
0

1
1
0
0
1
1

0
0
0
0
3
0

1
1
0
0
5
0

0
7
0

1
2
0

0
8
0

0
6
1

Data Encryption Standard (DES)

National Bureau of Standards and Technology
(NIST) adopted DES in 1977 based on LUCIFER
developed by IBM.
DES has flourished and is widely used, especially in
financial application.
Text length: 64 bits. Thus the plaintext is divide into
64-bit blocks.
The key is 64 bit long. However, the bit positions
8, 16,.,64 are parity of the previous 7 bits. Hence,
the key is really a 56 bit long binary string.

From S-DES to DES

Encryption Scheme
S-DES
IP-1 o fk2 o SW o fk1 o IP

DES
IP-1 o fk16 o SW o fk15 o SW..... o SW o fk1 o IP

From S-DES to DES

key
S-DES
10-bit key is used
From which two 8-bit keys are calculated

DES
56-bit key is used
From which 16 48-bit keys are calculated

From S-DES to DES

Data block
S-DES
Each block is 8 bits
Each half is 4 bits

DES
Each block is 64 bits
Each half is 32 bits

From S-DES to DES

expansion of right half
S-DES
4-bit right half is expanded to 8 bits
After xor with the key, it is arranged into 2X4
matrix

DES
32-bit right half is expanded to 48 bits
After xor with the key, it is arranged into 8X6
matrix

From S-DES to DES

S box
S-DES
Use 1st and 4th bit for row, 2nd and 3rd bit for column
There are 2 S Boxes, each is 4 X 4
Entries in S box are 0 - 3

DES
Use 1st and 6th bit for row, 2nd thru 6th bit for column
There are 8 S Boxes, each is 4 X 16
Entries in S box are 0 - 15

DES: Key generation for each

round (key schedule)
1. The parity bits are stripped away.
2. The bits are permuted by PC-1
3. Result is split in to left half (Ci) and right half (Di)
(i: round of calculation)
4. Left shift Ci and Di separately. Left shift by one
position if i=1, 2, 9, or 16; otherwise shift by 2
5. Combine the two halves after shifting and permute
by PC-2. The result is sub key i (48 bits)
6. Use result of (4) as input for next sub key

Key Permuted Choice 1

PC-1: Permutation of 56 bits

Key Permuted Choice 2

PC-2: Permutation of 48 bits

The following bits are discarded

9

18

22

25

35

38

43

54

Key Shifting
Schedule of left shift

DES Permutation Function

Before first rounds, the plaintext bits are permuted
using an initial permutation. IP

Hence, at the end of the 16 rounds the inverse

permutation is applied. IP-1

Data Encryption Standard

The algorithm has 16 rounds. Each round
has the following architecture:

Li and Ri are 32-bit long

Details of Single Round

Mangler Function F(R,K)

DES: Expansion Function

The 32 bits of Ri are permuted and 16 of them
are repeated twice to obtain a 48 bit string.

DES: S Boxes.
S blocks takes in as input 6-bit arguments
and outputs four bits.
This is the substitution part of the cipher.

DES Input to S Boxes

1
2
3
4
5
6
7
8

1
1
1
0
1
0
0
0
1

2
1
0
1
1
1
0
1
1

3
0
0
1
1
0
0
1
0

4
0
1
1
1
0
1
0
1

5
1
1
1
0
0
0
0
0

6 Row Column
0
2
9
1
3
3
0
0
15
1
3
14
0
0
8
1
1
2
0
0
12
1
3
10

DES: S Boxes (1-4)

DES: S Boxes (5-8)

DES Output of S Boxes

Row Column S Box Entry
2
9
12
3
3
1
0
15
8
3
14
2
0
8
8
1
2
4
0
12
5
3
10
9

1
1
0
1
0
1
0
0
1

2
1
0
0
0
0
1
1
0

3
0
0
0
1
0
0
0
0

4
0
1
0
0
0
0
1
1

DES Permutation 32
After substitution, the function output is now
32 bits and it goes through a fixed
permutation.

DES After Permutation 32

0
1
1
0
1
1
0
1

0
0
1
0
1
0
0
0

0
1
0
0
0
0
0
0

0
1
1
0
0
1
0
0

Output of Mangler function

1. The 32-bit output of Mangler function is
xor with the original left half.
2. Result of (1) is the right half (R1)
3. Original right half becomes new left half
(L1)
4. Concatenation of L1 and R1 is input to
round 2

Cipher Text
Repeat for another 15 rounds
Apply permutation IP-1 at the end of 16th
round.
Use the same algorithm for decryption,
except the sub keys are used in reversed
order. (k16 for round 1, key15 for round 2,
etc....)

DES Reviewed
An initial permutation is applied to
the plain text. The result is split
into two halves (L0,R0). We apply a
function and call it a round:
L1=R0, R1=L0f(R0,K0)
From the initial key K we derive
subkeys: Ki (basically shifts of the
initial key).

Mangler Function Reviewed

A is the 32 bit input, J is
the 48 bit subkey. E is a
trivial expansion of the
input to 48 bits (bits 4,5
are repeated, bits 8,9 are
repeated, bits 12,13 are
repeated and there is a
circular shift of 1 bit to
the right.
The S-Boxes map 6 bits
onto 4, finally a
permutation is applied.

The Avalanche Effect of DES

Round
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

1 bit of Plaintext is changed 1 bit of Key is changed

Number of Bits
Number of Bits
that differs
that differs
1
0
6
2
21
14
35
28
39
32
34
30
32
32
31
35
29
34
42
40
44
38
32
31
30
33
30
28
26
26
29
34
34
35

The Strength/Weakness of DES

Number of possible keys = 256
Which is equivalent to 7.2 X 1016
On Average half the key space has to be
searched
Estimated single machine brute-force search
Key serch machine cost Expected search time
$100,000
35 hours
$1,000,000
3.5 hours
$10,000,000
21 minutes

The Strength/Weakness of DES

Parallel computing and improvement in
computing power makes DES breakable.
Downside of brute-force search: if plaintext
is compressed or is a numeric file, it is
difficult to recognize. Some knowledge
about plaintext is needed.

DES: Comments
The security of the system depends on the number of
rounds. For example, if the number of rounds is 8
then DES can be broken quite easily by differential
cryptanalysis.
56 bit keys have become easier to break by
exhaustive search. That is if you have one single
copy of a plaintext and the corresponding cipher
state, then one can try all possible keys before a
match occurs.
Modified DES (e.g., triple DES) protocols are used.
DES will be replaced Advanced Encryption System
(AES).

AES
As DES is getting very old, NIST began a public
process to choose a new cipher to be called AES
(Advanced Encryption Standard).
AES algorithms should have 3 key sizes: 128, 192,
256 bits, and operate on block sizes of 128 bits.
The algorithm would be selected by choosing the
fastest cipher,
Additional considerations are memory
requirements, suitability to smart cards, etc
In 1999, the finalist were announced....

Five Finalist for AES

August, 1999
MARSdeveloped by IBM
RC6developed by RSA Laboratories
Rijndaeldeveloped by Joan Daemen and
Vincent Rijmen of Belgium
Serpentdeveloped by Ross Anderson, Eli Biham
and Lars Knudsen of the United Kingdom, Israel
and Norway respectively
Twofishdeveloped by Bruce Schneier, etc.
In 2000, the winner was decided ........

AES Winner: Rijndael

Designed by a Belgian group.
Originally had variable block size as well as variable key
size.
For the AES proposal, only the 128 bit block variant was
used.
The number of rounds depends on the key size, 9 round for
128 bits, 11 for 192 bits, 13 for 256 bits.
Rijndael was the fastest cipher which was not shown to
have obvious weaknesses.
Some features of Rijndaels design are considered to be
novel, which in cryptography, is not always good.

Security of Rijndael
Rijndael is a new cipher, so there are
limited results, but so far the news is good.
The use of matrix multiplication is unique
and untested by time. Some controversy
has been raised about this.
Rijndael had the lowest memory
requirements and the fastest encryption of
all the five finalists.