DES encryption scheme
•
The plain-text (64 bits) passes through
an initial permutation IP(on 64 bits)
•
Then follow 16 identical rounds –in each
round a different sub key is used; each sub key is generated from the key
• After round 16, swap the left half with
the right half
- Apply the inverse of the initial
permutation IP-1(on 64 bits)
Sub key generation
Before
round 1 of DES, they key is permuted according to a table labeled Permuted
Choice One –the resulting 56-bit key is split into its two 28-bit halves labeled
C0and D0􀂄
•
In each round, Ci-1 and Di-1 are
separately subjected to a circular left shift of one or two bits according to
the table on the next slide –the shifted values will be input to next roundô€‚„
•
The shifted values serve as input to
Permuted Choice Two which produces a 48-bit output: the sub key of the current
round.
Strength of DES
Two main concerns with DES: the length of the key and the nature of the algorithm
•
The key is rather short: 56
bits –
–
In average, only half of the
keys have to be tried to break the system
–
In principle it should take
long time to break the system
– Things
are quicker with dedicated hardware: 1998 –a special machine was built for less
than 250 000 $ breaking DES in less than 3 days, 2006 –estimates are that a
hardware costing around 20.000$ may break DES within a day.
•
Nature of the algorithm
•
There has always been a
concern about the design of DES, especially about the design of S-boxes
–perhaps they have been designed in such a way as to ensure a trapdoor to the
algorithm –break it without having to search for the key
•
The design criteria for the
S-boxes (and for the rest of the algorithm) have been classified information
and NSA was involved in the
design
•
Many regularities and
unexpected behavior of the S-boxes have been reported
•
On the other hand, changing
the S-boxes slightly seems to weaken the algorithm
•
No fatal weaknesses in the
S-boxes have been (publicly) reported so far.
 in cryptography){kind=link}