5 DES
DES was developed in 1975 by IBM. Successing Lucifer, it is
the most widely spread cryptosystem.
DES encrypts a plaintext bitstring x of length 64
with a key of length 56. The gained ciphertext is 64 bits long.
The calculation of the 16 single keys for point (2) is very
tedious and is described in 5.1 DES Key.
The algorithm has three steps:
- Given a plaintext x, a bitstring x0
is constructed by reordering the bits of x according to a fixed
initial permutation IP.
We write x0 = IP(x) = L0
R0 ,
where L0 contains the first 32 Bits of x0,
and R0 the last ones.
- Now, 16 repetitions of a certain function
are executed. We determine LiRi,
i = 1,...,16, after the following rule:
- Li = Ri-1
- Ri = Li-1 [+] f(Ri-1 , Ki) ,
where [+] stands for the exklusive OR of two bitstrings.
f is described further below, and
K1, K2 , ... , K16
are bitstrings of length 48, which are determined as a function of the key
K.
- Apply the inverse permutation IP-1
on the bitstring
R16 L16; this yields the ciphertext
y,
that is y = IP-1(R16 L16).
(Regard the inverse order of L16 and
R16).
The function f takes as input the first argument
A
(bitstring of length 32) and as the second J (bitstring of
length 48), and returns a bitstring of length 32:
- The first argument A is expanded to a bitstring of length 48
by a fixed expansion
function E. E(A)
consisting of 32 bits from A, permuted in a certain way, where 16
of the bits occur twice.
- Determine E(A) [+] J and write the result as
a concatenation of eight strings of six bit each,
B = B1B2 B3
B4 B5 B6
B7 B8.
- Each Bi is now permuted in the so-called
S-boxes Sj into Cj,
i.e. Cj = Sj (Bj ),
j = 1,...,8.
The S-boxes are 4x16-matrices with entries between 0 and 15.
Let Bj = b1b2
b3 b4 b5
b6. Then the wto bits
b1b6 correspond with the binary
representation
of a row r from Sj (0 <= r <= 3),
and the four bits b2 b3
b4 b5 determine the number of
the column
c from Sj (0 <= c <= 15).
Then Sj (Bj) is the entry
Sj (r,c), written as bitstring of length 4.
- The bitstring C = C1C2
C3 C4 C5
C6 C7 C8
of length 32 is now reordered according to
the fixed permutation P.
The gained bitstring P(C) is f(A,J).
Start applet in new window
Initial Permutation IP:
| 58 | 50 | 42 | 31 | 26 | 18 | 10 | 2 |
| 60 | 52 | 44 | 36 | 28 | 20 | 12 | 4 |
| 62 | 54 | 46 | 38 | 30 | 22 | 14 | 6 |
| 64 | 56 | 48 | 40 | 32 | 24 | 16 | 8 |
| 57 | 49 | 41 | 33 | 25 | 17 | 9 | 1 |
| 59 | 51 | 43 | 35 | 27 | 19 | 11 | 3 |
| 61 | 53 | 45 | 37 | 29 | 21 | 13 | 5 |
| 63 | 55 | 47 | 39 | 31 | 23 | 25 | 7 |
Final Permutation IP-1:
| 40 | 8 | 48 | 16 | 56 | 24 | 64 | 32 |
| 39 | 7 | 47 | 15 | 55 | 23 | 63 | 31 |
| 38 | 6 | 46 | 14 | 54 | 22 | 62 | 30 |
| 37 | 5 | 45 | 13 | 53 | 21 | 61 | 29 |
| 36 | 4 | 44 | 12 | 52 | 20 | 60 | 28 |
| 35 | 3 | 43 | 11 | 51 | 19 | 59 | 27 |
| 34 | 2 | 42 | 10 | 50 | 18 | 58 | 26 |
| 33 | 1 | 41 | 9 | 49 | 17 | 57 | 25 |
Bit Table E:
| 32 | 1 | 2 | 3 | 4 | 5 |
| 4 | 5 | 6 | 7 | 8 | 9 |
| 8 | 9 | 10 | 11 | 12 | 13 |
| 12 | 13 | 14 | 15 | 16 | 17 |
| 16 | 17 | 18 | 19 | 20 | 21 |
| 20 | 21 | 22 | 23 | 24 | 25 |
| 24 | 25 | 26 | 27 | 28 | 29 |
| 28 | 29 | 30 | 31 | 32 | 1 |
Permutation P:
| 16 | 7 | 20 | 21 |
| 29 | 12 | 28 | 17 |
| 1 | 15 | 23 | 26 |
| 5 | 18 | 31 | 10 |
| 2 | 8 | 24 | 14 |
| 32 | 27 | 3 | 9 |
| 19 | 13 | 30 | 6 |
| 22 | 11 | 4 | 25 |
