[JoGu]

Cryptology

II.4 DES

—the Outdated Standard for Bitblock Ciphers

a7Hzq .#5r<
kÜ\as TâÆK$
ûj(Ö2 ñw%h:
Úk{4R f~`z8
¤˜Æ+Ô „&¢Dø

Contents

  1. The kernel map [PDF].
  2. The S-boxes [PDF].
  3. The rounds [PDF].
  4. The key selection [PDF].
  5. The complete algorithm [PDF].

The complete Section II.4 as an PDF file. Furthermore the value tables of the S-Boxes.


Introduction

The »Data Encryption Standard« (DES) is essentially a development by an IBM research group around FEISTEL and COPPERSMITH. The NSA was involved: It arranged for a modification of the S-boxes and a reduction of the key length to 56 bits. Contrary to all speculations both of these changes didn't weaken the security.

DES was published in 1975, and standardized by NBS (National Bureau of Standards—now NIST) in the USA in 1977. The objective was to provide a reliable cipher for sensitive (but not top secret) data of the administration for the next 10 or 15 years.

The standard requires a hardware implementation of the algorithm. The proper name of the algorithm is DEA, but usually also software implementations are denoted by DES. From 1989 to 1998 the US administration restricted the export of DES chips.

DES encrypts 64 bit blocks using a 56 bit key. The encryption of a block starts with a fixed (known) permutation, and ends with the inverse permutation. Although this permutation is known it yields a first bit of diffusion and significantly slows down software implementatios. In between there are 16 rounds that increase diffusion and confusion. The only difference between the single rounds consists in the selection of a different 48 bit subset from the key.

The decryption algorithm is almost identical with the encryption algorithm with the only difference that it runs through the key selection in the reverse direction.

In the following sections we describe the algorithmus in steps »outwards from the interior«.


Author: Klaus Pommerening, 2000-Apr-09; last change: 2021-Jan-20.