Review of Encryption

• A message in its original form (plaintext)

is encrypted into an unintelligible form
(ciphertext) by a set of procedures known
as an encryption algorithm (cipher) and a
variable, called a key; and the ciphertext
is transformed (decrypted) back into
plaintext using the decryption
∆ε αρ
algorithm
andDeara
Friend,
key.Encryption Φρ ι ε ν
δ ,
Decryption
Dear
Friend,
Ι η α ϖε
I have I have
σε ε ν
seen your seen your
ψο υ ρ
message message
µ ε σσα
of … of …
γ ε ο φ

11/22/09 Original Symmetric Scrambled Symmetric Original 1

Data Key Data Key Data
 Comparison of Symmetric
and Asymmetric Encryption
Secret Key

Original
Plaintext Ciphertext Plaintext
Encryption Decryption

Symmetric (Single Key) Cryptography

Public Key Private Key

Original
Plaintext Ciphertext Plaintext
Encryption Decryption
11/22/09 2
Asymmetric (Two Key) Cryptography
 Block Cipher Design
Principles
• Confusion – obscures the relationship
between the plaintext and ciphertext.
Eliminates redundancies and statistical
patterns. Confusion is achieved through
substitution.
• Diffusion – dissipates the redundancies of
the plaintext by distributing over the
ciphertext. Diffusion is achieved through
permutations.
• Multiple Iterations
11/22/09 3
 DES - History
• The Data Encryption Standard (DES) was
developed in the 1970s by the National
Bureau of Standards (NBS)with the help of
the National Security Agency (NSA).
• Its purpose is to provide a standard method
for protecting sensitive commercial and
unclassified data.
• IBM created the first draft of the algorithm,
calling it LUCIFER with a 128-bit key.
• DES officially became a federal standard in
November of 1976.

11/22/09 4
 DES - Design Proves Good
• Recent analysis has shown despite this that the
choice was appropriate, and that DES is well
designed.

• Rapid advances in computing speed

• The DES has also been theoretically broken

using a method called Differential Cryptanalysis.

11/22/09 5
 Simple Example
• For example, if we take the plaintext
message "8787878787878787“and
encrypt it with the DES key
"0E329232EA6D0D73“. We end up with
the cipher text "0000000000000000".
• If the cipher text is decrypted with the
same secret DES key
"0E329232EA6D0D73", the result is the
original plaintext "8787878787878787".

11/22/09 6
 DES - Basics
• DES uses the two basic techniques of
cryptography - confusion and diffusion.
• At the simplest level, diffusion is
achieved through numerous
permutations and confusions is
achieved through the XOR operation
and the S-Boxes.
• This is also called an S-P network.

11/22/09 7
 DES - Basics
• Fundamentally DES performs only two operations
on its input, bit shifting (permutation), and bit
substitution.
• The key controls exactly how this process works.
• By doing these operations repeatedly and in a
non-linear manner you end up with a result which
can not be used to retrieve the original without
the key.
• Those familiar with chaos theory should see a
great deal of similarity to what DES does. By
applying relatively simple operations repeatedly a
system can achieve a state of near total
randomness.

11/22/09 8
 The S-P Network
P-box S-box

8 ot 3: r edoc e D

3 ot 8: r edoc n E
Product Cipher
S1 S5 S9
S2 S6 S10
P1 P2 P3 P4
S3 S7 S11
11/22/09
S4 S8 S12 9
 DES - Swapping of Left and
Right Halves
• The 64-bit block being enciphered is broken into two halves.

• The left half and the right half go through one DES round, and
the result becomes the new right half.
• The old right half becomes the new left half half, and will go
through one round in the next round.
• This goes on for 16 rounds, but after the last round the left and
right halves are not swapped, so that the result of the 16th
round becomes the final right half, and the result of the 15th
round (which became the left half of the 16th round) is the
final left half.

11/22/09 10
 DES – Key Concept
Li-1 Ri-1
 This can be described
functionally as:
 L(i) = R(i-1)
 R(i) = L(i-1) ⊕
Li-1 ⊕ f (Ri-1 , Ki)
P(S( E(R(i-1)) ⊕
K(i) ))
 This forms one round in
an S-P network
11/22/09 32 bits 32 bits 11
Li Ri
 DES Example
Example: Let M be the plain text message
M = 0123456789ABCDEF, where M is in
hexadecimal (base 16) format. Rewriting
M in binary format, we get the 64-bit
block of text:
M = 0000 0001 0010 0011 0100 0101
0110 0111 1000 1001 1010 1011 1100
1101 1110 1111

11/22/09 12
 Generating 16 Keys
• Let K be the hexadecimal key
• K = 133457799BBCDFF1. This gives
us as the binary key (setting 1 =
0001, 3 = 0011, etc.,)
• K = 00010011 00110100
01010111 01111001
10011011 10111100
11011111 11110001

11/22/09 13
 Step 1: Create 16 subkeys,
each of which is 48-bits
long.

• The 64-bit key is permuted according to the

following table, PC-1. Since the first entry in
the table is "57", this means that the 57th
bit of the original key K becomes the first bit
of the permuted key K+.

11/22/09 14
 Permuted Choice 1 — PC-1
To Generate 56-bit key

57 49 41 33 25 17 9 1 58 50 42 34 26 18
10 2 59 51 43 35 27 19 11 3 60 52 44 36
63 55 47 39 31 23 15 7 62 54 46 38 30 22
14 6 61 53 45 37 29 21 13 5 28 20 12 4

11/22/09 15
 56 bit key Generation
• From the original 64-bit key
K = 00010011 00110100 01010111
01111001 10011011 10111100
11011111 11110001
• we get the 56-bit permutation
K+ = 1111000 0110011 0010101
0101111 0101010 1011001 1001111
0001111
11/22/09 16
• Next, split this key into left and right
halves, C0 and D0, where each half has
28 bits.
• From the permuted key K+, we get
• C0 = 1111000 0110011 0010101
0101111
D0 = 0101010 1011001 1001111
0001111
• With C0 and D0 defined, we now create
sixteen blocks Cn and Dn, 1<=n<=16.
Each pair of blocks Cn and Dn is formed
from the previous pair Cn-1 and Dn-1,
respectively, for n = 1, 2, ..., 16
11/22/09 17
 Key Rotation Schedule —
KRS

Round 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Number
Number of 1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1
Left Shifts

11/22/09 18
 For all 16 rounds
• C0 = 1111000011001100101010101111
D0 = 0101010101100110011110001111
• C1 = 1110000110011001010101011111
D1 = 1010101011001100111100011110
• C2 = 1100001100110010101010111111
D2 = 0101010110011001111000111101
• C3 = 0000110011001010101011111111
D3 = 0101011001100111100011110101
• C4 = 0011001100101010101111111100
D4 = 0101100110011110001111010101
• C5 = 1100110010101010111111110000
D5 = 0110011001111000111101010101
• C6 = 0011001010101011111111000011
D6 = 1001100111100011110101010101
• C7 = 1100101010101111111100001100
D7 = 0110011110001111010101010110
11/22/09
• C8 = 0010101010111111110000110011
D8 = 1001111000111101010101011001
• C9 = 0101010101111111100001100110
D9 = 0011110001111010101010110011
• C10 = 0101010111111110000110011001
D10 = 1111000111101010101011001100
• C11 = 0101011111111000011001100101
D11 = 1100011110101010101100110011
• C12 = 0101111111100001100110010101
D12 = 0001111010101010110011001111
• C13 = 0111111110000110011001010101
D13 = 0111101010101011001100111100
• C14 = 1111111000011001100101010101
D14 = 1110101010101100110011110001
• C15 = 1111100001100110010101010111
D15 = 1010101010110011001111000111
• C16 = 1111000011001100101010101111
D16 = 0101010101100110011110001111
19
 16 keys
• We now form the keys Kn, for 1<=n<=16, by
applying the following permutation table to each
of the concatenated pairs CnDn. Each pair has 56
bits, but PC-2 only uses 48 of these.
• For the first key we have,
C1D1 = 1110000 1100110 0101010 1011111
1010101
0110011 0011110 0011110
which, after we apply the permutation PC-2,
becomes
• K1 = 000110 110000 001011 101111 111111
000111 000001 110010

11/22/09 20
 Permuted Choice 2 — PC-2

14 17 11 24 1 5 3 28 15 6 21 10
23 19 12 4 26 8 16 7 27 20 13 2
41 52 31 37 47 55 30 40 51 45 33 48
44 49 39 56 34 53 46 42 50 36 29 32

11/22/09 21
• For the other keys we have
K2 = 011110 011010 111011 011001 110110 111100 100111 100101
K3 = 010101 011111 110010 001010 010000 101100 111110 011001
K4 = 011100 101010 110111 010110 110110 110011 010100 011101
K5 = 011111 001110 110000 000111 111010 110101 001110 101000
K6 = 011000 111010 010100 111110 010100 000111 101100 101111
K7 = 111011 001000 010010 110111 111101 100001 100010 111100
K8 = 111101 111000 101000 111010 110000 010011 101111 111011
K9 = 111000 001101 101111 101011 111011 011110 011110 000001
K10 = 101100 011111 001101 000111 101110 100100 011001 001111
K11 = 001000 010101 111111 010011 110111 101101 001110 000110
K12 = 011101 010111 000111 110101 100101 000110 011111 101001
K13 = 100101 111100 010111 010001 111110 101011 101001 000001
K14 = 010111 110100 001110 110111 111100 101110 011100 111010
K15 = 101111 111001 000110 001101 001111 010011 111100 001010
K16 = 110010 110011 110110 001011 000011 100001 011111 110101

11/22/09 22
 Step 2: Encode each 64-bit block
of data.

• Applying Initial permutation

IP to the block of text M,
given , we get

• M = 0000 0001 0010 0011 0100

0101 0110 0111 1000 1001 1010
1011 1100 1101 1110 1111

11/22/09 23
 IP= 1100 1100 0000
0000 1100 1100 1111
1111 1111 0000 1010
1010 1111 0000 1010 1010

•Divide IP into two halves.

L = 0000 0001 0010 0011 0100
0101 0110 0111
R = 1000 1001 1010 1011 1100
1101 1110 1111

11/22/09 24
 DES - The 16 Iterations
• The basic process in enciphering a 64-bit
data block and a 56-bit key using the DES
consists of:
• An initial permutation (IP)
• 16 rounds of a complex key dependent
calculation f
• A final permutation, being the inverse of
IP

11/22/09 25
 DES - Swapping of Left and
Right Halves
Li-1 Ri-1
 This can be described
functionally as:
 L(i) = R(i-1)
 R(i) = L(i-1) ⊕
Li-1 ⊕ f (Ri-1 , Ki)
P(S( E(R(i-1)) ⊕
K(i) ))
 This forms one round in
an S-P network
11/22/09 32 bits 32 bits 26
Li Ri
• K1 = 000110 110000 001011 101111
111111 000111 000001 110010
• L1 = R0 = 1111 0000 1010 1010 1111
0000 1010 1010
• E(R0) = 011110 100001 010101 010101
011110 100001 010101 010101
K1+E(R0) = 011000 010001 011110
111010 100001 100110 010100 100111.
• This is of form
Kn + E(Rn-1) = B1B2B3B4B5B6B7B8 a
group of six bits

11/22/09 27
• For the first round,
we obtain as the
output of the eight
S boxes:
• K1 + E(R0) =
011000 010001
011110 111010
100001 100110
010100 100111.

11/22/09 28
 The 8 DES S Boxes
48-bit Input

0…5 6 … 11 12 … 17 18 … 23 24 … 29 30 … 35 35 … 41 42 … 47

S-Box 1 S-Box 2 S-Box 3 S-Box 4 S-Box 5 S-Box 6 S-Box 7 S-Box 8

0…3 4…7 8 … 11 12 … 15 16 … 19 20 … 23 24 … 27 28 … 31

11/22/09 29
32-bit Output
11/22/09 30
• K1 + E(R0) = 011000 010001
011110 111010 100001 100110
010100 100111.

• S1(B1)S2(B2)S3(B3)S4(B4)S5(B5)S6(B6)S7(B7)S8(
B8)= 0101 1100 1000 0010 1011
0101 1001 0111
• Next is to calculate
P(S1(B1)S2(B2)...S8(B8))
11/22/09 31
 Permutation Function - P
Box
16 7 20 21
9 12 28 17
1 15 23 26
5 18 31 10
2 8 24 14
32 27 3 9
19 13 30 6
11/22/09 22 11 4 25 32
• From the output of the eight S boxes:

• S1(B1)S2(B2)S3(B3)S4(B4)S5(B5)S
6(B6)S7(B7)S8(B8) = 0101 1100 1000
0010 1011 0101 1001 0111

• we get f = 0010 0011 0100 1010 1010

1001 1011 1011

11/22/09 33
• R1 = L0 + P(S(E(R0))+ K1 ))
= 1100 1100 0000 0000 1100 1100
1111 1111

+ 0010 0011 0100 1010 1010 1001

1011 1011

= 1110 1111 0100 1010 0110 0101

0100 0100

11/22/09 34
• At the end of the sixteenth round we
have the blocks L16 and R16. We
then reverse the order of the two
blocks into the 64-bit block
• R16L16 and apply a final
permutation IP-1 as defined by the
following table:

11/22/09 35
 DES Initial and Final
Permutations
40 8 48 16 56 24 64 32
39 7 47 15 55 23 63 31
38 6 46 14 54 22 62 30
37 5 45 13 53 21 61 29
36 4 44 12 52 20 60 28
35 3 43 11 51 19 59 27
34 2 42 10 50 18 58 26
33
11/22/09 1 41 9 49 17 57 25 36
• If we process all 16 blocks using the method defined
previously, we get, on the 16th round,
• L16 = 0100 0011 0100 0010 0011 0010 0011 0100
R16 = 0000 1010 0100 1100 1101 1001 1001 0101
• We reverse the order of these two blocks and apply
the final permutation to
• R16L16 = 00001010 01001100 11011001
10010101 01000011 01000010 00110010
00110100
• IP-1 = 10000101 11101000 00010011 01010100
00001111 00001010 10110100 00000101
which in hexadecimal format is
85E813540F0AB405.

11/22/09 37
 Each Iteration Uses a
Different Sub-key
• DES works on 64 bits of data at a time.
Each 64 bits of data is iterated on from
1 to 16 times (16 is the DES standard).
• For each iteration a 48 bit subset of the
56 bit key is fed into the encryption
block
• Decryption is the inverse of the
encryption process.

11/22/09 38
 DES Key Processing
• The key is usually stored as a 64-bit
number, where every eighth bit is a parity
bit.
• The parity bits are pitched during the
algorithm, and the 56-bit key is used to
create 16 different 48-bit subkeys - one
for each round.
• DES Subkeys: K1, K2, K3, … K16

11/22/09 39
 DES Key Processing -
Subkeys Generation
• In order to generate the 16 48-bit subkeys from
the 56-bit key, the following process is used:
– First, the key is loaded according to the PC-1 and
then halved.
– Then each half is rotated by 2 bits in every round
except the first, second, 9th and last rounds.
– The reason for this is that it makes it secure against
related-key cryptanalysis.
– Then 48 of the 56 bits are chosen according to a
compression permutation - PC-2.

11/22/09 40
 DES in a
Nutshell

11/22/09 41
 Thank you Friends!

11/22/09 42