Wikipedia

Data Encryption Standard

This is an old revision of this page, as edited by Andre Engels (talk | contribs) at 03:35, 30 August 2002 (disambiguate). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

The Data Encryption Standard (DES) is a product block cipher in which 16 iterations, or rounds, of the substitution and transposition (permutation) process are cascaded. The block size is 64 bits, so that a 64-bit block of data (plaintext) can be encrypted into a 64-bit ciphertext at any one time. The key, which controls the transformation, also consists of 64 bits. Only 56 of these, however, are at the user's disposal; the remaining eight bits are employed for checking parity (the state of being odd or even used as a basis for detecting errors in binary-coded data).

Subsets of the key bits are designated K1, K2, etc., with the subscript indicating the number of the round. The cipher function (substitution and transposition) that is used with the key bits in each round is labeled f. At each intermediate stage of the transformation process, the cipher output from the preceding stage is partitioned into the 32 leftmost bits, Li, and the 32 rightmost bits, Ri. Ri is transposed to become the left-hand part of the next higher intermediate cipher, Li+1. The right-hand half of the next cipher, Ri+1, however, is a complex function of the key and of the entire preceding intermediate cipher. The essential feature to the security of the DES is that f involves a very special nonlinear substitution--i.e., f(A) + f(B) f(A + B)--specified by the Bureau of Standards in tabulated functions known as S-boxes. This operation results in a 32-bit number, which is logically added to Ri to produce the left-hand half of the new intermediate cipher. This process is repeated, 16 times in all. To decrypt a cipher, the process is carried out in reverse order, with the 16th round being first. The DES process lends itself well to integrated-chip implementation. By 1984 the Bureau of Standards had certified over 35 LSI- and VLSI-chip implementations of the DES, most on single 40-pin chips, some of which operate at speeds of several million bits per second.

When the cipher was first released, the design criteria for the S-boxes was not released. With the National Security Agency's involvement in the design of the S-boxes, most security researchers were wary of DES. In 1990 with the independent discovery and open publication by Biham and Shamir of differential cryptanalysis, it turned out that at least some of the wariness was uncalled for. The primary design criteria for the S-boxes seems to have been (and has been claimed to have been by IBM personnel involved) to strengthen them against differential cryptanalysis. The secrecy behind the design criteria at the time was due to the fact that the technique was not known to the public at the time. Notably, DES is weak against a technique discovered later by Matsui, linear cryptanalysis. It is unknown whether the NSA or IBM were aware of linear cryptanalysis at the time DES was finalized.

Because the key length is only 56 bits, DES can be, and has been, broken by the brute force attack method of running through all possible keys. A cyberspace civil rights group (without much funding or personnel) did it in a little more than 2 days search at about the same time at least one attroney from the US Justice Department was publicly announcing that DES was and would remain unbreakable. Many former DES users now use Triple DES (3DES) which involves DES coding each block three times with different keys. 3DES is considered safe for now. Note, however, that there are several ways to use DES three times; only one of those is W Tuchman's 3DES. The US National Institute of Standards and Technology (NIST) has selected a new cipher, the Advanced Encryption Standard (AES) to replace DES (fall -'01). AES is Rijndael.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Data_Encryption_Standard&oldid=182688"