DES uses a 56-bit key, though products exported from the U.S. were limited to using 40 meaningful key bits [wikipedia/40-bit-encryption]. It was later upgraded to triple-DES, using three 56-bit key pieces and repeating DES three times, giving up to 168 bits of protection. But it's not just the key size that matters in a block cipher. The block size itself matters a great deal, as we'll see below. For DES, that block size is only 64 bits.
DES operates in sixteen rounds, each of which uses a 48-bit subkey generated from the original 56-bit key using a key scheduling algorithm. In each round, half of the block is tweaked and half initially left alone, then XORed with the tweaked half. The two halves are swapped before the next round.
The "tweaking" of the right half of the block is done by first expanding the 32 bits into 48 by replicating half of the bits, XORing with the 48-bit subkey, then dividing it into 6-bit chunks and pushing each chunk through one of eight substitution boxes, or S boxes. Each S box turns 6 bits into 4, using a lookup table defined as part of the algorithm (that is, this operation is not key-dependent). The S boxes are nonlinear (but not affine), which is the source of the true security of DES; if the S boxes were linear, breaking DES would be easy (or so I am told).
Decrypting DES is exactly the same operation as encrypting, except that the subkeys are used in reverse order.
Slightly more formally, the sequence of operations in a DES encryption is:
- Apply initial permutation (IP) (a fixed operation)
- For i = 1 to 16 do
- divide the block into two 32-bit halves
- expand the left half to 48 bits (a fixed operation)
- calculate subkey i
- split key into two 28-bit halves
- rotate each half 1 or 2 bits (a fixed operation according to the key schedule)
- select a subset of 48 bits (a fixed operation according to the schedule)
- XOR subkey i with the left half of the block
- split into 8 six-bit pieces
- push each 6-bit piece through a $6\rightarrow 4$ S-box
- permute and recombine the pieces (a fixed operation)
- XOR the left half with the right half of the block
- swap halves of the block
- Apply the final permutation (FP) (a fixed operation)
The $6 \rightarrow 4$ S boxes are obviously inherently non-reversible, but the earlier
expansion guarantees that ultimately no information is lost as the block passes through the entire network.
Triple-DES (also called 3DES) has several modes of operation, but is usually used with three independent 56-bit keys, $K1$, $K2$, and $K3$, with encryption performed as $C = E_{K3}(D_{K2}(E_{K1}(P)))$ where $P$ is the plaintext, $E$ and $D$ are the encryption and decryption operations, and $C$ is the ciphertext.
DES was withdrawn as a standard in 2005, after having been replaced by AES in 2001, although the U.S. government still allows 3DES until 2030 for sensitive information.
No comments:
Post a Comment