DES supplementary material

Last updated

This article details the various tables referenced in the Data Encryption Standard (DES) block cipher.

Contents

All bits and bytes are arranged in big endian order in this document. That is, bit number 1 is always the most significant bit.

Initial permutation (IP)

Final permutation Permutation initiale.svg
Final permutation
IP
585042342618102
605244362820124
625446383022146
645648403224168
57494133251791
595143352719113
615345372921135
635547393123157

This table specifies the input permutation on a 64-bit block. The meaning is as follows: the first bit of the output is taken from the 58th bit of the input; the second bit from the 50th bit, and so on, with the last bit of the output taken from the 7th bit of the input.

This information is presented as a table for ease of presentation; it is a vector, not a matrix.

Final permutation (IP−1)

Final permuta DES-ip-1.svg
Final permuta
IP−1
408481656246432
397471555236331
386461454226230
375451353216129
364441252206028
353431151195927
342421050185826
33141949175725

The final permutation is the inverse of the initial permutation; the table is interpreted similarly.

Expansion function (E)

Expansion function DES-ee.svg
Expansion function
E
3212345
456789
8910111213
121314151617
161718192021
202122232425
242526272829
28293031321

The expansion function is interpreted as for the initial and final permutations. Note that some bits from the input are duplicated at the output; e.g. the fifth bit of the input is duplicated in both the sixth and eighth bit of the output. Thus, the 32-bit half-block is expanded to 48 bits.

Permutation (P)

P permutation DES-pp.svg
P permutation
P
167202129122817
11523265183110
282414322739
19133062211425

The P permutation shuffles the bits of a 32-bit half-block.

Permuted choice 1 (PC-1)

Permuted choice 1 DES-pc1.svg
Permuted choice 1
PC-1
Left
5749413325179
1585042342618
1025951433527
1911360524436
Right
63554739312315
7625446383022
1466153453729
211352820124

The "Left" and "Right" halves of the table show which bits from the input key form the left and right sections of the key schedule state. Note that only 56 bits of the 64 bits of the input are selected; the remaining eight (8, 16, 24, 32, 40, 48, 56, 64) were specified for use as parity bits.

Permuted choice 2 (PC-2)

Permuted choice 2 DES-pc2.svg
Permuted choice 2
PC-2
1417112415
3281562110
2319124268
1672720132
415231374755
304051453348
444939563453
464250362932

This permutation selects the 48-bit subkey for each round from the 56-bit key-schedule state. This permutation will ignore 8 bits below:

Permuted Choice 2 "PC-2" ignored bits 9, 18, 22, 25, 35, 38, 43, 54.

Substitution boxes (S-boxes)

S-boxes
S1x0000xx0001xx0010xx0011xx0100xx0101xx0110xx0111xx1000xx1001xx1010xx1011xx1100xx1101xx1110xx1111x
0yyyy01441312151183106125907
0yyyy10157414213110612119538
1yyyy04114813621115129731050
1yyyy11512824917511314100613
S2x0000xx0001xx0010xx0011xx0100xx0101xx0110xx0111xx1000xx1001xx1010xx1011xx1100xx1101xx1110xx1111x
0yyyy01518146113497213120510
0yyyy13134715281412011069115
1yyyy00147111041315812693215
1yyyy11381013154211671205149
S3x0000xx0001xx0010xx0011xx0100xx0101xx0110xx0111xx1000xx1001xx1010xx1011xx1100xx1101xx1110xx1111x
0yyyy01009146315511312711428
0yyyy11370934610285141211151
1yyyy01364981530111212510147
1yyyy11101306987415143115212
S4x0000xx0001xx0010xx0011xx0100xx0101xx0110xx0111xx1000xx1001xx1010xx1011xx1100xx1101xx1110xx1111x
0yyyy07131430691012851112415
0yyyy11381156150347212110149
1yyyy01069012117131513145284
1yyyy13150610113894511127214
S5x0000xx0001xx0010xx0011xx0100xx0101xx0110xx0111xx1000xx1001xx1010xx1011xx1100xx1101xx1110xx1111x
0yyyy02124171011685315130149
0yyyy11411212471315015103986
1yyyy04211110137815912563014
1yyyy11181271142136150910453
S6x0000xx0001xx0010xx0011xx0100xx0101xx0110xx0111xx1000xx1001xx1010xx1011xx1100xx1101xx1110xx1111x
0yyyy01211015926801334147511
0yyyy11015427129561131401138
1yyyy09141552812370410113116
1yyyy14321295151011141760813
S7x0000xx0001xx0010xx0011xx0100xx0101xx0110xx0111xx1000xx1001xx1010xx1011xx1100xx1101xx1110xx1111x
0yyyy04112141508133129751061
0yyyy11301174911014351221586
1yyyy01411131237141015680592
1yyyy16111381410795015142312
S8x0000xx0001xx0010xx0011xx0100xx0101xx0110xx0111xx1000xx1001xx1010xx1011xx1100xx1101xx1110xx1111x
0yyyy01328461511110931450127
0yyyy11151381037412561101492
1yyyy07114191214206101315358
1yyyy12114741081315129035611

This table lists the eight S-boxes used in DES. Each S-box replaces a 6-bit input with a 4-bit output. Given a 6-bit input, the 4-bit output is found by selecting the row using the outer two bits, and the column using the inner four bits. For example, an input "011011" has outer bits "01" and inner bits "1101"; noting that the first row is "00" and the first column is "0000", the corresponding output for S-box S5 would be "1001" (=9), the value in the second row, 14th column. (See S-box).

Key Generation

The main key supplied from user is of 64 bits. The following operations are performed with it.

Drop Parity bits

Drop the bits of the grey positions (8x) to make 56 bit space for further operation for each round.

Parity Drop Table
12345678
910111213141516
1718192021222324
2526272829303132
3334353637383940
4142434445464748
4950515253545556
5758596061626364

After that bits are permuted according to the following table,

The table is row major way, means,

Actual Bit position = Substitute with the bit of row * 8 + column.

Permutation Table
12345678
057494133251791
1585042342618102
2595143352719113
36052443663554739
4312315762544638
5302214661534537
629211352820124

Bits Rotation

Before the round sub-key is selected, each half of the key schedule state is rotated left by a number of places. This table specifies the number of places rotated.

• The key is divided into two 28-bit parts

• Each part is shifted left (circular) one or two bits

• After shifting, two parts are then combined to form a 56 bit temp-key again

Bits Rotation Table
Number of Round12345678910111213141516
Number of Left rotations1122222212222221

Key Compression

• The compression P-box changes the 56 bits key to 48 bits key, which is used as a key for the corresponding round.

The table is row major way, means,

Actual Bit position = Substitute with the bit of row * 8 + column.

Key Compression Table
12345678
11417112401050328
21506211023191204
32608160727201302
44152313747553040
55145334844493956
63453464250362932

After this return the Round-Key of 48 bits to the called function, i.e. the Round.

Related Research Articles

<span class="mw-page-title-main">Advanced Encryption Standard</span> Standard for the encryption of electronic data

The Advanced Encryption Standard (AES), also known by its original name Rijndael, is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.

In cryptography, a block cipher is a deterministic algorithm that operates on fixed-length groups of bits, called blocks. Block ciphers are the elementary building blocks of many cryptographic protocols. They are ubiquitous in the storage and exchange of data, where such data is secured and authenticated via encryption.

<span class="mw-page-title-main">Data Encryption Standard</span> Early unclassified symmetric-key block cipher

The Data Encryption Standard is a symmetric-key algorithm for the encryption of digital data. Although its short key length of 56 bits makes it too insecure for modern applications, it has been highly influential in the advancement of cryptography.

In cryptography, an S-box (substitution-box) is a basic component of symmetric key algorithms which performs substitution. In block ciphers, they are typically used to obscure the relationship between the key and the ciphertext, thus ensuring Shannon's property of confusion. Mathematically, an S-box is a nonlinear vectorial Boolean function.

In cryptography, Lucifer was the name given to several of the earliest civilian block ciphers, developed by Horst Feistel and his colleagues at IBM. Lucifer was a direct precursor to the Data Encryption Standard. One version, alternatively named DTD-1, saw commercial use in the 1970s for electronic banking.

<span class="mw-page-title-main">Serpent (cipher)</span>

Serpent is a symmetric key block cipher that was a finalist in the Advanced Encryption Standard (AES) contest, in which it ranked second to Rijndael. Serpent was designed by Ross Anderson, Eli Biham, and Lars Knudsen.

<span class="mw-page-title-main">Substitution–permutation network</span> Cipher design construction

In cryptography, an SP-network, or substitution–permutation network (SPN), is a series of linked mathematical operations used in block cipher algorithms such as AES (Rijndael), 3-Way, Kalyna, Kuznyechik, PRESENT, SAFER, SHARK, and Square.

In cryptography, confusion and diffusion are two properties of the operation of a secure cipher identified by Claude Shannon in his 1945 classified report A Mathematical Theory of Cryptography. These properties, when present, work together to thwart the application of statistics and other methods of cryptanalysis.

In computer science and cryptography, Whirlpool is a cryptographic hash function. It was designed by Vincent Rijmen and Paulo S. L. M. Barreto, who first described it in 2000.

<span class="mw-page-title-main">Key schedule</span> Algorithm that calculates all the round keys from the key

In cryptography, the so-called product ciphers are a certain kind of cipher, where the (de-)ciphering of data is typically done as an iteration of rounds. The setup for each round is generally the same, except for round-specific fixed values called a round constant, and round-specific data derived from the cipher key called a round key. A key schedule is an algorithm that calculates all the round keys from the key.

<span class="mw-page-title-main">LOKI97</span> Block cipher

In cryptography, LOKI97 is a block cipher which was a candidate in the Advanced Encryption Standard competition. It is a member of the LOKI family of ciphers, with earlier instances being LOKI89 and LOKI91. LOKI97 was designed by Lawrie Brown, assisted by Jennifer Seberry and Josef Pieprzyk.

In cryptography, LOKI89 and LOKI91 are symmetric-key block ciphers designed as possible replacements for the Data Encryption Standard (DES). The ciphers were developed based on a body of work analysing DES, and are very similar to DES in structure. The LOKI algorithms were named for Loki, the god of mischief in Norse mythology.

<span class="mw-page-title-main">MacGuffin (cipher)</span> Block cipher

In cryptography, MacGuffin is a block cipher created in 1994 by Bruce Schneier and Matt Blaze at a Fast Software Encryption workshop. It was intended as a catalyst for analysis of a new cipher structure, known as Generalized Unbalanced Feistel Networks (GUFNs). The cryptanalysis proceeded very quickly, so quickly that the cipher was broken at the same workshop by Vincent Rijmen and Bart Preneel.

In cryptography, Madryga is a block cipher published in 1984 by W. E. Madryga. It was designed to be easy and efficient for implementation in software. Serious weaknesses have since been found in the algorithm, but it was one of the first encryption algorithms to make use of data-dependent rotations, later used in other ciphers, such as RC5 and RC6.

In cryptography, NewDES is a symmetric key block cipher. It was created in 1984–1985 by Robert Scott as a potential DES replacement.

<span class="mw-page-title-main">ICE (cipher)</span> Block cipher

In cryptography, ICE is a symmetric-key block cipher published by Kwan in 1997. The algorithm is similar in structure to DES, but with the addition of a key-dependent bit permutation in the round function. The key-dependent bit permutation is implemented efficiently in software. The ICE algorithm is not subject to patents, and the source code has been placed into the public domain.

In cryptography, BassOmatic is the symmetric-key cipher designed by Phil Zimmermann as part of his email encryption software PGP. Comments in the source code indicate that he had been designing the cipher since as early as 1988, but it was not publicly released until 1991. After Eli Biham pointed out to him several serious weaknesses in the BassOmatic algorithm over lunch at the 1991 CRYPTO conference, Zimmermann replaced it with IDEA in subsequent versions of PGP.

In cryptography, SXAL is a block cipher designed in 1993 by Yokohama-based Laurel Intelligent Systems. It is normally used in a special mode of operation called MBAL. SXAL/MBAL has been used for encryption in a number of Japanese PC cards and smart cards.

SHA-3 is the latest member of the Secure Hash Algorithm family of standards, released by NIST on August 5, 2015. Although part of the same series of standards, SHA-3 is internally different from the MD5-like structure of SHA-1 and SHA-2.

JH is a cryptographic hash function submitted to the NIST hash function competition by Hongjun Wu. Though chosen as one of the five finalists of the competition, in 2012 JH ultimately lost to NIST hash candidate Keccak. JH has a 1024-bit state, and works on 512-bit input blocks. Processing an input block consists of three steps:

  1. XOR the input block into the left half of the state.
  2. Apply a 42-round unkeyed permutation (encryption function) to the state. This consists of 42 repetitions of:
    1. Break the input into 256 4-bit blocks, and map each through one of two 4-bit S-boxes, the choice being made by a 256-bit round-dependent key schedule. Equivalently, combine each input block with a key bit, and map the result through a 5→4 bit S-box.
    2. Mix adjacent 4-bit blocks using a maximum distance separable code over GF(24).
    3. Permute 4-bit blocks so that they will be adjacent to different blocks in following rounds.
  3. XOR the input block into the right half of the state.

References

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.