Encryption with DES: algorithm, DES vs AES, 3DES
Learn more about encryption with DES (Data Encryption Standard), AES, 3DES, its algorithms, and protocols.
On May 15, 1973, the National Bureau of Standards (NBS, now called NIST for National Institute of Standards and Technology) published a request in the Federal Register for an encryption algorithm that would meet the following criteria: have a highsecurity level related to a small key used for encryption and decryption; be easily understood; not depend on the algorithm's confidentiality; be adaptable and economical, and be efficient and exportable. In response, In late 1974, IBM proposed Lucifer, modified on November 23, 1976, to become the DES (Data Encryption Standard). The NBS approved the DES in 1978. The DES was standardized by the American National Standard Institute (ANSI) under the name of ANSI X3.92, better known as DEA (Data Encryption Algorithm).
What is the principle of the DES?
The DES is a symmetric encryption system that uses 64bit blocks, 8 bits of which are used for parity checks (to verify the key's integrity). Each key's parity bits (1 every 8 bits) are used to check one of the key's octets by odd parity. Each parity bit is adjusted to have an odd number of '1's in the octet it belongs to. Therefore, the key has a length of 56 bits; in other words, only 56 bits are actually used in the algorithm.
The algorithm involves combinations, substitutions, and permutations between the text to be encrypted and the key while ensuring the operations can be performed in both directions (for decryption). The combination of substitutions and permutations is called a product cipher.
The key is ciphered on 64 bits and comprises 16 blocks of 4 bits, generally denoted k_{1} to k_{16}. Since only 56 bits are used for encrypting, there can be 2^{56} (or 7.2*10^{16}) different keys.
What is the DES algorithm?
The main parts of the algorithm are the following:
 Fractioning of the text</a> into 64bit (8 octet) blocks.
 Initial permutation of blocks.
 Breakdown down the blocks into two parts: left and right, named L and R.
 Permutation and substitution steps are repeated 16 times (called rounds).
 Rejoining of the left and right parts, then inverse initial permutation.
What is the fractioning of the text?
Initial permutation
Firstly, each bit of a block is subject to an initial permutation that can be represented by the following initial permutation (IP) table:
IP 

This permutation table, when read from left to right, then from top to bottom, shows that the 58^{th} bit of the 64bit block is in first position, the 50^{th} is in the second position, and so forth.
What is the division into 32bit blocks?
Once the initial permutation is completed, the 64bit block is divided into two 32bit blocks, respectively denoted L and R (for left and right). The initial status of these two blocks is denoted L_{0} and R_{0}:
L_{0} 

R_{0} 

It is noteworthy that L_{0} contains all bits having an even position in the initial message, whereas R_{0} contains bits with an odd position.
Rounds
The L_{n} and R_{n} blocks are subject to a set of repeated transformations called rounds, shown in this diagram, and the details of which are given below:
What is an expansion function?
The 32 bits of the R_{0} block are expanded to 48 bits, thanks to a table called an expansion table (denoted E), in which the 48 bits are mixed and 16 of them are duplicated:
E 

As such, the last bit of R_{0} (the 7^{th} bit of the original block) becomes the first, the first becomes the second, and so on.
In addition, bits 1, 4, 5, 8, 9, 12, 13, 16, 17, 20, 21, 24, 25, 28, and 29 of R_{0} (respectively 57, 33, 25, l, 59, 35, 27, 3, 6l, 37, 29, 5, 63, 39, 31, and 7 of the original block) are duplicated and scattered in the table.
What is an exclusive OR with the key?
The resulting 48bit table is called R_{0} or E [R_{0}]. The DES algorithm then exclusive ORs the first key K_{1} with E[R_{0}]. The result of this exclusive OR is a 48bit table we will call R_{0} out of convenience (it is not the starting R_{0}!).
Substitution Function
R_{0} is, then, divided into 8 6bit blocks, denoted R_{0i}. Each block is processed by selection functions (called substitution boxes or compression functions), generally denoted S_{i}.
The first and last bits of each R_{0i} determine (in binary value) the line of the selection function; the other bits (respectively 2, 3, 4, and 5) determine the column. As the line selection is based on two bits, there are 4 possibilities (0, 1, 2, 3). As the column selection is based on 4 bits, there are 16 possibilities (0 to 15). Thanks to this information, the selection function "selects" a ciphered value of 4 bits.
Here is the first substitution function, represented by a 4by16 table:
S_{1} 

Let R_{01} equal 101110. The first and last bits give 10  2 in binary value. The bits 2, 3, 4, and 5 give 0111, or 7 in binary value. The result of the selection function is therefore the value located on line no. 2, in column no. 7. It is the value 11, or 111 binary.
Each of the 8 6bit blocks is passed through the corresponding selection function, which gives an output of 8 values with 4 bits each. Here are the other selection functions:
S_{2} 

S_{3} 

S_{4} 

S_{5} 

S_{6} 

S_{7} 

S_{8} 

Each 6bit block is, therefore, substituted in a 4bit block. These bits are combined to form a 32bit block.
Permutation
The obtained 32bit block is then subject to a permutation P. Here is the table:
P 

What is an exclusive OR?
All of these results output from P are subject to an Exclusive OR, with the starting L_{0} (as shown on the first diagram) to give R1, whereas the initial R_{0} gives L_{1}.
Iteration
All of the previous steps (rounds) are repeated 16 times.
Inverse Initial Permutation
At the end of the iterations, the two blocks L_{16} and R_{16} are rejoined, then subject to inverse initial permutation:
IP1 

The output result is a 64bit ciphertext.
What is the generation of keys?
Given that the DES algorithm presented above is public, security is based on the complexity of encryption keys.
The algorithm below shows how to obtain, from a 64bit key (made of any 64 alphanumeric characters), eight different 48bit keys, each used in the DES algorithm:
Firstly, the key's parity bits are eliminated to obtain a key with a useful length of 56 bits.
The first step is a permutation denoted PC1, whose table is presented below:
PC1 

This table can be written in the form of two tables L_{i} and R_{i} each made of 28 bits:
L_{i} 

R_{i} 

The result of this first permutation is denoted L_{0} and R_{0}.
These two blocks are then rotated to the left, so that the bits in the second position take the first position, those in the third position take the second, etc.
The bits in the first position move to last position.
The two 28bit blocks are, then, grouped into one 56bit block. This passes through a permutation, denoted PC2, giving a 48bit block as output, representing the key K_{i}.
PC2 

Repeating the algorithm makes it possible to give the 16 keys K_{1} to K_{16} used in the DES algorithm.
LS 

What is a TDES, an alternative to the DES?
In 1990, Eli Biham and Adi Shamir developed differential cryptanalysis that searches for plaintext pairs and ciphertext pairs. This method works with up to 15 rounds, while 16 rounds are present in the algorithm presented above.
Moreover, while a 56bit key gives an enormous amount of possibilities, many processors can compute more than 10^{6} keys per second; as a result, when they are used at the same time on a very large number of machines, it is possible for a large body (a State for example) to find the right key.
A shortterm solution involves catenating three DES encryptions using two 56bit keys (which equals one 112bit key). This process is called Triple DES, denoted TDES (sometimes 3DES or 3DES).
TDES is much more secure than DES, but it has the major disadvantage of also requiring more resources for encryption and decryption.
Several types of triple DES encryption are generally recognized: DESEEE3: 3 DES encryptions with 3 different keys; DESEDE3: a different key for each of the 3 DES operations (encryption, decryption, encryption); and DESEEE2 and DESEDE2, a different key for the second operation (decryption).
In 1997, NIST launched a new call for projects to develop the Advanced Encryption Standard (AES), an encryption algorithm to replace the DES.
The DES encryption system was updated every five years. In 2000, during the most recent revision, after an evaluation process that lasted for three years, the algorithm jointly designed by two Belgian candidates Sirs Vincent Rijmen and Joan Daemen was chosen as the new standard by NIST. This new algorithm, named RIJNDAEL by its inventors, will replace the DES from now on.