DEV Community

Cover image for data-encryption-standard (DES)

Posted on • Updated on

data-encryption-standard (DES)

You can access a demo with documentation here.

The source code is here.

What is the DES?

DES, short for data encryption algorithm, is an encryption algorithm developed by IBM and the NSA. It was first published in the national register in 1975.

DES is often seen as the first public encryption algorithm in history, being developed after digital security concerns arose in 1972. IBM submitted it to the NSA in 1974. It was seen as a worthy candidate having its mathematical basis on the Lucifer cypher, developed by Horst Feistel. Like its predecessor it was a block cipher.

The algorithm is rarely used nowadays, due to its insecurity, caused by the short key length (58bits). With modern processing power it is very easy to crack the used key, as demonstrated by the EFF using the deep crack machine in 56 hours and later even on only 22.5 hours. That was with 90s computing power. Using Moore's Law we would only need 22.5/22^2h, which is 0.005h.

How does DES work?

DES takes an input and a key. In the standard DES Version, the key is 64 bits and the input will be split into 64bit parts. We will just go trough the first 64bit part.


First, it takes both the key and input blocks. If the key or the last input block are less than 64 bits, the empty bits simply get filled up with zeroes.

Then we take the key and delete every 8th bit, which can be used as parity bits, but are discarded most of the time.

Initial permutation

Now we take the initial permutation table and our first block. We move every bit on a certain index to the index, which is listed on the IP-table. So let's say we have our first bit. It's corresponding index on the IP-table holds the number 58, which means that we need to move that bit to index 58. That is done for the entire table.

Note that this permutation has no cryptographic significance, due to it being the same on every algorithm. It is never clearly stated why this is done, but most likely to make it more compatible with the 70s hardware.

Split the input

Then we split the input block into two halves. The first half is called the LPT and the second half is called the RPT.

A round in the algorithm

The DES consists of 16 rounds, in which we always encrypt one side, using the other side, the key and one of the 8 S-Boxes to do so.

Split the key

We do the same thing to our key as we did to the input, and after that we shift our key in a circular motion. On rounds 1, 2, 9 and 16 we shift it twice, otherwise only once. The circular motion means, that the first bit, which is moved "off" the table, becomes the last bit.

Key compression

Next we take our key and use the compression permutation table, which only has 48 bits, compressing our key down to 48 bits.

Caution: Instead of moving index one to the corresponding number on the same index as the table, we move the number listed on a certain table index to that index. So if the compression table holds the value 14 on index 1, we move index 14 form our key to index 1.

Expanding the input

After that we take our input and split it into 4-bit chunks. We append a new bit to the right and the left. The right bit is the last bit from the previous row and the left bit is the first bit from the next row.

The previous row of the first row is the last row and the other way around.

First XOR

The first step of encryption is taking the expanded key, and applying XOR with our currently changed side.

Applying the S-Boxes

Next we take the first 6 bits from our XOR result and apply that with the first S-Box, the second row with the second S-Box and so on.

We apply it by taking the first and last bit, converting that to a decimal number and taking that row from the S-Box table. The middle four bits indicate which column to take. That leaves us with one index, which is now the new number.

Second XOR

Now that result we XOR with the other side, which now "overwrites" the other side.

Final permutation

In the end we take our table, and apply the final permutation table. This is done to revert the changes from the initial permutation table.

Top comments (0)