Algorithm
How to implement the
Data encryption Standard (DES)
A Step by Step tutorial
Version 1.2
The Data encryption Standard (DES) algorithm, adopted by the U.S.
Government in 1977, are a block cipher that transforms 64-bit data blocks
Under a 56-bit secret key, by means of permutation and substitution. It
is officially described in FIPS PUB 46. The DES algorithm is used for
Many applications within the Government and in the private sector.
This is a tutorial designed to being clear and compact, and to provide a
Newcomer to the DES and all of the necessary information to implement it
Himself, without has to track down printed works or wade through C
Source code. I Welcome any comments.
Matthew Fischer <mfischer@heinous.isca.uiowa.edu>
Above is the introduction, I will not turn over. ;)
Here's how to do it.
1 Process the key.
; Generate key
1.1 Get a 64-bit key from the user. (Every 8th bit is considered a
Parity bit. For a key to have correct parity, each byte should contain
An odd number of "1" bits.)
; Get a 64-bit key from the user. (For each 8-bit group, the 8th digit of each group is the check digit.) If the checksum
correctly, each byte should have a 1
1.2 Calculate the key schedule.
; Calculation key Table
1.2.1 Perform the following permutation on the 64-bit key. (The Parity
Bits are discarded, reducing the key to bits. Bit 1 of the permuted
Block is bit the original key, bit 2 is bit
Being bit 4 of the original key.)
; A 64-bit key is replaced with the following. (remove check bit, the actual length of the key is 56 bits.) After the replacement
The first is the 57th digit of the original key, the second is the original 49th digit, and the 56th bit is the original key's 4th bit. )
# odd permutations, which Big Brother can write a formula?
# It seems to be divided into two parts.
# for (j=57;j<64;j++)
# {
# for (i=j;i<0;i-=8)
# {
# if (k=28)
# break;
# c[k]=i;
# k++;
# }
# This is the top 28, don't know, right? Please correct me.
permuted Choice 1 (PC-1)
57 49 41 33 25 17 9
1 58 50 42 34 26 18
10 2 59 51 43 35 27
19 11 3 60 52 44 36
63 55 47 39 31 23 15
7 62 54 46 38 30 22
14 6 61 53 45 37 29
21 13 5 28 20 12 4
1.2.2 Split the permuted key into two halves. The ARE
Called C[0] and the last bits are called d[0].
To divide the replacement key into c[0] and d[0] two parts, each 28 bits.
1.2.3 Calculate the subkeys. Start with i = 1.
16 subkeys are computed, starting with the I=1.
1.2.3.1 perform one or two circular left shifts on both c[i-1] and
D[i-1] to get c[i] and d[i], respectively. The number of shifts per
Iteration are given in the table below.
, respectively to C[i-1] and d[i-1] to move left one to two bits of displacement operation, get c[i] and D[i]. Each
; The number of displacements is as follows:
# total 16 times
Iteration # 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Left shifts 1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1
1.2.3.2 permute the concatenation c[i]d[i] as indicated below. This
Would yield k[i], which is-bits long.
The following table, change the arrangement of c[i] and D[i], and get a 48-bit long k[i].
# Don't know:(
# Have you lost some bits?
permuted Choice 2 (PC-2)
14 17 11 24 1 5
3 28 15 6 21 10
23 19 12 4 26 8
16 7 27 20 13 2
41 52 31 37 47 55
30 40 51 45 33 48
44 49 39 56 34 53
46 42 50 36 29 32
1.2.3.3 Loop back to 1.2.3.1 until K[16] has been.
, repeat the process of 1.2.3.1 start, calculate 16 Word key.
2 Process a 64-bit data block.
; Processing a 64-bit block of data.
2.1 Get a 64-bit the data block. If the is shorter than bits, it
Should is padded as appropriate for the application.
; Gets a 64-bit block of data. If the data block is less than 64 digits, it complements 64 bits.
# Maybe it's a 0 fix.
2.2 Perform the following permutation on the "Data block."
The data block is replaced as follows.
# is divided into two parts, first even digit.
# simpler, the formula is not written.
Initial permutation (IP)
58 50 42 34 26 18 10 2
60 52 44 36 28 20 12 4
62 54 46 38 30 22 14 6
64 56 48 40 32 24 16 8
57 49 41 33 25 17 9 1
59 51 43 35 27 19 11 3
61 53 45 37 29 21 13 5
63 55 47 39 31 23 15 7
2.3 Split The block into two halves. The "a" bits are called l[0],
And the last bits are called r[0].
Divide the data blocks into l[0] and r[0] two parts.
2.4 Apply The subkeys to the data block. Start with i = 1.
The data block is encrypted with 16 subkeys, starting with the I=1.
2.4.1 Expand the 32-bit r[i-1] into-bits according to the
bit-selection function below.
; The 32-bit r[i-1] of the data block is extended with the following rules.
# can't write a formula. :(
Expansion (E)
32 1 2 3 4 5
4 5 6 7 8 9
8 9 10 11 12 13
12 13 14 15 16 17
16 17 18 19 20 21
20 21 22 23 24 25
24 25 26 27 28 29
28 29 30 31 32 1
2.4.2 exclusive-or E (R[i-1]) with K[i].
, using k[i] to vary or manipulate E (r[i-1]).
2.4.3 break E (R[i-1]) XOR K[i] into eight 6-bit blocks. Bits 1-6 are
B[1], bits 7-12 are b[2], and so on with bits 43-48 being b[8].
To divide the operation result of the previous step into 8 pieces, each 6 bits, named B[1] to B[8].
2.4.4 substitute the values found in the s-boxes for all B[j]. Start
with j = 1. All values in the s-boxes should is considered 4 bits wide.
To replace all B[j] in the S box, the width (length) of all values in the S box should be 4 bits.
# Don't know!!! :(
2.4.4.1 Take the 1st and 6th bits of b[j] together as a 2-bit value
(call it m) indicating the "row in S[j" to "Look in" for the substitution.
The first and sixth digits in B[j] are named M, representing the rows of s[j] at the time of substitution.
2.4.4.2 Take the 2nd through 5th bits of b[j] together as a 4-bit
Value (call it N) indicating the "column in S[j" to find the substitution.
The b[j] Two to five bits are named N, which represents the columns of s[j] in the permutation.
2.4.4.3 Replace B[j] with S[j][m][n].
; replace B[j with S[j][m][n].
Substitution Box 1 (s[1])
14 4 13 1 2 15 11 8 3 10 6 12 5 9-0 7
0 15 7 4 14 2 13 1 10 6 12 11 9 5-3 8
4 1 14 8 13 6 2 11 15 12 9 7 3 10-5 0
15 12 8 2 4 9 1 7 5 11 3 14 10 0-6 13
S[2]
15 1 8 14 6 11 3 4 9 7 2 13 12 0-5 10
3 13 4 7 15 2 8 14 12 0 1 10 6 9-11 5
0 14 7 11 10 4 13 1 5 8 12 6 9 3-2 15
13 8 10 1 3 15 4 2 11 6 7 12 0 5-14 9
S[3]
10 0 9 14 6 3 15 5 1 13 12 7 11 4-2 8
13 7 0 9 3 4 6 10 2 8 5 14 12 11-15 1
13 6 4 9 8 15 3 0 11 1 2 12 5 10-14 7
1 10 13 0 6 9 8 7 4 15 14 3 11 5-2 12
S[4]
7 13 14 3 0 6 9 10 1 2 8 5 11 12-4 15
13 8 11 5 6 15 0 3 4 7 2 12 1 10-14 9
10 6 9 0 12 11 7 13 15 1 3 14 5 2-8 4
3 15 0 6 10 1 13 8 9 4 5 11 12 7-2 14
S[5]
2 12 4 1 7 10 11 6 8 5 3 15 13 0-14 9
14 11 2 12 4 7 13 1 5 0 15 10 3 9-8 6
4 2 1 11 10 13 7 8 15 9 12 5 6 3-0 14
11 8 12 7 1 14 2 13 6 15 0 9 10 4-5 3
S[6]
12 1 10 15 9 2 6 8 0 13 3 4 14 7-5 11
10 15 4 2 7 12 9 5 6 1 13 14 0 11-3 8
9 14 15 5 2 8 12 3 7 0 4 10 1 13-11 6
4 3 2 12 9 5 15 10 11 14 1 7 6 0-8 13
S[7]
4 11 2 14 15 0 8 13 3 12 9 7 5 10-6 1
13 0 11 7 4 9 1 10 14 3 5 12 2 15-8 6
1 4 11 13 12 3 7 14 10 15 6 8 0 5-9 2
6 11 13 8 1 4 10 7 9 5 0 15 14 2-3 12
S[8]
13 2 8 4 6 15 11 1 10 9 3 14 5 0-12 7
1 15 13 8 10 3 7 4 12 5 6 11 0 14-9 2
7 11 4 1 9 12 14 2 0 6 10 13 15 3-5 8
2 1 14 7 4 10 8 13 15 12 9 0 3 5-6 11
2.4.4.4 Loop back to 2.4.4.1 until all 8 blocks have been.
Repeat the 2.4.4.1 start step until 8 blocks are replaced.
2.4.5 Permute the concatenation of b[1] through B[8] as indicated below.
Change the order of b[1] to b[8] in the following way.
Permutation P
16 7 20 21
29 12 28 17
1 15 23 26
5 18 31 10
2 8 24 14
32 27 3 9
19 13 30 6
22 11 4 25
2.4.6 Exclusive-or The resulting value with l[i-1]. Thus, all together,
Your r[i] = l[i-1] xor P (s[1) (b[1) ... S[8] (b[8]), where B[j] is a 6-bit
Block of E (R[i-1]) XOR K[i]. (The function for R[i] is written as, r[i] =
L[i-1] xor F (r[i-1], k[i])
; use l[i-1] to vary or manipulate the results of the previous step. So there are the following results: r[i] = l[i-1] xor;
P (S[1] (b[1]) ... S[8] (b[8)). Here, B[j] is a six-bit block of data, which is an XOR of E (R[i-1])
; k[i] The result. Functions (R[i] can be written as r[i] = L[i-1] xor f (r[i-1), K[i]). )
2.4.7 L[i] = r[i-1].
; L[i] = r[i-1].
2.4.8 Loop back to 2.4.1 until K[16] has been.
Repeat the 2.4.1 start step until all of the child keys have been used.
# is to repeat 15 times, each time using a different subkey key.
2.5 Perform the following permutation on the block r[16]l[16].
; The following permutation is performed on r[16]l[16].
Final permutation (ip**-1)
40 8 48 16 56 24 64 32
39 7 47 15 55 23 63 31
38 6 46 14 54 22 62 30
37 5 45 13 53 21 61 29
36 4 44 12 52 20 60 28
35 3 43 11 51 19 59 27
34 2 42 10 50 18 58 26
33 1 41 9 49 17 57 25
This is has been a description to the DES algorithm to encrypt
One 64-bit block. To decrypt, use the same process, but just use the keys
K[i] in the reverse order. That's, instead of applying k[1] for the
iteration, apply k[16], and then k[15] for the second, on down to k[1].
Above is how to use the DES algorithm for a 64-bit block of data encryption process. As for decryption, it is only necessary
; The order of the keys is reversed in the process above. That is, a subkey is used to encrypt a key
K[1], in the decryption process will use k[16], in the encryption with the sub key K[2], in the decryption process will use K[12].
Summaries:
; summary
# The following is a formulaic description of the generation of sub keys, encryption and decryption.
Key Schedule:
C[0]d[0] = PC1 (key)
For 1 <= i <= 16
C[i] = Ls[i] (c[i-1])
D[i] = Ls[i] (d[i-1])
K[i] = PC2 (C[i]d[i])
Encipherment:
L[0]r[0] = IP (plain block)
For 1 <= i <= 16
L[i] = r[i-1]
R[i] = L[i-1] xor f (r[i-1], k[i])
Cipher block = FP (r[16]l[16])
Decipherment:
R[16]L[16] = IP (cipher block)
For 1 <= i <= 16
R[I-1] = L[i]
L[I-1] = R[i] xor f (l[i], k[i])
Plain block = FP (l[0]r[0])
to encrypt or decrypt more than of bits there are four official modes
(defined in FIPS PUB 81). The above-described
process for the through. This is called Electronic Codebook
(ECB) mode. A stronger method are to exclusive-or the plaintext blocks
with the preceding ciphertext blocks prior to encryption. (The The ' exclusive-or ' Ed with a secret 64-bit initialization vector
(IV).) This is called Cipher Block chaining (CBC) mode. The other two
modes are Output Feedback (OFB) and Cipher Feedback (CFB).
; for encryption and decryption over 64 bits, there are four methods in the Federal Information Processing Standard PUB 81.
; One of these operations is continuous for each block of data. This method is called the ECB mode. The other is more
; The high strength method is to separate or manipulate the block of clear text with the preceding cipher block before encrypting.
# The sentence in parentheses doesn't understand:(
; This method is called CBC mode. There are two other ways of OFB mode and CFB mode.
When it comes to padding the data block, there are several options. One
is to simply append zeros. Two suggested by FIPS PUB Bayi are, if the data
is binary data, fill up the blocks with bits that are the opposite of the
Last bit of data, or, if the data was ASCII data, fill up the blocks with
Random bytes and put the "ASCII character for" The number of pad bytes in
The last byte is the block. Another technique are to pad the blocks with
Random bytes and in the last 3 bits store the original number of data bytes.
, when populating a block of data (remember that when the data block is less than 64 bits), there are several
Choice: one is to fill in 0. The second is recommended by the Federal Information Processing Standard PUB 81 (USA), as
; The fruit data is binary and is filled in the opposite number to the last digit of the data bit; If the data block is ASCII,
, the random byte is filled in, and the number of fills is written to the last byte. Another technique is to fill in a random
, Byte, and writes the last byte count of the original data to the last three digits. (Note: bits, bit)