The DES introduction of symmetric encryption algorithm

Source: Internet
Author: User
Tags crypt decrypt key loop openssl rounds

DES (Data Encryption Standard) is a group symmetric cipher algorithm . des employs a 64-bit packet length and a 56-bit key length , which takes 64-bit inputs through a series of transformations to get 64-bit output. Decryption uses the same steps and the same key. The key length of DES is 64 bits due to the n*8 (n=1,2,... 8) is the parity bit, so the actual participation in the encryption length is 56 bits, the key space contains 2^56 keys.

Des algorithm uses the multiple combination substitution algorithm and the transposition algorithm, the dispersion and the confusion interaction, the clear text compiles the cipher high strength ciphertext, its encryption and the decryption uses the same algorithm.

Des algorithm, which is a product cipher, is mainly used in the algorithm structure, such as permutation, substitution, modulus two addition, and so on, through the iterative method of the wheel function to calculate and work.

Des algorithm also uses the data substitution technology, mainly has the initial displacement IP and the inverse initial permutation ip^-1 two kinds. The DES algorithm uses the permutation operation to disrupt all formatting and all data in the original plaintext. In the round encryption function, the data is all scrambled, and in the data format, the original 32-bit data format, expanded into 48-bit data format, the purpose is to meet the S-box group of data length and data format specification requirements.

A set of data information after a series of nonlinear transformations, it is difficult to derive its calculation process and the use of non-linear combination; But if this set of data information uses a linear transformation, the calculation is much easier. in Des algorithm, the calculation process of non-linear transformation is only s box, the rest of the data calculation and transformation are linear transformations , so the key to the security of DES Algorithm is the security strength of s box. In addition, the S box and the replacement IP are matched to each other, resulting in a strong anti-differential attack and anti-linear attack capability, which is more resistant to differential attacks.

des algorithm is a packet encryption mechanism, the plaintext is divided into n groups, and then the individual groups are encrypted to form their own ciphertext, and finally the combination of all the packet cipher to form the final ciphertext .

Des encryption is the encryption of each packet, so the input parameters are grouped plaintext and keys, the plaintext packet needs permutation and iteration, and the key also needs to be displaced and cyclic . In the initial displacement IP, according to a 8*8 permutation table, the 64-bit clear text is scrambled, the handyman, thereby improving the strength of encryption, and then after 16 iterations, in these iterative operations, to apply to the sub-key, each group formed the initial ciphertext, again through the initial inverse displacement ip^-1, it is the inverse of the initial displacement, Finally, the final ciphertext of the group is obtained.


Figure 1 des flowchart

In the left half of Figure 1, des processing of clear text passes through three stages. First, the 64-bit plaintext is rearranged by the initial permutation (IP). Then 16 rounds of the same function, each round of the role of substitution and substitution. The output of the last iteration is 64 bits, which is a function of entering plaintext and keys. The left and right halves are interchanged to produce a pre-output. Finally, the pre-output and the inverse initial displacement (ip^-1) of the initial displacement (IP) reciprocal are generated 64 bits of ciphertext.

In the right half of Figure 2, the process of acting on a 56-bit key is given. The encryption key for the DES algorithm is 64 bits, but because of the key n*8 (n=1,2 ... 8) is a checksum (guaranteed to contain an odd number of 1), so the actual participating cryptographic key is only 56 bits. At the beginning, the key passes through a permutation, then passes the loop left and another permutation to get the sub-key Ki, respectively, for each round of iterative encryption used. the permutation functions are the same for each round, but because the repeated iterations of the key bits make the sub -keys different.

Des algorithm uses the multiple combination substitution algorithm and the transposition algorithm, the dispersion and the confusion interaction, the clear text compiles the cipher high strength ciphertext, its encryption and the decryption uses the same algorithm.

Des algorithms are detailed: des operates on 64-bit plaintext groupings (key 56bit).

1, the initial displacement function ip:64 bit clear Text group x through an initial displacement function IP, the output x0 of 64 bits, and then the grouping x0 into the left half L0 and the right half R0: The 58th position will be entered in the first place, 50th place to 2nd bit, ..., and so on, the last one is the original 7th bit. L0, R0 is the two parts of the output, L0 is the left 32 bits of output, R0 is the right 32 bits. example, set the input value before the change to d1d2d3 ... D64, the result after the initial substitution is: L0=D58D50 ... D8;r0=d57d49 ... D7. The permutation rules are shown in table 1.

The final inverse substitution ip^-1 of DES encryption process is the inverse process of table 1. is to restore each of the original to the past, that is, the 1th bit of data, put back to the 58th place, the 2nd bit of data, put back to the 50th position.


Table 1

2, obtain the sub-key ki:des encryption algorithm key length is 56 bits, generally expressed as 64 bits (each 8th bit for parity), the user provides 64-bit initial key through a series of processing to get K1,K2,..., K16, respectively, as the 1~16 wheel Operation 16 sub-key.

(1). Remove the 64-bit key from the 8 check bits and replace the remaining 56-bit key with the key substitution PC-1 (table 2);


Table 2

(2). Divide 56 bits into the first 28 C0 and the last 28 bits D0, i.e. PC-1 (K56) =c0d0;

(3). Depending on the number of rounds, the two sections are cycled left 1 or 2 bits respectively, table 3:


Table 3

(4). After moving, the two parts are combined into 56 bits after the compression displacement PC-2 (table 4) to obtain a 48-bit subkey, namely Ki=pc-2 (Cidi).


Table 4

The child key is generated as shown in 2:


Figure 2 Sub-key generation flowchart

3. Cryptographic function f (non-linear)

(1). operation of function F: the input of the cipher function f is 32-bit data and a 48-bit sub-key:

A Extended Displacement (E): extends the right-half ri of data from 32-bit to 48-bit. The bit selection function (also called the E box), as shown in table 5:


Table 5

B XOR: An expanded 48-bit output E (Ri) with a compressed 48-bit key Ki as an XOR operation;

C S-Box substitution: Divide the 48-bit result of an XOR or obtained into eight 6-bit blocks, each of which produces a 4-bit output through a corresponding S-box.

The specific replacement process of the S box (rows and columns are counted from 0): The 1th and 6th bits of an SI box's 6-bit input form a 2-bit binary number, corresponding to a row in the table, the middle 4 bits of the input form a column in the corresponding table of the 4-bit binary number, and the input of the 8th s box is 001011 Corresponding to the 8th s box 1th row 5th column (number 6), 6 (0110) instead of the original input 001011.

The following table shows the function of the selection function Si (i=1,2,......., 8):


Table 6 S1 Box


Table 7 S2 Box

In this paper, S1 as an example of its function, in S1, a total of 4 rows of data, named 0,1,2,3 row, each row has 16 columns, named 0,1,2,3,....,14,15 column. The present input is: D=D1D2D3D4D5D6, Order: column =d2d3d4d5, line =d1d6; then the corresponding number in the S1 table, in 4-bit binary notation, this is the output of the selection function S1.

(2), D, p box replacement: The output of the eight s box is connected together to generate a 32-bit output, the output is then replaced by P to generate a 32-bit output that is: f (Ri,ki), F (ri,ki) algorithm description 3, and finally, the P-box substitution results with the first 64-bit grouping of the left half of the The left and right halves are exchanged to begin the next round of calculations.

Figure 3 F (Ri, Ki) calculation

4, ciphertext output: After 16 iterations of the operation, get L16, R16, this as input, reverse replacement, that is, to get ciphertext output. The inverse permutation is exactly the inverse of the initial position. For example, the 1th bit after the initial displacement, in the 40th place, and through the inverse permutation, and the 40th bit back to the 1th bit, the inverse displacement rule as shown in table 8:


Table 8 Inverse Substitution rules

Figure 4 is the DES algorithm encryption schematic diagram:


Figure 4 des algorithm encryption schematic diagram

des algorithm encryption and decryption process using the same algorithm, and the same encryption key and decryption key, the difference is : (1), DES Encryption is from L0, R0 to L15, R15 to transform, and decryption is from L15, R15 to L0, R0 to transform; (2), Encryption keys for each wheel are k0k1 ... K15, while decrypting the decryption key for each wheel is k15k14 ... K0, (3), encryption key loop left shift, decryption key loop right shift.

DES encryption Process Analysis:

(1), first to generate a 64-bit key, the 64-bit key after the "sub-key algorithm" swap, you will get a total of 16 sub-keys. Identify these sub-keys as kn (n=1,2,..., 16). These subkeys are used primarily for cryptographic tools in a total of 16 encryption iterations.

(2), followed by the plaintext information in 64-bit data format as a group, all the plaintext information is grouped. Each paragraph of the 64-bit plaintext is to undergo an initial replacement of the IP, the purpose of the permutation is to disrupt the data information all the rearrangement. Then the scrambled data into the left and right two pieces, the left a total of 32 bits for a group, identified as L0;

(3), after the replacement of the data block a total of 16 times the encryption iterative process. Cryptographic iterations are mainly implemented by the cryptographic function f. First use the sub-key K1 to the right 32-bit R0 to encrypt processing, the result is also 32-bit, and then the 32-bit result data and the left 32-bit L0 modulo 2 processing, and then get a 32-bit data set. We will end up with this 32-bit group of data as the second-iteration of the L1, and each iteration is the same as the one in the process.

(4), after the end of the last round of encryption iteration, will produce a 64-bit data information Group, and then we will this 64-bit data information group in the original data in the order of the average divided into two halves, and then the left and right two equal parts of the position exchange, that the original left equal to the overall displacement of data to the right The data of the original right equal to the overall displacement to the left, so that after the combined data will again after the inverse initial displacement ip^-1 calculation, we will eventually get a set of 64 bits of ciphertext.

Des decryption Process Analysis: des decryption process and its encryption process is the same, this is because the DES algorithm itself belongs to the symmetric cryptography algorithm, its encryption and decryption process can share the same process and operation.

Des cryptographic function f: In the DES algorithm, the 64-bit plaintext will be successfully encrypted output to 64-bit ciphertext, and the core part of this task is the cryptographic function f. The primary function of the cryptographic function f is to encrypt the Km-1 using the sub-key km in the cryptographic iterations of the M-time. The cryptographic function f requires a total of 16 rounds to be run during the encryption process.

16-Wheel iterative algorithm: It first divides the plaintext after the substitution into two groups, 32 bits per group, and the key is also divided into two groups, each set of 28 bits, two sets of keys are calculated, and then combined into a 48-bit key, participate in the operation of plaintext encryption. s box, which consists of 8 4*16 matrices, each line with 0 to 15 data, in different order, is designed by IBM. After the XOR operation of the plaintext, is a 48-bit data, when fed into the s box, was divided into 8 copies, each 6 bits, each part through an S box, after the operation output is 4 bits, that is, a 0 to 15 of the number of binary representation. The specific operation procedure is to combine the 1th bit in the input 6 bits with the 6th digit into a binary number, representing the line number, and the remaining 4 bits also merged into a binary number, which represents the column number. In the current S box, take the line number and the column number as the corresponding number, and in binary form, the output, that is, 4 bits of output, 8 s box total 32 bits.

Advantages and disadvantages of DES algorithm:

(1), the creation of a simple key, but the key must be highly confidential, it is difficult to do once a secret;

(2), the security of Des depends on the confidentiality of the key. One of the main ways to attack the DES algorithm is through key search, using computers with very high computational speed to try out various possible keys by arranging combinations of enumerations until they are cracked. In general, the DES algorithm uses a 56-bit long key, with a simple calculation that indicates that the maximum number of possible keys is 2^56. With the increase of supercomputer operation speed, the security of DES algorithm will be decreased, however, the security of DES is still reliable in general civil business.

(3), DES algorithm encryption and decryption speed is relatively fast, the key is relatively short, encryption efficiency is very high but both sides of the communication to maintain the secret of the key, in order to secure also need to change the DES key frequently.

The function description in OpenSSL, Include/des.h (des_old.h) file:

1, des_random_key:generates a random key.  The PRNG must is seeded prior to using this function (see L<rand (3) |rand (3) >). If Theprng could not generate a secure key, 0 is returned.

2, Des_set_key_checked:before a DES key can beused, it must be converted into the architecture Dependenti<des_key_sche Dule> via the des_set_key_checked () ordes_set_key_unchecked () function.  Des_set_key_checked () would check the the keypassed is of odd parity and was not a week or semi-weak key.  If the parity is wrong, then-1 isreturned.  If The key is a weak key, Then-2 is returned. If An error is returned,the key schedule are not generated.

3, Des_set_key:works like des_set_key_checked () if the i<des_check_key> flag Isnon-zero, otherwise like Des_set_key _unchecked ().

4, des_set_odd_parity:sets the parity of the passed i<key> to odd.

5, Des_is_weak_key:returns 1 is the passed key was a weak key, 0 if it is OK.

6, Des_ecb_encrypt:the basic DES encryption routine that encrypts or decrypts a single 8-bytei<des_cblock> in I<e Lectronic Code book> (ECB) mode.

7, des_ecb3_encrypt:encrypts/decrypts the i<input> block by using Three-key triple-desencryption in ECB mode. This involves encrypting the input with i<ks1>,decrypting with the key schedule I<ks2>, and then encrypting WI  Thi<ks3>. This routine greatlyreduces the chances of brute force breaking of DES and have the advantage of ifi<ks1>, I<KS2&G T And I<ks3> is the same, it is equivalent tojust encryption using ECB mode and i<ks1> as the key.

8, des_ecb2_encrypt:the macro is provided to perform Two-key Triple-des encryption by usingi<ks1> for the final ENCR Yption.

9,  des_ncbc_encrypt:encrypts/decrypts using the i<cipher-block-chaining> (CBC) mode of DES. If thei<encrypt> argument is Non-zero, the routine cipher-block-chain encryptsthe cleartext data pointed to by the I <input> argument into Theciphertext pointed to by the i<output> argument, using the key scheduleprovided by th E i<schedule> argument, and initialization vector providedby the i<ivec> argument.  If the I<length> ; argument is isn't an integral multiple of eight bytes, the last block was copiedto a temporary area and zero filled.  T Heoutput is always an integral multiple of eight bytes.

10, Des_xcbc_encrypt:is RSA's DESX (DESX is an improved version of DES, the principle is to use a random binary number with the data before encryption and the decrypted data xor) mode of DES.  It usesi<inw> and i<outw> to ' whiten ' the encryption. I<inw> and I<outw> are secret (Unlikethe IV) and is as such, part of the key. So the key is the sort of bytes. This is much better than CBC DES.

11, des_ede3_cbc_encrypt:implements outer triple CBC DES encryption with three keys. This mode is Usedby SSL.

12. Des_ede2_cbc_encrypt:the macro implements Two-key Triple-des by reusing i<ks1> for the Finalencrypti On. This form of triple-des was used by the Rsaref library.

13, des_pcbc_encrypt:encrypt/decrypts using the propagating cipher block chaining mode used Bykerberos v4. Its parameters is the same as Des_ncbc_encrypt.

14, des_cfb_encrypt:encrypt/decrypts using cipher feedback mode.  This method takes an array of characters as input and outputs and arrayof characters. It does require anypadding to 8 character groups.   Note:the i<ivec> variable is changed andthe new changed value needs to being passed to the next call to this function. Since The This function runs a complete DES ecbencryption per I<numbits> Sending small numbers of characters.

15. des_cfb64_encrypt:implements CFB mode of DES with 64bit feedback.  This routine would allow you to toencrypt an arbitrary number of bytes, No 8 byte padding. Each call to this routine would encrypt theinput bytes to output and then update Ivec and Num.

16, Des_ede3_cfb64_encrypt:is the same as Des_cfb64_encrypt except that triple-des is used.

17, Des_ede2_cfb64_encrypt:is the same as Des_cfb64_encrypt except that triple-des is used.

18, des_ofb_encrypt:encrypts using output feedbackmode.  This method takes an array ofcharacters as input and outputs and array of characters. It does not require any padding to 8character groups.   Note:the i<ivec> variable is changed and the newchanged value needs to being passed to the next call to this function. Since This function runs a complete DES ecbencryption per numbits, this function was only suggested for use when sendings Mall numbers of characters.

19. Des_ofb64_encrypt:is the same as Des_cfb64_encrypt using Output Feed back mode.

20, Des_ede3_ofb64_encrypt:is the same as Des_ofb64_encrypt, using Triple-des.

21, Des_ede2_ofb64_encrypt:is the same as Des_ofb64_encrypt, using Triple-des.

22, des_cbc_cksum:produces an 8 byte checksum based on the input stream (via Cbcencryption). The last 4 bytes of Thechecksum is returned and the complete 8 bytes is placed in I<output>. This function was used by Kerberos (Network authentication Protocol) V4.

23, Des_quad_cksum:is a Kerberos v4 function. It returns A4 byte checksum from the input bytes. The algorithm can iterated over the input, depending oni<out_count>, 1, 2, 3 or 4 times. If i<output> is non-null, the 8 bytes generated by each pass arewritten into I<output>.

24. Des_fcrypt:is a fast version of the Unix Crypt (3) function.  This version takes only a small amount ofspace relative to other fast crypt () implementations.  This was different to the normal crypt in thatthe third parameter was the buffer that the return value was written into.  It needs to is at least bytes long. This function is thread safe, unlike Thenormal crypt.

25, Des_crypt:is a faster replacement for the normal system crypt ().  This function Callsdes_fcrypt () with a static array passed as the third parameter. This emulates the normal non-thread safesemantics of crypt (3).

26, des_enc_write:writes i<len> bytes to the file descriptor i<fd> from Bufferi<buf>. The data is encrypted via i<pcbc_encrypt> (default) usingi<sched> for the key and i<iv> as a starting VE  ctor. The actual data send down i<fd>consists of 4 bytes (in network byte order) containing the length of thefollowing enc  rypted data. The encrypted datathen follows, padded with random data out to a multiple of 8 bytes.

27, Des_enc_read:is used to read i<len> bytes from file descriptor i<fd> into Bufferi<buf>. The data being read from I<fd> are assumed to the come Fromdes_enc_write () and are decrypted using i<sched> for The key schedule andi<iv> for the initial vector.

Note: (1). ECB mode is not a suitable for mostapplications; (2). Des_3cbc_encrypt is flawed and must not beused in applications. (3). Des_cbc_encrypt does not modify b<ivec>; Usedes_ncbc_encrypt instead. (4). In OpenSSL 0.9.7, all Des_ functions wererenamed to Des_ to avoid clashes with older versions of Libdes.

Des modes:the variants of des and othercrypto algorithms of OpenSSL.

Several crypto algorithms for OpenSSL can beused in a number of modes. Those areused for using the block ciphers in a-similar to stream ciphers, among otherthings.

1,  electroniccodebook Mode (ECB): (1). Normally, this is found as the Functioni<algorithm>_ecb_encrypt ();( 2). Enciphered at a time; (3). The order of the blocks can be rearranged without detection; (4). The Sameplaintext block always produces the same ciphertext block (for the same key) making it vulnerable to a ' diction ary attack '; (5). An error would only affect Oneciphertext block.

2,  cipherblock Chaining Mode (CBC): (1). Normally, this is found as the Functioni<algorithm>_cbc_encrypt (). Be aware this des_cbc_encrypt () is not a reallydes CBC (it does not update the IV); Use Des_ncbc_encrypt () instead; (2). Amultiple of up to bits is enciphered at a time; (3). The CBC mode produces the Sameciphertext whenever the same plaintext is encrypted using the same key andstarting Vari Able (3). The chaining operation makes the ciphertextblocks dependent on the current and all preceding plaintext blocks Andther Efore blocks can not is rearranged; (4). The use of different startingvariables prevents the same plaintext enciphering to the same ciphertext; (5). An errorwill affect the current and the following ciphertext blocks.

3,  cipherfeedback Mode (CFB): (1). Normally, this is found as the Functioni<algorithm>_cfb_encrypt (); (2). A number of bits (j) <= areenciphered at a time; (3). The CFB mode produces the same ciphertextwhenever the same plaintext is encrypted using the same key and Startingvari Able (4). The chaining operation makes the ciphertextvariables dependent on the current and all preceding variables and THEREFO Rej-bit variables is chained together and can not be rearranged; (5). The useof different starting variables prevents the same plaintext enciphering to thesame ciphertext; (6). The strength of the CFB mode depends on thesize of K (maximal if j = k) .  in MyImplementation e case; (7). Selection of a small value for Jwill require more cycles through the Encipherment algorithm per unit Ofplaintext and Thus cause greater processing overheads; (8). Onlymultiples of J bits can be enciphered; (9). An error would affect the Currentand the following CipherteXT variables.

4,  outputfeedback Mode (OFB): (1). Normally, this is found as the Functioni<algorithm>_ofb_encrypt (); (2). A number of bits (j) <= areenciphered at a time; (3). The OFB mode produces the same ciphertextwhenever the same plaintext enciphered using the same key and Startingvariab le.  Moreover, in the OFB mode thesame key stream was produced when the same key and start variable are used.  Co Nsequently, for security reasons a Specificstart variable should is used only once for a given key; (4). Theabsence of chaining makes the OFB more vulnerable to specific attacks; (5). The useof different start variables values prevents the same plaintext enciphering tothe same ciphertext, by producin g different key streams; (6). Selectionof A small value for J would require more cycles through the Enciphermentalgorithm per unit of plaintext and Thus cause greater processing overheads; (7). Only multiples of j bits can enciphered; (8). OFB modeof operation does not extend CIPHErtext errors in the resultant plaintextoutput.  every bit ' error in Theciphertext causes ' only one bit to ' in error In the deciphered plaintext; (9). OFB Modeis not self-synchronizing.  If the twooperation of Encipherment and decipherment get out of synchronism, The systemneeds to be re-initialized; (Ten). Each re-initialization should usea value of the start variable different from the start variable values Usedbefore W ith the same key.  the reason Forthis is a identical bit stream would be produced each time from the Sameparame ters.  this would is susceptible toa ' known plaintext ' attack.

5, &NBSP;TRIPLEECB Mode: (1). Normally, this is found as the Functioni<algorithm>_ecb3_encrypt (); (2). Encrypt with Key1, decrypt Withkey2 and Encrypt with Key3 again; (2). As for ECB encryption butincreases The key length to 168 bits. There is theoretic attacks that can beused so make the effective key length of the bits, but this attack also requires2^56 Blocks of memory, not very likely, even for the NSA; (3). If Bothkeys is the same it's equivalent to encrypting once with just one key; (4). If Thefirst and last key was the same, the key length is a. There is attacksthat could reduce the effective key strength to only slightly more than 56bits, but these require a lot o f memory; (5). If all 3 keys is the same, thisis effectively the same as normal ECB mode.

6, TRIPLECBC Mode: (1). Normally, this is found as the Functioni<algorithm>_ede3_cbc_encrypt (); (2). Encrypt with Key1, decrypt Withkey2 and then Encrypt with Key3; (3). As for CBC encryption butincreases The key length to 168 bits with the same restrictions as for TRIPLEECB mode.

Reference documents:

1. Research and application of digital signature based on DES and ECC hybrid encryption algorithm

2, Openssl/doc

The DES introduction of symmetric encryption algorithm

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.