Cryptography CA2

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 11

Abstract

The Data Encryption Standard (DES) was approved as a Federal Information


Processing Standard (FIPS) by the Secretary of Commerce on November 23,
1976. This Standard was developed as a part of the Computer Security
Program within the Institute for Computer Sciences and Technology at the
National Bureau of Standards (NBS). This paper places this standard in
perspective with other computer security measures that can and should be
applied to Federal computer systems either before or coincident to using the
Data Encryption Standard. In 1972, NBS initiated the standards development
effort leading to adoption of the DES. During this period, NBS solicited for
algorithms and information upon which a standard could be based, published
for comment the algorithm which best satisfied the requirements of an
encryption standard, and coordinated the effort with both the potential using
communities and supplying communities. This paper outlines the
environment surrounding and the history of the Data Encryption Standard
and discusses the objectives of additional standards to be developed within
the computer security program.
Introduction
The Data Encryption Standard (DES) is a symmetric-key algorithm for digital data
encryption. Although its short key length of 56 bits makes it too insecure for
modern applications, it has been highly influential in the advancement of
cryptography.

Developed in the early 1970s at IBM and based on an earlier design by Horst
Feistel, the algorithm was submitted to the National Bureau of Standards (NBS)
following the agency's invitation to propose a candidate for the protection of
sensitive, unclassified electronic government data. In 1976, after consultation
with the National Security Agency (NSA), the NBS selected a slightly modified
version (strengthened against differential cryptanalysis, but weakened against
brute-force attacks), which was published as an official Federal Information
Processing Standard (FIPS) for the United States in 1977.

The publication of an NSA-approved encryption standard led to its quick


international adoption and widespread academic scrutiny. Controversies arose
from classified design elements, a relatively short key length of the symmetric-
key block cipher design, and the involvement of the NSA, raising suspicions about
a backdoor. The S-boxes that had prompted those suspicions were designed by
the NSA to remove a backdoor they secretly knew (differential cryptanalysis).
However, the NSA also ensured that the key size was drastically reduced so that
they could break the cipher by brute force attack.[2] The intense academic
scrutiny the algorithm received over time led to the modern understanding of
block ciphers and their cryptanalyses was the result of a research project set up
by International Business Machines (IBM) Corporation in the late 1960’s which
resulted in a cipher known as LUCIFER. In the early 1970’s it was decided to
commercialize LUCIFER and a number of significant changes were introduced.
IBM was not the only one involved in these changes as they sought technical
advice from the National Security Agency (NSA) (other outside consultants were
involved but it is likely that the NSA were the major contributors from a technical
point of view). The altered version of LUCIFER was put forward as a proposal for
the new national encryption standard requested by the National Bureau of
Standards (NBS). It was finally adopted in 1977 as the Data Encryption Standard -
DES (FIPS PUB 46).
In the early 1970s: IBM formed a 'crypto group,' which designed a block cypher to
protect its customers' data. In 1973, the US adopted it as a national standard - the
Data Encryption Standard, or DES. It remained in use until it cracked in 1997.

In the 1970s, academic papers on encryption were classified. Cryptographic


devices were subject to export controls and rated as munitions, particularly in the
US. Encryption was regarded as a matter of national security.

In 1976, Whitfield Diffie and Martin Hellman published a research paper on what
would be defined as the Diffie-Hellman key exchange.

Some of the changes made to LUCIFER have been the subject of much controversy
even to the present day. The most notable of these was the key size. LUCIFER used
a key size of 128 bits however this was reduced to 56 bits for DES. Even though
DES actually accepts a 64-bit key as input, the remaining eight bits are used for
parity checking and have no effect on DES’s security. Outsiders were convinced
that the 56-bit key was an easy target for a brute force attack due to its extremely
small size. The need for the parity checking scheme was also questioned without
satisfying answers

Another controversial issue was that the S-boxes used were designed under
classified conditions and no reasons for their particular design were ever given.
This led people to assume that the NSA had introduced a “trapdoor” through
which they could decrypt any data encrypted by DES even without knowledge of
the key. One startling discovery was that the S-boxes appeared to be secure
against an attack known as Differential Cryptanalysis which was only publicly
discovered by Biham and Shamir in 1990. This suggests that the NSA were aware
of this attack in 1977; 13 years earlier! In fact the DES designers claimed that the
reason they never made the design specifications for the S-boxes available was
that they knew about a number of attacks that weren’t public.knowledge at the
time and they didn’t want them leaking - this is quite a plausible claim as
differential cryptanalysis has shown. However, despite all this controversy, in
1994 NIST reformed DES for government use for a further five years for use in
areas other than “classified”.
Procedure and Discussion

Data encryption standard (DES) has been found vulnerable to very powerful


attacks and therefore, the popularity of DES has been found slightly on the decline.
DES is a block cipher and encrypts data in blocks of size of 64 bits each, which
means 64 bits of plain text go as the input to DES, which produces 64 bits of
ciphertext. The same algorithm and key are used for encryption and decryption, with
minor differences. The key length is 56 bits. The basic idea is shown in the figure:

We have mentioned that DES uses a 56-bit key. Actually, the initial key consists of
64 bits. However, before the DES process even starts, every 8th bit of the key is
discarded to produce a 56-bit key. That is bit positions 8, 16, 24, 32, 40, 48, 56, and
64 are discarded. 

Advertisement
Thus, the discarding of every 8th bit of the key produces a 56-bit key from the
original 64-bit key.
DES is based on the two fundamental attributes of cryptography: substitution (also
called confusion) and transposition (also called diffusion). DES consists of 16 steps,
each of which is called a round. Each round performs the steps of substitution and
transposition. Let us now discuss the broad-level steps in DES. 
 In the first step, the 64-bit plain text block is handed over to an initial
Permutation (IP) function.
 The initial permutation is performed on plain text.
 Next, the initial permutation (IP) produces two halves of the permuted
block; saying Left Plain Text (LPT) and Right Plain Text (RPT).
 Now each LPT and RPT go through 16 rounds of the encryption process.
 In the end, LPT and RPT are rejoined and a Final Permutation (FP) is
performed on the combined block
 The result of this process produces 64-bit ciphertext.

Initial Permutation (IP):  


As we have noted, the initial permutation (IP) happens only once and it happens
before the first round. It suggests how the transposition in IP should proceed, as
shown in the figure. For example, it says that the IP replaces the first bit of the
original plain text block with the 58th bit of the original plain text, the second bit with
the 50th bit of the original plain text block, and so on.
This is nothing but jugglery of bit positions of the original plain text block. the same
rule applies to all the other bit positions shown in the figure.
As we have noted after IP is done, the resulting 64-bit permuted text block is divided
into two half blocks. Each half-block consists of 32 bits, and each of the 16 rounds,
in turn, consists of the broad-level steps outlined in the figure. 

Step-1: Key transformation:  


We have noted initial 64-bit key is transformed into a 56-bit key by discarding every
8th bit of the initial key. Thus, for each a 56-bit key is available. From this 56-bit key,
a different 48-bit Sub Key is generated during each round using a process called key
transformation. For this, the 56-bit key is divided into two halves, each of 28 bits.
These halves are circularly shifted left by one or two positions, depending on the
round.
For example: if the round numbers 1, 2, 9, or 16 the shift is done by only one
position for other rounds, the circular shift is done by two positions. The number of
key bits shifted per round is shown in the figure.
After an appropriate shift, 48 of the 56 bits are selected. for selecting 48 of the 56
bits the table is shown in the figure given below. For instance, after the shift, bit
number 14 moves to the first position, bit number 17 moves to the second position,
and so on. If we observe the table carefully, we will realize that it contains only 48-bit
positions. Bit number 18 is discarded (we will not find it in the table), like 7 others, to
reduce a 56-bit key to a 48-bit key. Since the key transformation process involves
permutation as well as a selection of a 48-bit subset of the original 56-bit key it is
called Compression Permutation.

Because of this compression permutation technique, a different subset of key bits is


used in each round. That makes DES not easy to crack.

Step-2: Expansion Permutation:  


Recall that after the initial permutation, we had two 32-bit plain text areas called Left
Plain Text (LPT) and Right Plain Text (RPT). During the expansion permutation, the
RPT is expanded from 32 bits to 48 bits. Bits are permuted as well hence called
expansion permutation. This happens as the 32-bit RPT is divided into 8 blocks, with
each block consisting of 4 bits. Then, each 4-bit block of the previous step is then
expanded to a corresponding 6-bit block, i.e., per 4-bit block, 2 more bits are added. 
DES Analysis
The DES satisfies both the desired properties of block cipher. These two
properties make cipher very strong.

Avalanche effect − A small change in plaintext results in the very


grate change in theciphertext.

Completeness − Each bit of ciphertext depends on many bits of


plaintext.

During the last few years, cryptanalysis have found some weaknesses in
DES when key selected are weak keys. These keys shall be avoided.
DES has proved to be a very well-designed block cipher. There have
been no significant cryptanalytic attacks on DES other than exhaustive key
search.
Conclusion
As we toward a society where automated information resources are
increased and cryptography will continue to increase in importance as a
security mechanism. Electronic networks for banking, shopping, inventory
control, benefit and service delivery, information storage and retrieval,
distributed processing, and government applications will need improved
methods for access control and data security. The information security can
be easily achieved by using Cryptography technique. DES is now
considered to be insecure for some applications like banking system. there
are also some analytical results which demonstrate theoretical
weaknesses in the cipher. So, it becomes very important to augment this
algorithm by adding new levels of security to make it applicable. By adding
additional key, modified S-Box design, modifies function implementation
and replacing the old XOR by a new operation as proposed by this thesis
to give more robustness to DES algorithm and make it stronger against
any kind of intruding. DES Encryption with two keys instead of one key
already will increase the efficiency of cryptography.
References

1. http://www.umsl.edu/~siegelj/information_theory/projects/des.n
etau.net/des%20history.htmlhttps://www.ideamotive.co/blog/ma
rketplaces-business-model-overview

2. https://www.geeksforgeeks.org/data-encryption-standard-des-
set-1/https://jungleworks.com/online-marketplace-ebay/

3. https://www.tutorialspoint.com/cryptography/data_encryption_s
tandard.htm

4. https://intellipaat.com/blog/what-is-des-
algorithm/#:~:text=data%20at%20all.-
,Conclusion,opposite%20of%20the%20encryption%20procedure.

5. https://ieeexplore.ieee.org/abstract/document/1089771

You might also like