DES is a symmetric key cryptosystem that was devised in 1972 as a derivation of the Lucifer algorithm developed by Horst Feistel at IBM.

He obtained a patent on the technique (H. Feistel, Block Cipher Cryptographic System, U.S. Patent #3,798,539, March, 19, 1974.) DES is used for commercial and nonclassified purposes. DES describes the Data Encryption Algorithm (DEA) and is the name of the Federal Information Processing Standard (FIPS) 46-1 that was adopted in 1977 [Data Encryption Standard, FIPS PUB 46-1 (Washington, D.C.: National Bureau of Standards, January 15, 1977)]. DEA is also defined as the ANSI Standard X3.92 [ANSI X3.92 American National Standard for Data Encryption Algorithm, (DEA), American National Standards Institute, 1981].

The National Institute of Standards and Technology (NIST) recertified DES in 1993. DES will not be recertified again. It will, however, be replaced by the Advanced Encryption Standard (AES). DEAuses a 64-bit block size and uses a 56-bit key. It begins with a 64-bit key and strips off eight parity bits. DEA is a 16-round cryptosystem and was originally designed for implementation in hardware. With a 56-bit key, one would have to try 256 or 70 quadrillion possible keys in a brute force attack.

Although this number is huge, large numbers of computers cooperating over the Internet could try all possible key combinations.

Due to this vulnerability, the U.S. government has not used DES since November 1998. Triple DES-three encryptions using the DEA has replaced DES and will be used until the AES is adopted.

As previously stated, DES uses 16 rounds of transposition and substitution. It implements the techniques that were suggested by Claude Shannon, the father of Information Theory. Shannon proposed two techniques, confusion and diffusion, for improving the encryption of plaintext. Confusion conceals the statistical connection between ciphertext and plaintext. It is accomplished in DES through a substitution by means of non-linear substitution S-boxes.

An S-box is non-linear because it generates a 4-bit output string from a 6-bit input string.

The purpose of diffusion is to spread the influence of a plaintext character over many ciphertext characters. Diffusion can be implemented by means of a Product Cipher. In a Product Cipher, a cryptosystem (E1) is applied to a message (M) to yield ciphertext (C1).

Then, another cryptosystem (E2) is applied to ciphertext (C1) to yield ciphertext C2. Symbolically, this product is generated by E1(M) = C1; E2(C1) = C2. DES implements this product 16 times. Diffusion is performed in DES by permutations in P-Boxes.

DES operates in four modes: 1. Cipher Block Chaining (CBC) 2. Electronic Code Book (ECB) 3. Cipher Feedback (CFB) 4. Output Feedback (OFB)

Cipher Block Chaining

Cipher Block Chaining (CBC) operates with plaintext blocks of 64 bits.

A randomly generated 64-bit initialization vector is XORed with the first block of plaintext used to disguise the first part of the message that might be predictable (such as Dear Sir).

The result is encrypted by using the DES key.

The first ciphertext will then XOR with the next 64-bit plaintext block.

This encryption continues until the plaintext is exhausted. Note that in propagate.

Electronic Code Book (ECB)

Electronic Code Book (ECB) is the native mode of DES and is a block cipher. ECB is best suited for use with small amounts of data. It is usually applied to encrypt initialization vectors or encrypting keys. ECB is applied to 64-bit blocks of plaintext, and it produces corresponding 64-bit blocks of ciphertext. ECB operates by dividing the 64-bit input vector into two 32-bit blocks called a Right Block and a Left Block.

The bits are then recopied to produce two 48-bit blocks.

Then, each of these 48-bit blocks is XORed with a 48-bit encryption key.

The nomenclature code book is derived from the notion of a code book in manual encryption, which has pairs of plaintext and the corresponding code.

For example, the word RETREAT in the code book might have the corresponding code 5374.

Cipher Feedback (CFB)

The Cipher Feedback (CFB) mode of DES is a stream cipher where the ciphertext is used as feedback into the key generation source to develop the next key stream.

The ciphertext generated by performing an XOR of the plaintext with the key stream has the same number of bits as the plaintext. In this mode, errors will propagate.

Output Feedback

The DES Output Feedback (OFB) mode is also a stream cipher that generates the ciphertext key by XORing the plaintext with a key stream. In this mode, errors will not propagate. Feedback is used to generate the key stream; therefore, the key stream varies.

An initialization vector is required in OFB.

DES Security

Due to the increase in computing power that is capable of being integrated onto Very Large Scale Integration (VLSI) chips and the corresponding decrease in cost, DES has been broken. Through the use of the Internet, a worldwide network of PCs was used to crack DES.

The consensus of the information security community is that DES is vulnerable to attack by an exhaustive research for the 56-bit key.

Therefore, DES is being replaced by Triple DES, and then by the Advanced Encryption Standard (AES).

Triple DES

It has been shown that encrypting plaintext with one DES key and then encrypting it with a second DES key is no more secure than using a single DES key. It would seem at first glance that if both keys have n bits, a brute force attack of trying all possible keys will require trying 2n × 2n or 22n different combinations. However, Merkle and Hellman showed that a known plaintext, Meet-in-the-Middle attack could break the double encryption in 2n + 1 attempts.

This type of attack is achieved by encrypting from one end, decrypting from the other, and comparing the results in the middle.

Therefore, Triple DES is used to obtain stronger encryption. Triple DES encrypts a message three times.

This encryption can be accomplished in several ways.

For example, the message can be encrypted with Key 1, decrypted with Key 2 (essentially another encryption), and encrypted again with Key 1:

[E{D[E(M,K1)], K2}, K1]

A Triple DES encryption in this manner is denoted as DES EDE2.

If three encryptions are performed using the two keys, it is referred to as DES EEE2: [E{E[E(M, K1)], K2}, K1]

Similarly,

E{E[E(M, K1)], K2}, K3]

describes a triple encryption DES EEE3 with three different keys.

This encryption is the most secure form of Triple DES.