What Is DES (Data Encryption Standard): How Does It Work?

What is DES? The DES (Data Encryption Standard) algorithm is a symmetric block key cipher created in the early 1970s by an IBM team and adopted by the National Institute of Standards and Technology (NIST).

This algorithm takes the plain text in 64-bit blocks and converts it into ciphertext using a 56-bit key.

Since DES is a symmetric-key algorithm, it uses the same key in encrypting and decrypting data. If the algorithm is asymmetric, it will use a different key for encryption and decryption.

DES was based on the Feistel block cipher, called LUCIFER, developed in 1971 by IBM cryptography researcher Horst Feistel. DES uses 16 rounds of the Feistel structure and a different key for each game.

DES became a federal encryption standard approved in November 1976 and reused as a standard in 1983, 1988, and 1999. So then, the DES algorithm was used as the standard for data encryption in information security for a long time.

DES’ dominance as the standard in data encryption ended in 2002 when the Advanced Encryption Standard (AES) replaced the DES encryption algorithm as the accepted standard during a public competition to find a replacement.

What is the DES Algorithm in Cyber Security?

The DES (Data Encryption Standard) algorithm is a widely used symmetric-key block cipher in the field of cyber security.

Developed in the early 1970s by an IBM team and later adopted by the National Institute of Standards and Technology (NIST), the algorithm converts plain text in 64-bit blocks into ciphertext using a 48-bit key.

Unlike asymmetric encryption, which uses different keys for encryption and decryption, symmetric-key encryption such as DES uses the same key for both processes.

This makes it a more efficient option for encrypting large amounts of data, but it also means that the key must be kept secure and shared only with authorized parties.

History of DES Algorithm

The Data Encryption Standard (DES) algorithm has a long history in the field of cryptography. It was developed in 1971 by IBM researcher Horst Feistel, and is based on the Feistel block cipher, called LUCIFER.

The algorithm uses 16 rounds of the Feistel structure, with a different key used for each round.

In November 1976, DES was approved as the federal encryption standard and was reaffirmed in 1983, 1988, and 1999.

However, its dominance in the field of encryption came to an end in 2002, when the Advanced Encryption Standard (AES) was chosen to replace it as the standard, following a public competition.

The National Institute of Standards and Technology (NIST) officially withdrew FIPS 46-3 in May 2005, however, a modified version of DES called Triple DES (3DES) remains approved for sensitive government information through 2030.

DES Algorithm Stages

In simple terms, DES takes 64-bit plain text and converts it into 64-bit ciphertext. Because the DES algorithm is symmetric, the same key is used when decrypting the returned text.

The DES algorithm process can be done with the following steps:

1. The initial process starts with a 64-bit plain text block processed with the Initial Permutation (IP) function.

2. Initial Permutation (IP) is then performed on plain text.

3. Next, the Initial Permutation (IP) creates two parts of the permutation block, which are referred to as Left Plain Text (LPT) and Right Plain Text (RPT).

4. Each LPT and RPT goes through 16 rounds of the encryption process.

5. Finally, the LPT and RPT recombine, and a Final Permutation (FP) is performed on the newly merged block.

6. The result of this process is the desired 64-bit ciphertext.

The steps of the encryption process can be broken down into five stages include:

  • Transformasi kunci
  • Ekspansi permutasi
  • Permutasi S-Box
  • Permutasi P-Box
  • XOR dan swap

DES Operation Mode

Data encryption experts using DES have five different operating modes that can be chosen to use, namely:

1. Electronic Codebook (ECB) – Each 64-bit block is encrypted and decrypted.

2. Cipher Block Chaining (CBC) – Each 64-bit block depends on the previous process and uses an Initialization Vector (IV).

3. Cipher Feedback (CFB) – The previous ciphertext becomes the input to the encryption algorithm, producing a pseudorandom output, which in the next stage is XORed with the plaintext, thereby building the next ciphertext unit.

4. Output Feedback (OFB) – Same as CFB, except that the encryption algorithm input is the output from the previous DES.

5. Counter (CTR) – Each plaintext block is XORed with an encrypted counter then the counter increments incrementally for each subsequent block.

Initial Permutation (IP)

The Initial Permutation (IP) is the first step in the Data Encryption Standard (DES) algorithm. The plain text is divided into smaller 64-bit chunks and the IP is applied before the first round of encryption.

This phase involves a transposition process, where specific bits are rearranged. For example, the 58th bit is swapped with the first bit, the 50th bit is swapped with the second bit, and so on.

The resulting 64-bit text is then split into two equal halves, referred to as the Left Plain Text (LPT) and Right Plain Text (RPT). These halves are used in the subsequent rounds of encryption.

Step 1: Key Transformation

The first step in the DES process is Key Transformation. The initial key used is a 56-bit key, which is obtained by eliminating certain bits in an original 64-bit key. In this step, a 48-bit key is generated.

The 56-bit key is divided into two equal halves and the bits are then shifted to the left in a circular fashion, depending on the number of rounds.

This results in the rearrangement of the bits in the key and the elimination of certain bits, producing the final 48-bit key. This process is known as compression permutation.

Step 2: Expansion Permutation

In the next step of the DES process, the Right Plain Text (RPT) that was created during the Initial Permutation (IP) stage is expanded from 32-bits to 48-bits.

The RPT is divided into 8 chunks of 4-bits each and additional two bits are added to each chunk. These chunks are then permuted among themselves to form a 48-bit data.

An XOR function is then applied between the 48-bit key obtained from the Key Transformation step and the expanded 48-bit RPT.

DES Implementation and Testing

DES implementation requires a security provider. However, there are many available providers to choose from, but selecting one is the essential initial step in implementation. Your selection may depend on the language you are using, such as Java, PythonC, or MATLAB.

Once you decide on a provider, you must choose whether to have a random secret key generated by the KeyGenerator or create a key yourself, using a plaintext or byte array.

It’s also essential to test the encryption to make sure it is properly implemented. You can find a testing procedure that will do the trick using the recurrence relation found on GitHub.

Now that we have come so far in our understanding of what is DES, let us next look into the reasons to learn DES.