Cryptography Reference
In-Depth Information
3.2
S-DES and DES
Pass then through this moment of time in harmony with nature, and end
your journey in content, as an olive falls when it is ripe, blessing nature who
produced it, and thanking the tree on which it grew.
Marcus Aurelius (121-180 AD), Roman philosopher and emperor
— from Marcus Aurelius and His Times (see [11, page 43]).
We begin with an informal overview to describe the mechanisms behind S-
DES, which is a simplified version of DES, presented for pedagogical purposes.
Although DES reached the end of its cryptographic usefulness by the beginning
of the twenty-first century, it is valuable to look at its design and implementation
in order to understand how it stood the test for roughly a quarter century before
the cryptanalytic onslaught brought on by new mathematical and computational
power caused it to fall from grace.
Overview of S-DES
As with any cipher, the encryption function takes the plaintext m and the
key k as input. For S-DES, m has bitlength 8 and k has bitlength 10.
First, m is put through what is called an initial permutation IP , followed by
two rounds of the same function (described below), which uses both permutation
and substitution in its execution, the first round followed by a swap of the left
and right 4 bits of the output. The 8-bit output of round two is put through
the inverse permutation IP 1 to form the 8-bit ciphertext.
Each round of S-DES is described as follows. The 8-bit input is split into
left and right 4-bit blocks, L and R . Then there is an expansion of R to 8 bits
via an expansion permutation E , to get E ( R ). The 8-bit result, E ( R ), is added
modulo 2, denoted by
, to an 8-bit subkey SK, generated from k in a separate
S-DES key generation stage; see Footnote 2.8 on page 84 for a motivation of
the use of
with the one-time pad. 3.3 The resulting 8-bit output E ( R )
SK
is separated into left and right 4-bit strings, L 1 and R 1 , which are fed into two
separate substitution boxes, S 1 and S 2 , respectively, called S-boxes (described
in detail below), which are publicly known lookup tables that take 4-bit inputs
and output 2-bit strings, L 1 and L 2 . The resulting 4-bit string, ( L 1 ,L 2 ), is
put through a permutation P , to produce a 4-bit output Z . Last, Z is added
modulo 2 with L to form L , and ( L ,R ) is the output of the round.
All of the above is illustrated in Diagram 3.1, which is a single round of the
S-DES cipher. Then, before giving a detailed description of S-DES that will
extrapolate the above to a full explanation of all the detailed features of the
(simplified) cipher, we look at the motivations behind the design of DES itself.
3.3 For the reader needing a reminder, see the detailed treatment of modular arithmetic
on pages 475-478 in Appendix A. We also had a brief elementary introduction to modular
arithmetic on page 12. As mentioned in Footnote 2.8, addition modulo 2 is often called
XORing in the computer science community since addition modulo 2is bit by bit exclusive
or addition.
Search WWH ::




Custom Search