Cryptography Reference
In-Depth Information
4. Apply
f
k
1
to the output of step 3. (This is round 2.)
5. Apply
IP
−
1
to the output of step 4.
The following is derived from Ed Schaefer, the creator of S-DES, [232].
Example 3.4
Supposewearegivenplaintextbitstring
m
= (10100101)
andkey
bitstring
k
= (0010010111)
. First we generate our subkeys as follows.
1.
P
10
(
k
) = 1000010111
.
2.
LS1
(10000) = (00001)
and
LS1
(10111) = (01111)
.
3.
P
8
(0000101111) = (00101111) =
k
1
.
4.
LS2
(00001) = (00100)
and
LS2
(01111) = (11101)
,
(
applying
LS2
to the
output of step 2.
)
5.
P
8
(0010011101) = (11101010) =
k
2
,
(
applying
P
8
to the output of step 4.
)
.
Now we encrypt as follows. First we calculate
IP
(
m
) = (01110100)
. Then
we need to calculate the round function for the first round
f
k
1
(01110100) =
(
L
(01110100)
F
(
R
(01110100)
,k
1
)
,
R
(01110100))
. We do this as follows.
1.
EP
(0100) = (00101000)
.
⊕
2.
EP
(0100)
⊕
k
1
= (00101000)
⊕
(00101111) = (00000111)
.
3.
S
0
(0000) = (01)
and
S
1
(0111) = (11)
.
4.
P
4
(0111) = (1110) =
F
(
R
(01110100)
,k
1
)
.
5.
L
(01110100)
⊕
F
(
R
(01110100)
,k
1
) = (0111)
⊕
(1110) = (1001)
.
6.
f
k
1
(01110100) = (10010100)
.
Now we apply the switch function,
SW
(10010100) = (01001001)
. The reader
may now verify the second round, namely,
f
k
2
(01001001) = (
L
(01001001)
F
(
R
(01001001)
,k
2
)
,
R
(01001001)) = (01101001)
.
Last, we apply the inverse of the initial permutation,
IP
−
1
(01101001) =
(00110110)
, which is the ciphertext.
To decrypt, we reverse the process. First feed
c
into
IP
to get
⊕
IP
(
c
) = (01101001)
,
then apply
f
k
2
to get
(
with the reader filling in the details
)
,
f
k
2
(0110
F
(1001
,k
2
)
,
1001) = (01001001)
.
Then
SW
(01001001) = (10010100)
. Next,
⊕
F
(0100
,k
1
)
,
0100) = (01110100)
,
then the final application yields the original plaintext,
IP
−
1
(01110100) =
(10100101) =
m
.
f
k
1
(1001
⊕
Search WWH ::
Custom Search