Cryptography Reference
In-Depth Information
Eight of the key bits (the least-signifi cant-bit of each input byte) are discarded
and not used by DES.
Again, the DES specifi cation presents this as a bit-for-bit permutation, so you
will, too. This permutation table is shown in Listing 2-7.
Listing 2-7:
“des.c” key permutation table 1
static const int pc1_table[] = { 57, 49, 41, 33, 25, 17, 9, 1,
58, 50, 42, 34, 26, 18, 10, 2,
59, 51, 43, 35, 27, 19, 11, 3,
60, 52, 44, 36,
63, 55, 47, 39, 31, 23, 15, 7,
62, 54, 46, 38, 30, 22, 14, 6,
61, 53, 45, 37, 29, 21, 13, 5,
28, 20, 12, 4 };
If you look carefully at this table, you see that bits 8, 16, 24, 32, 40, 48, 56, and
64 — the LSBs of each input byte — never appear. Early DES implementations
used more fault-prone hardware than you are probably used to — the LSBs of
the keys were used as
parity bits
to ensure that the key was transmitted cor-
rectly. Strictly speaking, you should ensure that the LSB of each byte is the sum
(modulo 2) of the other seven bits. Most implementers don't bother, as you can
probably trust your hardware to hang on to the key you loaded into it correctly.
At each round, each of the two 28-bit halves of this 56-bit key are rotated left
once or twice — once in rounds 1, 2, 9, and 16, twice otherwise. These rotated
halves are then permuted (surprise) according to the second permutation table
in Listing 2-8.
Listing 2-8:
“des.c” key permutation table 2
static const int pc2_table[] = { 14, 17, 11, 24, 1, 5,
3, 28, 15, 6, 21, 10,
23, 19, 12, 4, 26, 8,
16, 7, 27, 20, 13, 2,
41, 52, 31, 37, 47, 55,
30, 40, 51, 45, 33, 48,
44, 49, 39, 56, 34, 53,
46, 42, 50, 36, 29, 32 };
This produces a 48-bit subkey from the 56-bit (rotated) key. Due to the rota-
tion, this means that each round has a unique key K1, K2, K3, ..., K15, K16. These
subkeys are referred to as the
key schedule
.
Notice that the key schedule is independent of the encryption operations and
can be precomputed and stored before encryption or decryption even begins.
Most DES implementations do this as a performance optimization, although
this one doesn't bother.
Search WWH ::
Custom Search