Cryptography Reference
In-Depth Information
After the final round, the ciphertext goes through the inverse of the initial permutation.
The real meat of DES is in the round function and the key schedule. Let's discuss the key schedule first.
4.6.1 DES Key Schedule
The key schedule produces, from a 64-bit key, a set of 16 keys (
K
1
,
K
2
, ... ,
K
16
) using the following method:
1. The key is split into two 28-bit halves (since there are 56 uniquely defined bits), by using a P-box
(which throws away bits 8, 16, 24, 32, 40, 48, 56, and 64 of the key, and scrambles the rest). The left half
is denoted
C
0
, and the right half is denoted
D
0
.
2. For each round,
i
= 1,2, ... , 16, we left rotate the previous round's values for
C
i
and
D
i
by 1 (for rounds
1, 2, 9, and 16) or by 2 (for rounds 3-8 and 10-15). The outputs are put through to the next round and
also concatenated and put through another selective permutation (which reduces them to 48 bits) for use
as the round key
K
i
. The selective permutation remains the same throughout the algorithm.
We then have 16 48-bit round keys,
K
1
,
K
2
, ... ,
K
16
.
4.6.2 DES Round Function
The DES round function consists of four operations, applied in succession:
1. The 32 bits of the input to the round function are put through an expansive permutation to create a
48-bit value (the bits are shuffled around, and some are copied). The selective permutation is represented
by the following list:
[32, 1, 2, 3, 4, 5, 4, 5, 6, 7, 8, 9, 8, 9, 10, 11, 12, 13, 12, 13, 14, 15, 16,
17,
16, 17, 18, 19, 20, 21, 20, 21, 22, 23, 24, 25, 24, 25, 26, 27, 28, 29, 28, 29,
30,
31, 32, 1]
Here, each entry, numbered 1-48, represents each bit of the output. The value in the entry is which bit in
the input to copy. For example, the first bit of the output is copied from bit 32 of the input, the second bit
of the output from bit 1 of the input, and so forth, until all 48 bits of the output are copied from the input.
2. The 48 bits are XORed with the round key.
3. The 48 bits are split into eighths (each a 6-bit value), and each of these values is used as the input to a
separate S-box, each of whose output is 4 bits. There are eight distinct S-boxes for this step. The outputs
are concatenated into a 32-bit number.
4. The 32 bits are put through a P-box, whose output is also 32 bits long. The P-box can be represented
by this list:
[16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10, 2, 8, 24, 14, 32,
27,
3, 9, 19, 13, 30, 6, 22, 11, 4, 25]
This list is numbered from 1 to 32, where each entry corresponds to a bit of output. The value in the entry
represents which bit to copy to the output bit.
The final result from the P-box is then given as the output.
Figure 4-7
shows a diagram of DES's round func-
tion.
Search WWH ::
Custom Search