Skip to main content

What is Data Encryption Standard (DES)?

Cryptographers have always desired a system that encrypts rapidly yet is virtually impossible to crack. Public-key systems have caught the interest of mathematicians due to their reliance on basic number theory but public-key algorithms are too sluggish for most data transmissions. So then private key techniques started to be involved. Private-key techniques are often quicker than public-key algorithms. The Data Encryption Standard (DES) is the main private-key algorithm, relying on cryptographic implementation that precedes public key cryptography.

DES was the first encryption algorithm certified for public use by the U.S government. This meant that it was immediately embraced by businesses that need robust encryption, such as financial services. Because of its ease of use, DES has been employed in a number of embedded systems, including the following: cards with intelligence, SIM cards, modems, and routers. DES has gained widespread popularity and is often regarded as the most extensively used encryption method available. For more than two decades, DES has enabled banks to perform financial transactions and money transfers electronically, as well as electronic commerce and financial market globalization.

The development of DES has resulted in the establishment of a cryptographic industry. Other symmetric encryption algorithms have been developed, although none are as well-known as DES. Even public key algorithms like RSA cannot compete with DES in terms of commercial exploitation or cryptographic performance.

What does Data Encryption Standard Mean?

The data encryption standard employs a cryptographic technique that may be used to secure data. DES accepts a 64-bit input and produces a 64-bit output. The algorithm adds an additional input, which is a secret key with a length of 64 bits. For encryption and decryption, the block cipher algorithm is utilized, and the message is separated into blocks of bits.

Encryption is the process of converting data into a meaningless text known as "cipher text". Decrypting the ciphertext returns the original plaintext data. It utilizes a typical type of technique called the symmetric algorithm to convert information from cipher to plain.


Figure 1. Encryption

Data Encryption Standard History

Data Encryption Standart had started to develop as a consequence of a research initiative conducted by IBM in the late 1960s, which led to the creation of the LUCIFER cipher. DES is based on the Feistel block cipher named "Lucifer", which was invented by IBM cryptography specialist Horst Feistel in 1971.

DES was developed in the early 1970s by a group of IBM cryptographers led by Walter L. Tuchman and submitted as a candidate algorithm in response to a notice published in the Federal Register on May 15, 1973, soliciting submissions for "cryptographic algorithms". Following that, it was decided to offer LUCIFER on the markets in the early 1970s, and DES gained a number of major modifications. IBM was not the only company participating in these improvements; they also requested technical assistance from the National Security Agency (NSA). IBM and NSA collaborated together and proposed a new national encryption standard. It was finally accepted as Data Encryption Standard in 1977 and reconfirmed as a standard in 1983, 1988, and 1999.

A series of challenges were sponsored to test how long it would take to decode a message in order to demonstrate that the DES was insufficient and should no longer be utilized in essential systems. The first contest in 1997 took 84 days to break the encrypted message using a brute force attack. In early 1999, the last DES challenge took only 22 hours and 15 minutes. The message was decrypted by the Electronic Frontier Foundation's Deep Crack computer, and they won the challenge.

DES's pioneering in the industry came to an end with the development of new encryption methods. In 2001, the National Institute of Standards and Technology (NIST) accepts Rijndael as an alternative to DES. Following a public competition to discover a replacement for DES, the Advanced Encryption Standard (AES) succeeded it as the approved standard in 2002.

Why is Data Encryption Standard Important?

The goal of data encryption is to protect numerical data privacy when it is stored on computers and transmitted through the internet or other computer networks. Even though the DES algorithm changes over time with new current algorithms, it still maintains its importance. With authentication, validity, and non-repudiation, these algorithms provide privacy and generate critical security concepts.

Despite the fact that DES is becoming outdated, it is still vital to understand this algorithm. When it comes to cryptography, the importance of the DES algorithm cannot be overstated. The reason for this is because the DES algorithm served as the foundation for all future encryption techniques. Once the origins of data encryption are known, understanding the foundations of modern-day encryption systems becomes simple.

How Does Data Encryption Standard Work?

DES encryption encrypts plaintext by breaking it down into smaller parts (64-bit blocks) and using a cryptographic key to decrypt it. Essentially, it takes your legible message and changes it, block by block, into incomprehensible words that can only be decrypted by the holder of the decryption key.

The DES algorithm is based on Feistel's Lucifer cipher. Transposition and substitution cryptography is used to create the Lucifer cipher. It's a block cipher, thus unlike a stream cipher, it doesn't encrypt all of the data at once. Instead, it divides the data into blocks, making encryption faster and more secure.

As part of the Feistel structure, DES employs initial permutation (IP) and final permutation (FP) functions. The IP is the initial stage, and it involves reordering the bits in the plaintext input. Following that, there are 16 rounds of operations until the final permutation. Permuted blocks are separated into two halves of 32 bits each; left plain text (LPT) and right plain text (RPT). These blocks, which are divided into two left and right, are repeated for 16 rounds and undergo encryption. Each round has processes consisting of 5 different steps.

  1. Key transformation

  2. Expansion permutation

  3. S-Box permutation

  4. P-Box permutation

  5. ExclusiveOR (XOR) and swap

After all these 5 steps repeat for 16 round, LPT and RPT get combined and performs the final permutation. It results in the final ciphertext. As a result, the same key that encrypts your plaintext data may also be used to decrypt it. Decryption is similar to encryption in that it follows the same processes but in reverse order.

How Block Cipher Works

Figure 2. How Block Cipher Works

How DES Encryption works

Figure 3. How DES Encryption works

What are DES Algorithm Steps?

Data encryption standard has 64 bit-sized blocks, 56 bit-sized keys (actually 64 bit but 8 bits are parity-check bits, used for error control), and runs within 16 rounds. The following are the steps in the algorithm process:

  1. Firstly, the text is separated into 64-bit blocks. One issue is that not all messages have lengths that are exactly divisible by 64, therefore the final block may be less than 64 bits. This means that the message's final section must be padded with extra information to cover the remaining space. One effective solution is to fill the gap with 0s at the end of the message, which is subsequently eliminated during decryption.

  2. After dividing plaintext into blocks of 64-bit each, all blocks are subjected to Initial permutation. The transposition process begins with this initial permutation. These permutations each take a 64-bit input and permute it according to a predetermined rule. In the first permutation, for example, the 58th bit in the input becomes the first bit in the output. Similarly, the first bit in the input becomes the 58th bit in the output in the final permutation.

Step 2 in DES

Figure 4. Step 2 in DES

  1. The initial permutation's result is used as an input for the Feistel function, which we'll refer to as A. A has a size of 64 bits. The LPT (left plain text) and RPT (right plain text) are separated into two parts, each having 32 bits. There are 16 rounds of operations until the final permutation. The algorithm progression has two main cipher parts: A swapper and a mixer. Each of these components is invertible. The swappers function swaps the left half of the text with the right half of the text.

Step 3 in DES

Figure 5. Step 3 in DES

  1. LPT and RPT both go through 16 encryption cycles. The f function has four phases and is key-dependent.
    • Expansion permutation: Expansion permutation is used to expand a 32-bit half-block to 48 bits. It creates a 48-bit block by adding neighboring bits from either side of the block to the 32-bits of the block.
    • S-Box permutation: The single non-linear component of the DES algorithm is a substitution box permutation or S-box. It gives the encryption an extra layer of security. The block is separated into eight 6-bit portions once it has been combined with the subkey. The S-box technique employs a lookup table to turn each of the eight 6-bit parts into a 4-bit output, yielding a total of 32-bit output.
    • P-Box permutation: The S-box permutation's 32-bit output is reorganized using the P-box permutation. For the following cycle of encryption, the P-box permutation guarantees that the output of each S-box is shared among four different S-boxes.
    • ExclusiveOR (XOR): The XOR function compares two sets of bits, which can be either 1s or 0s. The XOR output is 0 if the bits from both sets match. If they don't match, on the other hand, the result is 1. The encryption is stronger as a result of this bit-by-bit comparison.
  1. LPT and RPT are finally integrated into the last stage. The combined LPT and RPT are then permuted to create a final ciphertext. Its final permutation step. The inverse of the IP is the final permutation table. As a result, the last step of encryption is performed by doing the inverse of the first step.

What are DES Modes of Operation?

Based on their input type, encryption algorithms are divided into two types: block ciphers and stream ciphers. A block cipher is a type of encryption method that receives a fixed size of the input, x bits enter, and x bits of ciphertext is encrypted. If the input is larger than b bits, it can be divided further. A block cipher has several modes of operation to run various applications and uses. DES modes of operations are listed above:

1. Cipher Block Chaining (CBC)

At the sender's end, CBC Mode refers to Cipher Block Chaining, which divides the plain text into blocks. The Initialization Vector, which might be a random piece of text, is utilized in this mode. The Initialization Vector is used to make each block's ciphertext unique.

The XOR operation is used to merge the initial block of plain text with the Initialization Vector(IV). Then, by using the key, encrypt the created message and create the first block of ciphertext. The IV for the second block of plain text is the first block of ciphertext. For all plain text blocks, the same approach will be used.

The ciphertext is split into blocks on the receiver side. The same key that was used for encryption is utilized to decrypt the first block ciphertext. The first block of plain text will be formed by XORing the decrypted result with the IV. The same key is used to decode the second block of ciphertext, and the result is XORed with the first block of ciphertext to generate the second block of plain text. The blocks are all created in the same way. One drawback of this technique is that simultaneous encryption is not possible since each encryption requires a preceding cipher.

2. Cipher Feedback (CFB)

CFB mode is an abbreviation for Cipher Feedback Mode. The cipher feedback mode is a sort of block cipher that performs feedback encryption on segments rather than blocks to generate pseudorandom bits. Each segment might be as little as one bit or as large as the complete block size defined by the algorithm you select. The data is encrypted in this mode in the form of 8 bits long units. Initialization Vector(IV) is initialized in the same way as cipher block chaining mode is. The IV is recorded in the shift log. It is encrypted using the key to create the ciphertext.

A ciphertext block is dependent on all previous plaintext blocks; reordering has an impact on decryption. Errors spread for several blocks after the error, however, the mode, like CBC, is self-synchronizing. Each new input block encrypts the following block using the ciphertext of the preceding output block, a process known as feedback. The keystream is generated by the encryption method and stored in the bottom register. Between this keystream and the plaintext, an XOR function is used.

3. Electronic Codebook (ECB)

ECB is the simplest block cipher operating mode. The plain text is separated into 64-bit blocks in this mode. After that, each block is encrypted independently. First, the first block is encrypted and this process continues until the last block is encrypted. The same key is used to encrypt all blocks; no additional variables are utilized. When ECB is applied several times in the same plaintext, it produces the identical ciphertext, making it relatively easy to break. Thus, with man-in-the-middle and brute-force attack methods, it can be easily exposed and encrypted information can be decrypted.

There is no chaining and no error propagation in this mode. The most advantageous part is, It is possible to encrypt blocks of bits simultaneously. This feature makes it a faster working encryption mode.

4. Output Feedback (OFB)

The output feedback mode is abbreviated as OFB. The design of OFB is similar to that of CFB. The main distinction between OFB and CDB mode is that in CFB, the ciphertext is utilized for the next step of the encryption process, but in OFB, the IV encryption result is used for the following steps. The key is created via an internal procedure that is unaffected by the plaintext or ciphertext. As a result, identical blocks have different ciphertexts.

One of the advantages of OFB mode is; that a single bit mistake in a block is spread to all following blocks in the case of CFB. OFB solves this problem since the plaintext block is free of bit errors.

5. Counter (CTR)

CTR Mode is an abbreviation for counter mode. As the name implies, it employs a series of integers as an input to the algorithm. When encrypting a block, the next counter value is used to fill the next integer.

To encrypt, the first counter is encrypted with a key, and then the plain text is XORed with the encrypted result to generate the ciphertext. The counter will be increased by one for the following step, and the same method will be continued for all blocks. The identical procedure will be utilized for decryption as well. Each ciphertext is XORed with the encrypted counter in order to convert it to plain text. The counter will be incremented for the following step, and this will be repeated for all Ciphertext blocks.

There are no chaining dependencies and no error propagation in this mode. In counter mode, both encryption and decryption can be done simultaneously.

How is DES Tested?

Many companies have used a variety of approaches to implement the DES. A test for the DES should be applicable to all DES devices, regardless of implementation, to be most useful. The maintenance tests are thus limited to testing the algorithm's operation at well-defined interfaces such as input, key, and output. The test software confirms the correct operation of implementation by running one of many optional sets of tests on the device while it is in usage.

The pseudo-random tests have been performed to ensure that a basis of vectors is supplied to each of the matrix operators in the algorithm. All elements of the method are exercised using both encryption and decryption procedures. The final result of each test is compared to a single stored value once all of the test cycles have been finished. The system can pass the test if the two values are the same; else, the system should be considered inoperable.

What is the Difference Between AES and DES Encryption?

There are some differences between AES and DES methods, we can list them as follows:

  • AES and DES are both symmetric block ciphers. AES was created to address the limitations of DES.

  • DES was developed in 1976, but AES was developed in 1999.

  • Before the main algorithm begins in DES, the plaintext block is separated into two halves, but in AES, the entire block is processed to get the ciphertext.

  • Plaintext is of 64 bits in DES, in AES it can vary to 128-192-256 bits.

  • In comparison to AES, the key size of DES is lower. AES works with the larger key size.

  • DES has 16 round encryption round but AES has 10 rounds for 128 bit, 12 rounds for 192 bit, and 14 rounds for 256 bit.

  • DES Works slower than AES.

  • AES is more secure encryption than DES and is presently the international standard. DES is easily broken since it has known vulnerabilities.

  • AES is built on the basis of a substitution-permutation network. The Feistel network is used to build the DES structure.