DES (Data Encryption Standard)

• 1970: the need of a standard cipher for civilians was identified.

• 1972: NBS opens a contest for a new cipher, requiring:

  • The cryptographic algorithm must be secure to a high degree.

  • Algorithm details described in an easy-to-understand language.

  • The details of the algorithm must be publicly available.

    • So that anyone could implement it in software or hardware.

  • The security of the algorithm must depend on the key.

    • Not on keeping the method itself (or part of it) secret.

  • The method must be adaptable for use in many applications.

  • Hardware implementations of the algorithm must be practical.

    • i.e. not prohibitively expensive or extremely slow.

  • The method must be efficient.

  • Test and validation under real-life conditions.

  • The algorithm should be exportable.

Proposal and Adoption

• 1974: new contest

  • Proposal based on Lucifer from IBM.

  • 64-bit blocks.

  • 56-bit keys.

    • 48-bit subkeys (key schedules).

  • Diffusion and confusion.

    • Feistel networks.

    • Permutations, substitutions, expansions, compressions.

    • 16 iterations.

  • Several modes of operation.

    • ECB (Electronic Code Book), CBC (Cypher Block Chaining).

    • OFB (Output Feedback), CFB (Cypher Feedback).

• 1976: adopted at US as a federal standard

Architecture

Offered Security

Key selection

• Most 56-bit values are suitable.

• 4 weak, 12 semi-weak keys, 48 possibly weak keys.

  • Equal key schedules (1, 2 or 4).

  • Easy to spot and avoid.

Known attacks

• Exhaustive key space search.

Key length

• 56 bits are actually too few.

• Exhaustive search is technically possible and economically interesting.

Multiple encryption

• Double encryption.

  • Theoretically not more secure.

• Triple DES (3DES).

  • With 2 or 3 keys.

  • Equivalent key length of 112 or 168 bits.

  • Secure but ...slow!

• DES-X

  • K1 ⊕ DES(K2) ⊕ K3.

  • Total key length = 64 + 56 + 64 = 184 bits.