Discuss S-Boxes in DES, its Strength and Triple DEA?

  1. It has eight S-boxes which map 6 to 4 bits and each S-box is actually 4 little 4 bit boxes
  2. outer bits 1 & 6 (row bits) select one rows
  3. inner bits 2-5 (col bits) are substituted
  4. result is 8 lots of 4 bits, or 32 bits
  5. The row selection depends on both data & key, feature known as autoclaving (autokeying)
    example: S(18 09 12 3d 11 17 38 39) = 5fd25e03
  6. forms subkeys used in each round
  7. consists of:
    • initial permutation of the key (PC1) which selects 56-bits in two 28-bit halves
    • 16 stages consisting of:
      • selecting 24-bits from each half
      • permuting them by PC2 for use in function f,
      • rotating each half separately either 1 or 2 places depending on the key rotation schedule K
  8. decrypt must unwind steps of data computation
  9. with Feistel design, do encryption steps again
  10. using subkeys in reverse order (SK16 … SK1)
  11. note that IP undoes final FP step of encryption
  12. 1st round with SK16 undoes 16th encrypt round
  13. 16th round with SK1 undoes 1st encrypt round
  14. then final FP undoes initial encryption IP
  15. thus recovering original data value

Avalanche Effect:

  1. key desirable property of encryption alg
  2. where a change of one input or key bit results in changing approx half output bits
  3. making attempts to “home-in” by guessing keys impossible
  4. DES exhibits strong avalanche


Strength of DES – Key Size:

  1. 56-bit keys have 256 = 7.2 x 1016 values
  2. brute force search looks hard
  3. recent advances have shown is possible
    • in 1997 on Internet in a few months
    • in 1998 on dedicated h/w (EFF) in a few days
    • in 1999 above combined in 22hrs!
  4. still must be able to recognize plaintext
  5. now considering alternatives to DES

Strength of DES – Timing Attacks:

  1. attacks actual implementation of cipher
  2. use knowledge of consequences of implementation to derive knowledge of some/all subkey bits
  3. specifically use fact that calculations can take varying times depending on the value of the inputs to it
  4. particularly problematic on smartcards

Strength of DES – Analytic Attacks:

  1. now have several analytic attacks on DES
  2. these utilise some deep structure of the cipher
    • by gathering information about encryptions
    • can eventually recover some/all of the sub-key bits
    • if necessary then exhaustively search for the rest
  3. generally these are statistical attacks
  4. include
    • differential cryptanalysis
    • linear cryptanalysis
    • related key attacks

Triple DEA:

  1. Use three keys and three executions of the DES algorithm (encrypt-decrypt-encrypt)
    • C = ciphertext
    • P = Plaintext
    • EK[X] = encryption of X using key K
    • DK[Y] = decryption of Y using key K
  2. Effective key length of 168 bits
  3. C = EK3(DK2(EK1(P)))


Leave a Reply

Your email address will not be published. Required fields are marked *