The Data Encryption Standard (DES) was introduced in 19xx and is formally defined in FIPS 46-3 Using a 56-bit key (usually entered as a 64-bit value with odd parity bits), working on a 64-bit data block. There are several modes for using DES to encrypt blocks of data that may be more (or less) than 8 bytes in size. Click here for more details on how DES works.

The 56-bit key used by DES is no longer sufficient for good security, but many applications use triple-DES (encrypt using key part A, decrypt using key part B, encrypt using key part A) to acheive a 112-bit key while maintaining compatibility with plain DES (using key part A = key part B).


Message
ASCII Hexadecimal
DES Key/Triple DES Key Part A
Triple DES Key Part B

Output message
ASCII Hexadecimal
10/27/06: I have decided to not allow the key to changed to reduce the chance of this page being used to solve homework problems
Details:

How DES works

Encryption starts with an initial permutation of the 64 input bits. These bits are then divided into two 32-bit halves called L and R. The encryption then proceeds through 16 rounds, each using the existing L and R parts, and a
subkey. The R and subkeys are processed in a function f, and the output of the f function are exclusive-or'ed with the existing L part to create the new R part. The new L part is simply a copy of the incoming R part. In the final round, the L and R parts are swapped once more before the final permutation producing the output block.

Decryption is identical to encryption, except that the subkeys are used in the opposite order. That is, subkey 16 is used in round 1, subkey 15 is used in round 2, etc., ending with subkey 1 being used in round 16.

Here is a diagram of the DES algorithm:
Diagram of DES encryption

The f function

The f function mixes the bits of the R portion using the subkey for the current round. First the 32-bit R value is expanded to 48 bits using a permutation E. That value is then exclusive-or'ed with the subkey. The 48 bits are then divided into eight 6-bit chunks, each of which is fed into a S-Box that mixes the bits and produces a 4-bit output. Those 4-bit outputs are combined into a 32-bit value, and permuted once again to produce the f-function output.

DES F function

Subkey Generation

To generate the subkeys, start with the 56-bit key (64 bits if you include the parity bits). These are permuted and divided into two halves called C and D. For each round, C and D are each shifted left circularly one or two bits (the number of bits depending on the round). The 48-bit subkey is then selected from the current C and D bits.
DES Key Generation Diagram


Return to my
home page
Go to the EKU CS Department page