Laynetworks  
Web laynetworks.com Google
Home | Site Map | Tell a friends
Management Tutorials
Download
Tutorials
History
Computer Science
Networking
OS - Linux and Unix
Source Code
Script & Languages
Protocols
Glossary
IGNOU
Quiz
About Us
Contact Us
Feedback
 
Sign up for our Email Newsletter
 
Get Paid for Your Tech Turorials / Tips

   

DES Explanation
Data Encryption Standard (DES) is a widely-used method of data encryption using a private (secret) key that was judged so difficult to break by the U.S. government that it was restricted for exportation to other countries. There are 72,000,000,000,000,000 (72 quadrillion) or more possible encryption keys that can be used. For each given message, the key is chosen at random from among this enormous number of keys. Like other private key cryptographic methods, both the sender and the receiver must know and use the same private key. 

It was developed in the 1970s by the National Bureau of Standards with the help of the National Security Agency. Its purpose is to provide a standard method for protecting sensitive commercial and unclassified data. IBM created the first draft of the algorithm, calling it LUCIFER. DES officially became a federal standard in November of 1976. 

To understand this implementation, you'll first need to understand bit operations and read some more general explanations of DES.

In general, DES takes as input a 64 bit key, of which only 56 bits are used. From these 56 bits, 16 48 bit subkeys are created. The message is split into 64 bit chunks, and a complex series of steps enciphers the message using each subkey. As Javascript only supports 32 bit integers, all 48 or 64 bit integers are represented by two 32 bit integers in an array. 
Creating the Keys - PC1
DES must first create the 16 subkeys. First, the 8 character string representing the key is turned into two integers which are passed to the des_createKeys function. The bits of these two integers are then reorganised according to PC1 (permuted choice 1). The bits end up in the following places:

57 49 41 33 25 17 9 1
58 50 42 34 26 18 10 2
59 51 43 35 27 19 11 3
60 52 44 36 0 0 0 0
63 55 47 39 31 23 15 7
62 54 46 38 30 22 14 6
61 53 45 37 29 21 13 5
28 20 12 4 0 0 0 0
This means that the first 57th bit of the original key becomes the first bit, etc. The permuting is done using a permutation sequence, which is a clever way of rotating and switching bits between 2 integers. For instance, temp = ((left >>> 4) ^ right) & 0x0f0f0f0f; right ^= temp; left ^= (temp << 4); rotates 4x4 blocks of bits:
33 34 35 36 1 2 3 4
41 42 43 44 9 10 11 12
49 50 51 52 17 18 19 20
57 58 59 60 25 26 27 28
37 38 39 40 5 6 7 8
45 46 47 48 13 14 15 16
53 54 55 56 21 22 23 24
61 62 63 64 29 30 31 32
I found this permutation function in Eric Young's C implementation. He gives credit to John Fletcher for determining the most efficient way to do PC1.

Creating the Keys - Left Shifts
In other DES explanations, the first 28 bits out of PC1 is called C, and the last 28 bits is D. (Note that PC1 only uses 56 of the original 64 bits.) These are then left shifted according to a schedule until 16 subkeys are created. For instance, C1 and D1 are created by left shifting C and D by one place, C2 and D2 by a further one place, etc. Here is what C1 and D1 look like relative to C and D:

2 3 4 5 6 7 8 9
10 11 12 13 14 15 16 17
18 19 20 21 22 23 24 25
26 27 28 1 0 0 0 0
34 35 36 37 38 39 40 41
42 43 44 45 46 47 48 49
50 51 52 53 54 55 56 57
58 59 60 33 0 0 0 0

Creating the Keys - PC2
The 16 subkeys (C1 and D1 through to C16 and D16) are then permuted according to PC2 to create 16 subkeys of 48 bits each. PC2 seems to be a random bit sequence and so the permutation sequence above can't be used. Instead the bits are permuted 4 at a time using the pc2bytes array of arrays. pc2bytes contains 14 subarrays (one for each 4 bits of the 56 bit subkeys). Each subarray contains 16 elements. Every four bits of a subkey are looked up in the corresponding array and the results are all added together. For example, if the first four bits of C1 are 0100 in binary, then the fourth element of pc2bytes[0], 0x00010000 is added to the result. This has the result of moving the 2nd bit of C1 to the 16th bit of the result (some bit shifting is also applied at the end to put everything in the right place). Here is what the resulting K1 though K16 look like relative to C1 and D1 through C16 and D16. Note that this is different from the PC2 given in other DES explanations, the reason for this is explained further down.

0 0 3 28 15 6 21 10
0 0 16 7 27 20 13 2
0 0 34 44 55 49 37 52
0 0 50 46 54 40 33 36
0 0 14 17 11 24 1 5
0 0 23 19 12 4 26 8
0 0 45 56 35 41 51 59
0 0 48 53 43 60 38 57

Encrypting the Message - IP1
With 16 subkeys created, we are now ready to deal with the message. First the whole message is turned into and array of 32 bit integers, then the message is encrypted or decrypted 64 bits at a time. The first step is to perform the permuation IP. This again uses the permutation sequence. Eric Young gives credit to Richard Outerbridge for helping make this more efficient.

58 50 42 34 26 18 10 2
60 52 44 36 28 20 12 4
62 54 46 38 30 22 14 6
64 56 48 40 32 24 16 8
57 49 41 33 25 17 9 1
59 51 43 35 27 19 11 3
61 53 45 37 29 21 13 5
63 55 47 39 31 23 15 7

Encrypting the Message - E
The resulting 64 bits are then encrypted or decrypted using the 16 subkeys. This requires 16 steps, during which the left and right half of the 64 bit message are alternatively operated on. The operation involves taking 32 bits (called R in other explanations), permuting it according to E (which expands are from 32 to 48 bits), XORing with one of the 48 bit subkeys to produce a different 48 bits, then passing it through the S selection functions to get it back down to 32 bits, and finally permuting through P. Note that the E used here (displayed below) is different from other Es, for the reason explained below.

0 0 3 4 5 6 7 8
0 0 11 12 13 14 15 16
0 0 19 20 21 22 23 24
0 0 27 28 29 30 31 32
0 0 31 32 1 2 3 4
0 0 7 8 9 10 11 12
0 0 15 16 17 18 19 20
0 0 23 24 25 26 27 28

Encrypting the Message - S Selection Functions
The step above expands 32 bits into 48 bits, and then XORs them with a subkey. The result is passed through the S selection functions. There are 8 of these functions (labelled S1 through S8 would you believe) which convert 6 bits into 4 bits. (Their randomness is part of the reason why DES is so powerful, because a 1 bit uncertainty in the input yields 4 bits of uncertainty in the output.) The first 6 bits of the output from the E permuation above are passed through S2, the next 6 through S4, then S6, S8, S1, S3, S5 and S7. Using this ordering makes it easier to perform E (as it is essentially done by duplicating the 32 bits), and PC2 was also changed to compensate for this. As with PC2, a series of 8 spfunction arrays of 64 elements are used to perform the S functions. I can't show the output of the S functions because it is not about bit movements. The 6 input bits to each S function could produce any one of 16 results. Note that a further efficiency is applied by shifting the input one bit to the left before encrypting, instead of during each encryption step (and the spfunction are also shifted one left to compensate).

Encrypting the Message - P
The 32 bit output from the S functions is permuted again according to P. For efficiency, this permuation is done as part of the S functions array. For example, the first 6 bits out of E are looked up in the second S array, spfunction2. If these 6 bits are all zero, then 0x40084010 is added to the result. If you refer to other DES descriptions, they will tell you exactly what the S functions are, and you would see that the zeroth element of S2 is 15. This means that if you pass binary 000000 into S2, you get 1111 as output. These four bits are then moved around according to P (remembering to shift them left once as well) and the result is 0x80108020. Specifically, the bits are moved to positions 12, 27, 1, and 17.

Encrypting the Message - IP-1
After going through the above steps 16 times, the 64 bits are passed through IP-1 to produce the cipher text. Decryption is performed using exactly the same process but the subkeys are applied in the reverse order.

40 8 48 16 56 24 64 32
39 7 47 15 55 23 63 31
38 6 46 14 54 22 62 30
37 5 45 13 53 21 61 29
36 4 44 12 52 20 60 28
35 3 43 11 51 19 59 27
34 2 42 10 50 18 58 26
33 1 41 9 49 17 57 25

DES Modes
There are several different modes in which DES can be run. ECB (Electronic Codebook) mode is the simplest mode. In this mode, each 64 bit chunk of the input message is treated independently, thus it is also the least secure. In CBC (Cipher Block Chaining) mode, you supply a 64 bit input vector. The first 64 bits of the message are XORed with this before encrypting. The second 64 bits are then XORed with the cipher text from the first 64 bit before encrypting it, and so on.

In triple DES, every eight bytes are operated on three times (for instance, a triple DES encryption will encrypt, decrypt, and encrypt the data) before being appended to the result. CBC mode uses the result of the first 8 byte triple DES encryption to feed back into the algorithm.

Algorithm Speed
The first Javascript DES implemention worked fine for small data sets, but slowed down incredibly on larger blocks. By making a few changes, the speed has been increased dramatically. These changes were: storing the message and result as strings rather than arrays (which take a comparitively long time to look things up); creating the result string in blocks rather than one character at a time (periodically adding 512 characters to a 32000 character string is much faster than adding one character at a time); and bringing all global variables inside the functions (which also meant undoing the previous permute function). Below is a table showing the speed increase on a Pentium 200 with Windows 98 and Internet Explorer 5. I also tested it in the Galleon browser under Redhat Linux 7.2 on the same machine (sadly it was quite a bit slower). This times the single DES algorithm in ECB mode, in milliseconds.

 

  Windows 98, IE 5.5 Redhat 7.2
Galleon
  Before After
Bytes ms ms/kb ms ms/kb ms ms/kb
256 110 440 77 307 176 704
512 184 367 110 220 296 591
1024 384 384 204 204 598 598
2048 770 385 400 200 1,138 569
4096 1,647 412 827 207 2,195 549
8192 3,770 472 1,590 199 4,352 544
16384 10,254 641 3,260 204 8,596 538
32768 39,677 1,240 6,517 204 17,490 547

Functions Provided
Below are descriptions of each of the functions used in this DES implementation. The first few are the core DES functions. The second set are not required to run DES but were of great help in debugging and creating the pc2bytes and spfunction arrays. The source code of these extra functions is provided below. (Find the DES source on the next page).

  • des - does DES, takes it's input as strings and calls des_crypt
  • tripledes - does DES three times
  • des_crypt - performs DES, but takes it's input as arrays of integers
  • des_cipher - does the encrypting or decrypting by applying E, the S functions and P
  • des_createKeys - given the left and right 32 bits of the key, creates an array of 16 subkeys
  • printHex - prints an integer in hexidecimal
  • printBinary - prints a number in binary
  • stringToIntegers - converts a string into an array of 32 bit integers
  • integerToStrings - converts an array of 32 bit integers into a string
  • moveBits - this is used to produce an array such as pc2bytes which can move bits around
  • convertSfunction - converts an S function as found in other DES explanations into the right order
  • createSfunction - produces the spfunction array given the P bit movements and an S selection function
  • wherethingsgo - used throughout this page to show what a piece of code does to the bits
  • timeTrial - used to time how long encryption took for different sized input

Posted from http://www.shopable.co.uk/des_explain.html with permission. Special thanks to Paul

Next (JavaScript DES Implementation)


Are you interested in computer based training (CBT?)  If you want to earn your A+ Certification, we can help!  Our A+ Certification software will help you succeed in all of your computer needs.  If you need extensive computer training sign online today!

 
Donation | Useful links | Link to Laynetworks.com | Legal
Copyright © 2000-2010 Lay Networks All rights reserved.