We live so much of our lives today on the internet. Whether it’s for storing our personal information, finding entertainment, making purchases, or doing our jobs, our society relies increasingly on an online presence.
This increased dependence on the internet means that information security is more important than ever. The stakes are too high now. Users need to know that their sensitive data is kept confidential, unmodified, and readily available to authorized readers.
Data encryption is just one weapon in the cybersecurity arsenal, but it’s one of the oldest and most used. And since no discussion about data encryption is complete without talking about DES, here we are!
Data Encryption Standard (DES)
DES stands for Data Encryption Standard. There are certain machines that can be used to crack the DES algorithm. The DES algorithm uses a key of 56-bit size. Using this key, the DES takes a block of 64-bit plain text as input and generates a block of 64-bit cipher text.
The DES process has several steps involved in it, where each step is called a round. Depending upon the size of the key being used, the number of rounds varies. For example, a 128-bit key requires 10 rounds, a 192-bit key requires 12 rounds, and so on.
What is the DES Algorithm in Cyber Security?
The DES (Data Encryption Standard) algorithm is a symmetric-key block cipher created in the early 1970s by an IBM team and adopted by the National Institute of Standards and Technology (NIST). The algorithm takes the plain text in 64-bit blocks and converts them into ciphertext using 48-bit keys.
Since it’s a symmetric-key algorithm, it employs the same key in both encrypting and decrypting the data. If it were an asymmetrical algorithm, it would use different keys for encryption and decryption.
History of DES Algorithm
DES is based on the Feistel block cipher, called LUCIFER, developed in 1971 by IBM cryptography researcher Horst Feistel. DES uses 16 rounds of the Feistel structure, using a different key for each round.
DES became the approved federal encryption standard in November 1976 and was subsequently reaffirmed as the standard in 1983, 1988, and 1999.
DES’s dominance came to an end in 2002, when the Advanced Encryption Standard (AES) replaced the DES encryption algorithm as the accepted standard, following a public competition to find a replacement. The NIST officially withdrew FIPS 46-3 (the 1999 reaffirmation) in May 2005, although Triple DES (3DES), remains approved for sensitive government information through 2030.
Gain expertise in IT Security including security and risk management, and more with CISSP Certification Training Course. Check out course curriculum.
Initial Permutation (IP)
The plain text is divided into smaller chunks of 64-bit size. The IP is performed before the first round. This phase describes the implementation of the transposition process. For example, the 58th bit replaces the first bit, the 50th bit replaces the second bit, and so on. The resultant 64-bit text is split into two equal halves of 32-bit each called Left Plain Text (LPT) and Right Plain Text (RPT).
Step 1: Key Transformation
We already know that the DES process uses a 56-bit key, which is obtained by eliminating all the bits present in every 8th position in a 64-bit key. In this step, a 48-bit key is generated. The 56-bit key is split into two equal halves and depending upon the number of rounds the bits are shifted to the left in a circular fashion.
Due to this, all the bits in the key are rearranged again. We can observe that some of the bits get eliminated during the shifting process, producing a 48-bit key. This process is known as compression permutation.
Step 2: Expansion Permutation
Let's consider an RPT of the 32-bit size that is created in the IP stage. In this step, it is expanded from 32-bit to 48-bit. The RPT of 32-bit size is broken down into 8 chunks of 4 bits each and extra two bits are added to every chunk, later on, the bits are permutated among themselves leading to 48-bit data. An XOR function is applied in between the 48-bit key obtained from step 1 and the 48-bit expanded RPT.
Triple DES Algorithm
Triple DES is a symmetric key-block cipher which applies the DES cipher in triplicate. It encrypts with the first key (k1), decrypts using the second key (k2), then encrypts with the third key (k3). There is also a two-key variant, where k1 and k3 are the same keys.
- The NIST had to replace the DES algorithm because its 56-bit key lengths were too small, considering the increased processing power of newer computers. Encryption strength is related to the key size, and DES found itself a victim of the ongoing technological advances in computing. It reached a point where 56-bit was no longer good enough to handle the new challenges to encryption.
- Note that just because DES is no longer the NIST federal standard, it doesn’t mean that it’s no longer in use. Triple DES is still used today, but it’s considered a legacy encryption algorithm. Note that NIST plans to disallow all forms of Triple-DES from 2024 onward.
Now in our understanding of what is DES, let us next look into the DES algorithm steps.
DES Algorithm Steps
To put it in simple terms, DES takes 64-bit plain text and turns it into a 64-bit ciphertext. And since we’re talking about asymmetric algorithms, the same key is used when it’s time to decrypt the text.
The algorithm process breaks down into the following steps:
- The process begins with the 64-bit plain text block getting handed over to an initial permutation (IP) function.
- The initial permutation (IP) is then performed on the plain text.
- Next, the initial permutation (IP) creates two halves of the permuted block, referred to as Left Plain Text (LPT) and Right Plain Text (RPT).
- Each LPT and RPT goes through 16 rounds of the encryption process.
- Finally, the LPT and RPT are rejoined, and a Final Permutation (FP) is performed on the newly combined block.
- The result of this process produces the desired 64-bit ciphertext.
The encryption process step (step 4, above) is further broken down into five stages:
- Key transformation
- Expansion permutation
- S-Box permutation
- P-Box permutation
- XOR and swap
For decryption, we use the same algorithm, and we reverse the order of the 16 round keys.
Next, to better understand what is DES, let us learn the various modes of operation for DES.
DES Modes of Operation
Experts using DES have five different modes of operation to choose from.
- Electronic Codebook (ECB). Each 64-bit block is encrypted and decrypted independently
- Cipher Block Chaining (CBC). Each 64-bit block depends on the previous one and uses an Initialization Vector (IV)
- Cipher Feedback (CFB). The preceding ciphertext becomes the input for the encryption algorithm, producing pseudorandom output, which in turn is XORed with plaintext, building the next ciphertext unit
- Output Feedback (OFB). Much like CFB, except that the encryption algorithm input is the output from the preceding DES
- Counter (CTR). Each plaintext block is XORed with an encrypted counter. The counter is then incremented for each subsequent block
We will next improve our understanding of what DES is, let us look into the DES implementation and testing.
DES Implementation and Testing
DES implementation requires a security provider. However, there are many available providers to choose from, but selecting one is the essential initial step in implementation. Your selection may depend on the language you are using, such as Java, Python, C, or MATLAB.
Once you decide on a provider, you must choose whether to have a random secret key generated by the KeyGenerator or create a key yourself, using a plaintext or byte array.
It’s also essential to test the encryption to make sure it is properly implemented. You can find a testing procedure that will do the trick using the recurrence relation found on GitHub.
Now that we have come so far in our understanding of what is DES, let us next look into the reasons to learn DES.
Applications of DES Algorithm
In this section, we are going to learn about some of the applications of the DES Algorithm.
- It is used in random number generation
- It is deployed when not-so-strong encryption is needed
- It is used to develop a new form of DES, called Triple DES (using a 168-bit key formed using three keys)
Difference Between DES and AES algorithms
Used to encrypt plain text of 64-bit
Used to encrypt plain text of 128-bit
The key is of 56-bit size.
The key is of different sizes such as 128-bits, 192-bits, and so on
Less secure than AES
More secure than DES
It can be broken by brute force attacks
To date, AES has not been attacked
It is based on Feistel network
It is based on permutation and substitution network
Advantages and Disadvantages of DES Algorithm
The advantages of the DES algorithm:
- It is set as a standard by the US government.
- When compared to the software, it works faster on hardware.
- Triple DES, used a 168-bit key which is very hard to crack.
The disadvantages of the DES algorithm:
- Weakly secured algorithm.
- There is a threat from Brute force attacks.
- A DES cracker machine known as Deep Crack is available in the market.
Steps for Encryption
There are multiple steps involved in the steps for data encryption. They are:
- Permutate the 64-bits in the plain text and divide them into two equal halves.
- These 32-bit chunks of data will undergo multiple rounds of operations.
- Apply XOR operation in between expanded right plain text and the compressed key of 48-bit size.
- The resultant output is sent to the further step known as S-box substitution.
- Now apply the XOR function to the output and the left plain text and store it in the right plain text.
- Store the initial right plain text in the left plain text.
- Both the LPT and RPT halves are forwarded to the next rounds for further operations.
- At the end of the last round, swap the data in the LPT and RPT.
- In the last step, apply the inverse permutation step to get the cipher text.
Steps for Decryption
The steps involved in the steps for data decryption are:
1. The order of the 16 48-bit keys is reversed such that key 16 becomes key 1, and so on.
2. The steps for encryption are applied to the ciphertext.
If DES is Becoming Irrelevant, Why Learn It?
Despite DES losing the lofty position of being the go-to data encryption standard algorithm, it’s still worth learning. There will always be room for the DES algorithm in cryptography because it was the foundation for subsequent encryption algorithms. If you understand the origins of data encryption, you will consequently have an easier time grasping the basics of current encryption methods.
Have a look at the video below which explains steps for encryption and decryption in detail, future of the Data Encryption Standard in cryptography and live example to further highlight the characteristics of DES encryption.After having gone through and understanding what is DES, let us look into ways to improve our cybersecurity skills.
Do You Want to Improve Your Cybersecurity Skills?
Encryption is just one aspect of cybersecurity. There is so much to learn in this vast field beginning, and the more you know, the more marketable a candidate you become when looking for a career in the field. One can never possess too much knowledge!
To that end, Simplilearn offers an impressive variety of cybersecurity-related courses for your benefit. You can learn to become a “white hat hacker” through the CEH (v10) Certified Ethical Hacking course, or become a security systems auditor with CISA certification. You can gain a deeper understanding of managing and governing enterprise IT environments with the COBIT Certification Training course or learn the principles of network security and risk management through the CompTIA Security+ Certification - SY0-501 Exam Training course.
If, on the other hand, you won’t settle for anything less than becoming a full-fledged cybersecurity professional, go for the Cybersecurity Expert Master’s program. The program features a half-dozen courses that will impart the necessary foundational, intermediate and advanced security skills for you to become a cybersecurity expert.
Test yourself in information security concepts and other aspects of IT security with these CISSP Exam Prep Questions. Try answering now!
How Would You Like a Career in Cybersecurity?
After having learned all about what is DES, if you need a good launching point for a cybersecurity career, then you should check out Simplilearn’s CISSP Certification course. This outstanding Certified Information Systems Security Professional (CISSP) course teaches you how to define a secure IT architecture, and subsequently, design, build and maintain a secure business environment using globally approved information security standards. The course explores the industry best practices for IT and prepares you for the CISSP certification exam administered by (ISC)².
You receive more than 60 hours of in-depth learning, five simulation test papers for CISSP certification exam preparation, the requisite 30 CPEs needed for taking the exam, and a CISSP exam voucher. According to Payscale, a Security Operations Specialist earns an annual average of USD 80,000. Today, there is a growing shortage of cybersecurity professionals, so if you want a career that offers security and excellent compensation, visit Simplilearn and get started!