Article Directory
Before AEC (Advanced Encryption Standard) was introduced in 2001, the most commonly used encryption mechanism was DES (Data Encryption Standard). DES uses the Feistel cipher structure we introduced in "Symmetric Encryption Algorithm (2) (Block Cipher, Feistel Cipher)" , in which the input data will be grouped into 64-bit blocks and encrypted The key length is 56 bits.
DES Encryption
The encryption process of DES is shown in the figure below:
Although the input to the algorithm is a 64-bit key, in practice we only use 56 bits , and the remaining 8 bits can be parity bits or whatever.
First, the 64-bit plaintext input undergoes an initial permutation ( Initial permutation) to scramble the bit position. The rules for this initial replacement are shown in the table below:
That is, the inputted 58th digit is changed to the first digit, the 50th digit is changed to the second digit...and so on, and the last digit is the original 7th digit.
Next is 16 rounds of calculations, which will include a series of operations such as permutation and substitution . The output of the last round (16) first goes through a 32-bit swapto swap the 32 bits of its left half with the 32 bits of its right half. The output after the exchange is subjected to the inverse functioninitial permutation of the initial arrangement ( ) , and the final 64-bit output ciphertext is obtained.
Look at the right half of the picture again. Initially, the key is passed into a permutation function ( permuted choice 1). Then, for each of the 16 rounds, a subkey ( K i K_iKi), which is produced by a combination of a left circular shift ( Left circular shift) and a permutation ( permuted choice i). The permutation function of each round is the same , but since we are constantly performing cyclic shifts, different subkeys will be generated.
DES Decryption
Exactly the same as the Festel cipher, the decryption process of DES is the same as the algorithm of the encryption process, except that the order of using the subkeys is reversed. Inverse initial permutationAnd Initial permutationthe order of and should be reversed.
Example
Let's illustrate the algorithm flow of DES through a specific example.
Our plaintext, key and ciphertext are as follows (in hexadecimal):
The specific process of encryption is shown in the figure below. Initial permutationThe first line represents the left and right half of the plaintext after the initial permutation ( ). The remaining 16 lines are the respective outputs of the 16 rounds and the 48-bit subkey used in that round. From the table, we can easily see the following relationship:
L i = R i − 1 L_i=R_{i-1}Li=Ri−1
The Avalanche Effect
The avalanche effect refers to a desirable property of encryption algorithms, especially block ciphers and cryptographic hash functions. The avalanche effect is when the slightest change in the input (for example, flipping a binary bit) also results in an indistinguishable change in the output (ciphertext can change dramatically).
Baidu Encyclopedia
We assume that the fourth bit of the plaintext changes, and the corresponding hexadecimal form becomes 12468aceeca86420. In the figure below, the second column is the comparison between the original output of each round and the output of each round after changing the plaintext. The third column helps us count the number of changed bits. It can be seen that after only 3 rounds, 18 bits have occurred changed. The final ciphertext produces a 32-bit change.
Similarly, when the 4th bit of the key is changed, the key becomes 1f1571c947d9e859, and the number of bit changes per round is as follows:
In the end, almost half of the number of bits will also change.
The Strength of DES
The Use of 56-Bit Keys
A key of 56 bits means we will have 2 56 2^{56}25 6 possible keys, that is approximately7.2 × 1 0 16 7.2\times 10^{16}7 . 2x1 016 . _ Therefore, the brute force cracking method seems to be difficult to decrypt.
Assuming that half the key space needs to be searched on average, a machine doing DES encryption every microsecond would take more than a thousand years to crack the cipher.
However, the assumption of one encryption every microsecond is too conservative. Back in 1977, Diffie and Hellman speculated that, with the technology available at the time, it was possible to build a parallel machine with 1 million encryption devices , each capable of encrypting once every microsecond. This will bring the average search time down to about 10 hours. They estimated the cost at about $20 million in 1977 dollars.
With current technology, it is not even necessary to use special, specialized hardware. Conversely, the speed of commercial, off-the-shelf (not custom) processors can threaten the security of DES. A recent paper from Seagate Technology shows that, for today's multi-core computers, a billion ( 1 0 9 10^91 09 ) times of encryption is entirely feasible. And with contemporary supercomputer technology, it can even reach1 0 13 10^{13}1 01 3 encryption rates. The graph below shows the time it takes to brute force when using these methods:
It can be seen that a single personal computer can crack DES in about a year; if multiple personal computers work in parallel, the time will be greatly shortened. Today's supercomputers should be able to find a key in about an hour. Key sizes of 128 bits or greater are practically impossible to crack by simple brute force methods. The AES mentioned in the table will also be introduced in a later article.
The Nature of the DES Algorithm
The question we still need to consider is whether cryptanalysis can be cracked by some properties of DES.
The focus is on the eight substitution tables, so-called S-boxes, used in each iteration .
S-box (Substitution-box) is the basic structure of symmetric key algorithm to perform substitution calculation. The S-box is used in the block cipher algorithm, which is the only non- linear structure , and the quality of its S-box index directly determines the quality of the cipher algorithm.
Baidu Encyclopedia
Since the design criteria of these S-boxes, and even the design criteria of the entire algorithm are not disclosed, it is suspected that an attacker who knows the weakness of the S-box may decipher DES through cryptanalysis. But so far, no one has discovered the Achilles' heel of the S box.
References
Cryptography and Network Security: Principles and Practice, 7th Edition, ISBN 978-0-13-444428-4, by William Stallings, published by Pearson Education.