[One of the cryptographic algorithms] Analysis of symmetric encryption algorithm DES \ 3DES

1. What is DES?

  DES (Data Encryption Standard) is a symmetric cipher (FIPS 46-3) adopted in the US Federal Information Processing Standard (FIPS) in 1977. DES has been widely used by governments and banks in the United States and other countries.
  However, with the advancement of computers, DES can now be cracked violently, and its strength is not as good as before. At the end of the 20th century, RSA held a competition to decipher DES (DES Challenge). As a result, it took 96 days to decipher the secret key in DES Challenge I in 1997, 41 days in DES Challenge II-1 in 1998, and DES Challenge in 1998. It took 56 hours in II-2 and only 22 hours and 15 minutes in DES Challenge III in 1999.
  Since the ciphertext of DES can be deciphered in a short time, we should not use DES now except to use it to decrypt the previous ciphertext.

  DES encrypts 64-bit plaintext (bit sequence) as a unit, and this 64-bit unit is called a "packet". A cryptographic algorithm that is processed in units of blocks is called a "block cipher", and DES is one of the block ciphers.
  DES can only encrypt 64-bit data at a time. Therefore, if the plaintext to be encrypted is relatively long, it is necessary to iterate (repeat) the DES encryption, and the specific method of iteration is called a mode. For a detailed analysis of the mode, please refer to another article: [Cryptographic Algorithm 3] Analysis of block cipher working mode (ECB \ CBC \ CFB \ OFB \ CTR \ XTS) .

2. Principle

  The basic structure of DES was designed by Horst Feistel, so it is called Feistel network, Feistel structure or Feistel cipher. This structure is not only used in DES, but also in many other cryptographic algorithms.
  In this network, each step of encryption is called a round, and the entire encryption process is a cycle of several rounds. DES is a 16-round round-robin Feistel network.

2.1 One-round Feistel network

  The figure above shows a round of data processing in the Feistel network. The input data is divided into left and right halves and processed separately. In the figure above the left half is called "left side" and the second half is called "right side".
  The "sub-key" in the middle refers to the key used in this round of encryption. In the Feistel network, a different sub-key is required for each round. Since the sub-key can only be used in one round, it is a "local key", so it is called a sub-key (subkey).
  The role of the round function is to generate a bit sequence that encrypts the "left side" according to the "right side" and the sub-key, which is the core of the entire cryptographic system. The output of the round function is XORed with the "left side", and the result obtained is the "encrypted left side", and the "right side" of the input is directly called the "encrypted right side".

The overall steps of one round of operation are as follows:

• Divide the input data into left and right halves equally;
• Send the right side of the input directly to the right side of the output;
• Send the right side of the input to the "round function";
• The round function calculates a string of random bit sequences based on the data on the right and the sub-key;
• Exclusive OR (XOR) operation is performed on the random bit sequence obtained in step 4 and the "left side data", and the data result is used as the encrypted left side.

2.1 Multi-round Feistel network

• In the Feistel operation, it is necessary to use different sub-keys to repeat a round of data several times, and swap the "left data" and "right data" between each round of processing;
• The output of the last round of calculation does not need to be swapped;
• Due to the characteristics of XOR, if you use the same secret key to perform a round of encryption, and then run it again, you will get the plaintext again;
• The decryption process of the Feistel network only needs to use the sub-key in the reverse order of encryption to complete the data decryption operation;
• The number of rounds of the Feistel network can be increased arbitrarily, no matter how many rounds of calculations are performed, there will be no situation where it cannot be decrypted;
• Encryption and decryption are implemented using exactly the same structure, which is a feature of the Feistel network;

3. 3DES（TDEA）

  Triple DES (triple-DES) is a cryptographic algorithm obtained by repeating DES three times in order to increase the strength of DES. It is also called TDEA (Triple Data Encryption Algorithm), usually abbreviated as 3DES.
  The triple DES encryption and decryption process is as follows:

• Encryption process: encryption (key 1) -- decryption (key 2) -- encryption (key 3)
• Decryption process: decryption (key 1) -- encryption (key 2) -- decryption (key 3)
• If the secret key 1, secret key 2, and secret key 3 use exactly the same secret key, then 3DES and DES are exactly the same
• If key 1 and key 3 use the same key, but key 2 uses a different key, this triple DES is called DES-EDE2, as shown in the following figure:

4. Subkey

  The input key of DES is usually 64bit, and every 8th bit is used as a parity bit of the first 7 bits. No one knows the reason for standardizing DES in this way. These 8 parity bits are not real. The key bit does not increase the security of the key, so DES is actually a 56-bit password, not a 64-bit one.
  The sub-keys (also called round keys) are obtained from the original 56-bit key with 16 round keys k _i , and each round key k _i is 48 bits.

  The initial permutation table PC-1 of the round key is as follows: As shown

  in the above table, the permutation means that the 57th digit before the permutation is placed in the 0th digit after the permutation, and the 49th digit before the permutation is placed in the 1st digit after the permutation Place the 41st bit before the replacement in the 2nd bit after the replacement, and so on for the others. The replacement principle of PC-2 is exactly the same as that of PC-1.

  PC-2 round key replacement is as follows:

  The DES encryption time wheel key generation process is shown in the following figure:

1. Divide the obtained 56-bit secret key into two parts, C ₀ and D _{0 , each part is 28 bits;}
2. The left and right parts with a length of 28 bits will be moved periodically by 左1 or 2 bits (that is, circular movement), and the number of bits to be moved depends on 轮数ithe rules as follows:
     (1) i= 1, 2, 9 , In 16 rounds, both the left and right parts are shifted to the left by 1 bit;
     (2) In other rounds, both the left and right parts are shifted to the left by 2 bits;
     (3) The total number of cyclic shifts is: 4*1 + 12 * 2 = 28, and then get an interesting property, that is, C ₀ = C ₁₆ and D ₀ = D ₁₆ , which is very useful for reverse order generation of decryption sub-keys.

5. Summary

• DES and 3DES belong to the "block cipher" algorithm, and currently belong to the "not recommended, use with caution" algorithm;
• The packet lengths of DES and 3DES are both 64bit（8字节）;
• The key length of DES is 64bit（8字节）, and the real effective key length is 56bit;
• The key length of 3DES is 192bit（24字节）, and the actual effective key length is 168bit;

Link addresses of various algorithms are as follows:
[Cryptographic Algorithm Zero] Symmetrical algorithms (DES, 3DES, AES, DM5, HMAC, CMAC, SHAxx, SM3, SM4), asymmetrical algorithms (RSA, ECC, ECDSA, ECDH, SM2 , SM9...)