This week's cryptography experiments require the use of any programming language des encryption algorithm, so I looked up the relevant information with the following results.
First, DES algorithm as the classical block cipher (block cipher), the main implementation process consists of two parts, namely, the process of generating the key and plaintext.
Encryption process shown generally in FIG.
As the block cipher, plaintext, and the key input of the input 64-bit binary numbers are.
First of all the following key generation process.
The key processing section shown in FIG.
Input key is 64 bits, e.g. 0,001,001,100,110,100 0,101,011,101,111,001 1,001,101,110,111,100 1,101,111,111,110,001, pc-1 and then through cartridge replacement, removes multiple of 8 bits each (parity bits) and out of order, the key becomes 56. pc-1 permutation table below ( numbers represent the original position of the box is the key, rather than data )
1 57,49,41,33,25,17,9,1, 2 58,50,42,34,26,18,10,2, 3 59,51,43,35,27,19,11,3, 4 60,52,44,36,63,55,47,39, 5 31,23,15,7,62,54,46,38, 6 30,22,14,6,61,53,45,37, 7 29,21,13,5,28,20,12,4
In other words, after the replacement of the original box pc-1 No. 57 to No. 1 will be 1, 49 of the original data will go to the first two, and so on. DES encryption key in the process, such substitutions way often.
After replacing the pc-1 cassette, the original 56-bit key is divided into two groups becomes c0, d0. Then go through d0 and l0 Rotate Left (left shift) processing.
For example, a bunch of keys is 1010101, after one cycle of the left becomes 0101011, which left several cycles, the leftmost few data will be immediately behind, left to achieve a result. The key block are referred to as left c1, d1. At this time, the combination of c1 and d1, through the replacement of pc-2 (similar to the pc-1).
1 14,17,11,24,1,5, 2 3,28,15,6,21,10, 3 23,19,12,4,26,8, 4 16,7,27,20,13,2, 5 41,52,31,37,47,55, 6 30,40,51,45,33,48, 7 44,49,39,56,34,53, 8 46,42,50,36,29,32
After replacing the pc-2 cartridge, the original 56-bit key 48 becomes. This time, the first sub-key encryption can be used for k1 is generated better. During des key generation algorithm, the master key will cycle through 16 the left and pc-2 replaced the 16 subkeys generated. Rotate Left and relationship-digit rounds in the following table
Subsequent sub key generation process is to repeat the above process, c1 and d1 c2 obtained then rotate left and d2, then after replacement cassette obtained pc-2 k2, c2 and d2 to the left and then through c3 and d3 obtained through pc- 2 cartridge K3 ..... obtained through such an operation 16 to give the sub-key 16. Generation of keys as generally followed to illustrate the process of the plaintext.
Plaintext processing flow shown generally in FIG.
首先,64位明文的输入需要经过初始置换,并把输出块分为L0,R0两部分,每部分32位。(有点类似于密钥初始化时的pc-1)置换规则如下:
1 58,50,42,34,26,18,10,2, 2 60,52,44,36,28,20,12,4, 3 62,54,46,38,30,22,14,6, 4 64,56,48,40,32,24,16,8, 5 57,49,41,33,25,17, 9,1, 6 59,51,43,35,27,19,11,3, 7 61,53,45,37,29,21,13,5, 8 63,55,47,39,31,23,15,7
这个过程与pc-1阶段类似,置换后的第1位是原来的第58位,第2位是原来的第50位,以此类推。L0是置换后数据的前32位,R0是置换后的后32位。
经过了初始置换之后,R0会进依次进入E-box,S-box,P-box三个置换盒,进行下一步的处理。
E-box的处理过程如图示
E-box本质上是将原来32位的数据变为了48位,原理是将原来的32位输入以四位为一个单元分开,然后这个单元的第1位会复制到上一个单元的最后一位,这个单元的最后一位会变为下一个单元的第1位。看图可知,1234分块的第一位复制到了最后一块成为了第48位,第32位复制到了第1位成为了新数据组的第1位,具体过程如果还不明晰的话可以仔细看图解决。
在经过了E-box后,新的R0变为了48位,刚好与生成的密钥位数一致。这个时候,需要使用k1和新R0执行一次异或(相同记为0,不同记为1)操作,在异或操作结束后新的数据块会进入S-Box进行替代。
S-box会将48位的输入按照次序分为8组,分别进入8个子盒进行替代,每个盒的输入是6位,输出是4位。8个子盒原理如下:
S-box1
1 14,4,13,1,2,15,11,8,3,10,6,12,5,9,0,7, 2 0,15,7,4,14,2,13,1,10,6,12,11,9,5,3,8, 3 4,1,14,8,13,6,2,11,15,12,9,7,3,10,5,0, 4 15,12,8,2,4,9,1,7,5,11,3,14,10,0,6,13
S-box2
1 15,1,8,14,6,11,3,4,9,7,2,13,12,0,5,10, 2 3,13,4,7,15,2,8,14,12,0,1,10,6,9,11,5, 3 0,14,7,11,10,4,13,1,5,8,12,6,9,3,2,15, 4 13,8,10,1,3,15,4,2,11,6,7,12,0,5,14,9
S-box3
1 10,0,9,14,6,3,15,5,1,13,12,7,11,4,2,8, 2 13,7,0,9,3,4,6,10,2,8,5,14,12,11,15,1, 3 13,6,4,9,8,15,3,0,11,1,2,12,5,10,14,7, 4 1,10,13,0,6,9,8,7,4,15,14,3,11,5,2,12
S-box4
1 7,13,14,3,0,6,9,10,1,2,8,5,11,12,4,15, 2 13,8,11,5,6,15,0,3,4,7,2,12,1,10,14,9, 3 10,6,9,0,12,11,7,13,15,1,3,14,5,2,8,4, 4 3,15,0,6,10,1,13,8,9,4,5,11,12,7,2,14
S-box5
1 2,12,4,1,7,10,11,6,8,5,3,15,13,0,14,9, 2 14,11,2,12,4,7,13,1,5,0,15,10,3,9,8,6, 3 4,2,1,11,10,13,7,8,15,9,12,5,6,3,0,14, 4 11,8,12,7,1,14,2,13,6,15,0,9,10,4,5,3
S-box6
1 12,1,10,15,9,2,6,8,0,13,3,4,14,7,5,11, 2 10,15,4,2,7,12,9,5,6,1,13,14,0,11,3,8, 3 9,14,15,5,2,8,12,3,7,0,4,10,1,13,11,6, 4 4,3,2,12,9,5,15,10,11,14,1,7,6,0,8,13
S-box7
1 4,11,2,14,15,0,8,13,3,12,9,7,5,10,6,1, 2 13,0,11,7,4,9,1,10,14,3,5,12,2,15,8,6, 3 1,4,11,13,12,3,7,14,10,15,6,8,0,5,9,2, 4 6,11,13,8,1,4,10,7,9,5,0,15,14,2,3,12
S-box8
1 13,2,8,4,6,15,11,1,10,9,3,14,5,0,12,7, 2 1,15,13,8,10,3,7,4,12,5,6,11,0,14,9,2, 3 7,11,4,1,9,12,14,2,0,6,10,13,15,3,5,8, 4 2,1,14,7,4,10,8,13,15,12,9,0,3,5,6,11
S-box的计算规则:
以S-box8为例,如果该盒输入为六位011100。取第一位和最后一位组成二进制数00,转化为十进制为0,对应该盒第1行。中间四位组成1110,十进制化为14,对应该盒第15列(考试的时候这个地方错了,,,1551)寻找该盒第1行第15列的元素,是12,转化为2进制是1100,这也就是该盒的输出。
在经过了S-box置换后,数据块还需一步处理,P-box
P-box很简单,类似于pc-1,就是简单的置换,32位的输入置换为32位的输出。置换表如下:
1 16,7,20,21,29,12,28,17,1,15,23,26,5,18,31,10, 2 2,8,24,14,32,27,3,9,19,13,30,6,22,11,4,25
在经过了这些处理后,原来32位的R0变为了新的32位数据块,这个时候,使用这32位数据块和原来的L0进行异或,变为新的32位R1,这时候,原来的R0成为新的L1。R1再经过E-box扩展,和k2(第二个子密钥)异或,S-box替代,P-box置换的过程。再与L1进行异或,直到使用完所有的16个子密钥(也是16轮)。
明文经过了这16轮变换之后已经面目全非,这个时候把L和R组合成为64位经过最后的置换,即成为密文。最终置换如下:
1 40,8,48,16,56,24,64,32,39,7,47,15,55,23,63,31, 2 38,6,46,14,54,22,62,30,37,5,45,13,53,21,61,29, 3 36,4,44,12,52,20,60,28,35,3,43,11,51,19,59,27, 4 34,2,42,10,50,18,58 26,33,1,41, 9,49,17,57,25
Attached below was copied from another brother description:
DES features:
advantage:
High efficiency, simple algorithm, small system overhead (really simple it ,,,,)
Suitable for large amounts of data encryption
Length of plaintext and ciphertext are equal in length
Disadvantages:
Keys need to be exchanged in a secure manner
Secret key management complexity
Finally, the code JAVA realize, I have uploaded to my GitHub, address: https://github.com/jason-ralston you go to eat on their own.