Information Security - 8: Data Encryption Standard (DES)

4. Data Encryption Standard (DES)

(Data Encryption Standard)

4.1 Provision of Group Password Overview

First, the design of the group password system has the following technical requirements:

(1) The packet length m should be large enough to prevent the attack of the flying drainage.

(2) The number of keys should be large enough to prevent the key from the opposition of the key.

(3) The method of the password is sufficiently complex, which makes the extraciphame in addition to the exhaustion of the exhaustion, and can not find other simple digital breaking algorithms.

Second. Relationship between the length of the secret block and the length of the express text block.

4.2 Data Encryption Standard (DES)

I. Profile of DES Encryption Algorithm

Second, the thick frame of the DES encryption algorithm

Taking the process of the DES encryption with the encryption process of each mutant, simply uses a sentence to overview this encryption process: convert the 64bit's mutant block under the key control of 56bit to 64bit, its encryption The process consists of 16 options (i.e., 16 turns) each option is formed by alternatives and shifts.

Rough box

The first circle:

Enter: l (i-1) R (i-1)

Output: l (i) = r (i-1) R (i) = gk (i) (R (i-1)) å L (I-1)

Or order pi-1 = gk (i) (R (I-1))

R (i) = p i

-1

Å

L (i-1)

R (i) = gk (i) (l (i-1)) å L (i-1)

Inverse initial replacement (IP)

Cixin block Y = Y1Y2 ... Y64

L (16)

R (16)

K (16)

L (16) = l1 (16), ..., l32 (16)

R (16) = r1 (16), ..., R32 (16)

G

R (15) = r1 (15), ..., R32 (15)

L (15) = l1 (15), ..., l32 (15)

R (2) = r1 (2), ..., R32 (2)

L (2) = l1 (2), ..., l32 (2)

G

R (1) = r1 (1), ..., R32 (1)

L (1) = l1 (1), ..., l32 (1)

G

K (1)

Initial replacement IP

Ming text block x = x1 x2. . . . . . . . x 64

Simple shift transformation

L (0) = l1 (0), ..., L32 (0)

R (0) = r1 (0), ..., R32 (0)

K (2)

Third, Detailed description of the DES encryption algorithm

1, derived of internal keys

For each plaintext message, its encryption process is given a 56-bit key K to determine the corresponding relationship of the Ming-Cixin, 16 internal key K (1), K (2), ..., k (16 How to generate a given key K (external key), the process is as follows:

External key K = K1 K2 ... K64

Replacement 1

PC-1

C0

D0

Cycle left shift h (1) position

Cycle left shift h (1) position

C1

D1

Cycling left shift h (2) position

Cycling left shift h (2) position

Replacement 2

PC ---- 2

K (1)

C2

D2

PC ----- 2

K (2)

C15

D15

Replacement 2

PC ---- 2

K (15)

Cycle left shift h (16) position

Cycle left shift h (16) position

C16

D16

Replacement 2

PC ---- 2

K (16)

Internal key generation process

Table 1 corresponds to the number of left cycle shift bits of different i

Number of options I 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Left shift position H (i) 1 2 2 2 2 2 2 2 2 2 2 2 2 1

Replacement 1

(1) The role of PC-1 is to divide 56 bits left in the outer key, referred to as the left half of the C0 and the right half portion D0, each with 28 bits. The specific segmentation algorithm is as follows:

Left half

C0 = k57 k49 k41 k33 k25 k17 k9 k1

K58 K50 K42 K34 K26 K18 K10

K

2

K59 K51 K43 K35 K27 K19 K11 K3

K60 K52 K44 K36

Right half

D0 = K63 K55 K47 K39 K31 K23 K15 K7

K62 K54 K46 K38 K30 K22 K14 K6

K61 K53 K45 K37 K29 K21 K13 K5

K28 K20 K12 K4

What is the rule of the plan? That is to say which bits belong to C0, which bits belong to D0. How to determine? What is the law?

We use the following methods to describe its priority:

The outer key K = K1 K2 ... K64 is arranged in a matrix of 8 rows of 8 columns.

1 2 3 4 5 67 8

K1

K

2

K3 K4 K5 K6 K7 K8

K9 K10 K11 K12 K13 K14 K15 K16

K17 K18 K19 K20 K21 K22 K23 K24

K25 K25 K27 K28 K29 K30 K31 K32

K33 K34 K35 K36 K37 K38 K39 K40

K41 K42 K43 K44 K45 K46 K47 K48

K49 K50 K51 K52 K53 K54 K55 K56

K57 K58 K59 K60 K61 K62 K63 K64

(2) After C0 and D0 are generated, generating K (1) is performed as follows.

(A) Move the left and D0 cycles to left H (1) = 1 bit, each obtained C1 and D1, respectively.

(B) By replacement 2 (PC-2), 56-bit vectors (C1, D1) becomes 48-bit keys.

Vector k (1).

Replacement 2 (PC-2)

Suppose c = c

1C

2

1/4

C28 D = D29D3014D56

14 17 11 24 1 5

3 28 15 6 21 10

23 19 12 4 26 8

16 7 27 20 13 2

41 52 31 37 47 55

30 40 51 45 33 48

44 49 39 56 34 53

46 42 50 36 29 32

K (1) = C

14 C

17 C

11 C

24 c

1 C

5 c

3 c

28 c

15 C

6 C

21 C

10

C

23 C

19 c

12 C

4 c

26 C

8 c

16 C

7 C

27 C

20 c

13 C

2

D41 D52 D31 D37 D47 D55 D30 D40 D51 D45 D33 D48

D44 D49 D39 D56 D34 D53 D46 D42 D50 D36 D29 D32

(3) After Ci-1 and D i-1 are generated, the steps of generating k (i) are the same as (2)

(A) Transmit the CI-1 and D i-1 to the left to move the left to the left, and Ci and D i are obtained, respectively.

The left displacement bit h (i) is different from the difference, and it is different (see Table 1)

(B) Transform 56 bits of vector (CI D i) to 48-bit key vector k (i) by replacement selection 2

K (i) = k1 (i) k2 (i) ... k24 (i) k25 (i) ... k48 (i).

Before the DES enters the encryption algorithm, the internal key K (1), ... k (16) is derived.

come out.

2, initial replacement IP:

The initial replacement is to divide the 64-bit mutant block x into two parts, the left half L (0)

And the right half R (0), each part is even 32 bits. Specific integration is:

L (0) = x58 x50 x42 x10 x2

X60 X52 X44 X36 X28 X20 X12 X4

X62 x4 x6 x62 x4 x6 x22 x4 x6 x22 x4 x3

X64 x32 x64 x32 x64 x32 x24 x1 x3 x8

R (0) = X57 X49 X41 X33 X25 X17 X9 X1

X59 x51 x43 x35 x27 x4 x35 x27 x1 x1 x3 x3

X61 x5 x5 x61 x5 x4 x6 x3 x5 x4 x3 x3 x5

X63 x31 x63 x31 x63 x1

What is the rule of segmentation? That is, how to determine L (0) and R (0), what is the composition, what kind of order is composed? The method of generating L (0) and R (0) is described below.

The Ming Dynasty X = X1X2 ... X64 is placed in a matrix of 8 rows of 8 columns (as shown below)

R (0)

1 3 57

X1 x1 x1

X9 x10 x11 x12 x16 x14 x15 x16

X17 x17 x17 x14 x17 x18 x17 x18 x17 x18 x17 x14 x22 x23 x24

X25 x25 x27 x25 x29 x23 x31 x32

X33 x34 x40 x36 x37 x40 x36 x37 x40 x36 x37 x4X

X41 x43 x43 x44 x48 x46 x44 x43 x44 x44 x46 x4 x48 x44 x44 x46 x44 x48 x44 x43 x46 x44 x48 x44 x43 x4 x44 x48 x46 x44 x48 x44 x43 x4 x44 x48 x44 x43 x4 x 44 x48

X49 x5 x4 x4 x53 x54 x53 x54 x53 x56

X57 x61 x62 x63 x64

2 4 6 8

L (0)

3, inverse initial replacement (IP-1)

Two 32bits are required to output data blocks R (16), and L (16) can be replaced by reverse initial replacement to generate real 64bit cixed block Y = Y1 Y1 ... Y64

Suppose R (16), L (16) = R1 (16) R2 (16) ... R32 (16), L1 (16) L2 (16) ... L32 (16)

Based on R (16) = R1 R2 R3 R4 R5 R6 R7 R8

R9 R10 R11 R12 R13 R14 R15 R16

R17 R18 R19 R20 R21 R22 R23 R24

R25 R26 R27 R28 R29 R30 R30 R32

L (16) = L

1 L

2 L

3 L

4 L

5 L

6 L

7 L

8

l

9

l

10

l

11

l

12

l

13

l

14

l

15

l

16

l

17 L

18 L

19 L

20 L

21 L

22 L

23 L

twenty four

l

25 L

26 L

27 L

28 L

29 L

30 L

31 L

32

L8 R

8 L

16 r

16 L

24 r

24 L

32 R32

L7 R

7 L

15 r

15 L

23 r

223 L

31 R31

L6 R

6 l14 r

14 L

22 r

22 L

30 r30

L5 R

5 L

13 r

13 L

21 r

21 L

29 r29

L4 R

4 L

12 r

12 L

20 r

20 L

28 r28

L3 R

3 L

11 r

11 L

19 r

19 L

27 r27

L2 R

2 L

10 r

10 L

18 r

18 L

26 r26

L1 R

1 L

9 r

9 L

17 r

17 L

25 r25

Comparison of initial replacement and inverse initial replacement:

Initial replacement:

Ming piece X = x1x2 ... x

64 L

(0) R (0)

(1) Fill the X-line natural increment order in the lines in each line of the 8 * 8 matrix.

(2) In the matrix in accordance with the above-mentioned manner, the elements in the 2, 4, 6, and 8 columns constitute the 32bit of the left half L (0).

(3) The elements in the 1, 3, 5, and 7 columns constitute the 32bit of the right half R (0) in the matrix in the matrix.

Inverse initial replacement:

R (16), L (16) = secret block y = y 1Y 2 ... Y64

(2) 32 bits of the left half R (16) is inserted in (2) in the 2, 4, 6, 8 columns of the matrix to fill in the matrix;

(4) The 32 bits of the right half L (16) is reduced in the 1, 3, 5, and 7 columns of the matrix in the manner taken in (3).

(5) Take out the elements in the 8 * 8 matrix according to the natural increment order of the line.

4. Detailed description of encryption function G (this is the core part of DES)

R (i-1)

1,

E extended E (R (I-1))

A = E (R (i-1) k (i)

S1

S8

B

P (b)

R (i) = l (i-1) p (b)

E

Expand

R (i-1) is 32 bits, e expansion to extend it to 48-bit E (R (I-1)), the extension algorithm is as follows:

Set R (I-1) = R1R2R3 ... R31R32

It is divided into 8 groups, and each group is expanded into 6 bits per group).

R1 R2 R3 R4 R5 R6 R7 R8 R9 R10 R11 R12 R13 R14 R15 R16

R32 R1 R2 R3 R4 R5 R4 R5 R6 R7 R8 R9 R8 R9 R10 R11 R12 R13 R12 R13 R14 R15 R16 R17

R16 R17 R18 R19 R20 R21 R20 R21 R22 R23 R24 R25 R24 R25 R26 R27 R28 R29 R28 R29 R30 R30 R32 R1

E (R (I-1)) = R32 R1 R2 R3 R4 R5 R6 R7 R8 R9R8 R9 R10 R11 R12 R13 R14 R15 R16 R17

R16 R17 R18 R19 R20 R21 R22 R23 R24 R25

R24 R25 R26 R27 R28 R29 R30 R30 R32 R1

2, alternative operation (S box)

0

1

2

3

4

5

6

Seduce

8

9

10

11

12

13

14

15

0

14

4

13

1

2

15

11

8

3

10

6

12

5

9

0

Seduce

S1

1

2

3

0

15

Seduce

4

14

2

13

1

10

6

12

11

9

5

3

8

4

1

14

8

13

6

2

11

15

12

9

Seduce

3

10

5

0

15

12

8

2

4

9

1

Seduce

5

11

3

14

10

0

6

13

3, P Replacement (shift transformation)

Set B = B1B2 ... B32

Then p (b) = b16 b7 b20 b21 b29 b12 b28 b17

B1 B15 B23 B26 B5 B18 B31 B10

B2 B8 B24 B14 B32 B27 B3 B9

B19 B13 B30 B6 B22 B11 B4 B25

DES release option

I. DES decision algorithm

(1) A 64bit data block is divided into two 32-bit data blocks.

(2) Inverse initial replacement: The method of incorporating two 32-bit data into a 64-bit data block is (eg, XL XR) inverse initial replacement is the inverse transformation of the initial replacement.

X

Initial replacement

XL XR

Initial replacement

X

Since the initial replacement will be divided into L (0), R (0), the L (0), R (0) can be combined into x = x1 x2 ... x64.

(3) The relationship between each loop output and input

Output a function dependency on the input in each circle.

L (i) = r (i-1) ... (1) (i = 1, 2, ..., 16)

R (i) = l (i-1)

GK (i) (R (i-1)) ... (2)

2, when the first circle is detached, R (16) c (the first circle of the push map of the procedure)

R (16) = l (15)

GK (16) (L (15)) = l (15)

GK (16) (l (16))

Nature of the different or calculation (if A

B = C

C = a a

C = b)

DES decision algorithm

Cixin block Y = Y1Y2 ... Y64

Initial replacement

R (16) L (16)

G

K (16)

L (15)

R (15)

G

K (15)

G

L (1)

R (1)

R (14)

L (14)

K (1)

R (0)

L (0)

R (0)

L (0)

Inverse initial replacement

Ming text X = x1x2 ... xn