‘972, 10:56 aM ‘The DES Algorithm Ilusvated [Email Reply] The DES Algorithm Illustrated by J. Orlin Grabbe The DES (Data Encryption Standard) algorithm is the most widely used encryption algorithm in the world. For many years, and among many people, "secret code making" and DES have been synonymous. And despite the recent coup by the Electronic Frontier Foundation in creating a $220,000 machine to crack DES-encrypted messages, DES will live on in government and banking for years to come through a life- extending version called "triple-DES.” How does DES work? This article explains the various steps involved in DES- encryption, illustrating each step by means of a simple example. Since the creation of DES, many other algorithms (recipes for changing data) have emerged which are based on design principles similar to DES. Once you understand the basic transformations that take place in DES, you will find it easy to follow the steps involved in these more recent algorithms. But first a bit of history of how DES came about is appropriate, as well as a look toward the future, The National Bureau of Standards Coaxes the Genie from the Bottle On May 15, 1973, during the reign of Richard Nixon, the National Bureau of Standards (NBS) published a notice in the Federal Register soliciting proposals for cryptographic algorithms to protect data during transmission and storage. The notice explained why encryption was an important issue. Over the last decade, there has been an accelerating increase in the accumulations and communication of digital data by government, industry and by other organizations in the private sector. The contents of these communicated and stored data often have very significant value and/or sensitivity. It is now common to find data transmissions which constitute funds transfers of several million dollars, purchase or sale of securities, warrants for arrests or arrest and conviction records being communicated between law enforcement agencies, airline reservations and ticketing representing investment and value both to the airline and passengers, and health and patient care records transmitted among physicians and treatment centers, The increasing volume, value and confidentiality of these records regularly transmitted and stored by commercial and government agencies has led to heightened recognition and concer over their exposures to unauthorized access and use, This misuse can be in the form of theft or defalcations of data records representing money, malicious modification of business inventories or the interception and misuse of confidential information about people. The need for protection is then apparent and urgent. It is recognized that encryption (otherwise known as scrambling, enciphering or privacy transformation) represents the only means of protecting such data during transmission and a useful means of protecting hitpipege.mathtu-bein da-kantReachingthesikryptows2006\des.him sis‘972, 10:56 aM “The DES Agorthm istated the content of data stored on various media, providing encryption of adequate strength can be devised and validated and is inherently integrable into system architecture, The National Bureau of Standards solicits proposed techniques and algorithms for computer data encryption. The Bureau also solicits recommended techniques for implementing the cryptographic function: for generating, evaluating, and protecting cryptographic keys; for maintaining files encoded under expiring keys; for making partial updates to encrypted files; and mixed clear and encrypted data to permit labelling, polling, routing, etc. The Bureau in its role for establishing standards and aiding government and industry in assessing technology, will arrange for the evaluation of protection methods in order to prepare guidelines. NBS waited for the responses to come in. It received none until August 6, 1974, three days before Nixon's resignation, when IBM submitted a candidate that it had developed internally under the name LUCIFER. After evaluating the algorithm with the help of the National Security Agency (NSA), the NBS adopted a modification of the LUCIFER algorithm as the new Data Encryption Standard (DES) on July 15, 1977. DES was quickly adopted for non-digital media, such as voice-grade public telephone lines. Within a couple of years, for example, International Flavors and Fragrances was using DES to protect its valuable formulas transmitted over the phone ("With Data Encryption, Scents Are Safe at IFF," Computerworld 14, No. 21, 95 (1980).) Meanwhile, the banking industry, which is the largest user of encryption outside government, adopted DES as a wholesale banking standard. Standards for the wholesale banking industry are set by the American National Standards Institute (ANSI). ANSI X3.92, adopted in 1980, specified the use of the DES algorithm. Some Preliminary Examples of DES DES works on bits, or binary numbers--the 0s and 1s common to digital computers. Each group of four bits makes up a hexadecimal, or base 16, number. Binary "0001" is equal to the hexadecimal number "1", binary "1000" is equal to the hexadecimal number "8", "1001" is equal to the hexadecimal number "9", "1010" is equal to the hexadecimal number "A", and "1111" is equal to the hexadecimal number "F". DES works by encrypting groups of 64 message bits, which is the same as 16 hexadecimal numbers. To do the encryption, DES uses "keys" where are also apparently 16 hexadecimal numbers long, or apparently 64 bits long. However, every 8th key bit is ignored in the DES algorithm, so that the effective key size is 56 bits. But, in any case, {64 bits (16 hexadecimal digits) is the round number upon which DES is organized. For example, if we take the plaintext message "8787878787878787", and encrypt it with the DES key "0E329232EA6D0D73", we end up with the ciphertext "0000000000000000". If the ciphertext is decrypted with the same secret DES key "0E329232EA6DOD73", the result is the original plaintext "8787878787878787"" This example is neat and orderly because our plaintext was exactly 64 bits long. The same would be true if the plaintext happened to be a multiple of 64 bits. But most messages will not fall into this category. They will not be an exact multiple of 64 bits (that is, an exact multiple of 16 hexadecimal numbers). For example, take the message "Your lips are smoother than vaseline". This plaintext message is 38 bytes (76 hexadecimal digits) long. So this message must be padded with hitpstipage.matytu-brln dai-kantteachinghhasstkyplo-ws2006ides.nim ana‘19722, 1056 aM “The DES Agorthm istated some extra bytes at the tail end for the encryption. Once the enerypted message has been decrypted, these extra bytes are thrown away. There are, of course, different padding schemes--different ways to add extra bytes. Here we will just add 0s at the end, so that the total message is a multiple of 8 bytes (or 16 hexadecimal digits, or 64 bits. The plaintext message "Your lips are smoother than vaseline" is, in hexadecimal, "596F7572206C6970 732061726520736D 6F6F746865722074 686 16E2076617365 6C696E6S0D0A". (Note here that the first 72 hexadecimal digits represent the English message, while "0D" is hexadecimal for Carriage Return, and "OA" is hexadecimal for Line Feed, showing that the message file has terminated.) We then pad this message with some Os on the end, to get a total of 80 hexadecimal digits: "596F7572206C6970 732061726520736D 6F6F746865722074 686 16F.2076617365 6C696E650D0A0000". If we then enerypt this plaintext message 64 bits (16 hexadecimal digits) at a time, using the same DES key "0F329232EA6DOD73" as before, we get the ciphertext: "C0999FDDE378D7ED 727DA00BCASA84EE 47F269A4D6438190 9DDS2F78F5358499 828AC9B453E0E6S3" This is the secret code that can be transmitted or stored. Decrypting the ciphertext restores the original message "Your lips are smoother than vaseline". (Think how much better off Bill Clinton would be today, if Monica Lewinsky had used eneryption on her Pentagon computer!) How DES Works in Detail DES is a block cipher--meaning it operates on plaintext blocks of a given size (64-bits) and retums ciphertext blocks of the same size. Thus DES results in a permutation among, the 2°64 (read this as: "2 to the 64th power") possible arrangements of 64 bits, each of which may be either 0 or 1. Each block of 64 bits is divided into two blocks of 32 bits each, a left half block L and a right half R. (This division is only used in certain operations.) Example: Let M be the plain text message M = 0123456789ABCDEF, where M is in hexadecimal (base 16) format, Rewriting M in binary format, we get the 64-bit block of text: M = 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 ui L= 0000 0001 0010 0011 0100 0101 0110 0111 R= 1000 1001 1010 1011 1100 1101 1110 1111 The first bit of M is "0". ast bit is "1", We read from left to right. DES operates on the 64-bit blocks using key sizes of 56- bits. The keys are actually stored as being 64 bits long, but every 8th bit in the key is not used (i. bits numbered 8, 16, 24, 32, 40, 48, 56, and 64). However, we will nevertheless number the bits from 1 to 64, going left to right, in the following calculations. But, as you will see, the eight bits just mentioned get eliminated when we create subkeys. hitpstipage.matytu-brln dai-kantteachinghhasstkyplo-ws2006ides.nim ana‘922, 1056 aM ‘The DES Algorithm tsrated Example: Let K be the hexadecimal key K = 133457799BBCDFF1. This gives us as the binary key (setting 1 = 0001, 3 = 0011, etc., and grouping together every eight bits, of which the last one in each group will be unused): K = 00010011 00110100 01010111 01111001 10011011 10111100 11011111 11110001 The DES algorithm uses the following steps: Step 1: Create 16 subkeys, each of which is 48-bits long. The 64-bit key is permuted according to the following table, PC-1. Since the first entry in the table is "57", this means that the 57th bit of the original key K becomes the first bit of the permuted key K+. The 49th bit of the original key becomes the second bit of the permuted key. The 4th bit of the original key is the last bit of the permuted key. Note only 56 bits of the original key appear in the permuted key. Pc-4 57 49 41 330 25079 1 58 50 42 34 26 18 weo02 59 51 433527 19 11 43 68 52 44 36 63 55 47 39° 312315 7 62 54 46 38 30 22 6 Gl 53 45729 21 0130~«S:Ck ea Example: From the original 64-bit key K = 00010011 00110100 01010111 01111001 10011011 10111100 11011111 11110001 wwe get the 56-bit permutation K+ = 1111000 0110011 6010101 0101111 0101010 1011001 1001111 0001111 Next, split this key into left and right halves, Cp and Dp, where each half has 28 bits. Example: From the permuted key K+, we get, Cg= 1111000 0110011 0010101 0101111 Dy= 0101010 1011001 1001111 0001111 With Cp and Dp defined, we now create sixteen blocks C, and Dy, 1<=n<=16. Each pair of blocks C,, and D,,is formed from the previous pair C,.; and Dy. y, respectively, for m = 1,2,..., 16, using the following schedule of "left shifts" of the previous block. To do a left shift, move each bit one place to the left, except for the first bit, which is cycled to the end of the block. Iteration _Nunber of Number Left shifts hitpstipage.matytu-brln dai~kantteachinghhasstkryplo-ws2006ides.nim ana‘972, 10:56 aM ‘The DES Algorithm Ilusvated 7 8 9 10 1 2 2B 14 15 16 This means, for example, C3 and D; are obtained from C and Dy, respectively, by two left shifts, and Cy¢ and Djg are obtained from Cys and Dy, respectively, by one left shift. In all cases, by a single left shift is meant a rotation of the bits one place to the left, so that after one left shift the bits in the 28 positions are the bits that were previously in positions 2, 3,..., 28, 1. Example: From original pair pait Cy and Dg we obtain: Co = 1111000011001100101010101111 Dg = 0101010101100110011110001111 Cy = 1110000110011001010101011111 D,= 1010101011001100111100011110 Cz = 1100001100110010101010111111 Dy=0101010110011001111000111101 Cz = 00001100110010101010111 11111 D3 = 0101011001100111100011110101 y= 00110011001 01010101 111111100 Dg = 0101100110011110001111010101 Cs = 1100110010101010111111110000 Ds =0110011001111000111101010101 Cg = 0011001010101011111111000011 Dg ~ 1001100111100011110101010101 z= 1100101010101111111100001100 Dz = 0110011110001111010101010110 Cg = 0010101010111111110000110011 Dg = 1001111000111101010101011001 Cy = 0101010101111111100001100110 Dg = 0011110001111010101010110011 Cy = 01010101111111100001 10011001 Djg= 1111000111101010101011001100 hitpstipage.matytu-brln dai-kantteachinghhasstkyplo-ws2006ides.nim sna‘972, 10:56 aM ‘The DES Algorithm Ilusvated Cyp = 0101011111111000011001100101 Djy = 1100011110101010101100110011 Cyz = 0101111111100001100110010101 D jz = 0001111010101010110011001111 Cyg = 0111111110000110011001010101 D}3= 0111101010101011001100111100 Cyq = 1111111000011001100101010101 D1q= 1110101010101100110011110001 Cys = 1111100001100110010101010111 Dys= 1010101010110011001111000111 Cyg= 1111000011001100101010101111 Djs = 0101010101100110011110001111 ‘We now form the keys K,, for 1<=n<=16, by applying the following permutation table to each of the concatenated pairs C,D,. Each pair has 56 bits, but PC-2 only uses 48 of these. Pc-2 “oyu wo 4a Ss 3028 15 6 «2 10 23 19 12 4 2% 8 1607 «(27 (32 4182 31 (374788. 30 48 S1 533 a 44 49395633 46 42 58 362932, Therefore, the first bit of Ky is the 14th bit of C,D,, the second bit the 17th, and so on, ending with the 48th bit of K,, being the 32th bit of C,,D,, Example: For the first key we have CpD, = 1110000 1100110 0101010 1011111 1010101 0110011 0011110 0011110 which, after we apply the permutation PC-2, becomes Ky = 000110 110000 001011 101111 111111 000111 000001 110010 For the other keys we have Ky= 011110 011010 111011 011001 110110 111100 100111 100101 K3= 010101 011111 110010 001010 010000 101100 111110 011001 Kg= 011100 101010 110111 010110 110110 110011 010100 011101 Ks = 011111 001110 110000 000111 111010 110101 001110 101000 K= 011000 111010 010100 111110 010100 000111 101100 101111 K;= 111011 001000 010010 110111 111101 100001 100010 111100 Kg= 111101 111000 101000 111010 110000 010011 101111 111011 hitpstipage.matytu-brln dai~kantteachinghhasskyplo-ws2006ides. nim ana‘972, 10:56 aM ‘The DES Algorithm Ilusvated Ky = 111000 001101 101111 101011 111011 011110 011110 000001 Kyq= 101100 011111 001101 000111 101110 100100 011001 OOILIT Kj, = 001000 010101 111111 010011 110111 101101 001110 000110 Ky2= 011101 010111 000111 110101 100101 000110 011111 101001 Kz = 100101 111100 010111 010001 111110 101011 101001 000001 Kyq= 010111 110100 001110 110111 111100 101110 011100 111010 Kjs~= 101111 111001 000110 001101 001111 010011 111100 001010 Kyg~ 110010 110011 110110 001011 000011 100001 011111 110101 So much for the subkeys, Now we look at the message itself. Step 2: Encode each 64-bit block of data. There is an initial permutation IP of the 64 bits of the message data M. This rearranges the bits according to the following table, where the entries in the table show the new arrangement of the bits from their initial order. The 58th bit of M becomes the first bit of IP. The SOth bit of M becomes the second bit of IP. The 7th bit of M is the last bit of IP. Ip ss se 42 34 26 «18 60 52 44 36028 2012. 62 54 46 38 30 22 14 64 56 48 «403226 57 49 41 330 «(25 179 59 51 43 350 (27 19 61 53 45 (37° «29 kB 63 55 47° (390285 Example: Applying the initial permutation to the block of text M, given previously, we get 'M = 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 ui IP = 1100 1100 0000 0000 1100 1100 1111 1111 1111 0000 1010 1010 1111 0000 1010 1010 Here the $8th bit of M is "1", which becomes the first bit of IP. The 50th bit of M is "1", which becomes the second bit of IP. The 7th bit of M is "0", which becomes the last bit of IP. Next divide the permuted block IP into a left half Ly of 32 bits, and a right half Ry of 32 bits. Example: From IP, we get Ly and Ry Lq= 1100 1100 0000 0000 1100 1100 1111 1111 Rg= 1111 0000 1010 1010 1111 0000 1010 1010 We now proceed through 16 iterations, for 1<-n<=16, using a function f which operates on two blocks--a data block of 32 bits and a key K;, of 48 bits--to produce a block of 32 bits. Let + denote XOR addition, (bit-by-bit addition modulo 2). Then for n going from | to 16 we calculate hitpstipage.matytu-brln dai-kantteachinghhasstkyplo-ws2006ides.nim m3‘972, 10:56 aM ‘The DES Algorithm Ilusvated n= Rpt Ry = Ly * Ry pK) This results in a final block, for n= 16, of LygR jg. That is, in each iteration, we take the right 32 bits of the previous result and make them the left 32 bits of the current step. For the right 32 bits in the current step, we XOR the left 32 bits of the previous step with the calculation f. Example: For n= 1, we have K,= 000110 110000 001011 101111 111111 000111 000001 110010 L1= Rg = 1111 0000 1010 1010 1111 0000 1010 1010, Ry = Ly t+ fiRoKp It remains to explain how the function f works. To calculate f, we first expand each block Ry-1 rom 32 bits to 48 bits. This is done by using a selection table that repeats some of the bits in R,,.7 . We'll call the use of this selection table the function E. Thus E(R,.7) has a 32 bit input block, and a 48 bit output block. Let E be such that the 48 bits of its output, written as 8 blocks of 6 bits each, are obtained by selecting the bits in its inputs in order according to the following table: E BIT-SELECTION TABLE 32001022¢«83 aS 4 5 6 7 8 8 8 9 w@ om 12 2B 2 13014 «1516 17 16 017:«28 «1920 2 21 22 «23 OS 2-25 26 «27, 828 2 293003232 Thus the first three bits of E(R,, ,) are the bits in positions 32, 1 and 2 of R,.7 while the last 2 bits of E(R,,.1) are the bits in positions 32 and 1. Example: We calculate E(Rg) from Ry as follows: Rg = 1111 0000 1010 1010 1111 0000 1010 1010 E(Rp) = 011110 100001 010101 010101 011110 100001 010101 010101 (Note that each block of 4 original bits has been expanded to a block of 6 output bits.) Next in the f calculation, we XOR the output E(R,.) with the key Ky Ky + B(Ry.1)- Example: For Ky , E(Ry), we have K,= 000110 110000 001011 101111 111111 000111 G00001 110010 E(Rp) = 011110 100001 010101 010101 011110 100001 010101 010101 Ky+E(Rg) = 011000 010001 011110 111010 100001 100110 010100 100111 hitpstipage.matytu-brln dai-kantteachinghhasstkyplo-ws2006ides.nim ana‘19722, 1056 aM “The DES Agorthm istated We have not yet finished calculating the function f.. To this point we have expanded Ry, from 32 bits to 48 bits, using the selection table, and XORed the result with the key Ky, We now have 48 bits, or eight groups of six bits. We now do something strange with each group of six bits: we use them as addresses in tables called "S boxes". Each group of six bits will give us an address in a different S box. Located at that address will be a 4 bit number, This 4 bit number will replace the original 6 bits. The net result is that the eight groups of 6 bits are transformed into eight groups of 4 bits (the 4-bit outputs from the S boxes) for 32 bits total. ‘Write the previous result, which is 48 bits, in the form: K,, + E(Ry.1) =B1B2B;B ,BsB 6B Bs, where each B; is a group of six bits. We now calculate SB YS 7BYS3(BYS(BYS (BS 6(BoSAB)S (By) where $(B) referres to the output of the i-th S box. To repeat, each of the functions 87, $2y.., 88, takes a 6-bit block as input and yields a 4- bit block as output. The table to determine S; is shown and explained below: sa Column Number No. @1 23 45 67 8 9 1011 1213 1415 0 144131 215 11 8 310 612 59 07 1 015 7 4 14 2 13 1 106 12211 95 38 2 41 14 8 136 211 1512 97 310 5 0 304512 82 49 17 S11 314 100 613 IFS, is the function defined in this table and B is a block of 6 bits, then $,(B) is determined as follows: The first and last bits of B represent in base 2 a number in the decimal range 0 to 3 (or binary 00 to 11). Let that number be , The middle 4 bits of B represent in base 2 a number in the decimal range 0 to 15 (binary 0000 to 1111). Let that number be j. Look up in the table the number in the i-th row and j-th column, It is a number in the range 0 to 15 and is uniquely represented by a 4 bit block. That block is the output $;(B) of S; for the input B. For example, for input block B = 011011 the first bit is "0" and the last bit "I" giving 01 as the row. This is row 1. The middle four bits are "1101". This is the binary equivalent of decimal 13, so the column is column number 13. In row I, column 13 appears 5. This determines the output; 5 is binary 0101, so that the output is 0101. Hence $ (011011) = 0101. The tables defining the functions $7.48 are the following: si 144 13-1 215 11 8 310 612 59 07 015 7 4 142 13 1 0 6 1211 95 3 8 41148 136 211 1512 9 7 310 5 @ 12 82 49 17 511 314 1 @ 613 82 hitpstipage.matytu-brln dai-kantteachinghhasstkyplo-ws2006ides.nim ona‘972, 10:56 aM 10 2B 2B 4 1 2 10 2B 7 2 Example: For the first round, we obtain as the output of the eight $ boxes: Ky+ S[(B)SYB)S(B)S(BySs(B3)So(B SB 7)S (Bs) = 0101 1100 1000 0010 1011 2 115 1 1 2 un 10 15 a cry 3B 8 3B 4 4 0101 1001 0111 ‘The final stage in the calculation of fis to do a permutation P of the $-box output to 4 3B 2 10 6 2 912 4 1e 2B 14 obtain the final value of f The permutation P is defined in the following table. P yields a 32-bit output from a 32- bit input by permuting the a B 2 a5 a 14 S=P(S1(B YS 7(By)...S (Bg) 83 s4 10 B s6 s8 1 4 2 3 2 a 10 2 @ 45 2 15 9 5 6 2 L hitpstipage.matytu-brln dai~kantteachinghhasskryplo-ws2006ides.ntm ‘The DES Algorithm Ilusvated 213 110 2 6 712 R7 222 1a 3 2 14 a 15 10 25 2 15 314 611 10 13 98 of the input block. 45 3 2 10 10 45 14 2 1 E (Ry) = 011000 010001 011110 111010 100001 100110 010100 100111, son‘972, 10:56 aM ‘The DES Algorithm Ilusvated Pp 16 7 20 2 29 12 28 7 1 15 23 26 5 18 31 10 2 8 24 14 320273098 19 1 38 6 22 11 4 25 Example: From the output of the eight S boxes: 5 (B )S7(B)S3(B3)S(ByS5(B)S (BS AB7)S¢(Bs) = 0101 1100 1000 0010 1011 0101 1001 0111 we get f= 0010 0011 0100 1010 1010 1001 1011 1011, Ry Lg + fiRo Ky) = 1100 1100 0000 0000 1100 1100 1111 L111 +0010 0011 0100 1010 1010 1001 1011 1011 = 1110 1111 0100 1010 0110 0101 0100 0100 In the next round, we will have Ly = Ry, which is the block we just calculated, and then culate Ry =L7 +f(R}, Kz), and so on for 16 rounds. At the end of the sixteenth round we have the blocks L 7g and Rg, We then reverse the order of the two blocks into the 64-bit block we must Rihis and apply a final permutation IP"! as defined by the following table: qt 40 «8 48 «16 S624 «6a 32 39°°«7: a7 SSS 233 3B 6 646 (14542238 3705S 53 SB B29 36004 aad 52 20 2B 35 002«3:« «43 S59 27 B40«2 a2 oe 501k 5B 26 3300«21: Oat 4975725 That is, the output of the algorithm has bit 40 of the preoutput block as its first bit, bit 8 as its second bit, and so on, until bit 25 of the preoutput block is the last bit of the output. Example: If we process all 16 blocks using the method defined previously, we get, on the 16th round, 14g = 0100 0011 0100 0010 0011 0010 0011 0100 Ry6= 0000 1010 0100 1100 1101 1001 1001 0101 We reverse the order of these two blocks and apply the final permutation to hitpstipage.matytu-brln dai-kantteachinghhasstkyplo-ws2006ides.nim nna‘972, 10:56 aM ‘The DES Algorithm Ilusvated Ry 6L-16 = 00001010 01001100 11011001 10010101 01000011 01000010 00110010 00110100 IP? = 10000101 11101000 00010011 01010100 00001111 00001010 10110100 00000101 which in hexadecimal format is 85E813540F0AB405. This is the encrypted form of M = 0123456789ABCDEF: namely, C = 85E813S40F0AB405. Decryption is simply the inverse of encryption, follwing the same steps as above, but reversing the order in which the subkeys are applied. DES Modes of Operation The DES algorithm tums a 64-bit message block M into a 64-bit cipher block C. If each 64-bit block is enerypted individually, then the mode of encryption is called Electronic Code Book (ECB) mode, There are two other modes of DES encryption, namely Chain Block Coding (CBC) and Cipher Feedback (CFB), which make each cipher block dependent on all the previous messages blocks through an initial XOR operation. Cracking DES Before DES was adopted as a national standard, during the period NBS was soliciting comments on the proposed algorithm, the creators of public key cryptography, Martin Hellman and Whitfield Diffie, registered some objections to the use of DES as an encryption algorithm, Hellman wrote: "Whit Diffie and I have become concemed that the proposed data encryption standard, while probably secure against commercial assault, may be extremely vulnerable to attack by an intelligence organization" (letter to NBS, October 22, 1975). Diffie and Hellman then outlined a "brute force” attack on DES. (By "brute force" is ‘meant that you try as many of the 2°56 possible keys as you have (o before decrypting the ciphertext into a sensible plaintext message.) They proposed a special purpose “parallel computer using one million chips to try one million keys each" per second, and estimated the cost of such a machine at $20 million, Fast forward to 1998. Under the direction of John Gilmore of the EFF, a team spent $220,000 and built a machine that can go through the entire 56-bit DES key space in an average of 4.5 days. On July 17, 1998, they announced they had cracked a 56-bit key in 56 hours. The computer, called Deep Crack, uses 27 boards each containing 64 chips, and is capable of testing 90 billion keys a second. Despite this, as recently as June 8, 1998, Robert Litt, principal associate deputy attomey general at the Department of Justice, denied it was possible for the FBI to crack DES: Let me put the technical problem in context: Tt took 14,000 Pentium computers working for four months to decrypt a single message . ... We are not just talking FBI and NSA [needing massive computing power], we are talking about every police department." Responded cryptograpy expert Bruce Schneier: ". . . the FBI is either incompetent or lying, or both.” Schneier went on to say: "The only solution here is to pick an algorithm hitpstipage.matytu-brln dai-kantteachinghhasstkyplo-ws2006ides.nim yaa‘19722, 1056 aM “The DES Agorthm istated with a longer key; there isn’t enough silicon in the galaxy or enough time before the sun burns out to brute- force triple-DES" (Crypto-Gram, Counterpane Systems, August 15, 1998). Triple-DES ‘Triple-DES is just DES with two 56-bit keys applied. Given a plaintext message, the first key is used to DES- encrypt the message. The second key is used to DES-decrypt the encrypted message. (Since the second key is not the right key, this decryption just serambles the data further.) The twice-scrambled message is then encrypted again with the first key to yield the final ciphertext. This three-step procedure is called triple-DES Triple-DES is just DES done three times with two keys used in a particular order. (Triple-DES can also be done with three separate keys instead of only two. In either case the resultant key space is about 24112.) General References "Cryptographic Algorithms for Protection of Computer Data During Transmission and Dormant Storage," Federal Register 38, No. 93 (May 15, 1973) Data Encryption Standard, Federal Information Processing Standard (FIPS) Publication 46, National Bureau of Standards, U.S. Department of Commerce, Washington D.C. (Ganuary 1977). Carl H. Meyer and Stephen M. Matyas, Cryptography: A New Dimension in Computer Data Security, John Wiley & Sons, New York, 1982. Dorthy Elizabeth Robling Denning, Cryptography and Data Security, Addison-Wesley Publishing Company, Reading, Massachusetts, 1982. D.W. Davies and W.L. Price, Security for Computer Networks: An Introduction to Data Security in Teleprocessing and Electronics Funds Transfer, Second Edition, John Wiley & Sons, New York, 1984, 1989. Miles E. Smid and Dennis K. Branstad, "The Data Encryption Standard: Past and Future," in Gustavus J. Simmons, ed., Contemporary Cryptography: The Science of Information Integrity, IEEE Press, 1992. Douglas R. Stinson, Cryptography: Theory and Practice, CRC Press, Boca Raton, 1995. Bruce Schneier, Applied Cryptography, Second Edition, John Wiley & Sons, New York, 1996. Alfred J. Menezes, Paul C. van Oorschot, and Scott A. Vanstone, Handbook of Applied Cryptography, CRC Press, Boca Raton, 1997. 30- ‘This article appeared in Laissez Faire City Times, Vol 2, No. 28. Homepage: hitp://orlingrabbe.com! Laissez Faire City Times: http://zolatimes.com/ hitpstipage.matytu-brln dai-kantteachinghhasstkyplo-ws2006ides.nim sana