Antonio Magallanes-Villamor, Jr

CYS625 Individual Assignment No. 01

Abstract

Data Encryption Standard (DES) is a widely used encryption algorithm developed in the mid-
1970s. It has been used for over two decades in various financial services and wide-area-
network applications. Its publication in 1977 led to the development of modern cryptography
and transformed the world of cryptography from secretive to public driven. Despite its initial
lifetime estimate of 15 years, DES remains a Federal Information Processing Standard even
after 23 years. However, it is vulnerable to brute-force and cryptanalysis attacks because of its
small key length and has been replaced by more secure algorithms, such as the Advanced
Encryption Standard (AES).

Keywords:

Data Encryption Standard, DES, Algorithm, Cryptography, Information Security

Introduction

This essay discusses DES's history, algorithm, impact, vulnerabilities, and development of more
secure encryption algorithms such as AES. It further describes what DES is trying to succeed in
and how encryption/decryption processes take place using this algorithm. It also describes its
advantages and disadvantages and discusses brute-force and cryptanalysis attacks, which could
compromise DES, and how the original DES standard became obsolete. A review of the selected
published materials was performed (please see References). This essay concludes that the
introduction of DES in 1977 was a novel approach for democratizing access to cryptographic
algorithms. Although outdated, DES has catalyzed the development of more secure encryption
algorithms.

1|Page
Overview: A historical perspective

DES was an encryption algorithm developed in the mid-1970s by the US National Bureau of
Standards (NBS), which later became the National Institute of Standards and Technology (NIST),
and has become the "workhorse of commercial cryptography" for over two decades [1]. Many
consider DES a groundbreaking and visionary standard that serves as a benchmark for open
peer-reviewed encryption standards. Its utility and impact continue to be felt, even a quarter
century after its proposal. DES has been used for various applications in many financial services
industries [2] and wide-area network applications [3] for data protection. For example, it is
included in a remote input/output system in which encryption/decryption devices are
implemented at the remote terminal, remote control unit, and input terminal (US Patent No.
3,962,539 was issued on June 8, 1976, and assigned to International Business Machines Corp.).
An early credit card verification device used DES-based encryption at multiple points to protect
data (US Patent No. 4,123,747 issued October 31, 1978, assigned to the International Business
Machines Corp.) [4].

DES's publication in 1977 led to the development of modern academic cryptography and
transformed the world of cryptography from secretive technology to public-driven technology,
providing more knowledge and algorithms [1]. Many encryption algorithms, including public-
key cryptography, can trace their roots in DES [1]. The market for encryption services and
products has evolved significantly since its introduction, owing to the rise of standalone
computers, networked systems, and the World Wide Web, leading to a greater demand for
encryption [4]. In 1997, approximately 948 encryption products were sold in the US, 459 of
which incorporated DES, and approximately half were software [4].

Initially, the DES standard was estimated to have a lifetime of 15 years; however, it is still a
Federal Information Processing Standard, even after 23 years [2]. Some researchers have
argued that DES remains a secure option [2]. Others claim that it must be amended by
incorporating additional layers of security to ensure its suitability for contemporary applications
[3]. They claimed that the DES algorithm is deemed inadequate for certain applications,
specifically in the banking system, owing to the theoretical weaknesses of its cipher [3]. In

2|Page
addition, owing to its small key length, it is susceptible to brute-force attacks [1] and
cryptanalysis attacks [5] [6]. In the mid-1990s, it was believed that the NSA could break the DES
by trying every possible key.

What is the algorithm trying to succeed?

DES ensures secure data encryption by transforming plaintext into ciphertext and protecting
sensitive information from unauthorized access. It uses a symmetric key encryption method
that operates on 64-bit data blocks and a 56-bit key for encryption and decryption. DES aims to
ensure data confidentiality, integrity, and authenticity; secure all sensitive, unclassified
government data from unauthorized access; and encrypt information transferred through
communications [4].

The first modern, public, and freely available encryption algorithm

The DES was the first public, freely available, and widely used modern encryption algorithm,
serving as the "workhorse of commercial cryptography" for over two decades since its
introduction in 1977 [1]. Following on the work from an IBM "Lucifer" program [7], NIST and the
National Security Agency (NSA) developed DES based on a NIST-initiated computer security
project in 1972 to develop a cryptographic algorithm standard for protecting sensitive data
during transmission and storage [4]. On November 23, 1976, becoming effective six months
later, the NIST adopted it as an official standard. As an official standard (Federal Information
Processing Standard Publication 46–FIPS PUB 46), the DES was published on January 15, 1977.
Its publication led to the development of derivative standards and the growth of the encryption
industry and related services (please see Annex One: Chronology of Major DES Events) [4]. It
became the American National Standards Institute (ANSI) standard in 1982.

DES was reaffirmed without significant changes in 1983 and 1988, spanning the first ten years
of implementation. In 1993, FIPS 46-1 was reaffirmed as FIPS 46-2 (withdrawn on October 25,
1999), with allowances for software implementation. In 1999, FIPS 46-3 ('Triple DES') was
approved, an improvement over the original DES standard [4].

3|Page
How does encryption/decryption take place?

DES is a widely used encryption algorithm for securing data [6]. The DES algorithm utilizes
standard arithmetic and logical operations, which are simple to implement in the hardware.
The repetitive nature of DES makes it well suited for use on a special-purpose chip that can
perform encryption and decryption operations more quickly than a general-purpose computer
[4]. A secret key is used to control the operation of the DES algorithm, and each key contains 56
bits of information[2]. Users select their keys to keep the encryption operation results
confidential. Approximately 1016 keys can be used by DES. An attacker trying to "crack" a DES-
encrypted message by "key exhaustion" must, on average, try half of the total possible keys
before succeeding [2].

Symmetric Cipher

The DES is a symmetric cipher with a 64-bit block and a 56-bit key. It uses the Feistel structure
approach, which means that the result of applying a key-dependent function to part of the
state is added (using a bitwise XOR operation) to another part of the state, followed by
transposition of parts of the state with 16 iterations of a round function [5] [6]. The Feistel
structure, first described by Horst Feistel of IBM in 1973, is the basis for virtually all
conventional block-encryption algorithms, including DES.

The Feistel structure consists of 16 identical processing stages, called rounds, and an initial and
final permutation, IP and IP-1, respectively. Before the main rounds, the block is divided into
two 32-bit halves and processed alternately, which is known as the Feistel scheme [2]. The
number of rounds chosen for DES was 16, probably to guarantee the elimination of any
correlation between the ciphertext and either the plaintext or the key. The Feistel structure
ensures that decryption and encryption are very similar processes, with the only difference
being that the subkeys are applied in the reverse order when decrypting. The F-function
scrambles half of a block together with some of the keys, and the output from the F-function is
then combined with the other half of the block, and the halves are swapped before the next
round. After the final round, the halves are not swapped, which is a feature of the Feistel

4|Page
structure that encrypts and decrypts similar processes [3]. The classical Feistel network is
expressed as

Confusion and Diffusion

The DES algorithm employs two fundamental cryptographic techniques to transform plaintext
into ciphertext: confusion and diffusion, which are achieved through substitution and
permutation. Confusion is a technique that makes the relationship between plaintext and
ciphertext complex and difficult to understand. It is achieved through substitution, where

5|Page
specific data sections are substituted with specially chosen data sections from the original data
based on the key and original plaintext. It involves rendering the relationship between the
plaintext and encryption key as complex as possible so that an attacker cannot easily determine
the key from the ciphertext. This process makes it difficult to determine the original plaintext
from the ciphertext, even if the key is known [3] [4] [6].

Diffusion is a technique that spreads the influence of each plaintext bit across several ciphertext
bits. It is achieved through permutation, which means that the order of the various plaintext
sections is rearranged based on the key and the original plaintext using S-boxes and P-boxes.
The permutation process ensures that each bit of the plaintext affects many bits of the
ciphertext, making it difficult for an attacker to determine the original plaintext from the
ciphertext even if they know the key [3] [4] [6].

Strong encryption aims to produce random ciphertexts, where a slight change in plaintext
results in a random change in the resulting ciphertext [6]. This quality is known as diffusion [6].
Ojha et al. claimed that the combination of confusion and diffusion in DES makes it a strong
encryption algorithm difficult to break, even with modern computing power [6], which is
partially refutable.

Substitution and Permutation

The DES algorithm employs a sequence of operations. Its encryption technique uses
substitution and permutation to manipulate sections of the key and data, confuses and
rearranges the data sections, and encrypts the data. These substitutions and permutations are
specified by the algorithm and performed using lookup tables called S-boxes and P-boxes. S-
boxes are used for substitution tables, and P-boxes are used for permutation tables. They are
usually combined for efficient processing, performing each round's substitution and the
following permutation with a single lookup [6].

It employs substitution and permutation primitives in 16 rounds to scramble the data block
adequately to satisfy the security goals specified by the DES algorithm based on the chosen key
sections and mathematically manipulated data. These primitives are used to reverse the

6|Page
encryption operation during the decryption. Horst Feistel defined a variety of substitution and
permutation primitives that are iteratively applied to data blocks for a specified number of
times. Each set of primitive operations is called a "round," and the DES algorithm uses 16
rounds [2]. Similarly, the decryption process uses the same 56-bit key to produce the original
64-bit plaintext block [2]. The manipulated sections of the data and key are used as inputs to a
lookup table, which in DES are called S-boxes and P-boxes for substitution and permutation
tables, respectively. S- and P-boxes are usually combined such that each round's substitution
and subsequent permutation can be performed with a single lookup [3].

XOR operations are performed between the data portions and keys to calculate the inputs to
the S- and P-box arrays. Portions of the data are XORed with portions of the key, specifically,
one of the 32-bit halves of the 64-bit data and 56-bit key, to calculate the inputs to the S- and P-
box arrays. This XOR operation uses one of the 32-bit halves of 64-bit data and a 56-bit key.
Because the key is longer than half of the data, the 32-bit data are sent through an expansion
permutation that rearranges its bits and repeats certain bits to form a 48-bit product. Similarly,
the 56-bit key undergoes a compression permutation that rearranges its bits and discards
certain bits to form a 48-bit product. The S- and P-box lookups and calculations of the key and
data that generate the inputs to these table lookups constitute a single round of DES encryption
[3] [6].

The process is repeated 16 times, resulting in 16 rounds of the algorithm. These rounds aim to
enhance the security of the data encryption scheme. In addition to the 16 rounds, initial and
final permutations occurred before and after the rounds. Using S- and P-boxes in the DES
algorithm ensures that the output of each round is dependent on the input and the key. This
process makes it difficult for the attackers to determine the keys used for encryption. Using
multiple rounds also increases the complexity of the encryption process, making it more
difficult for attackers to break the encryption [6]. These initial and final permutations were
initially included in the hardware implementation but did not improve the security of the
algorithm. For this reason, they are sometimes excluded from DES implementation [6].

7|Page
DES Flow Diagram

The flow diagram of the DES algorithm [3] shows the sequence of events that occur during the
encryption. DES performs an initial permutation on the entire 64-bit block of data, which is then
split into two 32-bit sub-blocks, Li and Ri. Each round is identical, for a total of 16 rounds. At the
end of the 16th round, the 32-bit Li and Ri output quantities are swapped to create what is
known as pre-output. This (R16, L16) concatenation is permuted using a function that is the
exact inverse of the initial permutation, and the output of this final permutation is 64-bit
ciphertext [3].

Round Structure

DES executes these two techniques sequentially with a single iteration of the two techniques,
referred to as a round. A block cipher with a round structure, such as a DES, is known as a
Feistel cipher. The round function splits the state into 32-bit left and 32-bit right parts. The right

8|Page
part is modified using a key-dependent function and combined with the left part using an XOR
operation. The left and right parts are interchanged [5]. Each round consists of key-based
substitution, where the plaintext is replaced by a different set of bits based on the encryption
key. It is followed by a key-based permutation, where the order of the bits is rearranged based
on the encryption key. The algorithm performs 16 rounds to convert plaintext into ciphertext,
as shown in the Annex Two-Enciphering Computation [4] [8]. DES uses multiple rounds of
substitutions and permutations to encrypt data. This algorithm takes advantage of the
avalanche effect. It means that even a small change in the input (plaintext or key) results in a
significant change in the output (ciphertext), which ensures that each bit of the ciphertext
depends on a key bit, making it difficult for an attacker to guess the key [4].

DES's main body

The main body of the DES consists of 16 iterations of a keyed round function, which is a
mathematical function used to encrypt data. The state of the data is split into two parts: a 32-
bit left part (Li) and a 32-bit right part (Ri). The right part (Ri) is the argument of the keyed F-
function, which depends on the key used for encryption and decryption. The left part (Li) is
modified by combining it with the output of the F-function using an XOR operation. After the
modification, the left and right parts are interchanged. A computational graph of the round
function is shown in Figure 1, which illustrates the different steps involved in the encryption
process [5].

Figure 1 - Computation graph of the DES round function

9|Page
The F-function is part of the DES block cipher algorithm. It is used in the DES algorithm to
provide confusion and diffusion properties essential for secure encryption [5]. A computational
graph of the F-function is shown in Figure 2 [5].

Figure 2 - Computation graph of the DES F-function

The F-function comprises four steps: (1) Expansion E, (2) Key addition, (3) S-boxes, and (4) Bit
permutation P. In the Expansion E step, the 32 input bits are expanded to a 48-bit vector by
splitting the 32-bit vector into 4-bit tuples and duplicating each tuple's first and last bits. In the
Key addition step, the 48-bit vector is modified by combining it with a 48-bit round key using a
bitwise XOR operation. The resulting 48-bit vector is mapped onto a 32-bit vector using eight
nonlinear S-boxes in the S-box step. The 48-bit vector is split into eight 6-bit tuples and
converted into eight 4-bit tuples by the S-boxes. Each S-box converts six input bits into four
output bits. Table 1 lists the specifications of the second S-box [5].

Table 1- Specification of the DES S-box S2

The table is as follows: If the 6-bit input is denoted by a1a2a3a4a5a6, then the output is given

10 | P a g e
by the entries in rows 2a1 + a6 and 8a2 + 4a3 + 2a4 + a5. The 4-bit values are shown in the
hexadecimal notation. In the Bit permutation P step, 32-bit vector bits are transposed according
to a fixed permutation table. The permutation table specifies the new position of each bit in the
32-bit vector. For example, the first bit of the output is taken from the 32nd bit of the input and
the second bit from the 11th bit [5].

Summary of DES algorithm and feature

Ingle et al. [3]summarized the DES algorithm and its features.[3]

Table 2 - DES Algorithm

11 | P a g e
Table 3 - Features of DES

The development of the DES algorithm has been controversial because of two main objections:
the changes made to the S-boxes by IBM, which raised suspicions of deliberate weakening by
the NSA, and concerns regarding the short 56-bit key length being vulnerable to future attacks.
Critics have questioned its long-term security, arguing that the 56-bit key will become
vulnerable to exhaustion attacks with increasing computer power. In response, the NBS
defended the standard, stating that it would be reviewed every five years and highlighted the
possibility of extending the effective key length to 112 or 168 bits. However, critics have
expressed concerns about the sensitivity of encrypted data for more than five years and the
difficulty of changing the widely adopted DES algorithm [2]. Touchman stated in 1977 that
changes made to the S-box, which is a component of the DES algorithm, helped to strengthen
the DES and make it more resistant to attacks that were not public knowledge. The S-box is
responsible for substituting values in the encryption process, and changes in it can affect the
overall security of the algorithm [2].

12 | P a g e
What are the advantages/disadvantages for this specific algorithm?

Advantages of the DES algorithm

The advantages of DES include resilience, wide applications, and a well-studied encryption
algorithm. The DES standard remained in use for much longer than its initial estimated life of 15
years and remained a Federal Information Processing Standard even 23 years after its
publication [2]. The DES proved its critiques wrong, turning out to be much stronger than
initially thought, with reliable and secure encryption standards, despite initial doubts and
concerns. It remains effective over time, is significant, and has been widely used in various
applications, including financial transactions and government communications. DES has resisted
cryptanalytic attacks, which attempt to break the encryption and access protected data. These
attacks included unknown or undocumented attacks in the 1970s when DES was first developed
[2].

Despite the development of numerous symmetric ciphers, DES has remained the most widely
used [6] and has been used in various applications. For example, it is included in a remote
input/output system in which encryption/decryption devices are implemented at the remote
terminal, remote control unit, and input terminal (US Patent No. 3,962,539 was issued on June
8, 1976, and assigned to International Business Machines Corp.). An early credit card
verification device used DES-based encryption at multiple points to protect data (US Patent No.
4,123,747 issued October 31, 1978, assigned to the International Business Machines Corp.) [4].

Through DES, users of encryption systems, particularly banks, enjoy operational efficiency
owing to their enhanced ability to substitute secure electronic transactions for more costly
paper-based and face-to-face transactions, leading to cost savings for banks and increased
convenience for their customers. The NIST's efforts to adopt and promote encryption hardware
and software have expanded the market for these products. Developers of encryption products
faced lower technical and market risks due to adopting a federal standard, which increased
their confidence in investing in developing these products [4].

13 | P a g e
The cryptographic community has extensively studied and analyzed the DES algorithm, making
it a well-understood and trusted encryption standard. Its development also led to the
generation of cryptanalysts who analyzed and attempted to "crack" the algorithm. According to
cryptographer Bruce Schneier, DES did more to galvanize the field of cryptanalysis than
anything else, providing an algorithm for researchers to study. Consequently, the academic
community discovered DES's weaknesses and published their analyses of a significant portion of
the open literature on cryptography in the 1970s and the 1980s [2]. These shortcomings
contribute to understanding the need for more secure and advanced encryption standards. DES
catalyzes the creation of other variants, such as Triple DES, which utilizes three rounds of DES
with different keys and has an effective key strength of 112 bits. This variant makes it
significantly more secure than a single DES, which NIST recommends to address the initial
concerns regarding DES [4], ultimately leading to AES's development and standardization. Other
innovations include designing a new scheme, such as using multiple (Cascaded) instances of
DES with multiple keys, which does not require investment in new software or hardware and
involves using multiple keys as a one-time pad with a new approach [6].

Other Effects of DES

DES has played a significant role in advancing the study and development of encryption
algorithms, which was previously only a concern for military and intelligent organizations and
had limited commercial and academic expertise [4]. Through DES, the development of
nonmilitary cryptography has led to the validation of the basic model of public specifications
and the review of encryption algorithms crucial for ensuring their security and trustworthiness.
The DES is a well-trusted algorithm that has been extensively studied. In contrast, many
algorithms developed for secrets have been exposed to reverse engineering or leaks, making
them insecure. The public approach, which the NBS chose to develop the DES standard, has
proven to be the best approach from a security perspective. This approach ensures that the
security provided by the algorithm depends only on the secrecy of the key and not on the
obscurity of the algorithm. The approach of relying on obscurity to provide security has proven
ineffective over time [2].

14 | P a g e
DES has also served as a standard against which every symmetric key algorithm has been
compared [2]. Its release has led to the growth of academic cryptologists, the establishment of
mathematics departments with strong cryptography programs, and the emergence of
commercial information security companies and consultants outside military and intelligence
organizations. Effectively, the DES launched a commercial encryption industry in which new
encryption hardware producers grew steadily from 1977 to 1998. Its effect included doubling
the number of first-time validations with the FIPS PUB 46-2 publication in 1994. The growth in
validations after 1994 is consistent with market estimates, which suggests that hardware
dominated the encryption market early on, but software applications are growing rapidly [4].

Leech et al. evaluated the NIST DES program and hypothesized that the industry would
eventually agree to an effective encryption algorithm. However, it would have taken some time
after NIST's initial publication of DES as FIPS 46. The authors assumed that the industry would
only have reached a consensus on a data encryption standard three to six years after the initial
publication of DES [4]. They presented the economic impact results in Table 4, which indicates
that it was more effective and efficient for NIST to develop and implement DES than to wait for
the results of industry cooperation. The table presents the two scenarios. The first assumes that
the industry would have organized itself to produce an effective standard encryption algorithm
within three years. The second scenario assumes that an industry consensus would emerge
after six years. The economic impact results in Table 4 suggest that, even if the industry agreed
on an effective encryption algorithm, it would have taken longer and was less efficient than
NIST's DES development and implementation. The authors concluded that NIST's decision to
develop and implement DES was correct because it was more effective and efficient than
waiting for industry cooperation [4].

15 | P a g e
Table 4 - Economic Impact of DES

Disadvantages of the DES Algorithm

The disadvantages of the DES algorithm are its key length, block size, and age, leading to
concerns about its security and eventual withdrawal as an encryption standard, rendering it
inappropriate for use in critical applications. One major vulnerability is its relatively short key
length of 56 bits, which is considered inadequate for modern security standards [1]. Critics of
DES believe its most serious weakness is its key size, which makes it vulnerable to attacks, such
as brute force and differential cryptanalysis [6]. As DES uses a 56-bit secret key algorithm, with
advancements and technological improvements of the present day, it is "now vulnerable to key
exhaustion using massive, parallel computations" [2]. Its vulnerability to key exhaustion was
demonstrated in 1997 when a message encrypted with DES was cracked in approximately five
months using a large network of computers. In 1998, the Electronic Freedom Foundation (EFF)
constructed a special-purpose electronic device called the "DES Cracker" to decrypt messages
encrypted by the DES using custom-built semiconductor chips. The EFF "DES Cracker" can find
the key used by the DES to encrypt a message in an average of about 4.5 days, and using more
chips could reduce this time even further [2]. In addition, the DES algorithm has a fixed block
size of 64 bits, which may not be suitable for certain critical applications that require larger
block sizes. DES vulnerabilities and limitations have led to its withdrawal and the development
of more secure encryption algorithms. In 1997, NIST solicited an algorithm to replace DES,
receiving 15 submissions from ten countries. The Twofish algorithm was among the alternatives
received to replace DES as a symmetric encryption algorithm. After two years of analysis and

16 | P a g e
debate, NIST chose the Belgian algorithm Rijndael to become the AES [1]. AES is widely used for
secure communication and data storage. Although it is not expected to become as ubiquitous
as the DES algorithm standard, AES is currently used in banking security products, internet
security protocols, and even computerized voting machines [1] [2].

An example of an attack that could compromise the cryptographic algorithm.

Ojha et al. described three prevalent attacks that could compromise DES: brute-force attack,
Meet-in-Middle attack, and differential linear cryptanalysis attack [6]. A brute-force attack is a
method of cracking encryption that systematically attempts at every possible key. It is
commonly used in known plaintext or ciphertext-only attacks until the correct attack is found.
This type of attack is often used when an attacker has access to plaintext or ciphertext. It can be
successful, given sufficient time and computing power [6]. Owing to DES's relatively small key
space and increasing computing power, searching for all possible keys and exhaustively
decrypting DES-encrypted data has become feasible [1]. For example, a single DES encryption
has an effective key length of 56 bits, which can be cracked within days using specialized
hardware.

In contrast, a 128-bit AES key requires an impossibly long time to crack using brute force. If a
machine could crack one DES key per second, it would take 149 trillion years to crack the 128-
bit AES key. With longer key lengths, the number of possible keys increases exponentially,
making brute-force attacks more difficult [6]. This vulnerability has prompted the development
of more secure encryption algorithms, such as triple-DES and AES, which offer stronger security
and larger key sizes to withstand modern attacks [1].

The meet-in-middle attack is an example of a cryptographic algorithm that can be attacked

using cryptographic algorithms that use multiple keys for encryption, such as Double DES. It is a
known plaintext attack in which the cryptanalyst has access to both the plaintext and resulting
ciphertext, allowing them to recover the two keys used for encryption [6]. Double DES is a
technique that uses two rounds of DES encryption with two different keys. Their use was
suggested to improve the strength of the 56-bit DES, resulting in a total key length of 112 bits
[6]. In the example, the plaintext is "Cat," and the resulting double DES ciphertext is "BzX." The

17 | P a g e
goal of cryptanalyst is to recover the two keys (Key1 and Key2) used for encryption. The
cryptanalyst first conducts a brute-force attack on Key1 using all 256 different Single-DES keys
to encrypt the plaintext of "Cat" and saves each key and the resulting intermediate ciphertext
in a table. The analyst then brutes Key2, decrypting "BzX" up to 256 times. When the 2nd brute
force attack decrypts an intermediate ciphertext in the table, the attack is complete, and both
keys are known to the cryptanalyst. The attack can be successful in at most 257 attempts,
which is significantly less than the maximum of 2,112 attempts required for other methods.
However, because of meet-in-middle attacks, double DES has not been widely used [6].

Differential cryptanalysis and linear cryptanalysis are related attacks against iterative symmetric
key block ciphers. An iterative cipher conducts multiple rounds of encryption, using a subkey for
each round. Examples include the Feistel Network used in DES and the State rounds used in
AES. These attacks can be combined, which is known as differential linear cryptanalysis [6], and
are sophisticated attacks designed to exploit the structure of the algorithm. This technique
allows attackers to exploit patterns in the encryption process and recover the original plaintext.
At least 16 rounds of DES are required to impede such attacks [1] [4]. Differential cryptanalysis
and linear cryptanalysis are two important attacks on DES, and they are more efficient than
exhaustive key search and linear cryptanalysis, achieving the same efficiency in known-plaintext
scenarios[5].

Differential cryptanalysis is a chosen-plaintext attack technique used to determine the key bits
in a block cipher by analyzing the differences between plaintext-ciphertext pairs [7]. It seeks to
discover the relationship between ciphertexts produced by two related plaintexts. It focuses on
statistical analysis of the inputs and outputs of a cryptographic algorithm [6]. It was first
described by E. Biham and A. Shamir [6] [7], focusing on the statistical analysis of the inputs and
outputs of a cryptographic algorithm [6]. In this attack, a large number of plaintext-ciphertext
pairs are used to deduce the statistical key information from the ciphertext blocks. It can break
DES with less than 255 complexities, making it vulnerable to attacks by a computer with one
million chips (Parallel Processing) that can test the whole key domain in approximately 20 hours
[6]. The attack relies on the assumption that the probabilities of certain differences in the
intermediate stages of a block cipher are independent of a specific key value. An attacker can
18 | P a g e
extract information regarding the key bits by analyzing the differences and their propagation
through the cipher. The attack's success depends on the maximum probability of difference
propagations, and the work factor is determined by the number of correct pairs required to
identify the correct subkey value [5].

Linear cryptanalysis is a known-plaintext attack technique used to determine the value of the
key bits in a block cipher. It requires access to a large number of plaintext and ciphertext pairs
encrypted with an unknown key. It involves finding "effective" linear expressions that can be
used to analyze the relationship between plaintext, ciphertext, and key bits. By analyzing the
values of these linear expressions for a large number of plaintext-ciphertext pairs, an attacker
can deduce the most likely values for the key bits. Linear expressions in linear cryptanalysis are
constructed by "chaining" single-round linear expressions. Linear cryptanalysis focuses on
statistical analysis against one round of decryption of large amounts of ciphertext. The
maximum deviation from a probability of 0.50 determines the effectiveness of these
expressions. The work factor of linear cryptanalysis depends on the probability that the linear
expressions hold and the number of plaintext-ciphertext pairs used in the attack [5] [6].

In both attacks, cryptanalyst studies changed to intermediate ciphertext between rounds of

encryption. Differential cryptanalysis seeks to discover the relationship between ciphertexts
produced by two related plaintexts, whereas linear cryptanalysis focuses on statistical analysis
of one round of decryption. Both attacks aim to find nonrandomness in the intermediate
ciphertext to discover potential subkeys [6]. A plaintext pair is created by applying a Boolean
exclusive or (XOR) operation to a plaintext, and the cryptanalyst then encrypts the plaintext and
its XORed pair using all possible subkeys. The subkey that creates the least random pattern
becomes the candidate key for differential and linear cryptanalysis [6].

Conclusion

The Data Encryption Standard (DES) is a widely used encryption algorithm developed in the
mid-1970s. It has been used for over two decades in various financial services and wide-area-
network applications. Its publication in 1977 led to the development of modern cryptography
and transformed the world of cryptography from a secret to public-driven algorithmic

19 | P a g e
technology. Despite its initial lifetime estimate of 15 years, DES remains a Federal Information
Processing Standard even after 23 years. DES democratized the public's access to cryptographic
algorithms. The roots of current cryptographic elements can be traced back to DES, providing
the development of stronger encryption algorithms through public participation. However, it is
vulnerable to brute-force and cryptanalysis attacks owing to its small key length. It has now
been replaced by more secure algorithms, such as the Advanced Encryption Standard (AES).

DES ensures secure data encryption by transforming plaintext into ciphertext and protecting
sensitive information from unauthorized access using a symmetric key encryption method
operating on 64-bit data blocks and a 56-bit key for encryption and decryption. It aims to
ensure data confidentiality, integrity, and authenticity; secure all sensitive, unclassified
government data from unauthorized access; and encrypt information transferred through
communications. Despite its weaknesses, DES has catalyzed the development of more secure
encryption algorithms. It remains a benchmark for open, peer-reviewed encryption standards,
the utility and impact of which continue to be felt even a quarter century after its proposal.

20 | P a g e
Annex One: Chronology of Major DES Events

21 | P a g e
Annex Two- Enciphering Computation

22 | P a g e
REFERENCES

[1] B. Schneier, 'The Legacy of DES - Schneier on Security', Schneier on Security, Oct. 06, 2004.
Available: https://www.schneier.com/blog/archives/2004/10/the_legacy_of_d.html.
[Accessed: Oct. 18, 2023]
[2] W. E. Burr, 'Data Encryption Standard', in A Century of Excellence in Measurements,
Standards, and Technology (A Chronicle of Selected NBS/NIST Publications, 1901-2000),
Gaithersburg, MD: National Institute of Standards and Technology, 2001, pp. 250–254.
Available: https://nvlpubs.nist.gov/nistpubs/sp958-lide/250-253.pdf. [Accessed: Oct. 17,
2023]
[3] D. V. Ingle and M. S. Hule, 'Data encryption standard', International Journal of Engineering
Research and Applications, pp. 77–80, Oct. 2015.
[4] D. P. Leech and M. W. Chinworth, 'The Economic Impacts of the NIST's Data Encryption
Standard (DES) Program', TASC, Inc., Arlington, VA, Planning Report 01–2, Oct. 2001.
Available: https://www.nist.gov/system/files/documents/2017/05/09/report01-2.pdf.
[Accessed: Oct. 18, 2023]
[5] J. Daemen and V. Rijmen, ‘The Data Encryption Standard’, in The Design of Rijndael.
Information Security and Cryptography. Springer, Berlin, Heidelberg., Second edition.in
Information security and cryptography. Berlin [Heidelberg]: Springer, Berlin, Heidelberg,
2020, pp. 83–89. Available: https://doi.org/10.1007/978-3-662-60769-5_6. [Accessed: Oct.
17, 2023]
[6] D. B. Ojha, R. Singh, A. Sharma, A. Mishra, and S. Garg, 'An Innovative Approach to Enhance
the Security of Data Encryption Scheme', IJCTE, pp. 380–383, 2010, doi:
10.7763/IJCTE.2010.V2.171
[7] E. Biham and A. Shamir, 'Differential cryptanalysis of DES-like cryptosystems', Journal of
Cryptology, vol. 4, pp. 3–72, Jan. 1991, doi: 10.1007/BF00630563
[8] NIST, 'Data Encryption Standard (DES)', U.S. Department of Commerce, Gaithersburg, MD,
Federal Information Processing Standard (FIPS) 46-2 (Withdrawn), Dec. 1993. doi:
10.6028/NIST.FIPS.46-2. Available: https://csrc.nist.gov/pubs/fips/46-2/final. [Accessed:
Oct. 20, 2023]

23 | P a g e