DES

• Digital Encryption Standard
• 56-bit secret keys
• same keys used for encryption and decryption
• developed in the late 70s by IBM for the U.S. government
• U.S. government non-classified standard (and standard for many other governments?)
• based on WWII German Enigma machine
• available in VLSI implementations (fast, cheap)

DES Implementation

• 64-bit text blocks P (with padding at the end if needed)
• permutation: P1 = T(P) scrambles the bits in a fixed way (independent of key K)
• 16 scrambling and XORing steps (key-dependent)
• final permutation: : C = T'(P[16]) scrambles the bits again

DES steps

1. split Pi into a left half Li and a right half Ri
2. Ki = 48-bit transposed subset of 56-bit key (which transposition and which subset depend on i)
3. L[i+1] = Ri
4. R[i+1] = Li xor f(Ri, Ki), where f(R, K) is
   • construct 48-bit R' from 32-bit R by transposing and duplicating bits
   • T = R' xor K
   • divide T into 8 groups of 6 bits
   • give each into a substitution box (S-box, a ROM) with a 4-bit output
   • the resulting 32 bits are permuted to give the result of f(R,K)
5. P[i+1] = L[i+1] . R[i+1]

DES properties

• decryption has same steps as encryption, in opposite order
• decryption has same key as encryption
• great pseudo random number generator
• always turns a given 64-bit and a fixed 56-bit number into the same 64-bit number (vulnerable to some attacks)
• relatively small keys (not good enough for state secrets!)
• fairly standard secret-key algorithm

DES use

• direct encoding
• triple DES: E(D(E(P,K1),K2),K1)
• cypher block chaining: XOR next 64 bits of P with most recent 64 bits of C before encoding
• cypher feedback: XOR next 64 bits of P with most recent 64 bits of C, then encode C
• output feedback: encode previous DES output to produce new DES output, XOR DES output with next 64 bits of P

RSA

• Rivest, Shamir, Adleman
• arbitrary-sized keys
• public-key encryption
• developed in the late 70s by American and Israeli researchers
• most common and best-known public-key system
• based on number theory
• secure as long as factorization of large numbers is difficult
• available in VLSI implementations (fast, cheap)

RSA Implementation

• pick large (100- to 10,000-bit) primes p and q
• compute n = pq and z = (p-1)(q-1)
• choose d relatively prime (i.e. no common factors) to z
• find e such that ed mod z = 1
• public key is (e, n)
• encrypt blocks of k bits where 2^k < n
• encryption: C = P^e mod n
• decryption: P = C^d mod n
• can be broken if n can be factored into pq

RSA properties

• decryption of plaintext can be used as digital signature
• arbitrary key size
• relatively slow (depending on key size)
• privately owned
• can be exported from US in book form, but not in program form!