Data Encryption Standard (DES)

Data Encryption Standard

Data Encryption Standard (DES).

The most commonly used type of encryption is symmetric encryption, which is aptly named because it uses one key for both the encryption and decryption process. Symmetric encryption is also commonly referred to as secret-key encryption and shared-secret encryption, but all terms refer to the same class of algorithm.

The reason why symmetric encryption systems are abundant is speed and simplicity. The strength of symmetric algorithms lies primarily in the size of the keys used in the algorithms, as well as the number of cycles each algorithm employs. The cardinal rule is “fewer is faster”.

By definition, all symmetric algorithms are theoretically vulnerable to brute-force, which are exhaustive searches of all possible keys. Brute-force attacks involve methodically guessing what the key to a message may be. Given that all symmetric algorithms have a fixed key length, there are a large number of possible keys that can unlock a message. Brute-force attacks methodically attempt to check each key until the key that decrypts the message is found. However, brute-force attacks are often impractical, because of the amount of time necessary to search the keys is greater than the useful life expectancy of the hidden information. No algorithm is truly unbreakable, but a strong algorithm takes so long to crack that it is impractical to try. Because brute-force attacks originate from computers, and because computers are continually improving in efficiency, an algorithm that may be resistant to attacks by computers 5 to 10 years in the future.

Data Encryption Standard

Among the oldest and most famous encryption algorithms is the Data Encryption Standard (DES), the use of which has declined with the advent of algorithms that provide improved security. DES was based on the Lucifer algorithm invested by Horst Feistel. Essentially, DES uses a single 64-bit key – 56 bits of data and 8 bits of parity – and operates on data in 64-bit chunks. This key is broken into 16 48-bit subkeys, one for each round, which are called Feistel cycles.

Each round consists of a substitution phase, wherein the data is substituted with pieces of the key, and a presentation phase, wherein the substituted data is scrambled (re-ordered). Substitution operations, sometimes referred to as confusion operations, occur within S-boxes. Similarly, permutation operations (sometimes called diffusion operations) are said to occur in P-boxes. Both of these operations occur in the “F Module”. The security of DES lies in the fact that since the substitution operations are non-linear, the resulting ciphertext does not resemble the original message. The permutation operations add another layer of security by scrambling the already partially encrypted message.

Triple DES (3DES) and DESX are methods that attempt to use the DES cipher in a way that increases in security. Triple DES uses three separate 56-bit DES keys as a single 168-bit key, though sometimes keys 1 and 3 are identical, yielding 112-bit security. DESX adds an additional 64 bits of key data. Both 3DES and DESX are intended to strengthen DES against brute-force attacks. it would take many years to decrypt 3DES encrypted date (depending on available computing power). However, 3DES is inefficient because it requires two to three times the processing overhead as a single DES.

Shortcomings of Data Encryption Standard

For Data Encryption Standard, questions were raised about the adequacy of its key size from the start, even before it was adopted as a standard, and it was the small key size which dictated a need for a replacement algorithm. In academia, various proposals for a DES-cracking machine were advanced. Although there is no known publicly acknowledged implementation of these Data Encryption Standard-cracking machines, by the late 1990s, the vulnerability of DES was practically demonstrated. In 1997, RSA Security sponsored a series of contests, offering a $10,000 prize to the first team that broke a message encrypted with DES for the contests. That contest was won by the DESCHALL Project. The feasibility of cracking DES quickly was demonstrated in 1998 when a custom DES-cracker was built by the Electronic Frontier Foundation (EFF) at the cost of approximately $250,000 (u.S.). They were able to crack a DES key using a brute-force attack in less than two days. Subsequent improvements in processing power employed by other DES crackers reduced this time to less than a day. Because of the ease with which DES could be cracked, the National Institute of Standards and Technology (NIST) selected the Advanced Encryption Standard (AES) as the authorized Federal Information Processing Standard (FIPS) 197 for all non-secret communications by the U.S. government, which became effective in May 2002.

External Links:

Data Encryption Standard (DES) on Wikipedia

© 2013 David Zientara. All rights reserved. Privacy Policy