The Data Encryption Standard (of 1977)

CS 463 Lecture, Dr. Lawlor

DES is an old cipher from the 1970's, but it's got the same basic structure as modern more secure ciphers.

DES encryption starts with a block of 64 bits of plaintext.
A series of 16 rounds mix the plaintext bits with each other and the key, using a combination of bit shifting, XOR, and several very small (6 bit input, 4 bit output) S-boxes.

Here's the source code, this version from PolarSSL/library/des.c:

/*
* DES-ECB block encryption/decryption
*/
int des_crypt_ecb( des_context *ctx,
                    const unsigned char input[8], // data size: 64 bits
                    unsigned char output[8] )
{
    int i;
    uint32_t X, Y, T, *SK;

    SK = ctx->sk;

    GET_UINT32_BE( X, input, 0 ); // this implementation converts to int (from big-endian)
    GET_UINT32_BE( Y, input, 4 );

    DES_IP( X, Y ); // "initial permutation"

    for( i = 0; i < 8; i++ ) // 8 forward-reverse rounds (16 rounds total)
    {
        DES_ROUND( Y, X ); // xor's Y based on table[X]
        DES_ROUND( X, Y ); // xor's X based on table[Y]
    }

    DES_FP( Y, X ); // "final permutation"

    PUT_UINT32_BE( Y, output, 0 );
    PUT_UINT32_BE( X, output, 4 );

    return( 0 );
}

The biggest limitation of DES is the very short key--64 bits, but 8 of those are just used for parity checking. A 56-bit key space is within the realm of brute force: FPGA implementations today can check hundreds of billions of keys per second, so crack DES in about a day. ASIC implementations are even faster.