DES has very complicated processes, but it does follow the rigorous methodology. During the DES generation (Diagram-1), data needs to be expanded, permuted, shrunk, shifted, inverted and substituted. Basically, a document or plaintext will be first converted into binary data that consists of many 0s and 1s — each binary data is 1 bit. DES picks up every 64 bits as a block, and each block is processed by the DES generation and DES sub-generation for 16 times repeatedly with 16 sets of different generated DES keys. These DES keys, which are 48 bits each, are generated by an original key. Original key can be simply considered as password that will also be changed into binary data with 56 bits.
Now, let’s go into the DES operation itself and see how it works. Diagram-2 shows that plaintext needs to be processed by the input operation before it reaches the DES sub-generation, as well as the original key. One thing we need to take note is the input operation that contains many different sets of permutation. All these sets of permutation have the standard formulas or arrangements.
For example, Initial Permutation (IP) re-arranges the order for 64-bit plaintext. Diagram-3 shows the example of simplified DES that is 8-bit plaintext, because it is easier to illustrate the principle instead of 64-bit plaintext. It means that the 8-bit input plaintext is (01010101). Then, the output 8-bit plaintext will be changed to (11001100). After the output plaintext is generated, it will be entering into the DES sub-generation. The key has similar step, but with different permutation before entering into the DES sub-generation.
Inside the DES sub-generation as shown in Diagram-4, cross-round shapes represent the further complex operations, and asterisk shapes represent DES keys. This DES sub-generation is also called the Feistel Cipher or Feistel Network. In the Feistel Network, the plaintext continues to be processed by the operation for 16 times, whereas the key continues to be processed by the key operation, and expanded into 16 different DES keys with 48 bits each. It is important to note that operation for each time is combined with each DES key. Thus, the plaintext starts to be processed by the first operation and the first DES key, which produce the first output. This first output continues to be processed by the second operation and second DES key, which produce the second output, and so forth. When the last output (sixteenth output) produced, it will enter into the final output operation that is the Inversion of Initial Permutation (IoIP). IoIP actually has the same principle as IP, but it inverses the orders. Let’s take the Diagram-3 as the example again, if the sixteenth output is (11001100), it will be changed to (01010101) by the IoIP. As a result, this (01010101) is called the cipher-text that is entirely permuted and calculated from the plaintext.
The DES is totally reversible. In order to decrypt the cipher-text into the plaintext, decryption uses the same algorithm as encryption, except that the DES keys are applied in reversed order. This is also the weakness of DES, because the algorithm is well-known. Once the original key is stolen, everyone can apply the same principles to decrypt the data. Therefore, the key management is crucial as what I have discussed in the previous blogs.
