PPENDIX

Simplified DES

C.1 Overview ...................................................................................................................2 C.2 S-DES Key Generation .............................................................................................3 C.3 S-DES Encryption .....................................................................................................3 Initial and Final Permutations ..................................................................................3 The Function fK .......................................................................................................4 The Switch Function ................................................................................................5 C.4 Analysis of Simplified DES ......................................................................................5 C.5 Relationship to DES ..................................................................................................6

William Stallings

Copyright 2006

Supplement to

Cryptography and Network Security, Fourth Edition

Prentice Hall 2006

ISBN: 0-13-187316-4

http://williamstallings.com/Crypto/Crypto4e.html

8/5/05

Simplified DES, developed by Professor Edward Schaefer of Santa Clara University [SCHA96], is an educational rather than a secure encryption algorithm. It has similar properties and structure to DES with much smaller parameters. The reader might find it useful to work through an example by hand while following the discussion in this Appendix.

C.1 Overview

Figure C.1 illustrates the overall structure of the simplified DES, which we will refer to as SDES. The S-DES encryption algorithm takes an 8-bit block of plaintext (example: 10111101) and a 10-bit key as input and produces an 8-bit block of ciphertext as output. The S-DES decryption algorithm takes an 8-bit block of ciphertext and the same 10-bit key used to produce that ciphertext as input and produces the original 8-bit block of plaintext. The encryption algorithm involves five functions: an initial permutation (IP); a complex function labeled fK, which involves both permutation and substitution operations and depends on a key input; a simple permutation function that switches (SW) the two halves of the data; the function fK again; and finally a permutation function that is the inverse of the initial permutation (IP–1). As was mentioned in Chapter 2, the use of multiple stages of permutation and substitution results in a more complex algorithm, which increases the difficulty of cryptanalysis. The function fK takes as input not only the data passing through the encryption algorithm, but also an 8-bit key. The algorithm could have been designed to work with a 16-bit key, consisting of two 8-bit subkeys, one used for each occurrence of fK. Alternatively, a single 8-bit key could have been used, with the same key used twice in the algorithm. A compromise is to use a 10-bit key from which two 8-bit subkeys are generated, as depicted in Figure C.1. In this case, the key is first subjected to a permutation (P10). Then a shift operation is performed. The output of the shift operation then passes through a permutation function that produces an 8-bit output (P8) for the first subkey (K1 ). The output of the shift operation also feeds into another shift and another instance of P8 to produce the second subkey (K 2 ). We can concisely express the encryption algorithm as a composition1 of functions:

which can also be written as:

IP-1 o fK2 o SW o fK1 o IP

(((

ciphertext = IP-1 fK 2 SW fK1 (IP(plaintext ))

where

(

K1 = P8 Shift (P10(key ))

!

(

(

)))

)

K2 = P8 Shift Shift( P10( key))

))

Decryption is also shown in Figure C.1 and is essentially the reverse of encryption:

(((

plaintext = IP-1 fK1 SW fK 2 (IP(ciphertext ))

1

)))

Definition:! f f and g are two functions, then the function F with the equation y = F(x) = I

g[f(x)] is...