What is DES: DES in Cryptography Simplified

Introduction

Nowadays, we can’t imagine our lives without the internet. Be it money transactions or even buying everyday groceries from online stores. But have you ever worried about threats over the internet? With the surge in internet usage, threats have also increased. That's exactly what led to the development of technologies that ensure network security. These new technologies also increased job prospects. One key technology is the Data Encryption Standard (DES), a benchmark in cryptography. By diving into DES, you can protect your data from theft and build a strong foundation in cryptography, opening up exciting opportunities in the field.

Developed and released by IBM in the 1970s, DES safeguards sensitive information from malicious actors by encrypting and decrypting the messages at the sender’s and the receiver’s ends. It ensures that messages are delivered to the intended recipient, securely.

The recent surge in internet users globally and the rapid transition of businesses from physical addresses to a global presence have made encryption a mandatory need today. As such, it is high time to understand encryption in network security to make a rewarding cybersecurity careerpath. 

So, if you are a cyber security enthusiast and eyeing a career in network security, stay with us through to the end. We will walk you through the basics and advanced concepts of encryption in network security. This will include discussions around what is DES in cryptography, how DES works, what is Triple DES in network security, AES and how it differs from DES, steps to ensure the right implementation of DES and an exclusive guide to improving your cyber security skills to level up with JanBask Training. 

By the end of this article, you'll have a comprehensive understanding of the DES algorithm, its strengths and limitations, and how it has shaped the data security landscape. 

Let’s start with understanding what is DES in network security.

What is DES?

DES, or Data Encryption Standard, is a simple encryption and decryption standard in cryptography. Messages sent over the internet are encrypted and decrypted at the sender’s and receiver’s end using a single key, termed a symmetric key. The process involves transforming the plain text into an unreadable cipher text using the symmetric key and reverting the cipher text into readable form at the receiver’s end. 

In the pathways, the plain text appears as numerical blocks, making it hard for the interceptor to decrypt it without the key. This implies that only those with the correct key can access the original information. 

How does DES in Cryptography work?

DES involves 16 rounds of substitution and permutations to convert the plain text into a complex structure.  Each round enhances security by mixing up bits in various ways.

The initial input i.e. the plain text, which is a 64-bit block, is split into two halves, left and right, of 32-bit each. During each round, the right half undergoes an expansion from 32 to 48 bits before being processed through S-boxes (substitution boxes) that shrink it back to 32 bits. These transformed bits are then mixed with the left half through XOR operations, permutations, and further substitutions to create a highly secure encrypted output.

The process is repeated in each round with the output of one round fed as input for the next. This results in the development of a ciphertext that is decrypted at the receiver by following an exactly opposite process that we explained above. 

We will dive deep into understanding the step-by-step process in the implementation section ahead. Please stay tuned. Let’s look into the advanced and more secure format of DES, known as Triple DES (3DES) in the next section.

What is Triple DES Algorithm?

Triple DES is an enhancement in the original DES algorithm. As the name suggests, it applies the DES algorithm three times to each block of data i.e. the plaintext. This makes Triple DES a more secure encryption algorithm. Triple DES addresses the vulnerabilities in DES, particularly its relatively short 56-bit key length, which makes it susceptible to brute-force attacks. 

While DES uses a 56-bit key, Triple DES can use up to 168 bits (56 bits * 3) depending on the keying option, which provides a much higher level of security. A typical Triple DES algorithm consists of the following steps:

• First Encryption (E): The data is encrypted with the first key (K1).
• Decryption (D): The result from the first encryption is decrypted using the second key (K2).
• Second Encryption (E): The result from the decryption is encrypted again using the third key (K3).

With the use of three keys, Triple DES can require the hackers to create up to 2^256 combinations to break the encryption and intercept the data, which is obviously tough to do, making Triple DES (3DES) a more secure encryption algorithm in network security than DES.

Features of Triple DES

• Uses triple encryption with three distinct keys.
• Supports key sizes from 128 to 192 bits.
• Employs symmetric key encryption, using the same key for both encryption and decryption.
• Operates on 64-bit blocks of plaintext.
• Ideal for legacy systems needing secure encryption.

Some Features that affect how DES works

DES algorithm in cryptography consists of a number of features, and the working of the DES algorithm is affected by changes in these features. Let’s explore some key features and learn how they affect the DES algorithm.

• Block cipher: A block cipher is a plain text that needs to be encrypted and decrypted. DES processes fixed-size blocks of plain text (64 bits) at a time. Each block is transformed into Ciphertext using the secret key.  If the plain text is not a multiple of 64 bits, padding is added to align it with the model of the algorithm. Padding schemes like PKCS5 or PKCS7 are used to make it fit.
• 64-bit Key: Though the size of the keys are 64 bits, the effective length used in encryption is 56 bits only. 8 bits are used for error checking, known as Parity. Now out of each byte (8 bits), there is one parity bit. With a 56-bit effective length, DES has 2^{56} possible key combinations.
• Multiple rounds of encryption: DES performs 16 rounds of encryption, and each round consists of several steps that transform the given data in a complex outlook. Encrypting with a single round will not provide the right security. This is prevalent with Triple DES where the DES operations are performed three times, making the total rounds 48 (16x3). Multiple rounds make it harder for attackers to decipher the encrypted data. 
• Backward compatibility: Before we understand the effect of Backward Compatibility on DES workings, let's decode what is Backward Compatibility.

Backward Compatibility is the ability of a system to interact with its older versions, or systems that are designed on older versions. In DES, Backward Compatibility ensures that systems using DES can still function and communicate with newer systems that may use more advanced encryption standards. 

For instance, Triple DES M(3DES ) applies the DES algorithm three times with different keys, effectively increasing the security without requiring changes to the existing DES infrastructure.

ES can use two or three 56-bit keys. This ensures that data encrypted with 3DES can still be decrypted by systems designed for DES by using the same keys in a compatible mode.

A short history of Triple DES and DES

This one is interesting and inspiring! Let’s delve into learning about the history and evolution of DES in cryptography. Let's get back to the 1970s:

1970

In the 1970s, the need for secure communication was realized. The National Institute of Standards and Technology (NIST), then known as the National Bureau of Standards (NBS), recognized this need.

IBM being a major player in this field, developed an encryption algorithm known as “Lucifer” to meet the encryption needs in network security. This algorithm, created by Horst Feistel and his team, became the basis for DES.

1973-74

Later, in 1973-74, NBS issued a public call for an encryption standard. IBM submitted a modified version of Lucifer, which was further scrutinized and refined with the involvement of the National Security Agency (NSA).

1977

Moving on in 1977, NBS officially adopted DES as the federal standard for encrypting sensitive information. It was published as Federal Information Processing Standard (FIPS) 46. DES became widely used in both public and private sectors.

1990-98

Till the late 1990s, DES was widely used in various sectors like financial services, government offices, and private companies. Despite its widespread use, DES faced scrutiny from the cryptographic community. Researchers began identifying the vulnerabilities and they broke the standard in 1998.

In 1998, the Lectronic Frontier Foundation (EFF) built a DES-cracking machine, demonstrating that a 56-bit key could be cracked in a matter of days. This led to the debate for the development of more advanced encryption algorithms in Cryptography. As a result, Double and Tripple DES evolved. 

2001

Triple DES effectively increased the key length to 128 bits, providing a more robust encryption standard in network security. However, Triple DES made the systems slow and thus recognizing the needs NIST initiated a public competition to develop AES. In 2001, the Rijndael algorithm, created by Vincent Rijmen and Joan Daemen, was selected as the winner.

AES was adopted as FIPS 197 and became the new standard for encryption, offering key lengths of 128, 192, and 256 bits, providing significantly enhanced security over DES.

That’s how DES navigated its journey. Though not in much use today, learning  DES can have a significant impact on understanding the encryption standard in cryptography 

Since we have arrived at AES, let’s understand how AES is different from DES in the next section.

How is AES different from DES?

As we know DES stands for Data Encryption Standard;  allow us to give the full form of AES. It’s “Advanced Encryption Standard.” Both are symmetric key block ciphers used for encrypting data. However, they differ significantly in terms of security, performance, and design. We have outlined some major differences between the two below.

As we can see from the differences above, both DES and AES are symmetric key block ciphers used for encryption, AES offers significantly enhanced security and performance compared to DES.

DES’s five different modes of operation

The Data Encryption Standard (DES) can operate in five different modes. These modes define how the encryption and decryption processes handle blocks of data. Each mode has its characteristics and use cases.

• Electronic Codebook (ECB) Mode: In ECB mode, each 64-bit block of plaintext is encrypted independently using the same key. This means that identical plaintext blocks will produce identical ciphertext blocks.
• Cipher Block Chaining (CBC) Mode: In CBC mode, each plaintext block is XORed with the previous ciphertext block before being encrypted. The first block is XORed with an initialization vector (IV), which is a random block of data.
• Cipher Feedback (CFB) Mode: In CFB mode, the previous ciphertext block is encrypted and the output is XORed with the current plaintext block to produce the ciphertext. The first block uses an IV. This mode turns a block cipher into a type of stream cipher.
• Output Feedback (OFB) Mode: In OFB mode, the IV is encrypted, and the output is XORed with the plaintext to produce the ciphertext. Unlike CFB, the encrypted IV is not fed back into the block cipher; instead, the next output block is generated by encrypting the previous output block.
• Counter (CTR) Mode: In CTR mode, a counter is encrypted and the output is XORed with the plaintext to produce the ciphertext. The counter is incremented for each subsequent block. This mode also turns a block cipher into a stream cipher.

Implementing the DES algorithm

Implementing the DES algorithm can be a bit complex, but breaking it into steps can help ensure the right implementation. Here is a step-by-step guide:

1. Generate a 56-bit secret key (initially, it’s a 64-bit key with parity bits, but every 8th bit is discarded). This key is used for both encryption and decryption.
2. The 64-bit plaintext block undergoes an initial permutation. The IP function rearranges the bits according to a predefined pattern.
3. The third step is the encryption round where the cipher text divided into two halves (Left, “L,” and Right, “R”) are encrypted and swapped before being fed as input for the next round.  Each round consists of the following steps:

• Expansion: Expand the 32-bit right half (RPT) to 48 bits.
• Key Mixing: XOR the expanded RPT with a subkey derived from the main key.
• Substitution (S-boxes): Replace 48 bits using predefined S-boxes.
• Permutation (P-box): Shuffle the bits.
• Swap: Swap the left and right halves.

 The process is repeated for 16 rounds before the final permutation.

1. After 16 rounds, combine the left and right halves and apply a final permutation to produce the 64-bit ciphertext.
2. The next step would be decryption. For decryption, use the same process in reverse order:

• Apply the subkeys in reverse order.
• Perform the inverse of each step (S-boxes, P-box, swap, etc.)

What are some applications of DES?

The Data Encryption Standard (DES), despite its short key length, has been influential in the field of cryptography. Here are some practical applications of DES:

1. Secure Communications:

DES was widely used for securing communication channels, especially in the early days of computer networks. It ensured confidentiality and integrity during data transmission.

2. Financial Transactions:

 DES played a crucial role in securing financial transactions, including credit card payments, online banking, and stock trading. Its adoption ensured that sensitive financial data remained confidential.

3. Data Protection:

DES was employed to protect sensitive data stored in databases, files, and archives. It ensured that unauthorized access to critical information was prevented.

4. Legacy Systems: 

Many legacy systems and applications still rely on DES for encryption. While not recommended for new systems, DES remains in use due to backward compatibility.

5. Random Number Generation:

DES can generate random numbers for various cryptographic purposes. Its algorithmic properties contribute to creating unpredictable sequences.

6. Triple DES (3DES): 

3DES, derived from DES, provides enhanced security by applying DES three times with different keys. It is still used in some legacy systems and applications.

Is DES Unsafe?

DES (Data Encryption Standard), while historically significant, is considered unsafe by today’s standards because of its shorter key length. DES uses a comparatively shorter key length of 56 bits only. Modern cryptanalysis has improved significantly to execute brute-force attacks on such short keys. This is prevalent with Tripple DES (3DES) where implementing the DES algorithm three times makes the effective key length rise to 56 x3= 168 bits.

However, Triple DES is considered an expensive encryption, making it unfit for use with the modern application.

Advantages and disadvantages of DES

Let’s explore the advantages and disadvantages of the Data Encryption Standard (DES):

Advantages of DES:

• DES was relatively easy to implement and run on limited computing resources compared to other algorithms at the time.
• It was designed for hardware rather than software, showing efficiency and fast implementation in hardware.
• DES became an official United States Government standard.
• Being widely adopted ensured interoperability between different systems and software.

Disadvantages of DES:

• DES uses a 56-bit key, which is relatively short. Modern computing power allows for efficient brute-force attacks on such short keys.
• Cryptanalysis techniques have improved significantly since DES’s inception. Differential cryptanalysis and other attacks exploit weaknesses in DES.
• AES replaced DES as the standard encryption algorithm. AES offers stronger security, larger key sizes (128, 192, or 256 bits), and better performance.

Improve Your Cybersecurity Skills with JanBask

In today’s digital age, cyber security is more critical than ever. At JanBask Training, we are dedicated to providing top-notch education to help you master the essential skills needed to protect digital assets and defend against cyber threats. Our comprehensive suite of Cyber security Certifications and courses are designed for all levels, from beginners to advanced practitioners.

Cyber Security Training & Certification

• Personalized Free Consultation
• Access to Our Learning Management System
• Access to Our Course Curriculum
• Be a Part of Our Free Demo Class

Sign Up Now

Conclusion

The Data Encryption Standard (DES) has played a pivotal role in the history of cryptography, setting the foundation for modern encryption practices. Despite its eventual vulnerability to brute-force attacks, DES's influence is undeniable, leading to the development of more advanced algorithms like Triple DES and AES. 

Understanding DES’s mechanics, from key generation and permutation to its multiple rounds of encryption, provides valuable insights into the evolution of data security. As cyber threats continue to evolve, the principles learned from DES remain relevant, highlighting the importance of robust encryption methods in safeguarding sensitive information. For those keen on delving deeper into cyber security, mastering such foundational concepts is crucial, forming a solid base upon which more advanced techniques can be built.

Happy learning!

FAQ

1. How does Triple DES (3DES) enhance the security of DES?

Triple DES (3DES) enhances security by applying the DES algorithm three times with either two or three different keys. This Encrypt-Decrypt-Encrypt (EDE) process significantly increases the key length to 112 or 168 bits, making it more resistant to brute-force attacks compared to standard DES.

2. What are the main features affecting how DES works?

DES operates as a block cipher, meaning it encrypts data in fixed-size blocks (64 bits). Key size and the 16 rounds of encryption significantly affect its operation. The 56-bit key size limits its security, while the multiple rounds of complex transformations ensure thorough data encryption.

3. Do the interviewers ask DES questions in interviews?

Despite being not in use today, DES is a benchmark in encryption standards. Questions related to DES are popular choices of interviewers as they show your in-depth insight depth in encryption technology.

4. How can I start learning about cryptography and encryption algorithms?

 Begin with introductory courses on cyber security and cryptography, read online tutorials and articles, and practice by implementing simple encryption algorithms. Understanding the basics of how algorithms like DES work can provide a strong foundation for more advanced studies.