5.5.1 Data Encryption Standard (DES)
DES is a symmetric-key block cipher that was for many years the dominant commercial encryption algorithm worldwide. It was standardized in 1977 by the National Bureau of Standards (now NIST) as Federal Information Processing Standard (FIPS) 46, and until the early 2000s it remained approved for securing unclassified federal information. DES has been used extensively for electronic funds transfer, Internet transaction security, and pay-television systems.
Originally developed by IBM in the early 1970s as part of the company’s LUCIFER project, the algorithm was refined with technical input from the US National Security Agency (NSA). DES operates on 64-bit blocks of plaintext and uses a 56-bit key (plus 8 parity bits). Because the encryption and decryption processes are structurally identical, the algorithm is efficient in both hardware and software implementations.
DES has long been the subject of debate. Critics have argued that the 56-bit key length is inadequate to resist brute-force attacks with modern hardware, and that the classified design criteria used for its internal substitution boxes (S-boxes) may conceal a deliberate weakness. In practice, however, extensive public analysis has not revealed any embedded “back-door,” and the algorithm’s internal structure—particularly the S-boxes—was later shown to provide strong resistance to differential cryptanalysis.
The structure of the DES algorithm is shown in Figure 5.9. The algorithm consists of an initial permutation, sixteen identical rounds (or iterations) of substitution and permutation operations, and a final inverse permutation (Figure 5.10). The output of one round forms the input to the next, a design that allows for efficient pipelined hardware realization.


5.5.1.1 Left Circular Shift
The left circular shift operation (Figure 5.11 ) is used to vary the key material between rounds. The 56-bit key is divided into two 28-bit halves. For each round, each half is shifted left by one or two bits, depending on the iteration number. The total number of bits shifted after sixteen rounds is 28. The output of each shift stage becomes the input to the next, ensuring that a different 48-bit subkey is derived for every round.

The compression permutation (Pcompression) selects 48 of the 56 key bits from the shifted halves to form the round key Kn. The remaining eight bits are discarded for that round. This operation both reduces the key length and increases the diffusion of key bits across rounds.
5.5.1.2 Iteration
While the left circular shift and compression permutation operate on the key, the iteration process transforms the 64-bit data block into ciphertext. Each round splits the 64-bit input into two 32-bit halves, Li−1 and Ri−1, and produces an output as follows:
The function f performs several transformations: expansion permutation of Ri to 48 bits, exclusive-OR of the expanded Ri with the 48-bit Ki, S-box substitution to give 32 bits, and a further permutation (known as the P-box permutation). This combination of substitution and permutation provides the confusion and diffusion that Claude Shannon identified as fundamental to secure cipher design.
The S-boxes are deliberately non-unique and highly nonlinear—several different inputs may map to the same output value—a design that frustrates algebraic and differential attacks.
The limited key length of the original Data Encryption Standard (DES)—only 56 bits—made it increasingly vulnerable to brute-force attacks as computing power improved. In 1998, the Electronic Frontier Foundation (EFF) demonstrated a specialized hardware device capable of recovering a DES key in less than 60 hours for a few tens of thousands of dollars, conclusively showing that DES no longer provided adequate protection for long-term data security.
To extend its useful life, DES was modified into Triple DES (3DES), which applies the DES algorithm three times to each 64-bit block of data, thereby increasing effective key length and security without requiring a completely new design.
Back to reading