The Data Encryption Standard (DES) is a product block cipher in which 16 iterations, or rounds, of the substitution and transposition (permutation) process are cascaded. The block size is 64 bits, so that a 64-bit block of data (plaintext) can be encrypted into a 64-bit cipher at any one time. (A 64-bit block cipher can be decrypted by DES as well.) The key, which controls the transformation, also consists of 64 bits. Only 56 of these, however, are at the user's disposal; the remaining eight bits are employed for checking parity (the state of being odd or even used as a basis for detecting errors in binary-coded data).
Subsets of the key bits are designated K1, K2, etc., with the subscript indicating the number of the round. The cipher function (substitution and transposition) that is used with the key bits in each round is labeled f. At each intermediate stage of the transformation process, the cipher output from the preceding stage is partitioned into the 32 leftmost bits, Li, and the 32 rightmost bits, Ri. Ri is transposed to become the left-hand part of the next higher intermediate cipher, Li+1. The right-hand half of the next cipher, Ri+1, however, is a complex function of the key and of the entire preceding intermediate cipher. The essential feature to the security of the DES is that f involves a very special nonlinear substitution--i.e., f(A) + f(B) f(A + B)--specified by the Bureau of Standards in tabulated functions known as S boxes. This operation results in a 32-bit number, which is logically added to Ri to produce the left-hand half of the new intermediate cipher. This process is repeated, 16 times in all. To decrypt a cipher, the process is carried out in reverse order, with the 16th round being first. The DES process lends itself well to integrated-chip implementation. By 1984 the Bureau of Standards had certified over 35 LSI- and VLSI-chip implementations of the DES, most on single 40-pin chips, some of which operate at speeds of several million bits per second.
When the cipher was first released, the design criteria for the S boxes are not released. This and the involvement of the National Security Agency in the design of the cipher led many to suspect the existence of a back door. It was later revealed that the S boxes were designed to be maximially resistant to differential cryptanalysis, a technique that was not publicly known at the time of the release of DES.
Because the key length is only 56 bits, DES can be, and has been, broken by the brute force method of running through all possible keys. The obvious solution of encrypting the ciphertext twice does not provide any addition security because of man in the middle attacks. Many former DES users now use triple DES (3DES) which involves DES coding each block three times with different keys. 3DES is considered safe for now. The U.S. National Institute of Standards and Technology (NIST) has selected a new cipher, the Advanced Encryption Standard (AES) to replace DES.
See also: cryptology