DES (Data Encryption Standard) - DES Algorithm and Operation

Data Encryption Standard, or DES, is a type of encryption cipher that shields and disguises sensitive information, so it can't be seen or retrieved by cyberattacks.

DES can be described as a block cipher, encryption/ symmetric -key algorithm. A symmetric key means the same algorithm/key is used for encryption and decryption. On the other hand, asymmetric keys use two different keys – one public and the other private, respectively.

History of DES and Current Situation

DES was developed in 1971 by Horst Feistel, a cryptography researcher working at IBM. It was based on "LUCIFER," the Feistel block cipher, 16 rounds of which made up the DES. 64-bit blocks of plain text are fed into the DES, which churns out an equivalent 64-bits of ciphertext. The DES key used for this process is 56-bit in size.

DES was the government's official encryption standard until 2002 when the Advanced Encryption Standard (AES) routed it in public competitions. The National Institute of Standards & Technology (NIST), which had first affirmed DES for federal use, now revoked its status for government use. However, the latest iteration, Triple DES (3DES), has been cleared till 2030 for sensitive government data. 3DES runs triple the round, so DES, i.e., 48 instead of 16, isn't any more substantial.

The DES Algorithm and Process

The DES algorithm functions as per the following stages −

Before the encryption process can begin, the 64-bit of plain text is converted into the DES key size, which is 56 bits. Every 8th bit in the sequence is dropped, and these parity bits help detect any discrepancies between sets of code. If the plain text is more than 64-bits and is indivisible, some sequences may be shorter – they are padded with extra bits for processing.

Then the base processes in cryptography − substitution and transposition begin, followed by the 16-stage encryption process.

Stage 1: Initial Permutation

The plain text is first passed through the Initial Permutation (IP). The IP juggles the 64-bit plain text block and transposes the blocks into each 8th-bit position of the key. The IP then divides the 64-bit block into two halves, i.e., 32-bit half-blocks, known as LPT (Left Plain Text) and RPT (Right Plain Text).

Stage 2: Encryption

Step 1: Key Transformation

This step is called Compression Permutation - the original 56-bit block that was created is further compressed into a 48-bit block by discarding some bits. The two 28-bit halves are then permuted circularly to yield a 48-bit subset.

Step 2: Expansion Permutation

This step is the opposite of Step 1. The two 32-bit halves are expanded into a 48-bit whole. Each 32-bit half is broken down into 8 blocks of 4 bits each. Then 2 more bits from adjoining sides are attached to the 4-bit blocks, making them 6-bit. The LPT and RPT are now both 48-bit blocks comprising 8 6-bits each.

Step 3: S-Box Permutation

The Substitution Box permutation/substitution takes the 48-bit RPTs and LPTs and, using a lookup box, changes the 6-bit parts into a 4-bit output generating a 32-bit output. This phase supplements the cipher with an extra layer of security.

Step 4: P-Box Permutation

This step involves simply re-shuffling the 32-bit output and sorting them into four separate S-Boxes. 

Step 5: XOR (ExclusiveOR) and Swap

A mathematical function called XOR is applied to the four S-Box sets of bits. The bits can only be measured as 0 or 1. Two sets of bits are compared to see if they match. Matching at the smallest bit level strengthens the code.

Stage 3: Combination

Once the encryption is completed, the LPT and RPT sides are re-joined to form the 64-bit ciphertext. 

Stage 4: Final Permutation

The final permutation is done on the 64-bit original block to get the final output, i.e., the 64-bit ciphertext.

Modes of Operation

We have explored how the DES algorithm functions. Now we look at the different means of application.  

  • Mode 1: ECB – Electronic Code Book

ECB is the most basic mode of operation. A single DES algorithm is used to encrypt blocks one at a time. A no different variable is added to the process, making it very simple but easy to attack, especially via MITM (Man-in-the-Middle).

  • Mode 2: CBC – Cipher Block Chaining Mode

CBC uses an initialization vector (IV) to incorporate the previous plain text block into the current one. The chaining process of CBC means that the previous block's input plain text determines the next one's decryption. The XOR mechanism integrates the current and previous inputs so that similar cipher texts are not generated.

  • Mode 3: CFB- Cipher Feedback Mode

The CFB also uses an IV, but the input size (segment) can be varied from a bit to an entire block. But this time, the previous block's cipher text is integrated into the encryption algorithm as feedback. This creates a keystream which in turn decides the current next encryption. The XOR coding function is applied to integrate the keystream, and the current plain text and pseudorandom outputs are generated.

  • Mode 4: OFB- Output Feedback Mode

OFB and CFB are very alike. The only difference is that OFB has an additional internal mechanism that creates a key unrelated to the plain text input and cipher text outputs. The key creates additional encryption on the entire DES output to create a unique cipher text.

  • Mode 5: CTR – Counter Mode

The Counter method encrypts each block of plain text and applies an XOR counter. This counter accumulated incrementally for and as each block is processed.


DES is out of use these days. It cannot withstand brute force attacks from sophisticated code-cracking technology, and its key length is too short. But studying DES is crucial because it is the foundation for other encryption standards and algorithms, and it has informed contemporary cryptography advancements by highlighting the strengths and weaknesses of different techniques.

Updated on: 13-Dec-2022

1K+ Views

Kickstart Your Career

Get certified by completing the course

Get Started