Shulou(Shulou.com)06/01 Report--

Share attentively and grow together

There's nothing more real than a little improvement every day.

This article has been included in my github. Welcome to star and issues.

Https://github.com/midou-tech/articles

  is going to say something about your privacy today. in this information age, is there really someone holding your information in one hand and counting banknotes in the other? The answer must be yes.

When   talks about network security, I have to mention one thing-cryptography (does it sound like your scalp is tingling and your heart is racing), hold on, and the old driver will take you online to learn. Today I will give you say&see what is DES in cryptography.

Brief introduction

  DES:

English Name:Data Encrytion Standard

English name: DES algorithm, data encryption standard

It is by far the most widely used and popular block cipher algorithm in the world. (do you feel something here?)

1. Parameter introduction:

Data (encrypted and decrypted data): data that needs to be encrypted or decrypted in 64bit plaintext or ciphertext

Key (key for encryption and decryption): 8BytePhone 64bit key (56bit key + 8bit parity bit)

Mode (work mode): encryption or decryption workflow 2, workflow:

3. Initial IP replacement:

  DES algorithm uses 64-bit key key to change 64-bit plaintext input block into 64-bit ciphertext output block, and divides the output block into L0 and R0 parts, each of which is 32-bit. The left part Li=Ri-1, the right part Ri=Li-1 ⊕ F (Ri-1,Ki) (Note: here ⊕ refers to the addition on the binary field, that is, XOR), the initial replacement rule is as follows:

1 58,50,42,34,26,18,10,02,2 60,52,44,36,28,20,12,04,3 62,54,46,38,30,22,14,06,4 64,56,48,40,32,24,16,08,5 57,49,41,33,25,17,09,01,6 59,51,43,35,27,19,11,03,7 61,53,45,37,29,21,13,05,8 63,55,47,39,31,23,15,07

The first bit of the 64-bit plaintext to be entered by   is replaced to bit 40, the second bit to bit 8, and the third bit to bit 48. And so on, the last one is the original seventh. The replacement rule is prescribed. L0 is the first 32 bits (D1-D32) of the replaced data, and R0 is the last 32 bits (D33-D64) of the replaced data.

4. Wheel structure:

  F function is the encryption core of DES, and its function is also very important, and the Feistel structure determines that its encryption and decryption process is the same. Both hardware and software implementation need only one structure and do not need to be implemented separately.

  function F consists of four steps: key replacement, extended E transformation, S-box substitution and P-box replacement.

(1) key replacement-subkey generation

The   DES algorithm generates 16 rounds of 48-bit subkeys from 64-bit keys. Different subkeys are used during each iteration.

A, ignore the parity bit of the key and do not participate in the calculation, that is, the 8th bit of each byte, reduce the 64-bit key to 56 bits, and then divide the 56 bits into two blocks C0 (28 bits) and D0 (28 bits) according to the choice of replacement PC-1.

B, shift C0 and D0 to the left in a cycle (note: the number of bits in each cycle is determined by the number of rounds). After the transformation, C1 and D1 are generated, and then C1 and D1 are merged, and the subkey K1 (48 bits) is generated by selecting replacement PC-2.

C, C1 and D1 go through cyclic left shift transformation to generate C2 and D2, then C2 and D2 merge, and the key K2 (48 bits) is generated by selecting replacement PC-2.

D, and so on, get K16 (48 bits). However, the left and right parts of the last round are not exchanged, but are directly merged into the R16L16 as the input block of the inverse replacement. Among them, the number of cyclic left shifts is 16 times, of which the first, second, ninth and sixteenth times are cyclic left shifts, and the others are two left shifts. (2) extended E transform

Extended E transform extends the Ri of the right half of the data from 32 bits to 48 bits.

Purpose of extended replacement:

A. Generate data of the same length as the key for XOR operation. R0 is 32 bits and the subkey is 48 bits, so R0 should first carry out extended replacement and then XOR with the subkey.

B. provide longer results so that compression can be carried out in the substitution operation.

The extended replacement E rule is as follows:

1 32,01,02,03,04,05,2 04,05,06,07,08,09,3 08,09,10,11,12,13,4 12,13,14,15,16,17,5 16,17,18,19,20,21,6 20,21,22,23,24,25,7 24,25,26,27,28,29,8 28,29,30,31,32,31

  that is, the I th data j in the table indicates that the I bit of the output is the j bit of the input. For example, the first bit of the output is the 32nd bit of the input, and the 7th bit of the output is the 4th bit of the input.

(3), S-box

As the core of feistel structure,   S-box plays a vital role. The input 32bit data is XOR with the 48bit subkey Kn after extended replacement, and the resulting result is input into the S-box for substitution operation. The function of S-box is to change 48-bit data into 32-bit data. In feistel structure, 8 different S-boxes work together to complete. Each S-box has 6-bit input and 4-bit output. So the 48-bit input block is divided into eight 6-bit packets, and each packet corresponds to an S-box instead of the operation. After S-box replacement, eight 4-bit grouping results are formed.

Note: the input data of each S-box is 6 bits, and the output data is 4 bits, but each S-box itself is 64 bits!

  S-Box 1:

14,4,13,1,2,15,11,8,3,10,6,12,5,9,0,7,0,15,7,4,14,2,13,1,10,6,12,11,9,5,3,8,4,1,14,8,13,6,2,11,15,12,9,7,3,10,5,0,15,12,8,2,4,9,1,7,5,11,3,14,10,0,6,13

  S-Box 2:

15,1,8,14,6,11,3,4,9,7,2,13,12,0,5,10,3,13,4,7,15,2,8,14,12,0,1,10,6,9,11,5,0,14,7,11,10,4,13,1,5,8,12,6,9,3,2,15,13,8,10,1,3,15,4,2,11,6,7,12,0,5,14,9

  S-Box 3:

10,0,9,14,6,3,15,5,1,13,12,7,11,4,2,8,13,7,0,9,3,4,6,10,2,8,5,14,12,11,15,1,13,6,4,9,8,15,3,0,11,1,2,12,5,10,14,7,1,10,13,0,6,9,8,7,4,15,14,3,11,5,2,12

  S-Box 4:

7,13,14,3,0,6,9,10,1,2,8,5,11,12,4,15,13,8,11,5,6,15,0,3,4,7,2,12,1,10,14,9,10,6,9,0,12,11,7,13,15,1,3,14,5,2,8,4,3,15,0,6,10,1,13,8,9,4,5,11,12,7,2,14

  S-Box 5:

2,12,4,1,7,10,11,6,8,5,3,15,13,0,14,9,14,11,2,12,4,7,13,1,5,0,15,10,3,9,8,6,4,2,1,11,10,13,7,8,15,9,12,5,6,3,0,14,11,8,12,7,1,14,2,13,6,15,0,9,10,4,5,3

  S-Box 6:

12,1,10,15,9,2,6,8,0,13,3,4,14,7,5,11,10,15,4,2,7,12,9,5,6,1,13,14,0,11,3,8,9,14,15,5,2,8,12,3,7,0,4,10,1,13,11,6,4,3,2,12,9,5,15,10,11,14,1,7,6,0,8,13

  S-Box 7:

4,11,2,14,15,0,8,13,3,12,9,7,5,10,6,1,13,0,11,7,4,9,1,10,14,3,5,12,2,15,8,6,1,4,11,13,12,3,7,14,10,15,6,8,0,5,9,2,6,11,13,8,1,4,10,7,9,5,0,15,14,2,3,12

  S-Box 8:

13,2,8,4,6,15,11,1,10,9,3,14,5,0,12,7,1,15,13,8,10,3,7,4,12,5,6,11,0,14,9,2,7,11,4,1,9,12,14,2,0,6,10,13,15,3,5,8,2,1,14,7,4,10,8,13,15,12,9,0,3,5,6,11

The calculation of S-box: the first bit and the sixth bit determine the number of rows, the second, third and fourth rows determine the number of columns, find out the corresponding data in the table and represent it as binary data.

(4), P-box

  in the S-box substitution operation, each S-box gets 4 bits, and 8 boxes get the 32bit output data. The 32-bit output is used as the input block of P-box replacement, and the final output is the output data of 32bit. The P-box permutation maps each input bit to the output bit. No one can be mapped twice, nor can it be omitted.

5. Inverse replacement:

  carries out 16 iterations of the initial permutation, that is, 16-layer encryption transformation, which is temporarily called the function f. L16 and R16 are obtained, which are used as input blocks and inverted to get the final ciphertext output block. Inverse permutation is the inverse operation of initial permutation. As you can see from the initial replacement rule, the first bit of the original data is replaced to the 40th bit, and the second bit is replaced to the 8th bit. Then the inverse substitution is to replace the 40th position to the 1st position and the 8th bit to the second place. By analogy, the inverse replacement rules are as follows:

1 40,08,48,16,56,24,64,32,39,07,47,15,55,23,63,31,2 38,06,46,14,54,22,62,30,37,05,45,13,53,21,61,29,3 36,04,44,12,52,20,60,28,35,03,43,11,51,19,59,27,4 34,02,42,10,50,18,58 26,33,01,41,09,49,17,57,25

  Note: the encryption key of the DES algorithm is generated according to the secret key entered by the user. The algorithm takes bit 8, bit 16, bit 24, bit 32, bit 40, bit 48, bit 56 and bit 64 in the 64-bit cipher as parity bits, and ignores these 8 bits when calculating the key. So the key significant bit used in practice is 56 bits.

The   secret key has a total of 64 bits, and each replacement does not take into account the 8th bit of each byte, which is the parity bit generated during the key generation process, so the 8th, 16th, 24th, 32nd, 40th, 48th, 56th and 64th bits of the 64-bit key are ignored when calculating the key.

6. Decryption process:

The decryption process of   DES is basically similar to that of DES, except that the order of the subkey sequence of 16 rounds is reversed, that is, the encryption key K1Magi, which is used in the encryption process, needs to be converted into K16.

7. DES algorithm arrangement: packet encryption algorithm: take 64bit as the packet. Enter 64bit plaintext and output 64bit ciphertext. Symmetric algorithm: encryption and decryption use the same secret key. Valid key length: 56bit key, usually expressed as 64 bits, but each bit 8 is used as parity and can be ignored. Substitution and replacement: the DES algorithm is a combination of two encryption techniques: chaos and diffusion. Easy to implement: the DES algorithm only uses standard arithmetic and logic operations, and its function is only 64 bits at most, so it is easy to realize the repetition of the algorithm with the hardware technology in the late 1970s, so it can be ideally used in a special chip. The popular article of Longyue Twelve:

[

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.