Data Encryption Standard (DES) is a symmetric block cipher.

By 'symmetric', we mean that the

size of input text and output text (ciphertext) is same (64-bits). The 'block' here means that it
takes group of bits together as input instead of encrypting the text bit by bit. Data encryption
standard (DES) has been found vulnerable to very powerful attacks and therefore, it was
replaced by Advanced Encryption Standard (AES).

 It is a block cipher that encrypts data in 64 bit blocks.

 It takes a 64-bit plaintext input and generates a corresponding 64-bit ciphertext output.

 The main key length is 64-bit which is transformed into 56-bits by skipping every 8th bit
in the key.

 It encrypts the text in 16 rounds where each round uses 48-bit subkey.

 This 48-bit subkey is generated from the 56-bit effective key.

 The same algorithm and key are used for both encryption and decryption with minor
changes.

Working of Data Encryption Standard (DES)

DES is based on the two attributes of Feistel cipher i.e. Substitution (also called confusion) and
Transposition (also called diffusion). DES consists of 16 steps, each of which is called a round.
Each round performs the steps of substitution and transposition along with other operations.

Data Encryption Standard

The encryption starts with a 64-bit plaintext that needs to be encrypted using a 64-bit key.
Plaintext is passed to Initial Permutation function and key is permuted using Permuted Choice 1
(PC-1).

Initial Permutation

The 64-bit plaintext block is input into an Initial Permutation (IP) function that rearranges the
order of bits. The order of bits is changed using predefined table. The IP table is a 8×8 matrix (64
entries) where each entry specifies the new position of a bit from the original plaintext.

Initial Permutation Table

5
50 42 34 26 18 10 2
8

6
52 44 36 28 20 12 4
0

6
54 46 38 30 22 14 6
2

6
56 48 40 32 24 16 8
4

5
49 41 33 25 17 9 1
7

5
51 43 35 27 19 11 3
9

6
53 45 37 29 21 13 5
1
Initial Permutation Table

6
55 47 39 31 23 15 7
3

Working of IP Table:

 The first bit of the permuted block is taken from the 58th bit of the original plaintext.

 The second bit comes from the 50th bit and so on.

 The last (64th) bit comes from the 7th bit of the original plaintext.

The initial permutation (IP) happens only once and it happens before the first round.
The permutation this function do is fixed and does not depend on the plaintext. This rearranged
64-bit plaintext then go through 16 rounds. Each of this round uses a different 48-bit subkey
from the previous round subkey. These subkeys are generated from 64-bit key.

Key Transformation

The 64-bit initial key is converted into 56-bit effective key. This 56-bit key further generates 48-
bit subkeys for each of the 16 Feistel rounds.

Conversion of 64-bit Key into 56-bit Key

Initial key first go through Permuted Choice 1 (PC-1) which reduces the key to 56 bits. In PC-1
every eighth bit in key is discarded. That is bit positions 8, 16, 24, 32, 40, 48, 56, and 64 are
discarded.

Bits at the positions in Green are Discarded

These discarded bits are called parity bits which are used for error checking. Remaining 56 bits
are split into two 28-bit halves:

 Left Half (Ci): First 28 bits.

 Right Half (Di): Last 28 bits

Here i represent the number of the Feistel round.

Generating 48-bit Round Subkeys

For each of the 16 rounds, right half (Ci) and left half (Di) undergo circular left shift operation.

Key Transformation in DES

For Feistel round 1, 2, 9, and 16 both halves (left and right) undergo 1-bit left shift operation.
For others rounds (3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 15) the halves undergo 2-bit left shift
operation.

Circular Left Shift Operation on Feistel Rounds

After circular shift operation is performed, Ci and Di are again combined into 56-bit block. This
block then go through Permutation Choice 2 (PC-2). The PC-2 selects and arrange 48 bits out of
the 56 to form the round subkey (Ki). These 48 bits are selected on the basis of a predefined
table as shown below:
Permutation Choice 2 Table

14 17 11 24 1 5 3 28

15 6 21 10 23 19 12 4

26 8 16 7 27 20 13 2

41 52 31 37 47 55 30 40

51 45 33 48 44 49 39 56

34 53 46 42 50 36 29 32

According to this table 14th bit is placed to first position, 17th bit to second position, 11th bit to
3rd position and so on. The output 48-bit subkey of this table is used to cipher the plaintext in
the Feistel round.

For next round we use already left shifted Ci and Di as left and right half. We again perform the
circular left shift operation on both halves. We again combine the result into 56-bit block and
use permutation choice 2 to contract this block into 48-bit subkey for next round.

The process of Circular Left Shift and Permutation Choice 2 is followed for 16 rounds and
different round subkey (Ki) is generated for each Feistel Round.

Each 48-bit subkey (Ki) is XORed with the expanded right half in the Feistel Round. Below is the
explanation of what happens in every single Feistel round.

Feistel Rounds (1 - 16)

Every round receives 64-bits permuted plaintext from the Initial Permutation function and 48-
bit transformed subkey (Ki). The permuted 64-bit plaintext is divided into two halves called as
Left Plaintext (LPT) and Right Plaintext (RPT). Both of these halves are 32 bit in size. The right
half or Right Plaintext (RPT) is processed using Mangler (F) function. Mangler (F) function
involves expansion, key mixing, substitution (S-boxes), and permutation (P-box) of RPT.

Single Feistel Round in DES

The RPT first go through Expansion Permutation. In this permutation 32-bit Right Plaintext (RPT)
is expanded into 48 bits using expansion box or E-box table.

E-Box Expansion Table

32 1 2 3 4 5

4 5 6 7 8 9

1
8 9 10 11 13
2

1 1
12 14 15 17
3 6

1 2
16 18 19 21
7 0

20 2 22 23 2 25
E-Box Expansion Table

1 4

2 2
24 26 27 29
5 8

2 3
28 30 31 1
9 2

The 48-bit expanded block is generated by arranging the bits as in E-Box table.

This expanded block is XORed (⊕) with the 48-bit round subkey that we generated during key
transformation process. The XOR or Exclusive OR operation returns '0' as output if both inputs
are same, else the out will be '1'. After XOR is performed, the resulting 48-bit block is split into
eight chunks of 6-bit size each. Each of the chunk is then fed into a different S-box (S1 to S8).

For example, the output of XOR operation is converted into 6 bit chunks as follows:

101010 010001 011110 111010 100001 100110 010100 100111

These 6 bits chunks will be converted into 4 bits using S-Boxes.

S-Box
S-Boxes are predefined lookup tables which reduces 6 bits chunk into 4 bits. Below is the list of
these S-Boxes.
Suppose the first 6-bit chunk is 101010. We divide this chunk into two parts of 2 bit and 4 bit
size. First and last bits are combined together for 2-bit part and rest bits make up the 4-bit part.

101010 -> (1)(0101)(0) -> divided into 10 and 0101

We look for these parts in the rows and columns of S1 table. The number in the cell where row
is '10' and column is '0101' is '6' in the S1 table. The binary value of six is '0110'. This is the 4 bit
value that S-Box 1 generated from the 6 bit input '101010'.

6-bit chunk: '101010' converted into 4-bit chunk: '0110'

Similarly we convert every 6-bit chunk into 4-bit value using S-Boxes. This process is called
substitution. After that we combine all of these 4-bit chunks to get 32-bit block as output. This
32 bit again get permuted using following table.

P-box Permutation

16 7 20 21 29 12 28 17

1 15 23 26 5 18 31 10

2 8 24 14 32 27 3 9
P-box Permutation

19 13 30 6 22 11 4 25

This permutation is called Transposition. The mangler function finishes here. 32-bit block after
permutation is the output of mangler function. This block is XORed with 32-bit Left half or Left
Plaintext (LPT) that was generated in the beginning of the Feistel round after Initial Permutation
(IP). The output of this XOR operation serves as Right Half or Right Plaintext for next round and
the initial Right Half (RPT) will serve as Left Half for the next round.

Li = Ri-1

Ri = Li-1 ⊕ F(Ri-1, Ki)

Where

 Li-1 = The Left Half or Left Plaintext (LPT) of current round.

 Li = The Left Half or Left Plaintext (LPT) for next round.

 Ri-1 = The Right Half or Right Plaintext (LPT) of current round.

 Ri = The Right Half or Right Plaintext (LPT) for next round.

We do the same operations as mentioned for 16 rounds using subkeys generated by key
transformation. The whole process is shown below in the diagram.

Mangler Function and Key Transformation in DES

32-bit Swap and Inverse Initial Permutation

After these 16 rounds we get two blocks (Left and Right) of 32-bit each. The two 32-bit halves
are again swapped back, resulting in a 64-bit block. This step is called 32-bit Swap in DES
encryption algorithm.

Finally, the block undergoes an Inverse Initial Permutation (IP-1). This is essentially the inverse
of the initial permutation applied at the beginning.

Inverse Initial Permutation

Output Input Output Input Output Input Output Input

Position Position Position Position Position Position Position Position

58 1 62 17 57 33 61 49

50 2 54 18 49 34 53 50
Inverse Initial Permutation

Output Input Output Input Output Input Output Input

Position Position Position Position Position Position Position Position

42 3 46 19 41 35 45 51

34 4 38 20 33 36 37 52

26 5 30 21 25 37 29 53

18 6 22 22 17 38 21 54

10 7 14 23 9 39 13 55

2 8 6 24 1 40 5 56

60 9 64 25 59 41 63 57

52 10 56 26 51 42 55 58

44 11 48 27 43 43 47 59

36 12 40 28 35 44 39 60

28 13 32 29 27 45 31 61

20 14 24 30 19 46 23 62
Inverse Initial Permutation

Output Input Output Input Output Input Output Input

Position Position Position Position Position Position Position Position

12 15 16 31 11 47 15 63

4 16 8 32 3 48 7 64

The result of the inverse initial permutation is the final 64-bit ciphertext which is the encrypted
version of the original plaintext.

Decryption in DES (Data Encryption Standard)

Decryption in DES follows the same process as encryption but in reverse order. Since DES is a
symmetric-key algorithm, the same key is used for both encryption and decryption, but the
subkeys (round keys) are applied in reverse order.

 Reverse Subkey Application: The 16 round keys generated during key scheduling are
used in reverse order (from K16 to K1) during decryption.

 Inverse Feistel Function: The Feistel network structure ensures that decryption mirrors
encryption. Each round performs the same operations (expansion, S-box substitution,
permutation), but with reversed subkeys.

 Final Permutation (FP): After 16 rounds, the output undergoes the Inverse Initial
Permutation (IP), reversing the initial shuffling.