DES and Its Variations

Originally developed by IBM, DES stands for Data Encryption Standard, an encryption block cipher. The U.S. government defined and endorsed it in 1977 as an official standard. The details can be found in the official FIPS (Federal Information Processing Standards) publication.

DES has been studied extensively over the past 18 years and is the most well-known and widely used encryption system in the world. DES is a secret-key, symmetric cryptosystem. When DES is used for communication, the sender and receiver both must know the same secret key, because it’s used to encrypt and decrypt the message. DES was designed to be implemented in hardware operates relatively fast (compared to other encryption systems) on 64-bit blocks with a 56-bit key. It works well for bulk encryption, that is, for encrypting a large set of data.

DES has been recertified as an official U.S. government encryption standard every five years. The government last recertified DES in 1993, but has indicated that it might not recertify it again.

As far as is known, DES never has been broken with a practical attack, despite the efforts of many researchers over many years. The obvious method of attack is a brute-force exhaustive search of the key space. This takes 255 steps on average. Early on, someone suggested that a rich and powerful enemy could build a special-purpose computer capable of breaking DES by exhaustive search in a reasonable amount of time. Wiener estimated the cost of a specialized computer to perform such an exhaustive search at one million dollars—a sum within the budget of a moderate-sized corporation, or a special interest group. Martin Hellman later showed a time-memory trade-off that provides improvement over exhaustive search if memory space is plentiful, after an exhaustive precomputation. These ideas have fostered doubts about the security of DES. Accusations also flew that the NSA had intentionally weakened DES.

The consensus is that DES, used properly, is secure against all but the most powerful enemies. Triple encryption DES might be secure against anyone at all. Biham and Shamir have stated that they consider DES secure. When using DES, several practical considerations can affect the security of the encrypted data.

One should change DES keys frequently, to prevent attacks that require sustained data analysis. In a communications context, the sender or receiver must find a secure way to communicate the DES key to the other.

DES can be used for encryption in several officially defined modes. The U.S. Department of Commerce Federal Information Processing Standard 81, published in 1980, defines the four standard modes of operation (and numerous nonstandard ones, as well). Some are more secure than others. The four standard modes are as follows:

• ECB (Electronic Codebook). Encrypts each 64-bit block of plaintext consecutively under the same 56-bit DES key. This is the least secure method of implementing DES.
• n CBC (Cipher Block Chaining). Each 64-bit plaintext block is XORed with the previous ciphertext block before being encrypted with the DES key. Thus, the encryption of each block depends on previous blocks and the same 64-bit plaintext block encrypts to different ciphertext, depending on its context in the overall message. CBC mode helps protect against certain attacks, although not against exhaustive search or differential cryptanalysis.
• CFB (Cipher Feedback). Allows DES with block lengths less than 64 bits. It uses the previously generated cyphertext as input to DES to create a randomizer to combine with the next block of plaintext. In practice, CBC is the most widely used mode of DES, specified in several standards, including Kerberos.
• OFB (Output Feedback Mode). Is the same as CFB except it does not re-encrypt the cypherblock before using it as a randomizer. OFB is not as secure as CFB.

FIPS 46-1 (the federal standard defining DES) says, “The algorithm specified in this standard is to be implemented using hardware (not software) technology. Software implementations in general purpose computers are not in compliance with this standard.” Despite this, software implementations abound, and are used by government agencies.