Internet Security - Dang Thanh Binh's Page

SYMMETRIC BLOCK CIPHERS 65
Table 3.7 Permutation function P
16 7 20 21
29 12 28 17
1 15 23 26
5 18 31 10
2 8 24 14
32 27 3 9
19 13 30 6
22 11 4 25
Table 3.8 Inverse of initial permutation, IP −1
40 8 48 16 56 24 64 32
39 7 47 15 55 23 63 31
38 6 46 14 54 22 62 30
37 5 45 13 53 21 61 29
36 4 44 12 52 20 60 28
35 3 43 11 51 19 59 27
34 2 42 10 50 18 58 26
33 1 41 9 49 17 57 25
The output P(�i) are obtained from the input �i by taking the 16th bit of �i as the first
bit of P(�i), the seventh bit as the second bit of P(�i), and so on until the 25th bit of �i
is taken as the 32nd bit of P(�i). Finally, the permuted result is XORed with the left half
Li of the initial permuted 64-bit block. Then the left and right halves are swapped and
another round begins. The final permutation is the inverse of the initial permutation, and
is described in Table 3.8 IP −1 . Note here that the left and right halves are not swapped
after the last round of DES. Instead, the concatenated block R16||L16 is used as the input
to the final permutation of Table 3.8 (IP −1 ). Thus, the overall structure for DES algorithm
is shown in Figure 3.4.
Example 3.2 Suppose the 64-bit plaintext is X = 3570e2f1ba4682c7, and the same key
as used in Example 3.1, K = 581fbc94d3a452ea is assumed again. The first two-round
keys are, respectively, K1 = 27a169e58dda and K2 = da91ddd76748.
For the purpose of demonstration, the DES encryption aims to limit the first two
rounds only. The plaintext X splits into two blocks (L0,R0) using Table 3.4 IP such that
L0 = ae1ba189 and R0 = dc1f10f4.
The 32-bit R0 is expanded to the 48-biy E(R0) such that E(R0) = 6f80fe8a17a9.
The key-dependent function Ɣi is computed by XORing E(R0) with the first round key
K1, such that
Ɣ1 = E(R0) ⊕ K1
= 4821976f9a73