📄 the des algorithm illustrated.htm
字号:
<P><B><I>C<SUB>1</SUB></I></B> =
1110000110011001010101011111<BR><B><I>D<SUB>1</SUB></I></B> =
1010101011001100111100011110
<P><B><I>C<SUB>2</SUB></I></B> =
1100001100110010101010111111<BR><B><I>D<SUB>2</SUB></I></B> =
0101010110011001111000111101
<P><B><I>C<SUB>3</SUB></I></B> =
0000110011001010101011111111<BR><B><I>D<SUB>3</SUB></I></B> =
0101011001100111100011110101
<P><B><I>C<SUB>4</SUB></I></B> =
0011001100101010101111111100<BR><B><I>D<SUB>4</SUB></I></B> =
0101100110011110001111010101
<P><B><I>C<SUB>5</SUB></I></B> =
1100110010101010111111110000<BR><B><I>D<SUB>5</SUB></I></B> =
0110011001111000111101010101
<P><B><I>C<SUB>6</SUB></I></B> =
0011001010101011111111000011<BR><B><I>D<SUB>6</SUB></I></B> =
1001100111100011110101010101
<P><B><I>C<SUB>7</SUB></I></B> =
1100101010101111111100001100<BR><B><I>D<SUB>7</SUB></I></B> =
0110011110001111010101010110
<P><B><I>C<SUB>8</SUB></I></B> =
0010101010111111110000110011<BR><B><I>D<SUB>8</SUB></I></B> =
1001111000111101010101011001
<P><B><I>C<SUB>9</SUB></I></B> =
0101010101111111100001100110<BR><B><I>D<SUB>9</SUB></I></B> =
0011110001111010101010110011
<P><B><I>C<SUB>10</SUB></I></B> =
0101010111111110000110011001<BR><B><I>D<SUB>10</SUB></I></B> =
1111000111101010101011001100
<P><B><I>C<SUB>11</SUB></I></B> =
0101011111111000011001100101<BR><B><I>D<SUB>11</SUB></I></B> =
1100011110101010101100110011
<P><B><I>C<SUB>12</SUB></I></B> =
0101111111100001100110010101<BR><B><I>D<SUB>12</SUB></I></B> =
0001111010101010110011001111
<P><B><I>C<SUB>13</SUB></I></B> =
0111111110000110011001010101<BR><B><I>D<SUB>13</SUB></I></B> =
0111101010101011001100111100
<P><B><I>C<SUB>14</SUB></I></B> =
1111111000011001100101010101<BR><B><I>D<SUB>14</SUB></I></B> =
1110101010101100110011110001
<P><B><I>C<SUB>15</SUB></I></B> =
1111100001100110010101010111<BR><B><I>D<SUB>15</SUB></I></B> =
1010101010110011001111000111
<P><B><I>C<SUB>16</SUB></I></B> =
1111000011001100101010101111<BR><B><I>D<SUB>16</SUB></I></B> =
0101010101100110011110001111
<P>We now form the keys <B><I>K<SUB>n</SUB></I></B>, for
1<=<B><I>n</I></B><=16, by applying the following permutation table
to each of the concatenated pairs
<B><I>C<SUB>n</SUB>D<SUB>n</SUB></I></B>. Each pair has 56 bits, but
<B>PC-2</B> only uses 48 of these.
<P><PRE> <B>PC-2</B>
14 17 11 24 1 5
3 28 15 6 21 10
23 19 12 4 26 8
16 7 27 20 13 2
41 52 31 37 47 55
30 40 51 45 33 48
44 49 39 56 34 53
46 42 50 36 29 32
</PRE>
<P>Therefore, the first bit of <B><I>K<SUB>n</SUB></I></B> is the 14th bit
of <B><I>C<SUB>n</SUB>D<SUB>n</SUB></I></B>, the second bit the 17th, and
so on, ending with the 48th bit of <B><I>K<SUB>n</SUB></I></B> being the
32th bit of <B><I>C<SUB>n</SUB>D<SUB>n</SUB></I></B>.
<P><B>Example:</B> For the first key we have
<B><I>C<SUB>1</SUB>D<SUB>1</SUB></I></B> = 1110000 1100110 0101010 1011111
1010101 0110011 0011110 0011110
<P>which, after we apply the permutation <B>PC-2</B>, becomes
<P><B><I>K<SUB>1</SUB></I></B> = 000110 110000 001011 101111 111111 000111
000001 110010
<P>For the other keys we have
<P><B><I>K<SUB>2</SUB></I></B> = 011110 011010 111011 011001 110110 111100
100111 100101<BR><B><I>K<SUB>3</SUB></I></B> = 010101 011111 110010 001010
010000 101100 111110 011001<BR><B><I>K<SUB>4</SUB></I></B> = 011100 101010
110111 010110 110110 110011 010100 011101<BR><B><I>K<SUB>5</SUB></I></B> =
011111 001110 110000 000111 111010 110101 001110
101000<BR><B><I>K<SUB>6</SUB></I></B> = 011000 111010 010100 111110 010100
000111 101100 101111<BR><B><I>K<SUB>7</SUB></I></B> = 111011 001000 010010
110111 111101 100001 100010 111100<BR><B><I>K<SUB>8</SUB></I></B> = 111101
111000 101000 111010 110000 010011 101111
111011<BR><B><I>K<SUB>9</SUB></I></B> = 111000 001101 101111 101011 111011
011110 011110 000001<BR><B><I>K<SUB>10</SUB></I></B> = 101100 011111
001101 000111 101110 100100 011001 001111<BR><B><I>K<SUB>11</SUB></I></B>
= 001000 010101 111111 010011 110111 101101 001110
000110<BR><B><I>K<SUB>12</SUB></I></B> = 011101 010111 000111 110101
100101 000110 011111 101001<BR><B><I>K<SUB>13</SUB></I></B> = 100101
111100 010111 010001 111110 101011 101001
000001<BR><B><I>K<SUB>14</SUB></I></B> = 010111 110100 001110 110111
111100 101110 011100 111010<BR><B><I>K<SUB>15</SUB></I></B> = 101111
111001 000110 001101 001111 010011 111100
001010<BR><B><I>K<SUB>16</SUB></I></B> = 110010 110011 110110 001011
000011 100001 011111 110101<BR>
<P>So much for the subkeys. Now we look at the message itself.
<P>
<H2 align=center>Step 2: Encode each 64-bit block of data.</H2>
<P>There is an <I>initial permutation</I> <B>IP</B> of the 64 bits of the
message data <B>M</B>. This rearranges the bits according to the following
table, where the entries in the table show the new arrangement of the bits
from their initial order. The 58th bit of <B>M</B> becomes the first bit
of <B>IP</B>. The 50th bit of <B>M</B> becomes the second bit of
<B>IP</B>. The 7th bit of <B>M</B> is the last bit of <B>IP</B>.
<P><PRE> <B>IP</B>
58 50 42 34 26 18 10 2
60 52 44 36 28 20 12 4
62 54 46 38 30 22 14 6
64 56 48 40 32 24 16 8
57 49 41 33 25 17 9 1
59 51 43 35 27 19 11 3
61 53 45 37 29 21 13 5
63 55 47 39 31 23 15 7
</PRE>
<P><B>Example:</B> Applying the initial permutation to the block of text
<B>M</B>, given previously, we get
<P><B>M</B> = 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011
1100 1101 1110 1111<BR><B>IP</B> = 1100 1100 0000 0000 1100 1100 1111 1111
1111 0000 1010 1010 1111 0000 1010 1010
<P>Here the 58th bit of <B>M</B> is "1", which becomes the first bit of
<B>IP</B>. The 50th bit of <B>M</B> is "1", which becomes the second bit
of <B>IP</B>. The 7th bit of <B>M</B> is "0", which becomes the last bit
of <B>IP</B>.
<P>Next divide the permuted block <B>IP</B> into a left half
<B><I>L<SUB>0</SUB></I></B> of 32 bits, and a right half
<B><I>R<SUB>0</SUB></I></B> of 32 bits.
<P><B>Example:</B> From <B>IP</B>, we get <B><I>L<SUB>0</SUB></I></B> and
<B><I>R<SUB>0</SUB></I></B>
<P><B><I>L<SUB>0</SUB></I></B> = 1100 1100 0000 0000 1100 1100 1111 1111
<BR><B><I>R<SUB>0</SUB></I></B> = 1111 0000 1010 1010 1111 0000 1010 1010
<P>We now proceed through 16 iterations, for 1<=<B><I>n</I></B><=16,
using a function <B><I>f</I></B> which operates on two blocks--a data
block of 32 bits and a key <B><I>K<SUB>n</SUB></I></B> of 48 bits--to
produce a block of 32 bits. <B>Let + denote XOR addition, (bit-by-bit
addition modulo 2)</B>. Then for <B>n</B> going from 1 to 16 we calculate
<P>
<BLOCKQUOTE><B><I>L<SUB>n</SUB></I></B> = <B><I>R<SUB>n-1</SUB></I></B>
<BR><B><I>R<SUB>n</SUB></I></B> = <B><I>L<SUB>n-1</SUB></I></B> +
<B><I>f</I></B>(<B><I>R<SUB>n-1</SUB></I></B>,<B><I>K<SUB>n</SUB></I></B>)
</BLOCKQUOTE>
<P>This results in a final block, for <B><I>n</I></B> = 16, of
<B><I>L<SUB>16</SUB>R<SUB>16</SUB></I></B>. That is, in each iteration, we
take the right 32 bits of the previous result and make them the left 32
bits of the current step. For the right 32 bits in the current step, we
XOR the left 32 bits of the previous step with the calculation
<B><I>f</I></B> .
<P><B>Example:</B> For <B><I>n</I></B> = 1, we have
<P><B><I>K<SUB>1</SUB></I></B> = 000110 110000 001011 101111 111111 000111
000001 110010 <BR><B><I>L<SUB>1</SUB></I></B> =
<B><I>R<SUB>0</SUB></I></B> = 1111 0000 1010 1010 1111 0000 1010 1010
<BR><B><I>R<SUB>1</SUB></I></B> = <B><I>L<SUB>0</SUB></I></B> +
<B><I>f</I></B>(<B><I>R<SUB>0</SUB></I></B>,<B><I>K<SUB>1</SUB></I></B>)
<P>It remains to explain how the function <B><I>f</I></B> works. To
calculate <B><I>f</I></B>, we first expand each block
<B><I>R<SUB>n-1</SUB></I></B> from 32 bits to 48 bits. This is done by
using a selection table that repeats some of the bits in
<B><I>R<SUB>n-1</SUB></I></B> . We'll call the use of this selection table
the function <B>E</B>. Thus <B>E</B>(<B><I>R<SUB>n-1</SUB></I></B>) has a
32 bit input block, and a 48 bit output block.
<P>Let <B>E</B> be such that the 48 bits of its output, written as 8
blocks of 6 bits each, are obtained by selecting the bits in its inputs in
order according to the following table:
<P><PRE> <B>E BIT-SELECTION TABLE</B>
32 1 2 3 4 5
4 5 6 7 8 9
8 9 10 11 12 13
12 13 14 15 16 17
16 17 18 19 20 21
20 21 22 23 24 25
24 25 26 27 28 29
28 29 30 31 32 1
</B></PRE>
<P>Thus the first three bits of <B>E</B>(<B><I>R<SUB>n-1</SUB></I></B>)
are the bits in positions 32, 1 and 2 of <B><I>R<SUB>n-1</SUB></I></B>
while the last 2 bits of <B>E</B>(<B><I>R<SUB>n-1</SUB></I></B>) are the
bits in positions 32 and 1.
<P><B>Example:</B> We calculate <B>E</B>(<B><I>R<SUB>0</SUB></I></B>) from
<B><I>R<SUB>0</SUB></I></B> as follows:
<P><B><I>R<SUB>0</SUB></I></B> = 1111 0000 1010 1010 1111 0000 1010 1010
<BR><B>E</B>(<B><I>R<SUB>0</SUB></I></B>) = 011110 100001 010101 010101
011110 100001 010101 010101
<P>(Note that each block of 4 original bits has been expanded to a block
of 6 output bits.)
<P>Next in the <B><I>f</I></B> calculation, we XOR the output
<B>E</B>(<B><I>R<SUB>n-1</SUB></I></B>) with the key
<B><I>K<SUB>n</SUB></I></B>:
<P>
<CENTER><B><I>K<SUB>n</SUB></I></B> +
<B>E</B>(<B><I>R<SUB>n-1</SUB></I></B>). </CENTER>
<P><B>Example:</B> For <B><I>K<SUB>1</SUB></I></B> ,
<B>E</B>(<B><I>R<SUB>0</SUB></I></B>), we have
<P><B><I>K<SUB>1</SUB></I></B> = 000110 110000 001011 101111 111111 000111
000001 110010 <BR><B>E</B>(<B><I>R<SUB>0</SUB></I></B>) = 011110 100001
010101 010101 011110 100001 010101 010101
<BR><B><I>K<SUB>1</SUB></I></B>+<B>E</B>(<B><I>R<SUB>0</SUB></I></B>) =
011000 010001 011110 111010 100001 100110 010100 100111.
<P>We have not yet finished calculating the function <B><I>f</I></B> . To
this point we have expanded <B><I>R<SUB>n-1</SUB></I></B> from 32 bits to
48 bits, using the selection table, and XORed the result with the key
<B><I>K<SUB>n</SUB></I></B> . We now have 48 bits, or eight groups of six
bits. We now do something strange with each group of six bits: we use them
as addresses in tables called "<B>S boxes</B>". Each group of six bits
will give us an address in a different <B>S</B> box. Located at that
address will be a 4 bit number. This 4 bit number will replace the
original 6 bits. The net result is that the eight groups of 6 bits are
transformed into eight groups of 4 bits (the 4-bit outputs from the
<B>S</B> boxes) for 32 bits total.
<P>Write the previous result, which is 48 bits, in the form:
<P>
<CENTER><B><I>K<SUB>n</SUB></I></B> +
<B>E</B>(<B><I>R<SUB>n-1</SUB></I></B>)
=<B><I>B<SUB>1</SUB>B<SUB>2</SUB>B<SUB>3</SUB>B<SUB>4</SUB>B<SUB>5</SUB>B<SUB>6</SUB>B<SUB>7</SUB>B<SUB>8</SUB></I></B>,
</CENTER>
<P>where each <B><I>B<SUB>i</SUB></I></B> is a group of six bits. We now
calculate
<P>
<CENTER><B><I>S<SUB>1</SUB>(B<SUB>1</SUB>)S<SUB>2</SUB>(B<SUB>2</SUB>)S<SUB>3</SUB>(B<SUB>3</SUB>)S<SUB>4</SUB>(B<SUB>4</SUB>)S<SUB>5</SUB>(B<SUB>5</SUB>)S<SUB>6</SUB>(B<SUB>6</SUB>)S<SUB>7</SUB>(B<SUB>7</SUB>)S<SUB>8</SUB>(B<SUB>8</SUB>)</I></B>
</CENTER>
<P>
<P>where <B><I>S<SUB>i</SUB>(B<SUB>i</SUB>)</I></B> referres to the output
of the <B><I>i</I></B>-th <B>S</B> box.
<P>To repeat, each of the functions <B><I>S1, S2,..., S8</I></B>, takes a
6-bit block as input and yields a 4-bit block as output. The table to
determine <B><I>S<SUB>1</SUB></I></B> is shown and explained below:
<P><PRE><B>
S1
Column Number
Row
No. 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
0 14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7
1 0 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8
2 4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0
3 15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13
</B></PRE>
<P>If <B><I>S<SUB>1</SUB></I></B> is the function defined in this table
and <B><I>B</I></B> is a block of 6 bits, then
<B><I>S<SUB>1</SUB>(B)</I></B> is determined as follows: The first and
last bits of <B><I>B</I></B> represent in base 2 a number in the decimal
range 0 to 3 (or binary 00 to 11). Let that number be <B><I>i</I></B>. The
middle 4 bits of <B><I>B</I></B> represent in base 2 a number in the
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -