Foundations of Security Week8 Lecture

Initial Permutation (IP)#

• The 64-bit plaintext is rearranged according to a fixed table (IP table).
• This doesn’t encrypt; it just prepares the data for processing.
• Bit 58 of the plaintext becomes bit 1, bit 50 becomes bit 2, and so on.

Initial Permutation (IP) Table

• Output: Split the 64-bit permuted block into two 32-bit halves:
  $\textcolor{red}{L_0}$ (left 32 bits)
  $\textcolor{red}{R_0}$ (right 32 bits).

Step-by-Step Process

1. Input ✓
2. Initial Permutation (IP) ✓
3. Key Schedule (16 Subkeys Generation)
4. 16 Rounds of Processing
5. Final Permutation (FP)

Key Schedule (16 Subkeys Generation)
Permutation (IP)#

Key Schedule (16 Subkeys Generation)

• The key is provided in hexadecimal format
  eg Hexadecimal Key = 133457799BBCDFF1 (16 hexadecimal digits).
• Convert to binary.
• The 64-bit key is permuted using the Permuted choice 1 (PC-1) table, and 8 parity bits are discarded, leaving a 56-bit key. Bit 57 of the key becomes bit 1, bit 49 becomes bit 2, and so on.

• Split into Halves: The 56-bit key is split into two 28-bit halves, C0 and D0
• Left Shifts: For each round, C0 and D0 are left-shifted (rotated) by 1 or 2 bits, depending on the round (e.g., rounds 1, 2, 9, 16 shift by 1 bit; others by 2).
• Permuted Choice 2 (PC-2): After shifting, a 48-bit subkey is selected from the 56-bit C and D using the PC-2 table

K+ = 1111000 0110011 0010101 0101111 0101010 1011001 1001111 0001111

C0 = 1111000 0110011 0010101 0101111
D0 = 0101010 1011001 1001111 0001111

• Left Shifts: For each round, C0 and D0 are left-shifted (rotated) by 1 or 2 bits, depending on the round

• Permuted Choice 2 (PC-2): After shifting, a 48-bit subkey is selected from the 56-bit C and D using the PC-2 table. We form the 16 $\textcolor{red}{K_n}$ keys of 48-bits.

$\textcolor{red}{K_1}$ = 000110 110000 001011 101111 111111 000111 000001 110010
$\textcolor{red}{K_2}$ = 011110 011010 111011 011001 110110 111100 100111 100101
$\textcolor{red}{K_3}$ = 010101 011111 110010 001010 010000 101100 111110 011001
$\textcolor{red}{K_4}$ = 011100 101010 110111 010110 110110 110011 010100 011101
$\textcolor{red}{K_5}$ = 011111 001110 110000 000111 111010 110101 001110 101000
$\textcolor{red}{K_6}$ = 011000 111010 010100 111110 010100 000111 101100 101111
$\textcolor{red}{K_7}$ = 111011 001000 010010 110111 111101 100001 100010 111100
$\textcolor{red}{K_8}$ = 111101 111000 101000 111010 110000 010011 101111 111011
……
$\textcolor{red}{K_{16}}$ = 110010 110011 110110 001011 000011 100001 011111 110101

Step-by-Step Process

1. Input ✓
2. Initial Permutation (IP) ✓
3. Key Schedule (16 Subkeys Generation) ✓
4. 16 Rounds of Processing
5. Final Permutation (FP)

16 Rounds of Processing

• Input: The left half ($\textcolor{blue}{L_{n-1}}$) and right half ($\textcolor{blue}{R_{n-1}}$) from the previous round (or IP for round 1).
• Feistel Function (F): The right half ($\textcolor{blue}{R_{n-1}}$) is processed with the subkey ($\textcolor{blue}{K_n}$) to produce a 32-bit output:
• Expansion (E-box): The 32-bit $\textcolor{blue}{R_{n-1}}$ is expanded to 48 bits using an expansion table (some bits are duplicated).
• Subkey Mixing: The 48-bit expanded $\textcolor{blue}{R_{n-1}}$ is XORed with the 48-bit subkey $\textcolor{blue}{K_n}$.
  • XOR: A bitwise operation where $\textcolor{purple}{0 \oplus 0 = 0}$, $\textcolor{purple}{1 \oplus 1 = 0}$, $\textcolor{purple}{1 \oplus 0 = 1}$, $\textcolor{purple}{0 \oplus 1 = 1}$.
• S-boxes (Substitution): The 48-bit result is divided into eight 6-bit chunks. Each chunk is passed through one of eight S-boxes (lookup tables), which map 6 bits to 4 bits, reducing the total to 32 bits ($8 \times 4 = 32$).
  • Each S-box uses the outer 2 bits of the 6-bit input to select a row and the inner 4 bits to select a column, outputting a 4-bit value.
• P-box (Permutation): The 32-bit S-box output is permuted using a fixed permutation table (P-box).
• Output of Feistel Function: A 32-bit value, from F($\textcolor{blue}{R_{n-1}}$, $\textcolor{blue}{K_n}$).
• Swap Halves

$\textcolor{red}{L_0}$ = 1100 1100 0000 0000 1100 1100 1111 1111
$\textcolor{red}{R_0}$ = 1111 0000 1010 1010 1111 0000 1010 1010

We have

16 Rounds of Processing - Expansion (E-box)

To calculate F, we first expand each block $\textcolor{red}{R_0}$, from 32 bits to 48 bits.
This is done by using a expansion table that repeats some of the bits in $\textcolor{red}{R_0}$

F($\textcolor{blue}{R_0}$, $\textcolor{blue}{K_1}$)

16 Rounds of Processing - Subkey Mixing

$F(\textcolor{blue}{R_0}, \textcolor{blue}{K_1}) \textcolor{purple}\longrightarrow F(\textcolor{red}{E(R_0)}, \textcolor{blue}{K_1})$

$E(R_0) \oplus K_1$

$\colorbox{#FFF2CC}{$\textcolor{red}{E(R_0)} \textcolor{black}{= 011110 ~ 100001 ~ 010101 ~ 010101 ~ 011110 ~ 100001 ~ 010101 ~ 010101}$}$

$\textcolor{purple}\oplus$

$\colorbox{#E2F0D9}{$\textcolor{red}{K_1} \textcolor{black}{= 000110 ~ 110000 ~ 001011 ~ 101111 ~ 111111 ~ 000111 ~ 000001 ~ 110010}$}$

$\colorbox{#FBE5D6}{$\textcolor{black}{E(R_0) \oplus K_1 = 011000 ~ 010001 ~ 011110 ~ 111010 ~ 100001 ~ 100110 ~ 010100 ~ 100111}$}$

16 Rounds of Processing - S-boxes (Substitution)

The 48-bit result is divided into eight 6-bit chunks. Each chunk is passed through one of eight S-boxes (lookup tables), which map 6 bits to 4 bits, reducing the total to 32 bits ($8 \times 4 = 32$).

We now compute

S₁(B₁)   S₂(B₂)    S₃(B₃)    S₄(B₄)    S₅(B₅)    S₆(B₆)    S₇(B₇)    S₈(B₈)

S₁

S₂

S₃

S₄

S₅

S₆

S₇

S₈

Reading Assignment#

Read on how to compute the following using the 8 S-boxes

S₁(B₁)   S₂(B₂)    S₃(B₃)    S₄(B₄)    S₅(B₅)    S₆(B₆)    S₇(B₇)    S₈(B₈)

To be continued