Data Encryption Standard: Concept and Modes of Operations

Data encryption standard (DES) was the US government's first encryption algorithm approved for widespread use. It is an older system that uses one 56-bit key to generate a block of 64-bit cypher text from a block of 64-bit plain text. The development of DES led to the rise of the cryptography business. 

What is a data encryption standard?

The data encryption standard, created by the United States National Institute of Standards and Technology in the 1970s, is a block cypher system commonly used for securing data [1]. It takes a 64-bit plaintext at the encryption site and develops a 64-bit cyphertext. The decryption algorithm takes a key and the cyphertext and attempts to find the plaintext. IBM initially designed DES with the assistance of the National Security Agency (NSA). Both encryption and decryption employ the same 56-bit cypher key.

The first and final permutations of the two permutations (P-boxes) are the initial and final rounds of the encryption process. Each round employs a unique 48-bit round key produced from the cypher key using a predetermined algorithm to encrypt each block or word for that round.

What are the DES modes of operation?

Stream cyphers and block cyphers are two encryption methods that differ in their input types. A block cypher takes a fixed-size input, encrypts it, and produces a fixed-size output of x bits of cyphertext. Stream cyphers encrypt one byte at a time, while in block cypher ~128 bits are encrypted at a time. 

DES is a block cypher algorithm. A block cypher has several modes of operation that allow it to run various applications and uses. The following are the modes of operation for the data encryption standard:

1. Cypher block chaining (CBC)

CBC mode uses an initialisation vector (IV), which could be any random piece of text that varies for every sent block. The IV helps make the cyphertext of each block unique, but it introduces a weakness in the system because if this IV is ever compromised, it becomes possible for someone to decrypt and find out what plain text was sent after that one block. This is solved by always choosing random IVs when sending the same plaintext message. 

The exclusive OR (XOR) operation combines the initial plain text block with the IV. The first plain text block is encrypted using the key and output in order. The IV of the second block of plain text is the same as that of the first block of cyphertext. The same approach is suitable for all plain text blocks.

The receiver separates blocks of the cyphertext. The receiver needs the same key in this stage to decrypt the block cyphertext. The decrypted output will be XORed with the IV to create the first plain text block. 

XOR manipulation is applied using the initial block of cyphertext, and the same key is used for encryption to decipher the second section of cyphertext. The outcome is a decrypted version in plain text. The blocks follow the same process and are each constructed from a series of steps. This method renders simultaneous encryption impossible because each encryption demands a prior cypher.

2. Cypher feedback (CFB)

Cypher feedback (CFB) mode uses feedback encryption to generate pseudo-random bits. Instead of blocks like CBC, the algorithm takes a piece—or segment—at a time and encrypts it using the same encryption key. This vastly increases the speed of encryption and reduces the block size, allowing more transactions to be sent per second.

In this mode, the data is encrypted using units that are eight bits long. The initialisation of the IV and cypher block chaining modes is the same. The shift log includes a note about the IV. The encryption process uses a secret key to create the cyphertext.

A cyphertext block depends on every plaintext block before it; changing the order affects decryption. Although errors propagate for several blocks following the mistake, the mode, like CBC, is self-synchronising. 

Feedback is the process by which each new input block encrypts the subsequent block using the cyphertext of the previous output block. The bottom register contains the keystream produced by the encryption technique. The XOR function is applied to the plaintext and the keystream to create the cyphertext.

3. Electronic codebook (ECB)

The ECB mode is a character set that uses only one byte to represent characters. The plain text block is divided into 64-bit blocks, and each block is then encrypted independently. This mode is efficient. Encryption starts with the first block and continues until the final block is encrypted. All blocks are encrypted using the same key; no additional variables are used. 

ECB is generally simple to crack since it generates identical cyphertext when used repeatedly in the same plaintext. Thus, it can be exposed, and encrypted data can be decoded using brute-force attacks and man-in-the-middle methods.

In this mode, neither chaining nor error propagation occurs. The most advantageous feature is the ability to simultaneously encrypt blocks of bits, which makes the encryption mode work more quickly.

4. Output feedback (OFB)

OFB is the output feedback mode. OFB and CFB have similar designs. The fundamental difference between the OFB and CFB modes is that the IV encryption output is used for the subsequent steps in the former, while the cyphertext is used for the latter. Each block generates its key, which isn’t related to the previous or following blocks. It is impossible to derive the key when using the cyphertext.

OFB mode is advantageous because the plaintext block is error-resistant. A corrupted bit affects only associated bits, so errors are not propagated. Decryption is also made easy by XORing the cyphertext.

5. Counter (CTR)

Counter mode, also known as CTR, is a method that uses a series of integers as input to the algorithm. The next value is applied to fill the next integer, thus encrypting a block.

To create cyphertext, the encrypted text is combined with the plain text through a process known as XOR encryption. Then, each number in the counter is passed through another operation: raised to the power of a key. After that, the first counter value will be encrypted using another key for each block using this same procedure. The plaintext counter is encrypted with the cyphertext and then XORed to obtain the plain text. The counter increases for each subsequent step, which will be replicated over all ciphertext blocks. Both encryption and decryption occur at the same time.

Next steps

The data encryption standard has long been used to fight cybersecurity threats and has proved to be a good block cypher. Learn more about data encryption on Coursera. This Guided Project is a wonderful place to start if you want to work as a data security specialist in high-profile industries. 

Data encryption is just one aspect of cybersecurity. Learn more about data privacy with the Data Privacy Fundamentals course by Northwestern University on Coursera.