- DES Algorithm Documentation & History
- Project Overview
- Features
- Requirements
- Operation Modes
- Key and IV Generation
- Usage
- Example
- Screenshots
- License
The Data Encryption Standard (DES) is a symmetric-key block cipher that operates on 64-bit blocks of data using a 56-bit key (plus 8 parity bits). Developed by IBM in the 1970s and adopted as a U.S. federal standard in 1977, DES was the foundation of digital cryptography for decades. Although DES is now considered obsolete for secure communications, it remains a cornerstone for understanding block cipher design and symmetric encryption.
- The 64-bit plaintext block is subjected to a fixed permutation called the Initial Permutation (IP), designed for hardware efficiency.
- Example:
If the input isplaintext[0..63], the output is a reordered sequence where each output bit is mapped from a specific input bit according to the IP table.
DES uses a Feistel network with 16 rounds.
Each round splits the block into left (L) and right (R) 32-bit halves:
L0 = IP_block[0..31]
R0 = IP_block[32..63]
For each round i (1 ≤ i ≤ 16):
Li = Ri-1
Ri = Li-1 XOR F(Ri-1, Ki)
Where:
- F is the round function (see below)
- Ki is the round subkey
The F-function is central to DES security, introducing both confusion and diffusion:
-
Expansion (E-Box):
The 32-bit right half is expanded to 48 bits by duplicating and permuting certain bits, according to the E-table:expanded_block[0..47] = ExpansionPermutation(Ri-1)This ensures each S-box input depends on multiple plaintext bits.
-
XOR with Subkey:
The expanded block is XORed with the 48-bit round subkey:xored_block = expanded_block XOR Ki -
Substitution (S-Boxes):
The 48-bit block is divided into eight 6-bit chunks.
Each chunk is mapped through a specific S-box, producing a 4-bit output.
This yields a 32-bit output, dramatically increasing non-linearity.for i in 0..7: sbox_output[i] = Sbox[i](xored_block[i*6 : (i+1)*6]) combined_sbox = concat(sbox_output[0..7]) // 32 bits -
Permutation (P-Box):
The combined S-box output is permuted to further diffuse the bits:permuted = PPermutation(combined_sbox)
- After each round, the left and right halves are swapped for the next round.
- After the 16th round, the halves are recombined as (R16, L16).
- The combined block is passed through the inverse of the initial permutation (IP-1), producing the final ciphertext.
- The original 64-bit key is reduced to 56 bits by discarding every 8th bit (parity).
- The 56-bit key is split into two 28-bit halves.
- For each round:
- Each half is rotated left by 1 or 2 bits (depending on the round).
- 48 bits are selected using a fixed permutation (PC-2) to form the subkey for that round.
3DES (“Triple DES”) enhances DES security by applying the DES cipher three times in sequence with three different keys:
Ciphertext = DES_encrypt(K3, DES_decrypt(K2, DES_encrypt(K1, Plaintext)))
- 3 independent keys: 168-bit key strength
- Same block size and mode support as DES
Let’s walk through the operations for a single round:
Input Block:
plaintext_block[64] = [b0, b1, ..., b63]
-
Initial Permutation:
IP_block[64] = InitialPermutation(plaintext_block) -
Split into Halves:
L0[32] = IP_block[0..31] R0[32] = IP_block[32..63] -
Round 1:
L1 = R0 R1 = L0 XOR F(R0, K1) -
F-function Steps:
expanded_R0[48] = ExpansionPermutation(R0) xored = expanded_R0 XOR K1 sbox_out[32] = SBoxSubstitution(xored) permuted = PPermutation(sbox_out) -
Combine and Swap:
After 16 rounds, final output is (R16, L16), which is then permuted using IP-1.
This library supports all major block cipher modes, for both DES and TripleDES:
- ECB (Electronic Codebook)
- CBC (Cipher Block Chaining)
- CFB (Cipher Feedback)
- OFB (Output Feedback)
- CTR (Counter Mode)
Each mode provides different security properties and is suitable for various applications. All are implemented in des.hpp with a unified API.
For cryptographic safety and demonstration flexibility, this library includes secure key and IV generators:
DESUtils::GenerateKey()— 8 bytes for DESDESUtils::GenerateIV()— 8 bytes for IV (for CBC/CFB/OFB/CTR)DESUtils::GenerateTripleKey()— 24 bytes for 3DES
This project delivers a modern, header-only C++11 implementation of DES and 3DES algorithms, including all common block cipher modes and secure random key/IV generation.
It’s ideal for cryptography education, experimentation, and understanding the inner workings of classic symmetric ciphers.
- Full DES & 3DES support with unified API
- ECB, CBC, CFB, OFB, CTR modes for both DES and 3DES
- PKCS7 padding for all modes
- Clean, educational code in a single header (
des.hpp) - Simple, modern C++ usage
- C++11 or later
- Standard C++ compiler (g++, clang++, MSVC)
- ECB (Electronic Codebook)
- CBC (Cipher Block Chaining)
- CFB (Cipher Feedback)
- OFB (Output Feedback)
- CTR (Counter Mode)
All modes are available for both DES and TripleDES with identical API.
#include "des.hpp"std::string message("something to encrypt with DES");
std::string key("12345678");
// additionally, define 2 more keys for 3DES...
std::string key2("12345678"); // note that these should be different and secure keys...
std::string key3("12345678");
// now define the IV for modes using an IV...
std::vector<bool> iv(64, 1); // example iv with all bits set, im using bool type because it's ok to represent bits...auto cbc_enc = DES::CBC::Encrypt(message, key, iv);
auto cbc_dec = DES::CBC::Decrypt(cbc_enc.toString(), key, iv);auto tdes_enc = DES::CBC::Encrypt3DES(message, key, key2, key3);
auto tdes_dec = DES::CBC::Decrypt3DES(tdes_enc.toString(), key, key2, key3);
This project is licensed under the MIT License.