## DES cipher (Data Encryption Standard)

https://www.schneier.com/blog/archives/2004/10/the_legacy_of_d.html


### Key scheduling 
##### 1. Key reduction and permutation

In [23]:
def apply_PC1(pc1_table,keys_64bits):
 """ This function takes Permutation table PC1 and initial key as input and return 56 bits key as output"""
 keys_56bits = ""
 for index in pc1_table:
  keys_56bits += keys_64bits[index-1] 
 return keys_56bits

#Permutation schema
PC1 = [57,49,41,33,25,17,9,1,58,50,42,34,26,18,10,2,59,51,43,35,27,19,11,3,60,52,44,36,63,55,47,39,31,23,15,7,62,54,46,38,30,22,14,6,61,53,45,37,29,21,13,5,28,20,12,4]

# Test
keys_64bits = "0001001100110100010101110111100110011011101111001101111111110001"
keys_56bits = apply_PC1(PC1,keys_64bits)
#Correct output: 11110000110011001010101011110101010101100110011110001111
print('Key reduced to 56 bits:', keys_56bits)

Key reduced to 56 bits: 11110000110011001010101011110101010101100110011110001111


#####  2. Splitting key into two 28-bits chunks

In [24]:
def split_key_in_half(keys_56bits):
 """ Split the 56 bits key into two equal half """
 left_keys, right_keys = keys_56bits[:28],keys_56bits[28:]
 return left_keys, right_keys

left56 , right56 = split_key_in_half(keys_56bits)

print('Left part : ',left56)
print('Right part: ',right56)

Left part :  1111000011001100101010101111
Right part:  0101010101100110011110001111


##### 3. Shift and rotate
Chunks are shifted-and-rotated by 1 or 2 bits. 

In [25]:
def key_circular_left_shift(bits,numberofbits):
 """This method will circularly shift the given bit string according to the number of bits"""
 shiftedbits = bits[numberofbits:] + bits[:numberofbits]
 return shiftedbits


print("Left part after shift:  ",key_circular_left_shift(left56,1))
print("Right part after shift ",key_circular_left_shift(right56,2))

Left part after shift:   1110000110011001010101011111
Right part after shift  0101010110011001111000111101


##### 4. Final permutation with compression

In [26]:
def apply_PC2(pc2_table,keys_56bits):
 """ This will take Compression table and combined both half as input and return a 48-bits string as output"""
 keys_48bits = ""
 for index in pc2_table:
  keys_48bits += keys_56bits[index-1]
 return keys_48bits

PC2 = [14,17,11,24,1,5,3,28,15,6,21,10,23,19,12,4,26,8,16,7,27,20,13,2, 41,52,31,37,47,55,30,40,51,45,33,48,44,49,39,56,34,53,46,42,50,36,29,32]

# Test 
left_half = "1111000011001100101010101111"
right_half = "0101010101100110011110001111"

subkey = apply_PC2(PC2,left_half + right_half)

print("Round key: ", subkey)

Round key:  110010110011110110001011000011100001011111110101


#### DES keys scheduling
![title](img/des.png)
Let's put everything together:

In [29]:
# shift for each round
round_shifts = [1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1]

PC1 = [57,49,41,33,25,17,9,1,58,50,42,34,26,18,10,2,59,51,43,35,27,19,11,3,60,52,44,36,63,55,47,39,31,23,15,7,62,54,46,38,30,22,14,6,61,53,45,37,29,21,13,5,28,20,12,4]
PC2 = [14,17,11,24,1,5,3,28,15,6,21,10,23,19,12,4,26,8,16,7,27,20,13,2, 41,52,31,37,47,55,30,40,51,45,33,48,44,49,39,56,34,53,46,42,50,36,29,32]

def generate_keys(key_64bits):
    round_keys = list()
    
    keys_56bits = apply_PC1(PC1,key_64bits)
    
    left56 , right56 = split_key_in_half(keys_56bits)
    
    for roundnumber in range(16):
        left_shifted = key_circular_left_shift(left56,round_shifts[roundnumber])
        right_shifted = key_circular_left_shift(right56,round_shifts[roundnumber])
        key48_bits = apply_PC2(PC2, left_shifted+right_shifted)
        left56 = left_shifted
        right56 = right_shifted
        
        round_keys.append(key48_bits)
        
    
    return round_keys

#test 
key_64bits = "0001001100110100010101110111100110011011101111001101111111110001"

subkeys = generate_keys(key_64bits)

print("Round keys: ")
print("\n".join(subkeys))

Round keys: 
000110110000001011101111111111000111000001110010
011110011010111011011001110110111100100111100101
010101011111110010001010010000101100111110011001
011100101010110111010110110110110011010100011101
011111001110110000000111111010110101001110101000
011000111010010100111110010100000111101100101111
111011001000010010110111111101100001100010111100
111101111000101000111010110000010011101111111011
111000001101101111101011111011011110011110000001
101100011111001101000111101110100100011001001111
001000010101111111010011110111101101001110000110
011101010111000111110101100101000110011111101001
100101111100010111010001111110101011101001000001
010111110100001110110111111100101110011100111010
101111111001000110001101001111010011111100001010
110010110011110110001011000011100001011111110101


##### Weak keys
Generate round keys for keys included below:

In [30]:
strangekey1 = '1111111011111110111111101111111011111110111111101111111011111110'
strangekey2 = '1110000011100000111000001110000011110001111100011111000111110001'

subkeys1 = generate_keys(strangekey1)
subkeys2 = generate_keys(strangekey2)

print("Round keys 1: ")
print("\n".join(subkeys1))
print("Round keys 2: ")
print("\n".join(subkeys2))

Round keys 1: 
111111111111111111111111111111111111111111111111
111111111111111111111111111111111111111111111111
111111111111111111111111111111111111111111111111
111111111111111111111111111111111111111111111111
111111111111111111111111111111111111111111111111
111111111111111111111111111111111111111111111111
111111111111111111111111111111111111111111111111
111111111111111111111111111111111111111111111111
111111111111111111111111111111111111111111111111
111111111111111111111111111111111111111111111111
111111111111111111111111111111111111111111111111
111111111111111111111111111111111111111111111111
111111111111111111111111111111111111111111111111
111111111111111111111111111111111111111111111111
111111111111111111111111111111111111111111111111
111111111111111111111111111111111111111111111111
Round keys 2: 
111111111111111111111111000000000000000000000000
111111111111111111111111000000000000000000000000
111111111111111111111111000000000000000000000000
111111111111111111111111000000000000000

### Nonlinear round function f()

##### 1. Expand 32-bits block to 48-bits

In [8]:
EXPANSION_TABLE = [32,1,2,3,4,5,4,5,6,7,8,9,8,9,10,11,12,13,12,13,14,15,16,17,
16,17,18,19,20,21,20,21,22,23,24,25,24,25,26,27,28,29,28,29,30,31,32,1]

def apply_Expansion(expansion_table,bits32):
    """ This will take expansion table and 32-bit binary string as input and output a 48-bit binary stirng"""
    bits48 = ""
    for index in expansion_table:
        bits48 += bits32[index-1]
    return bits48

#test 
bits32 = '11110000101010101111000010101010'
out_bits48 = apply_Expansion(EXPANSION_TABLE,bits32)
print("Extended block: ", out_bits48)
# 011110100001010101010101011110100001010101010101


Extended block:  011110100001010101010101011110100001010101010101


Simple XOR operation:

In [9]:
def XOR(bits1,bits2):
	"""perform a XOR operation and return the output"""
  # Assuming both bit string of same length
	xor_result = ""
	for index in range(len(bits1)):
		if bits1[index] == bits2[index]: 
			xor_result += '0'
		else:
			xor_result += '1'
	return xor_result

bits1 = '1100'
bits2 = '1010'
print(XOR(bits1,bits2))
# output: '0110'

0110


##### 2. S-boxes

In [10]:
SBOX = [
# Box-1
[
[14,4,13,1,2,15,11,8,3,10,6,12,5,9,0,7],
[0,15,7,4,14,2,13,1,10,6,12,11,9,5,3,8],
[4,1,14,8,13,6,2,11,15,12,9,7,3,10,5,0],
[15,12,8,2,4,9,1,7,5,11,3,14,10,0,6,13]
],
# Box-2

[
[15,1,8,14,6,11,3,4,9,7,2,13,12,0,5,10],
[3,13,4,7,15,2,8,14,12,0,1,10,6,9,11,5],
[0,14,7,11,10,4,13,1,5,8,12,6,9,3,2,15],
[13,8,10,1,3,15,4,2,11,6,7,12,0,5,14,9]
],

# Box-3

[
[10,0,9,14,6,3,15,5,1,13,12,7,11,4,2,8],
[13,7,0,9,3,4,6,10,2,8,5,14,12,11,15,1],
[13,6,4,9,8,15,3,0,11,1,2,12,5,10,14,7],
[1,10,13,0,6,9,8,7,4,15,14,3,11,5,2,12]

],

# Box-4
[
[7,13,14,3,0,6,9,10,1,2,8,5,11,12,4,15],
[13,8,11,5,6,15,0,3,4,7,2,12,1,10,14,9],
[10,6,9,0,12,11,7,13,15,1,3,14,5,2,8,4],
[3,15,0,6,10,1,13,8,9,4,5,11,12,7,2,14]
],

# Box-5
[
[2,12,4,1,7,10,11,6,8,5,3,15,13,0,14,9],
[14,11,2,12,4,7,13,1,5,0,15,10,3,9,8,6],
[4,2,1,11,10,13,7,8,15,9,12,5,6,3,0,14],
[11,8,12,7,1,14,2,13,6,15,0,9,10,4,5,3]
],
# Box-6

[
[12,1,10,15,9,2,6,8,0,13,3,4,14,7,5,11],
[10,15,4,2,7,12,9,5,6,1,13,14,0,11,3,8],
[9,14,15,5,2,8,12,3,7,0,4,10,1,13,11,6],
[4,3,2,12,9,5,15,10,11,14,1,7,6,0,8,13]

],
# Box-7
[
[4,11,2,14,15,0,8,13,3,12,9,7,5,10,6,1],
[13,0,11,7,4,9,1,10,14,3,5,12,2,15,8,6],
[1,4,11,13,12,3,7,14,10,15,6,8,0,5,9,2],
[6,11,13,8,1,4,10,7,9,5,0,15,14,2,3,12]
],
# Box-8

[
[13,2,8,4,6,15,11,1,10,9,3,14,5,0,12,7],
[1,15,13,8,10,3,7,4,12,5,6,11,0,14,9,2],
[7,11,4,1,9,12,14,2,0,6,10,13,15,3,5,8],
[2,1,14,7,4,10,8,13,15,12,9,0,3,5,6,11]
]

]

In [11]:
import textwrap

#podział wiadomości na 6-bitowe porcje 48/6 = 8 
def split_in_6bits(XOR_48bits):
	"""split 48 bits into 6 bits each """
	list_of_6bits = textwrap.wrap(XOR_48bits,6)
	return list_of_6bits

## Pomocnicze funkcje 
def get_first_and_last_bit(bits6):
	"""Return first and last bit from a binary string"""
	twobits = bits6[0] + bits6[-1] 
	return twobits

def get_middle_four_bit(bits6):
	"""Return first and last bit from a binary string"""
	fourbits = bits6[1:5] 
	return fourbits

def binary_to_decimal(binarybits):
	""" Convert binary bits to decimal"""
	# helps during list access
	decimal = int(binarybits,2)
	return decimal

def decimal_to_binary(decimal):
	""" Convert decimal to binary bits"""
	binary4bits = bin(decimal)[2:].zfill(4)
	return binary4bits

def sbox_lookup(sboxcount,first_last,middle4):
	""" take three parameter and access the Sbox accordingly and return the value"""
	d_first_last = binary_to_decimal(first_last)
	d_middle = binary_to_decimal(middle4)
	
	sbox_value = SBOX[sboxcount][d_first_last][d_middle]
	return decimal_to_binary(sbox_value)

#Test
bits48 = '011110100001010101010101011110100001010101010101'
sixbitslist = split_in_6bits(bits48) 
print("Split into 6-bits chunks:", sixbitslist)
bits6 = sixbitslist[0]
first_last = get_first_and_last_bit(bits6)  # '10' -> 2
print("First and last bit: ", first_last)
middle4 = get_middle_four_bit(bits6)  # '0000' -> 0
print("Middle 4 bits:", middle4)

sboxcount = 1
result = sbox_lookup(sboxcount,first_last,middle4) 
print("Sbox output", result)

Split into 6-bits chunks: ['011110', '100001', '010101', '010101', '011110', '100001', '010101', '010101']
First and last bit:  00
Middle 4 bits: 1111
Sbox output 1010


##### 3. Final permutation

In [12]:
PERMUTATION_TABLE = [16,7,20,21,29,12,28,17,1,15,23,26,5,18,31,10,
		                 2,8,24,14,32,27,3,9,19,13,30,6,22,11,4,25]

def apply_Permutation(permutation_table,sbox_32bits):
	""" It takes Sboxes output and a permutation table and return 32 bit binary string"""
	final_32bits = ""
	for index in permutation_table:
		final_32bits += sbox_32bits[index-1]
	return final_32bits

5. Nonlinear DES function
![title](img/desroundfunction.png)

In [41]:
def functionF(pre32bits, key48bits):	
    """This is main function to perform function F """
    out_bits48 = apply_Expansion(EXPANSION_TABLE,pre32bits)
    
    bits48 = XOR(out_bits48, key48bits)
    sixbitslist = split_in_6bits(bits48)
    
    sbox_count = 0
    final32bits=''
    
    for i in range(len(sixbitslist)):
        first_last = get_first_and_last_bit(sixbitslist[i])
        middle4 = get_middle_four_bit(sixbitslist[i])
        sbox_value = sbox_lookup(sbox_count, first_last, middle4)
        sbox_count += 1
        
        final32bits += sbox_value
    
    return apply_Permutation(PERMUTATION_TABLE, final32bits)

#test 
bits32 = '11110000101010101111000010101010'
key48bits = '110010110011110110001011000011100001011111110101'
print("Result of applying F(): ", functionF(bits32, key48bits))

Result of applying F():  11010001010000100101101101111100


### DES encryption
Some helpful functions:

In [42]:
HEX_to_Binary = {'0':'0000',
		 '1':'0001',
		 '2':'0010',
		 '3':'0011',
		 '4':'0100',
		 '5':'0101',
		 '6':'0110',
		 '7':'0111',
		 '8':'1000',
		 '9':'1001',
		 'A':'1010',
		 'B':'1011',
		 'C':'1100',
		 'D':'1101',
		 'E':'1110',
		 'F':'1111',
		}


def hexDigit_to_binary_bits(hex_digit):
	binary_4bits = HEX_to_Binary[hex_digit]
	return binary_4bits

def hexString_to_binary_bits1(hex_string):
	binary_bits = ""
	for hex_digit in hex_string:
		binary_bits += hexDigit_to_binary_bits(hex_digit)
	return binary_bits

def hexString_to_binary_bits2(hexdigits):
	binarydigits = ""
	for hexdigit in hexdigits:
		binarydigits += bin(int(hexdigit,16))[2:].zfill(4)
	return binarydigits
		
M = '0123456789ABCDEF' 
print("Hex2Bin:", hexString_to_binary_bits1(M))
# Output: 0000000100100011010001010110011110001001101010111100110111101111
print("Hex2Bin:", hexString_to_binary_bits2(M))
# Output: 0000000100100011010001010110011110001001101010111100110111101111

Hex2Bin: 0000000100100011010001010110011110001001101010111100110111101111
Hex2Bin: 0000000100100011010001010110011110001001101010111100110111101111


##### 1. How DES works
![title](img/descipher.png)

#### 2. Początkowa permutacja 

In [43]:
def hexTobinary(hexdigits):
	binarydigits = ""
	for hexdigit in hexdigits:
		binarydigits += bin(int(hexdigit,16))[2:].zfill(4)
	return binarydigits


INITIAL_PERMUTATION_TABLE = ['58 ', '50 ', '42 ', '34 ', '26 ', '18 ', '10 ', '2',
			 '60 ', '52 ', '44 ', '36 ', '28 ', '20 ', '12 ', '4',
			 '62 ', '54 ', '46 ', '38 ', '30 ', '22 ', '14 ', '6', 
			'64 ', '56 ', '48 ', '40 ', '32 ', '24 ', '16 ', '8', 
			'57 ', '49 ', '41 ', '33 ', '25 ', '17 ', '9 ', '1',
			 '59 ', '51 ', '43 ', '35 ', '27 ', '19 ', '11 ', '3',
			 '61 ', '53 ', '45 ', '37 ', '29 ', '21 ', '13 ', '5',
			 '63 ', '55 ', '47 ', '39 ', '31 ', '23 ', '15 ', '7']

def apply_initial_permutation(P_TABLE, PLAINTEXT):
	permutated_M = ""
	for index in P_TABLE:
		permutated_M += PLAINTEXT[int(index)-1]
	return permutated_M

#Test
M = '0123456789ABCDEF'
plaintext = hexTobinary(M)
print("Binary plaintext:", plaintext)
print("Plaintext after initial permutation:", apply_initial_permutation(INITIAL_PERMUTATION_TABLE,plaintext))

## Output
# 0000000100100011010001010110011110001001101010111100110111101111
# 1100110000000000110011001111111111110000101010101111000010101010

Binary plaintext: 0000000100100011010001010110011110001001101010111100110111101111
Plaintext after initial permutation: 1100110000000000110011001111111111110000101010101111000010101010


##### 3. Podział bloku 64-bitowego na dwie części 

In [48]:
def split_block_inhalf(binarybits):
	return binarybits[:32],binarybits[32:]

M = '0123456789ABCDEF'
p_plaintext = hexTobinary(M)
L0,R0 = split_block_inhalf(p_plaintext)
print("Blok po podziale: ",L0,R0)
 
#Output
#'00000001001000110100010101100111' '10001001101010111100110111101111'

Blok po podziale:  00000001001000110100010101100111 10001001101010111100110111101111


##### 4. Inverse permutation 

In [49]:
INVERSE_PERMUTATION_TABLE = ['40 ', '8 ', '48 ', '16 ', '56 ', '24 ', '64 ', '32',
			     '39 ', '7 ', '47 ', '15 ', '55 ', '23 ', '63 ', '31',
			     '38 ', '6 ', '46 ', '14 ',  '54 ', '22 ', '62 ', '30',
			     '37 ', '5 ', '45 ', '13 ', '53 ', '21 ', '61 ', '29',
			     '36 ', '4 ', '44 ', '12 ', '52 ', '20 ', '60 ', '28',
			     '35 ', '3 ', '43 ', '11 ', '51 ', '19 ', '59 ', '27', 
			     '34 ', '2 ', '42 ', '10 ', '50 ', '18 ', '58 ', '26',
			     '33 ', '1 ', '41 ', '9 ', '49 ', '17 ', '57 ', '25']

# Test
R16 = '11001100000000001100110011111111'  
L16 = '11110000101010101111000010101010'

cipher = apply_initial_permutation(INVERSE_PERMUTATION_TABLE, R16+L16)

print("Block after final permutation:", cipher)
# Ouptput
# 0000000100100011010001010110011110001001101010111100110111101111 

Block after final permutation: 0000000100100011010001010110011110001001101010111100110111101111


##### 5. Feistel network
![title](img/feistel-network.png)

In [53]:
# Lets do some round key 
key_64bits = "0001001100110100010101110111100110011011101111001101111111110001"
roundkeys = generate_keys(key_64bits)
# Suppose initial R and L value is 
R = '11001100000000001100110011111111'  
L = '11110000101010101111000010101010'

print("Input block", R+L)
# Feistel network 
newL = R
newR = XOR(L, functionF(R, roundkeys[0]))
R = newR
L = newL


print("Output block", R+L)
# Apply Feistel once again to decrypt data
newL = XOR(R, functionF(L, roundkeys[0]))
newR = L
L = newL
R = newR


print("Original block", R+L)


Input block 1100110000000000110011001111111111110000101010101111000010101010
Output block 0000001100000001010010000100100011001100000000001100110011111111
Original block 1100110000000000110011001111111111110000101010101111000010101010


##### 6. Let's put everything together

In [67]:
import binascii
M = '0123456789ABCDEF'
key ='12345678ABCEDFF9'
# C = '9831DEFB82F48A97' #test ciphertext 

def DES_encrypt(message,key):
    cipher = ""
    plaintext_bits = hexTobinary(message)
    key_bits = hexTobinary(key)
    # implement DES cipher 
    keys = generate_keys(key_bits)
    
    perm = apply_initial_permutation(INITIAL_PERMUTATION_TABLE, plaintext_bits)
    left, right = split_block_inhalf(perm)
    
    for i in range(16):
        newL = right
        newR = XOR(left, functionF(right, keys[i]))
        left = newL
        right = newR
        
    cipher = apply_initial_permutation(INVERSE_PERMUTATION_TABLE, left+right)
    return cipher

def DES_decrypt(message,key):
    cipher = ""
    plaintext_bits = hexTobinary(message)
    key_bits = hexTobinary(key)
    # implement DES decryption 
    
    keys = generate_keys(key_bits)
    
    perm = apply_initial_permutation(INITIAL_PERMUTATION_TABLE, plaintext_bits)
    left, right = split_block_inhalf(perm)
    for i in range(16):
        newL = XOR(right, functionF(left, keys[i]))
        newR = left
        left = newL
        right = newR
        
    cipher = apply_initial_permutation(INVERSE_PERMUTATION_TABLE, left+right)
    return cipher

print("Key:      ", hexTobinary(key))
print("Plaintext:", hexTobinary(M))
C=DES_encrypt(M, key)
print("Ciphertext: ",C) 
print("Ciphertext in hex: ", hex(int(DES_encrypt(M, key), 2)))
print("Decrypted message: ", DES_decrypt('6432edf741f8456b', key))


Key:       0001001000110100010101100111100010101011110011101101111111111001
Plaintext: 0000000100100011010001010110011110001001101010111100110111101111
Ciphertext:  0110010000110010111011011111011101000001111110000100010101101011
Ciphertext in hex:  0x6432edf741f8456b
Decrypted message:  0101111101111110100000000110000010110010011010101011001010111011
