 So let's look at the algorithm. Simplified desk takes eight bits of plain text in and eight bits of ciphertext come out and has a 10-bit key. It's longer than the plain text block just to make the steps in the algorithm work correctly. And it does some operations with the plain text and gets some intermediate output and then it repeats all of those operations again. So we say it goes through two rounds. Real desk goes through 16 rounds. It repeats 16 times. We start with a key and we generate some what we call sub-keys or round keys. That is, we'll generate some keys that we use in different phases in the encryption. So there's a key generation algorithm. There's an encryption algorithm which we'll go through. The decryption algorithm is essentially the same as encryption but we go backwards. We'll see that. So what we'll do, we'll go through a key generation use an example and then encryption to see the different operations used. This tries to capture those three algorithms all at once. In the middle are the steps used to generate keys from our original user chosen key. That is, the user chooses a 10-bit key. Then they apply some steps which will go through what they are. There's P10, Shift, P8, Shift, P8. The output of those two steps are two other keys which we call two sub-keys or two round keys. K1 and K2 in the diagram. Why do we generate two sub-keys? Because we said the encryption involves two rounds, two phases of we do something, then repeat it and we'll use a different sub-key in each round. Real desk does similar. It generates 16 sub-keys. Every round it uses a different sub-key but you start just with one original key. To encrypt, we take 8 bits of plain text in. We do some operations. IP, F of K using key 1, a swap. The same F of K using key 2 and some last operation and we get ciphertext. To decrypt, we start with the ciphertext and we do the same operations as encrypt almost. In encrypt, we start with this first IP operation. We'll explain what IP stands for shortly. To decrypt, we do the same. We apply the same function. We apply the same swap here, the same function again and the inverse operation and we get plain text. If you look closely, the blocks for encrypt and decrypt are the same. IP, F of K, swap, F of K, the inverse IP. The only difference is that we use K1 and K2 in a different order. For encrypt, we use K1 then K2. To decrypt, we first use K2 and then K1 where those values are the same. Let's go through it with an example. We'll refer to these slides as we go through the operation so I'll flick back through them. The example we're going to go through is this one. That is, we're going to take those 8 bits of plain text. The user chooses the key which is a 10-bit value. I just chose a random key here and we're going to encrypt that plain text and hopefully at the end of the example we'll end up with those 8 bits of ciphertext. That's what we'll try and do. I'm going to write it down. We'll go through each step and you can write it down and if you look, I hope I included at the end of the slides a printout of the example. Maybe I'll have a look. Because sometimes it's easy to make a mistake in writing down the bits. On page 95, you'll see the example we go through. The first thing we do, before we do any encrypting, we have to generate the subkeys or the round keys. We start with our original key, our 10-bit value and we're going to from that generate two other keys and then use them in the encryption and decryption. So let's do the key generation steps first. So we start with the user-chosen key. We start with what the key will denote as k and the value that we chose, those 10 bits, we chose them randomly, 1, 0. And just to make it easier to see the bits, I'll have a little bit of spacing. So that's the key that the user chooses. It's the same one on the slides, I hope. Yes, 10-bit value. And we need to generate two subkeys from that and the way that we do that is using these operations, p10, shift, p8, shift, p8. So we need to explain what they are or in more detail shown here. So this is the key generation algorithm. We take 10 bits in and the way that the arrows are marked, they show the number of bits we'll pass between each step. We apply an operation called p10. p stands for permutation. We do a permutation of those bits. Permutation is another word for transposition or rearrange. So what p10 means, we take 10 bits in and then we mix them up. We do a permutation. That way that we mix them up is defined and fixed. We always mix them according to the same rules. So p10 is actually defined, on the other slides. It says move this bit to this position, the second bit to this position. So when you see a p, lady will see p8. It's also a permutation. Remember from classical ciphers, substitutions and permutations. LS is left shift. So in binary we can shift the bits left. LS1 is to left shift by one position. Take your bits, shift them to the left and the left most bit becomes the right most bit. It wraps around. So like in hardware we can do a left shift on our bits. But the left shift takes five bits in and produces five bits out. So in fact what we do is the output of p10 we split into two halves. p8 is a permutation. The shape of this box means that we're going to take 10 bits in and produce eight bits out. It's going to throw away two of the bits but rearrange the rest. Left shift 2 is to do a left shift by two positions to the left. Take our five bits, move them to the left. So left shift is a permutation as well. p10 and p8, the two p8s are permutations. Let's go through them. So we're just mixing up the bits. p10, I have to jump back between the slides, is defined here. So it's defined in the algorithm. It's fixed. It never changes. The attacker knows what it is. The way to read it, we have 10 bits that come in. We label them. We can think the first bit, the second, up to the tenth bit that come in in order. What comes out? The first bit moves to this position. The third bit of the input becomes the first bit on the output. The tenth bit on the input goes to the sixth position. That's all that's defining here. We take 10 bits in and we mix them up. How do we mix them according to this permutation? So let's do that on our 10 bits. We've got 10 bits coming in. In this case, we'll make it clear. We'll say that let's label them. One, two, three. So there are our 10 bits that come in. When we apply the permutation p10, using the key as input, p10, it's going to produce bits that come out. From that slide, the third bit on input is going to move to the first position. The third bit on input moves to the first position. So that is a bit one. It will be the first bit in the output. The fifth bit moves to the second position. We see the five here means the fifth bit from input becomes the second bit that comes out. And the fifth bit was a zero. Zero comes out here. And we keep doing that for the rest. What's the next one? Two, is it? Bit two becomes the third one, which was a zero. So we're just mixing up these bits. Bit seven, which was also a zero. Bit four. We will only draw this once. We will not do it for all the permutations, but just to highlight the approach. Bit four was a zero. Three, five, two, seven, four. And then the tenth, ten, one, nine, eight, six. Bit ten, nine, bit one from all over here. It's a bit messy. Bit eight and six. Bit ten was a zero. Bit nine was a one. Bit one was a one. Bit eight is a zero. And bit six is a zero. Please check that when I make a mistake, let me know. We're doing is mixing those first ten bits up. Defined manner. Defined by P. Same way that the rail fence for the rows column cycle mixed up our letters. The rail fence that we wrote them in three rows, for example, and read off. They're just rearranges that will permutate the bits. Yep? No. P ten is fixed. So P ten is defined as part of, in this case, simplified desks. And the same in real desks. There's a P, I can't remember the number, but there's a permutation which is defined and always used this way. Whenever we take these ten bits in, we'll always, in the first step, get these ten bits. We'll always mix them this way. So we see that's very simple. And you may question, well, is that secure? We're just mixing up, and the attacker knows how we mix them up. So a very simple operation, but we need to question, is it secure? Well, we'll see, on its own, is not secure because the attacker can, if they know the output, they know the permutation, they can easily find the input. They can go backwards. But when we combine it later with some other operations, the substitutions, we'll see that the final output is considered secure because the attacker cannot go backwards. So this is the idea of combined simple operations. Yep? I switched them, did I? One and nine. Right. One becomes before nine. Right. Okay, correct. I put nine before one, but I was lucky in that they both bit ones. So, good. Find my mistakes. We get these ten bits. We do the next phase of the key generation, which is we split it into two halves, the left half and the right half. And in each half, we'll have five bits, so we'll do a left shift by one position on each half. Left shift, just rotate the bits, wrap around where necessary. That is, now we consider it in two halves, two five-bit inputs. We'll do a left shift by one position on each half. Left shift just means that the second bit becomes the first bit, the third bit, the second bit, and the first bit on input will wrap around and become the last bit. So, note that we do it just on those five bits, not on all ten. And then we do a left shift on the second half. So, we move the bits to the left, so it'll be one, one, zero, zero, that's these four bits, and the first zero will end up at the so now we have two five-bit outputs. What's next? Join those two five-bit values, pass them into P8. P8 is another permutation. So, we're just rearranging the bits. Left shift is also a permutation. What is P8? Go in the right direction. Sorry. Wrong way. P8 is defined here. It's actually select and permutate. And as we start with ten bits in, one through to ten, bits one and two are discarded. We just take the last eight bits and rearrange them according to this fixed definition of P8. So, let's do P8 on those ten bits. You do P8 and tell me the answer. The first two bits are going to be discarded and the last eight bits are going to be rearranged. And that the sixth bit, then the third bit, then the seventh bit will come first. Six three and seven. And if you keep going four, eight, five, ten, nine bit four eight bit five is a one and ten and nine are both zeros. That is the output of P8. And importantly that is subkey K1 or the round key K1. It's going to be using round one of our encryption algorithm. So that's the value of K1. Keep going. So we just did P8. The output of P8 is K1. But what we do to get K2 is we take the previous inputs to P8, do a left shift by two positions and then do P8 to get K2. So let's quickly do that. So we'll keep drawing here. We take this five values and do a left shift by two positions. So we're going to continue with these five and do a left shift by two and that's easy. This one will move to the middle position. Left shift by one two positions and similar we'll do a left shift by two positions on the right five bits and we have three zeros and the two ones will end up at the end. So we're going to take those 10 bits and do P8 again. The first two bits will be discarded. We rearrange the last eight bits and see what you get. P8 637485109 bit 6 bit 3 bit 7 and 4 bit 8 5 and the last two bits 10 and 9 and that is K2. We've done taking our 10 bit user chosen key and rearranged it according to some fixed algorithm to get to some not so hard that was the easy part and note that the operations we did were all permutations or all transpositions. There were no substitutions there. We always just took the same bits in and move them around. Left shift is a permutation P8 and P10 are permutations. We're going to use K1 and K2 in both the encryption and they are used also in the decryption. So if you receive ciphertext and you need to decrypt if you have the same key you'll generate the same two subkeys K1 and K2. So we'll use it together. So let's do an encryption using our plain text from the example and let's have a look at the encryption algorithm. We've got 10 minutes to finish our encryption and we'll get started but as an overview we start with 8 bits of plain text we do an initial permutation. IP means initial permutation so again it's a permutation it's fixed then this dark grey box is denoted f of K so together we say that's some function we take the 8 bits in 8 bits output this is what we call our round function this is one round of our algorithm and the input to that round would be K1 when we finish that round we swap the halves SW swap or switch that is we have two halves of bits and we swap them and then we do the same round function and the second grey box that's here so exactly the same inside the grey boxes so they're the same functions here in the second round we use K2 when that's finished we do the inverse initial permutation initial permutation is defined the inverse we'll see what that is you'll see what it is and then we get 8 bits of ciphertext out so what we'll do in the example is we'll go through the round function once we'll get to here and then I'll leave it to you to do the round function the second time take 8 bits in an initial permutation and then we split the 8 bits into two halves we'll take the right half and then apply these more operations on that right half EP XOR and others let's try we'll use K1 and K2 during this our plaintext the data that the user wants to encrypt we've chosen some values 8 bits of plaintext we do an initial permutation and like P8 and P10 that is also defined where is it? here it is initial permutation just a permutation where the second bit becomes the first the sixth bit becomes the second and so on rearrange those bits 2, 6, 3, 1 bit 2 bit 6 bit 3 bit 1 and then 4, 8, 5, 7 bit 4 8 5 and 7 the initial permutation is done before the main function and the opposite is done at the end just before we get the ciphertext in real desks similar to the initial permutation you do 16 rounds and then you finish with an inverse initial permutation we split it into 2 halves so we'll talk about the left half and the right half we will not use the left half yet we will take the right half and do some operations on that what do we do? the right half the right 4 bits we apply these steps EP expand and permutate 4 bits in 8 bits out so we're going to duplicate the bits but also a rearrangement at the same time expand and permutate we take 4 bits in 1, 2, 3, 4 and what comes out 4, 1, 2, 3, 2, 3, 4, 1 so each bit is duplicated on the output of EP 4, 1, 2, 3 note we're working on the right 4 bits 1, 0, 0, 1 4, 1, 2, 3, bit 4 bit 1 2 and 3 4, 1, 2, 3 and with those same 4 bits on the right half 2, 3, 4, 1 bit 2 3 4 and 1 bit 1 the start of our function so here was the start of that gray box where we do F that function using K1 as input after the expand and permutate we've got 8 bits we XOR with the key 8 bits exclusive OR with K1 K1 we generated in the previous algorithm so we write down K1 and do an XOR this is our first different operation key generation use permutate left shift which is also a permutate expand and permutate is a permutate it's a rearrangement of bits XOR is a substitution we're not just rearranging the bits we're replacing bits with other potential bits so this is our first substitution exclusive OR here so XOR our value with K1 so if we remember K1 from before K1 was 1 0 1 0 0 1 0 0 and we XOR those values exclusive OR what do you get? remember your exclusive OR if they are the same you get 0 if the bits are different you get 1 the same we get 0 same different different same different we get our 8 bits out and then we split that again into 2 4 bit values so that was a substitution well how do we know well it's definitely not a permutation because the input with these 8 bits 4 1s and 4 0s the output has 5 1s and 3 0s so we didn't end up with the same bits just mixed up sometimes it's hard to tell it was some replacement of bits there so that was a substitution operation and the next operation is also a substitution and we use S boxes in the same way that the permutations were defined we defined a special technique a way to replace some bits with other bits to a substitution and these are a key part in the real desk design and even in other ciphers what we do we start consider the first 4 bits 0 1 1 0 I'll write it again over here we let's look at the slide where it's defined the S boxes we just did the X or we've got 4 bits on the left 4 bits on the right the 4 bits on the left are going to be fed into S box S 0 the 4 bits on the right are fed into S box S 1 we're going to power on through for the next 10 minutes and finish this example and then we'll take a break after that let's do the S boxes S 0 and it's defined on this slide we have 4 bits in bit 1 2 3 4 the S boxes S 0 and S 1 are matrices then they are defined so 4 by 4 matrices they are fixed everyone knows what the values are and the way that we use them is that the first and the last bit of the input determines the row of the matrix and the second and third bit is the column of the matrix we look up that element and that's the output let's consider with our example the row the first and last bit 0 0 row equals 0 0 column the second and third bits 1 1 or you can think row in decimal 0 column 3 if we index our matrix row 0 1 2 3 columns then we look up the element which is in row 0 column 3 row 0 0 in binary column 1 in binary look it up in the matrix of S 1 what do you get as output sorry S 0 S 0 row 0 column 3 S 0 row 0 the top row column 3 the last column output 1 0 this value note that we index starting at 0 row 0 1 2 3 column 0 1 2 3 row 0 column 3 output 1 0 ok so our input here we have 0 1 1 0 the rule is that yes the first and last bit tell us which row number row 0 0 in binary or in decimal row 0 sorry convert and the column is the middle 2 bits 1 1 or if I convert to decimal 1 1 is 3 ok so depends on how you want to think about it in binary or decimal so in decimal that will be 0 and 3 we just convert so row 0 column 3 which is the fourth column we start index at 0 the output will be this element and it's fixed it's always that value for that element 1 0 do it for S 1 with S 1 you take the other 4 bits you take these 4 bits apply into S 1 the different matrix and see what you get with S 1 we take the input is 0 1 1 1 row 0 1 the first and last bit column second and third bit 1 1 or in decimal 1 and 3 look it up in S 1 row 1 column 3 row 1 which is the second column column 3 the last column 1 1 comes out this element we've not discussed the design of them yet we'll come back when we talk about this why is it like this we have 4 bits we're at this point we pass into P 4 rearrange those 4 bits P 4 is defined 2 4 3 1 rearrange those 4 bits we have 4 bits 1 2 3 4 rearrange where we have 2 4 3 1 bit 2 4 3 and 1 so we treat those 4 bits together we get 0 1 1 1 XOR with the left half from the original input where to go that is all of this started with these 4 bits we haven't done anything with these 4 bits so let's use them now take these and XOR with our 4 bits that we have currently that's the left half this was the right half expanded and permutated here 1 1 1 0 1 sorry 1 0 1 0 XOR exclusive or 1 1 0 1 almost there grab the right half grab this half the original right half 1 0 0 1 now we have 2 4 bit values swap them swap the sides actually this is a swap operation which is quite simple these 4 bits will become the last 4 bits and these 4 bits become the first 4 that was actually and then I think we have done all operations necessary let's summarise what we did then we will have a break we started with the initial permutation we took the right 4 bits expand and permutate XOR with the key K1 use the 2 S boxes S0 and S1 we get 4 bits out apply permutation P4 XOR that with the original left half we get 4 bits out take the original right half and we have actually finished the round now we have 8 bits that come out of the round before we do the next round we swap those 2 halves and then we repeat it all again starting from the expand and permutate you see what is inside the grey box is the same we do the same steps but we will use K2 we will get 8 bits out we will do the inverse initial permutation and get ciphertext so we got to this point to finish what you do is now you start the round function using K2 when you finish that round function then you will do the inverse initial permutation and you will end up with 8 bits the ciphertext and the 8 bits you should get just by luck the 2 halves are the same and to give you a hint so we can have a break the inverse initial permutation is your homework find it what is it and to give you a hint the end of that function the input is this the end of function the round function using K2 you will get these 8 bits then you will do the inverse initial permutation and then you will end up with a ciphertext so your homework if you don't understand the steps you can do them for round 2 which is actually the same as round 1 and then do the inverse initial permutation and we get ciphertext