 The symmetric block cipher that takes 64 bits of plain text input and produces 64 bits of ciphertext as output. So it encrypts 64 bits at a time. It uses a 64-bit key as input, but in fact only 56 of those 64 bits of key are actually used in the encryption. The other eight bits are a parity check. To demonstrate desks, I'm going to use this academic version of desks called simplified desks. It uses a similar operations, but it just cuts down instead of using 64-bit blocks, it cuts down to eight bits just so we can go through an actual full example or at least some parts of the example on the screen or on the board. So simplified desks is not for real-world use, but we'll see and compare it to real desks after we go through the example. Simplified desks, we deal with eight-bit blocks. So it's just cut down to operate similar to desks. We look at eight bits of plain text and we'll produce eight bits of ciphertext. The key will be 10 bits. And in real desks we have 16 rounds, that is we apply some function and then repeat it 16 times in simplified desks just two to speed things up. The steps that we'll see in the diagram of what is the steps we apply. This captures the overall diagram for simplified desks and it looks similar to real desks except it has only two rounds in this diagram, real desks has 16. How we read this is that we have to encrypt plain text to get ciphertext. If we have ciphertext and want to decrypt to get plain text, we go in this direction and we'll explain the blocks. But in fact in both cases we take our original key, in this case a 10-bit key, and we generate what's called round keys or sub keys, K1 and K2. And this will be round one, round two, we'll use sub key or round key K1 and round one and K2 and round two. In real desks we do a similar thing where we generate 16 round keys and use one in each of the rounds. So there's this key generation step followed by the encryption. What are all these blocks? We'll go through them, but in summary, the ones with a P, initial permutation, permutation 10, permutation 8, we'll see another one I think, permutation 4, they are permutations which means transpositions or simply rearrangements. They take some input and rearrange the bits. We're operating on bits now, not English letters, but remember Rose Column, we took, going backwards, we took some characters and rearranged them. We did a transposition or a permutation on those input characters. We'll do the same in all of these. IP is an initial permutation, P10 and P8 are different permutations. In fact, switch or swap SW here is also a permutation. It takes 8 bits and swaps the halves. So it puts the first 4 bits last and the last 4 bits first. We'll see that in the example. A shift is a left shift, again a permutation. Like 8 bits, shift it all to the left, wrap the first bit around to the end, similar to a Caesar cipher, which shifts to the right. So just a permutation, that will not help us. So there's permutations and then we'll see in detail that this F, this function, it's called a round function, is where the details are and that will include some permutations as well as a substitution. And the substitution is what adds to security. We need the substitution in there, without it, then it will be very easy to break. Simplified desks as well as real desks, the actual permutations, how we rearrange the bits is defined. It's standard and it's known by everyone. So these are the definition of them. We'll return them when we need them, not quite yet. So we'll return to them through our example. Let's start with an example and generate a key, and we'll see the steps in detail. The example, I think you have a printout in your handouts for an example, I'll try and go through on the screen and we'll calculate it as we go, but you have it already printed out. I'll show you. You have this document which gives all the details of what we're going to go through at the moment. So try and follow along and see what's happening. Let's try and start with a key and generate the round keys. And I've just chosen a random key for this example. So our key that we'll start with, key K, 10 bits, that's the key that we've chosen. For example, the user chooses a random key and shares it with the recipient. So both sides, the encryptor and decryptor must have this shared secret key. We'll have some plain text I'll introduce in a moment. The first thing that we must do is generate subkeys. And the steps are defined here. We take 10 bits as input, the 10 bit key as input, and the way we read this diagram, so this arrow with a slash two and 10 means 10 bits are flowing through here in order. P10 is a permutation. It takes 10 bits in and rearranges them in some way, in some defined way, and produces 10 bits out, of course, it's just a permutation in this case. And in fact, we'll treat it as two different halves, the left and the right half, five bits at a time. Then we'll do a left shift on each half. LS means left shift, shift the bits to the left by one position. So with five bits, move them to the left, where the left most bit will become the right most bit, it'll wrap around. We do it on each half. And then we'll feed them in and do another permutation, P8. In fact, this permutation will take 10 bits in and will produce eight bits out. So it permutates and deletes two bits to get the output K1, the first round key. And the outputs of those left shifts will be fed down to do another left shift. Left shift by two positions, P8 will be applied again, we'll get the second round key, K2 out. So let's go through that with our 10-bit key. So the first thing is we apply P10. So with our key after applying P10, that rearranges those 10 bits, but how? And that's defined on one of the slides. P10, if we go back, is defined as, if these are the 10 bits coming in, bit one through to bit 10, then the order in which they come out are defined by the second row. The first bit moves to the seventh position, the 10th bit moves to the sixth position, the third bit moves to the first position, and so on. So that's a fixed permutation. It just rearranges the bits. We'll see when we look at real deaths, it has the same. There's a large list of bits that says, of these 64 bits, we rearrange them in this manner. Why is that coming up? Connect. Let's get rid of this error. Okay, so let's do that permutation, P10, where the third bit will become the first bit, and so on. You do it, and just check that it makes sense. And I'll write it down just so it's clear in this instance, not for all the others. What do we have? These, we have 3, 5, 7, 3, 5, 2, 7, 4, 10. That's a two. We'll go through slowly in the first case, and then we'll speed up as we go through the next steps. So the result, after we apply permutation P10, is that the third bit, one, becomes the first bit. The fifth bit, zero, becomes the second bit. The second bit, zero, becomes the third bit, and so on. 7, 4, 10, bit one, bit nine, bit eight, bit six. So that's all. Very simple. Rearrange the bits. And we'll see the other permutations are very similar. Different arrangements, and we'll talk about why particular arrangements are chosen later, but let's just go through and perform the operations. That is the first step. So the 10 bits that come out, we're at this position, we treat them as two halves, and do a left shift on each half, left shift by one position. So you split them into two halves now, and after doing a left shift, focusing on the first five bits, everything moves to the left, where the left most bit ends up as the right most bit. And similar for the right half. And next, so that's the output of the left shifts, they feed into P8. Another permutation, but note that P8 takes 10 bits in, produces eight bits out. And it's defined as this select and permutate. So two bits are going to be removed as the output. Bits one and two. So we get six, three, seven, four, eight, five, 10, nine as the rearrangement. Bits one and two are going to disappear. After P8, we'll get eight bits, and they'll be following P8. The first two bits disappear. So now we have 10 bits, they're going to disappear, and these remaining eight bits are going to be rearranged according to P8, the definition of P8. I want to write down the rearrangement, you need to check back on the slide as to what that definition is. But just mix them up. That is in fact key one, round key for round one. We'll use that later. That's this output here, K1. The previous input to P8 is taken again and perform, we perform another left shift on each of the halves by two positions. So we'll continue and we'll do another left shift by two positions this time, not one. And that is taking this one and this value. So take those five bits and do a left shift by two positions, of course, wrapping around where necessary. So just focusing, for example, here, this bit, if we shift to the left by two positions, comes to here, then here. This second bit, one, two positions. So the two ones end up here on the output and the three zeros, of course, will be there. So we skipped over P8, that was just used to get K1. And the last step, P8 is applied again. On those 10 bits, apply P8 and you'll get K2. And P8 is the same as it was defined before. Remove the first two bits and rearrange the remaining eight. And we get, I have the answers from before. You can check, that will be K2. So the operations are very simple. In fact, in real desks, they're that simple. We're shifting bits, we're rearranging bits. Transpositions in this case, yep. Yes, in this case, this is the algorithm. It's defined like this. Whenever you have a key, the steps we're doing now is generating the round keys. The output of this step, we started with our 10-bit key. We get K1 and K2 as output. We always apply those steps that we've gone through, always using that fixed definition of P8, left shift and P10. It doesn't change. So very simple and the same in desks. We'll just see that the permutations have more bits than what we're dealing with here. So we get two round keys. This is the key generation stage. We'll use them in a moment. Just go back to put everything into context. What we just did was this middle part. Whenever we have our input key, the user chosen key, we generate two round keys, K1 and K2, by P10, left shift, P8, left shift, P8. And then we'll use those two keys when we encrypt our plain text. And we'll go through that step of encrypting the plain text. But it turns out with simplified desks and even real desks, decryption also uses those same round keys. So when someone receives ciphertext they want to decrypt, they take the same 10-bit key, follow those exact same steps, and they'll get the same values of K1 and K2. And we'll return to it, but we'll notice that decryption follows the exact same steps as encryption. Encryption, we'll see is IP, F of K, SW, F of K, IP, the inverse IP. Decryption, exactly the same steps. The only difference is that we'll use the round keys in the opposite order. In encryption, K1 is used first and then K2. In decryption, K2 and then K1. The benefits of encryption and decryption being the same operations is that you only need to implement it once. You implement encryption and you now have an implementation of decryption. That's a significant practical advantage. So let's now encrypt some plaintext. Any questions? Easy so far, and it will only get easier as we go. We will not go through all the steps, don't worry. We'll just do some initial steps. Let's try again. We'll need K1 and K2, and we'll need some plaintext to encrypt. I've chosen some plaintext. We'll return to K1 when we need it. Some random plaintext. So we want to encrypt this 8-bit block. If I had 1,000 bits of plaintext, then I'd have to break it into 8-bit blocks and encrypt one block at a time. So what do we do to encrypt? The details are here. A little bit more detailed than the overall diagram. This is the encryption phase. And it's hard to see at this size, but we start with 8-bits plaintext. IP is what we call the initial permutation. It's a permutation we do just at the start. We only do it once in the encryption. We'll see at the end we do an inverse initial permutation. Nothing complex there. And then these two dark grey boxes are the rounds. And they involve some permutations. In fact, IP is expand and permutate, meaning we're going to take 4-bits in and produce 8-bits out. So we take 4-bits, expand to get 8-bits, rearrange. We're going to take our key K1, which we just generated, an exclusive ore with the output here. We're going to split it into two halves and feed 4-bits at a time into the two S-boxes. S0, S1 are called S-boxes. Substitution boxes. So the operations we've seen so far are just transpositions, permutations. The other main operation in cryptography is a substitution. We're going to replace bits with other, or sets of bits with other sets of bits. So we'll see the details of them. We'll take the output. They'll produce 2-bits out. We'll have another permutation. We're going to X ore with the left half of our original output here. We'll get 4-bits and 4-bits, and then we'll swap the halves and we'll do it all again. One round, a second round. Let's go through just the first few steps and then we'll give you the answer so you can check if you need. First, the initial permutation. And like the other permutations, it's defined. Bits 1-8 become rearranged in this order. So that's fixed. It's always fixed. It's always those values. Rearrange and you get, what do you get? Tell me the values. Try it. Bit 2, the second bit on the input becomes the first bit on the output. The sixth becomes the second, and so on. What have I done wrong? I've got the wrong answer in front of me. Sorry, I'm going to go back and start again. I've got the wrong plaintext. Luckily I noticed before we got halfway through. Let's try a different plaintext because I only have the answer to that one. I misread my notes. This is the plaintext I want to try because I have the answers and we can check and confirm at the end. Let's forget about the first plaintext. But we do the same initial permutation. The second bit becomes the first and the sixth bit becomes the second, and so on. And in fact, where I misread is that that becomes one, six, and what do you get? This is where I misread the plaintext. That will be the output after we rearrange those eight bits according to IP. That is the output of IP. And in fact, now we operate on two halves. The right half, we're going to feed in to this block here to note it as F, uppercase F. The left half we'll return to later. We'll need it later. So the right half, the right four bits, we expand and permutate, and then XOR with the key K1. And expand and permutate is defined as this. Four bits in, we're going to repeat those four bits and rearrange them as defined that the first bit becomes the second bit and the eighth bit. The second bit on input becomes the third and the fifth bit on output and so on. So we expand and permutate only on the right most half. So that was just on those four bits. Then we XOR with K1. And K1 is what we generated before. From before K1 was what do we have? If you do an XOR between those eight bits, one XOR one, ever remember their basics of XOR? When they're the same, we get zero. When they're different, we get one. And then we're going to input, split that into two halves and input that into our S boxes. And that's really the next step that we need to go through that's different from before. Then the rest is easy. So just to show where we're at. We had eight bits out of our expand and permutate. We XOR with K1 and take four bits into S0 and four bits into S1. Where the S boxes, we perform a substitution. And the way that we use it, we're going to, the S boxes are also defined. Substitutions like our mono-alphabetic cipher defines how we, what we replace our plain text characters with. What do we get on output? This defines, given an input, what is going to come out? And it's defined, we define it as two matrices. S box zero, S box S one. So focusing on S zero, we have four bits in. The way that we interpret this, so this is the S box, we have a four-bit input, bits one through to bit four. Bit one and bit four specify the row, bit two and bit three specify the column. And we just do a simple matrix lookup and with the element that we find becomes the output. Where we label our columns and rows in binary. So zero, one, two, three in decimal. So row zero or in binary, zero, zero, zero, one, one, zero, one, one. And column zero, one, two, three. And bit one and four specify the row, two and three specify the column. So what's the output? Find out the output when we feed these values into our two S boxes. Four bits are going to come in and two bits are going to come out. With S one, the row is going to be zero, zero. And the column, one, one. Bits one and, let's go back. Bits one and four specify the row, two and three specify the column. So row zero, zero, column one, one. Or in decimal, row zero, column three. Look up your S box. Row zero, the first row. Column three, the last row. Output, one, zero. So it's just a look up on that defined substitution box. So the output for S one will be one, zero. And then do the same for the right four bits to get S one. What does S one give us? First and fourth bit, column, second and third bit. And just do a look up in the S box. If we can get past the S boxes, you'll see that the rest is all permutations and easy. Any questions on the S boxes or the other aspects of simplified desks so far? Find out the output of S one. Is it one, one? Row. Now think of the rows and columns in binary. It's the easiest way. Row zero, one, column one, one. So when we look at our matrix, if you wanna convert a decimal, then zero through to three. Zero, one, one, one. In S box, S one. The second row, zero, one. The last column, one, one, produce output one, one. Just a look up on that matrix, our substitution. We are the output of S zero and S one. We have four bits. We permutate with P four. We'll get four bits out. Then we X all of those four bits with the left half that came out of the initial permutation. Let's quickly do that and then we'll get to our answer. So we're going to apply P four now. Four bits in to P four. We'll produce those four bits out. Where does that come from? Four bits in, one, zero, one, one. P four is defined here, a rearrangement. Bit two becomes the first bit and then the remaining three bits at the end. And X all of that with the left half, we have it up somewhere. This left half of the initial permutation, if we can bring it down, is then reused down here. One, zero, one, zero. This one, zero, one, zero, is the left half from our initial permutation output. You can follow it up on here or on the slide. It comes from the initial permutation. Exclusive all. And now we bring back to our slide. What do we just do? We just took the four bits out of P four, exclusive all with the four bits from the initial permutation. We get four bits out, combine it with the original right half of the initial permutation. I'll bring that down. The right half here is now reused. One, zero, zero, one. And the last, in fact, that's the end of our round. That's the end of the round. We swap the halves and then repeat all of it again. Repeat the round again. What we've just done is we started with plain text. We did the initial permutation, then we did everything inside this dark gray block. Now we're going to swap the halves and then we repeat everything inside the dark gray block but using K2 as an input at this step. And then we'll get some eight bits out, do an inverse initial permutation, we'll get our ciphertext. So let's swap the halves and then I'll give you the answer. You can do the rest in your own time. Swap the halves. So this is the swap. Then you apply our round function denoted on the diagram as F of K using K2 as an input. You'll get as an output. I've done it before, I hope. As the output, you'll get eight bits of, then you'll do the inverse initial permutation and you get your output ciphertext. Don't worry, we will not go through many ciphers in this much detail. We'll just use this one to demonstrate that in fact complex ciphers is made up of simple operations. So as the output of our swapping the halves, we get these eight bits. You apply the dark gray block again but use a K2 as an input and we calculated K2 before. You get some eight bits. You apply the inverse initial permutation and then you get eight bits of ciphertext and we're done. You as homework will try and work out what the inverse initial permutation is. Well, the inverse of IP. So try and work out what it means to do the inverse of this operation, this permutation. Try. It's the inverse, yes. Let's see what happens. It's like thinking about the rose columns a little bit. Just be careful with it. So we're done. We've encrypted using simplified desks. If we want to decrypt, in fact we do the exact same steps. Except we take our ciphertext, eight bits, exact same steps, but we use K2 first in the first round and then K1. So just rearrange the ordering of the keys. So you know simplified desks now to finish in the last two minutes. That was the example we went through. A comparison of simplified desks and real desks. Some aspects. So simplified desks is just for educational purposes. Real desks, some of the differences. All right, now we have 64-bit blocks, not eight. And we have 16 round keys. It turns out the round keys in real desks are 48 bits. So K1, K2, K3, up to K16 will each be 48 bits. They'll be derived from the original input key. All right, the initial permutation is 64 bits. The function F, if you look in the diagram, operates on 32 bits. Simplified desks had two S boxes. Real desks has eight S boxes. But the same concepts. 16 rounds, not two rounds. This is this concept of keep applying transpositions and substitutions and you get a better and better ciphertext from a security perspective. So you could go away and do simplified desks if you had the definition of all those operations. And for your reference, I included them here. Just taken from the textbook. Real desks goes through 16 rounds. Here's the initial permutation, IP, and the inverse. 64 bits in, we rearrange those 64 bits. So the first bit ends up here. The 58th bit becomes the first bit, and so on. That's all. The expand and permutate, permutation functions. A single round, we take our right half, expand and permutate, XOR, S box, permutate, XOR, and keep going. All right, the S boxes. With simplified desks, we just had our two four by four matrices. Here we have eight S boxes. But same concept. We just do look up in the S box to get the output. In this case, we get output four bits. I think we have a decimal four bit value there. And it's slightly different in the key generation, but it's not much more complex. So we now know simplified desks. You could now expand that knowledge to real desks. And real desks is one of the most used ciphers in the world. It's no longer recommended, but if you consider it's used over the last 30 or 40 years, it's one of the most used ciphers in the world. And many other ciphers use similar concepts. Rounds, substitutions, transpositions, XOR, generate keys, and so on. So this is one example of a real and relevant cipher. On Thursday, we'll talk about some of the reasons it uses these operations and some of the limitations of them, and then move on to the next topic. Let's stop there.