I. INTRODUCTION
MANY countermeasures are needed to protect data. Cryptography is one of the most important techniques used to protect data while the data is being transmitted or even stored in storage devices. Cryptography is the science of creating encryption and decryption algorithms, while Cryptanalysis is the art of attacking the encryption system. The aim of such attack is to recover the secret key using two methods: brute-force attack and cryptanalytic attack. Nowadays both methods are used to verify the strength of any newly proposed encryption algorithm [1]-[3].
Cryptographic systems can be classified into transposition and substitution, symmetric and asymmetric, and block and stream cipher [1], [3]. In symmetric algorithms, one secret key is used by both parties for encryption and decryption. Whereas two keys, private and public, are used for encryption and decryption in asymmetric algorithms. In general asymmetric cryptography depends heavily on number theory, whereas modern symmetric algorithms which are considered as product cipher, depends on substitution and transposition [1]. Stream cipher encrypts/decrypts a stream of bits or bytes; bit by bit or byte by byte at a time. The block cipher encrypts/decrypts a plaintext block of N bits and produces a ciphertext block of the same size. Block ciphers can be classified into Feistel-base such as DES or non-Feistel such as AES [1], [2]. A simple and incomplete taxonomy of Cryptography techniques is depicted in Fig. 1.
The combination of transposition and substitution operations is called substitution-permutation network (SPN) [1]. Feistel network has many features and parameters that one should consider when inventing or modifying Feistel-base cipher. Some of these parameters and features are: number of rounds, subkey generation algorithm, and round function. In general more rounds mean higher security. Also, if the round function is more complex then to cryptanalysis the cipher will be harder too. It is also mentioned in [1] that there are other two considerations in Feistel cipher design: the first is the speed of encryption and decryption and the second consideration is the ease of analysis.
The goal of the function F is to produce a confused and diffused block. Confusion is achieved through the using of substitution boxes (S-box) and the diffusion is achieved by the permutation boxes (P-box). The aim of confusion and diffusion in block ciphers is to resist the statistical cryptanalysis. Diffusion can be achieved by applying permutation repeatedly on data followed by a function that can remove any statistical relation between the plaintext and the ciphertext. The operation of removing the relationship between the key and the ciphertext is called confusion. Confusion can be achieved by applying non-linear substitution to the encryption operation [1].
Data Encryption Standard (DES) is the most famous symmetric encryption algorithm that is based on Feistel structure. It was a standard for about 20 years. DES was considered not secure in 90's. Consequently, new algorithms were needed to replace DES. One of the solutions was Multiple DES, which was later called Triple DES (3DES) [1]. 3DES can be used with two keys or three keys. 3DES is still being used, since the cost to brute-force attack 3DES is still relatively high, 2112.
In this paper, DES was chosen as the case study since it satisfies the following criteria: technically, it is still being used in 3DES. It is based on Feistel structure. It is one of the strongest algorithms against known attacks. It is not complicated and can be analyzed easily. And it is also relatively fast in encryption and decryption [1]-[3].
In each round of DES (see Fig. 3), the sub-keys of 48 bits each are generated from the original key by using operations such as shifting, permutation and selection. An expansion permutation (E-box) is applied to the right half of the block. Then the result is combined with the subkey using XOR. After that, 8 S-boxes are used to produce a 32 bits output which will be permutated using the permutation box P-box. The above operations, which are known as round, are repeated 16 times. There are other two permutations, initial and final permutations, which applied to the input block before the first round and to the output block after the last round. These permutations are applied outside the function F. These permutations are not considered in this paper since they do not affect the differential cryptanalytic attack on DES [3]. The first permutation inside F is the Expansion Permutation Box (E-box). The goal of E-box is to achieve the avalanche effect as quickly as possible, whereas, the goal of the S-boxes is to strengthen the security of DES by using non-linear operations. Finally, the P-box is a static permutation which adds extra randomness to the output of F in order to achieve more robustness against known attacks. Table I shows the contents of P-box.
Any attempt to reduce the number of rounds in DES will weaken the algorithm. It has been showed that any version of DES with fewer rounds can be broken with a known-plaintext attack easier than by brute-force attack [
