Better to know some... than all 


DESThe Data Encryption Standard (DES) is the most wellknown symmetrickey block cipher. Recognized worldwide, it set a precedent in the mid 1970s as the first commercialgrade modern algorithm with openly and fully specified implementation details. It is defined by the American standard FIPS 462. Product ciphers and Feistel ciphersThe design of DES is related to two general concepts: product ciphers and Feistel ciphers. Each involves iterating a common sequence or round of operations. The basic idea of a product cipher is to build a complex encryption function by composing several simple operations which offer complementary, but individually insufficient, protection. Basic operations include transpositions, translations (e.g., XOR) and linear transformations, arithmetic operations, modular multiplication, and simple substitutions. A product cipher combines two or more transformations in a manner intending that the resulting cipher is more secure than the individual components. A substitutionpermutation (SP) network is a product cipher composed of a number of stages each involving substitutions and permutations. An iterated block cipher is a block cipher involving the sequential repetition of an internal function called a round function. Parameters include the number of rounds r, the block bitsize n, and the bitsize k of the input key K from which r subkeys K_{i} (round keys) are derived. For invertibility (allowing unique decryption), for each value K_{i} the round function is a bijection on the round input. A Feistel cipher is an iterated cipher mapping a 2tbit plaintext (L_{0},R_{0}), for tbit blocks L_{0} and R_{0}, to a ciphertext (R_{r}, L_{r}), through an rround process where r >= 1. For 1 <= i <= r, round i maps (L_{i1},R_{i1}) K_{i>} (L_{i},R_{i}) as follows: L_{i} = R_{i1}, Ri =L_{i1}f(R_{i1},K_{i}), where each subkey K_{i} is derived from the cipher key K. Typically in a Feistel cipher, r >= 3 and often is even. The Feistel structure specifically orders the ciphertext output as (R_{r}, L_{r}) rather than (L_{r},R_{r}); the blocks are exchanged from their usual order after the last round. Decryption is thereby achieved using the same rround process but with subkeys used in reverse order, K_{r} through K_{1}; for example, the last round is undone by simply repeating it. The f function of the Feistel cipher may be a product cipher, though f itself need not be invertible to allow inversion of the Feistel cipher. The successive rounds of a Feistel cipher operate on alternating halves of the ciphertext, while the other remains constant. Note the round function of Definition may also be rewritten to eliminate L_{i}: R_{i} = R_{i2}f(R_{i1},K_{i}). In this case, the final ciphertext output is (R_{r},R_{r1}), with input labeled (R_{1},R_{0}). 