I\'m trying to implement DES from scratch using the NIST paper and the Wikipedia
ID: 648444 • Letter: I
Question
I'm trying to implement DES from scratch using the NIST paper and the Wikipedia article on DES.
I got 16 round DES done, but I can't seem to get 8 round DES working. I figure it's because I got the rotation table wrong. The rotation table I'm using for the 16 round version is straight off of Wikipedia's DES Supplementary Materials, while the 8 round version is the same with a few 2's in the middle taken out to make the length 8. { 1, 1, 2, 2, 1, 2, 2, 1 } for encryption and { 0, 1, 2, 2, 1, 2, 2, 1 } for decryption, which uses inverted key scheduler for decryption. Apparently, that's wrong, and I can't find a table or a algorithm for creating a rotation table.
If anyone can point me to either, it'd be much appreciated.
Explanation / Answer
The catch is that for decryption to work reliably for all keys, the subkeys must be the same for encryption and decryption with order reversed. With many DES implementations, that implies the sum of the rotations in the key schedule should be a multiple of 28, the width of the C and D registers.
Use say 15,2,2,2,2,2,2,1 rather than your 1,1,2,2,1,2,2,1 and you should be flying (assuming the code handles these larger values, and does not use the optimization enabled by the fact that after removing the first value in the DES key schedule table 1,1,2,2,2,2,2,2,1,2,2,2,2,2,2,1, the 15 remaining entries are a palindrome). Note: I have changed my suggested values so that the subkeys used match the ones in the last 8 rounds of encryption in standard DES; that reuses some of the work made by DES designers when crafting PC-2 w.r.t. the key schedule.
Alternatively, use 1,1,2,2,2,2,2,2 for encryption and make an extra rotation by 14 before decryption. That way we use the same subkeys as for the first 8 rounds of encryption in standard DES.