If DES decryption is the same as encryption done in reverse order, then how can the reversed S-Box convert 4 bits into 6 bits?
Asked
Active
Viewed 5.0k times
1 Answers
6
DES is based on a Feistel construction - while the one-way function used is.. well.. one-way, you don't need to reverse it at all to "decrypt" (otherwise you are correct we would have a problem). Look at this diagram, specifically the decryption one:
As you can see, even though one half of the ciphertext is passed through the one-way function, there's always a copy of it remaining. In this case, $L_{n + 1}$ goes through the one-way function to mask $R_{n + 1}$, but still becomes one half of the ciphertext, which lets you use it again during decryption to undo the XOR operation you used to mask the other half of the ciphertext.
Then you keep doing that for each round (using the round keys in reverse) and you end up with the plaintext. No information is lost during the encryption process, the one-way function is simply used to mask each half in turn in an interleaved fashion (which can be done again during decryption in the opposite direction, but only if you have the key).
Ultimately decryption is very similar to encryption, a common feature of Feistel ciphers in general. In fact with some arrangements the only difference is the order of the subkeys, which is (or at least was) a big advantage as it makes implementation easier on limited devices, as you can mostly reuse the encryption code for decryption.
Thomas
- 7,568
- 1
- 32
- 45