CDR: Re: Permutations in DES
David Honig
honig at sprynet.com
Tue Sep 5 17:26:34 PDT 2000
At 08:00 PM 9/5/00 -0400, Augusto Jun Devegili wrote:
>Hi all,
>
>I was just wondering... In DES, there's an Initial
>Permutation (IP) on the plaintext, then 16 rounds, and
>then the inverse permutation (IP^-1) of the result to
>produce the ciphertext.
>
>How effective are these permutations? Do they really
>add diffusion to the algorithm, considering that they
>don't depend on the key?
>
>Someone told me that they are necessary to provide
>reversibility to DES. Is this correct?
You are correct.
They are needed to perform DES as spec'd in the FIPS, so just
for interoperability you've gotta keep them.
When you do 3DES you can combine them.
These permutations cost only wires in hardware, but take cycles on a CPU.
This is one of the reasons that DES is inefficient in software.
More information about the cypherpunks-legacy
mailing list