Why is the Initial Permutation Step necessary in DES? How does it strengthen the cipher since we are reversing the permutation in the output?
Asked
Active
Viewed 233 times
1 Answers
3
Why is the Initial Permutation Step necessary in DES? How does it strengthen the cipher since we are reversing the permutation in the output?
The initial permutation doesn't strengthen the cipher at all. Because it is a public unkeyed operation (that is, the adversay can predict exactly how it would transform any plaintext), the adversary can account for it. In particular, $DES$ has equivalent security as $DES^*$ (DES with the initial and final permutations omitted) for most common security notions (e.g. known plaintext, chosen plaintext, chosen ciphertext).
Instead, the initial permutation is there for historical reasons; it was put in there to make the initial DES implementation easier.
Nowadays, we can implement DES (which was originally envisioned to be implemented only in hardware) in a small corner of an FPGA; however when the original DES implementation was designed (mid 70s), the complexity was pushing what could be implemented by then integrated circuits (to the extent that the original implementation was a multiple IC solution). Reading those bits in that specific order made those chips a bit easier, and so it was done that way.
FIPS 46 (NIST's official description of how to do DES) followed this. Since every later implementation had to follow FIPS 46, they all had to include the initial/final permutations.
poncho
- 154,064
- 12
- 239
- 382