DES (Data Encryption Standard) works by splitting data into 64-bit blocks and running each block through 16 rounds of substitution and scrambling, all controlled by a 56-bit key. It’s a symmetric cipher, meaning the same key encrypts and decrypts the data. Though no longer secure enough for modern use, DES defined how block ciphers work, and understanding it is the foundation for understanding most encryption that followed.
The Big Picture: Blocks, Keys, and Rounds
DES is a block cipher. Rather than encrypting data one character at a time, it chops your message into fixed-size chunks of 64 bits (8 bytes) and processes each chunk independently. If your message doesn’t divide evenly into 64-bit blocks, padding is added to fill the last one.
The key you supply is technically 64 bits long, but 8 of those bits are just parity checks (one per byte, used for error detection). That leaves 56 bits of actual key material. From this single 56-bit key, the algorithm generates 16 smaller subkeys, one for each round of encryption. Every round mixes a different subkey into the data, so the scrambling changes at every step.
The Feistel Structure
At its core, DES uses a design called a Feistel network. Here’s how it works: the 64-bit block is split into two halves, a left half and a right half, each 32 bits. In every round, the right half gets fed into a complex function along with that round’s subkey. The output of that function is then combined with the left half using XOR (a simple bit-by-bit comparison that flips bits). After that, the two halves swap positions, and the process repeats.
This swap-and-mix cycle happens 16 times. The beauty of the Feistel design is that decryption uses the exact same process, just with the 16 subkeys applied in reverse order. You don’t need a separate decryption algorithm.
What Happens Inside Each Round
The round function is where the real security comes from. It takes the 32-bit right half and expands it to 48 bits by duplicating certain bits. This expanded version is XORed with the 48-bit subkey for that round. The result then passes through eight S-boxes, which are the heart of DES’s security.
Each S-box takes 6 bits of input and produces 4 bits of output, so the eight S-boxes together compress the 48-bit value back down to 32 bits. What makes S-boxes critical is that they’re the only nonlinear part of the entire algorithm. Every other operation in DES (the permutations, the XOR operations, the bit expansions) is linear, meaning it follows predictable mathematical patterns. The S-boxes break that predictability. Each row within an S-box contains every possible 4-bit output exactly once, ensuring the output looks random even when the input changes by a single bit.
After the S-boxes, the 32-bit result passes through one more permutation that rearranges the bit positions. This shuffled output is what gets XORed with the left half to complete the round.
Initial and Final Permutations
Before the 16 rounds begin, the entire 64-bit block passes through an initial permutation (IP) that rearranges the order of all 64 bits according to a fixed table. After all 16 rounds finish, a final permutation (the exact inverse of the initial one) undoes that rearrangement. These permutations don’t add cryptographic strength. They were included in the original design for hardware implementation reasons, making it easier to load data into the encryption chips of the 1970s.
How the 16 Subkeys Are Generated
The key schedule takes your 56 effective key bits and produces 16 subkeys, each 48 bits long. First, the 8 parity bits are stripped out and the remaining 56 bits are rearranged. The result is split into two 28-bit halves. For each of the 16 rounds, both halves are rotated left by one or two positions (the exact shift amount depends on the round number). After each rotation, 48 specific bits are selected from the combined 56-bit value to form that round’s subkey.
Because the halves rotate by different amounts at different rounds, each subkey uses a different combination of key bits. This means every round of encryption is influenced by a unique slice of the original key, making it harder for an attacker to work backward from encrypted output to the key.
Why DES Is No Longer Secure
The fatal weakness of DES is its 56-bit key. A 56-bit key means there are roughly 72 quadrillion possible keys, which sounds enormous but proved crackable surprisingly early. In 1998, the Electronic Frontier Foundation built a custom machine for under $250,000 that tried every possible key until it found the right one. It cracked a DES-encrypted message in under 3 days, searching more than 88 billion keys per second. The previous record, set by a network of tens of thousands of computers, had been 39 days.
The original DES standard (FIPS 46) was officially withdrawn by NIST in 2005. A stopgap measure called Triple DES (3DES), which simply runs the DES algorithm three times with different keys, kept the basic design alive for another two decades. But NIST deprecated 3DES for all applications at the end of 2023. Any modules still using it for encrypting new data were moved to a historical list. 3DES can still be used to decrypt previously protected data, but it’s no longer approved for applying new protection.
How AES Replaced DES
The modern replacement for DES is AES (Advanced Encryption Standard), which supports key lengths of 128, 192, or 256 bits. A 128-bit key alone has 3.4 × 10³⁸ possible combinations, making brute-force attacks computationally impossible with any foreseeable technology. AES also uses a different internal structure (a substitution-permutation network rather than a Feistel network), operates on larger 128-bit blocks, and is faster in practice. Performance comparisons show AES consistently encrypting data more quickly than DES across different platforms, with shorter encryption times even as text sizes increase.
DES remains worth understanding because its core ideas, block processing, multiple rounds of substitution and permutation, subkey generation, persist in modern ciphers. AES is a more sophisticated descendant, but the blueprint DES established in 1977 is still visible in how we encrypt data today.