DES Key schedule

Le standard :

https://csrc.nist.gov/csrc/media/publications/fips/46/3/archive/1999-10-25/documents/fips46-3.pdf

Les bits de la clé sont numérotés 1, 2, 3, ... 64 de gauche à droite (notation des années 70) et non 63, 62, 61, ... 0 comme de nos jours.

États initiaux des deux registres à décalages C et D après l'action de pc1 (Permuted choice 1).

In [1]:
C = [57, 49, 41, 33, 25, 17, 9,
    1, 58, 50, 42, 34, 26, 18,
    10, 2, 59, 51, 43, 35, 27,
    19, 11, 3, 60, 52, 44, 36]
In [2]:
D = [63, 55, 47, 39, 31, 23, 15,
    7, 62, 54, 46, 38, 30, 22,
    14, 6, 61, 53, 45, 37, 29,
    21, 13, 5, 28, 20, 12, 4]
In [3]:
def shift(L, n):
    """Permutation circulaire à gauche de n rangs sur la liste L
    """
    return L[n:]+L[:n]
In [4]:
print(shift(C, 1))

[49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36, 57]

Permuted Choice 2 : forme la sous-clé de 48 bits à partir des registres C et D (28+28=56 bits --> 48 bits)

In [5]:
pc2 = [14, 17, 11, 24, 1, 5,
      3, 28, 15, 6, 21, 10,
      23, 19, 12, 4, 26, 8,
      16, 7, 27, 20, 13, 2,
      41, 52, 31, 37, 47, 55,
      30, 40, 51, 45, 33, 48,
      44, 49, 39, 56, 34, 53,
      46, 42, 50, 36, 29, 32]
In [6]:
ppc2 = [x-1 for x in pc2]  # en Python les tableaux commencent à l'indice 0 et non 1
In [7]:
def sKey(C, D):
    """Retourne la sous-clé qui correspond aux registres C et D
    """
    CD = C + D
    return [CD[ppc2[i]] for i in range(48)]
In [8]:
print(sKey(C, D))

[18, 59, 42, 3, 57, 25, 41, 36, 10, 17, 27, 50, 11, 43, 34, 33, 52, 1, 2, 9, 44, 35, 26, 49, 30, 5, 47, 62, 45, 12, 55, 38, 13, 61, 31, 37, 6, 29, 46, 4, 23, 28, 53, 22, 21, 7, 63, 39]

Table donnant le décalage des registres pour chacun des 16 rounds.

In [9]:
r = [1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1]

Calcul des 16 sous-clés :

In [10]:
for nround in range(16):
    print('K'+str(nround+1))
    C = shift(C, r[nround])
    D = shift(D, r[nround])
    print(sKey(C, D))

K1
[10, 51, 34, 60, 49, 17, 33, 57, 2, 9, 19, 42, 3, 35, 26, 25, 44, 58, 59, 1, 36, 27, 18, 41, 22, 28, 39, 54, 37, 4, 47, 30, 5, 53, 23, 29, 61, 21, 38, 63, 15, 20, 45, 14, 13, 62, 55, 31]
K2
[2, 43, 26, 52, 41, 9, 25, 49, 59, 1, 11, 34, 60, 27, 18, 17, 36, 50, 51, 58, 57, 19, 10, 33, 14, 20, 31, 46, 29, 63, 39, 22, 28, 45, 15, 21, 53, 13, 30, 55, 7, 12, 37, 6, 5, 54, 47, 23]
K3
[51, 27, 10, 36, 25, 58, 9, 33, 43, 50, 60, 18, 44, 11, 2, 1, 49, 34, 35, 42, 41, 3, 59, 17, 61, 4, 15, 30, 13, 47, 23, 6, 12, 29, 62, 5, 37, 28, 14, 39, 54, 63, 21, 53, 20, 38, 31, 7]
K4
[35, 11, 59, 49, 9, 42, 58, 17, 27, 34, 44, 2, 57, 60, 51, 50, 33, 18, 19, 26, 25, 52, 43, 1, 45, 55, 62, 14, 28, 31, 7, 53, 63, 13, 46, 20, 21, 12, 61, 23, 38, 47, 5, 37, 4, 22, 15, 54]
K5
[19, 60, 43, 33, 58, 26, 42, 1, 11, 18, 57, 51, 41, 44, 35, 34, 17, 2, 3, 10, 9, 36, 27, 50, 29, 39, 46, 61, 12, 15, 54, 37, 47, 28, 30, 4, 5, 63, 45, 7, 22, 31, 20, 21, 55, 6, 62, 38]
K6
[3, 44, 27, 17, 42, 10, 26, 50, 60, 2, 41, 35, 25, 57, 19, 18, 1, 51, 52, 59, 58, 49, 11, 34, 13, 23, 30, 45, 63, 62, 38, 21, 31, 12, 14, 55, 20, 47, 29, 54, 6, 15, 4, 5, 39, 53, 46, 22]
K7
[52, 57, 11, 1, 26, 59, 10, 34, 44, 51, 25, 19, 9, 41, 3, 2, 50, 35, 36, 43, 42, 33, 60, 18, 28, 7, 14, 29, 47, 46, 22, 5, 15, 63, 61, 39, 4, 31, 13, 38, 53, 62, 55, 20, 23, 37, 30, 6]
K8
[36, 41, 60, 50, 10, 43, 59, 18, 57, 35, 9, 3, 58, 25, 52, 51, 34, 19, 49, 27, 26, 17, 44, 2, 12, 54, 61, 13, 31, 30, 6, 20, 62, 47, 45, 23, 55, 15, 28, 22, 37, 46, 39, 4, 7, 21, 14, 53]
K9
[57, 33, 52, 42, 2, 35, 51, 10, 49, 27, 1, 60, 50, 17, 44, 43, 26, 11, 41, 19, 18, 9, 36, 59, 4, 46, 53, 5, 23, 22, 61, 12, 54, 39, 37, 15, 47, 7, 20, 14, 29, 38, 31, 63, 62, 13, 6, 45]
K10
[41, 17, 36, 26, 51, 19, 35, 59, 33, 11, 50, 44, 34, 1, 57, 27, 10, 60, 25, 3, 2, 58, 49, 43, 55, 30, 37, 20, 7, 6, 45, 63, 38, 23, 21, 62, 31, 54, 4, 61, 13, 22, 15, 47, 46, 28, 53, 29]
K11
[25, 1, 49, 10, 35, 3, 19, 43, 17, 60, 34, 57, 18, 50, 41, 11, 59, 44, 9, 52, 51, 42, 33, 27, 39, 14, 21, 4, 54, 53, 29, 47, 22, 7, 5, 46, 15, 38, 55, 45, 28, 6, 62, 31, 30, 12, 37, 13]
K12
[9, 50, 33, 59, 19, 52, 3, 27, 1, 44, 18, 41, 2, 34, 25, 60, 43, 57, 58, 36, 35, 26, 17, 11, 23, 61, 5, 55, 38, 37, 13, 31, 6, 54, 20, 30, 62, 22, 39, 29, 12, 53, 46, 15, 14, 63, 21, 28]
K13
[58, 34, 17, 43, 3, 36, 52, 11, 50, 57, 2, 25, 51, 18, 9, 44, 27, 41, 42, 49, 19, 10, 1, 60, 7, 45, 20, 39, 22, 21, 28, 15, 53, 38, 4, 14, 46, 6, 23, 13, 63, 37, 30, 62, 61, 47, 5, 12]
K14
[42, 18, 1, 27, 52, 49, 36, 60, 34, 41, 51, 9, 35, 2, 58, 57, 11, 25, 26, 33, 3, 59, 50, 44, 54, 29, 4, 23, 6, 5, 12, 62, 37, 22, 55, 61, 30, 53, 7, 28, 47, 21, 14, 46, 45, 31, 20, 63]
K15
[26, 2, 50, 11, 36, 33, 49, 44, 18, 25, 35, 58, 19, 51, 42, 41, 60, 9, 10, 17, 52, 43, 34, 57, 38, 13, 55, 7, 53, 20, 63, 46, 21, 6, 39, 45, 14, 37, 54, 12, 31, 5, 61, 30, 29, 15, 4, 47]
K16
[18, 59, 42, 3, 57, 25, 41, 36, 10, 17, 27, 50, 11, 43, 34, 33, 52, 1, 2, 9, 44, 35, 26, 49, 30, 5, 47, 62, 45, 12, 55, 38, 13, 61, 31, 37, 6, 29, 46, 4, 23, 28, 53, 22, 21, 7, 63, 39]

On a donc

In [11]:
k16 = [18, 59, 42, 3, 57, 25, 41, 36, 10, 17, 27, 50, 11, 43, 34, 33, 52, 1, 2, 9, 44,\
       35, 26, 49, 30, 5, 47, 62, 45, 12, 55, 38, 13, 61, 31, 37, 6, 29, 46, 4, 23, 28,\
       53, 22, 21, 7, 63, 39]
In [12]:
[i for i in range(1, 65) if i not in k16]
Out[12]:
[8, 14, 15, 16, 19, 20, 24, 32, 40, 48, 51, 54, 56, 58, 60, 64]

8, 16, 24, 32, 40, 48, 56, 64 : bits de parité

14, 15, 19, 20, 51, 54, 58, 60 : bits indéterminés

Le 16/03/2018 - Contact : Rossignol@bribes.org