Currently, there are three data encryption standards approved for use in the Federal Information Processing Standards (FIPS). This application note discusses the implementation of two of these for PIC24 and dsPIC30/33 devices: Triple Data Encryption Standard (TDES) and Advanced Encryption Standard (AES).
The original Data Encryption Standard (DES), a 64-bit block cipher, was invented in the early 1970s by IBM®. DES uses a 64-bit encryption key: 56 bits for encoding and decoding, the remainder for parity. It was adopted by the United States government in 1977 as standard for encrypting sensitive data. By the mid 1990s, several public organizations had demonstrated that they were able to crack a DES code within days.
Triple DES (TDES) is a variant of DES, and is described in FIPS 46-2 and 46-3. TDES uses three cycles of DES to extend the key from 56 bits to 112 or 168 bits, depending on the mode of operation. Because of known weaknesses in the DES algorithm, the actual security is believed to be on the order of 80 and 112 bits, respectively, for the two different methods. The use of TDESwas suggested by the American government in 1999 for use in all systems, except in legacy systems, where only DES was available.
There are several different modes of TDES. The most common involves using two different keys. The data is encrypted with the first key. That result is then decrypted with the second key. The data is then finally encrypted once again with the first key. Other modes of operation include using three different keys, one for each of the stages, and encrypting in all rounds instead of decrypting during the second round. For most new applications, TDES has been replaced with Advanced Encryption Standard (AES). AES provides a slightly higher security level than TDES and is much faster and smaller in implementation than TDES.
The original DES algorithm is outlined in Figure 1. The cycle is run 32 times before the ciphertext is valid.