FIP46-2 (Система криптозащиты в стандарте DES. Система взаимодействия периферийных устройств), страница 3

16. Comments. Comments and suggestions regarding this standard and its use

are welcomed and should be addressed to the National Institute of Standards

and Technology, Attn: Director, Computer Systems Laboratory, Gaithersburg,

MD 20899.

17. Waiver Procedure. Under certain exceptional circumstances, the heads of

Federal departments and agencies may approve waivers to Federal Information

Processing Standards (FIPS). The head of such agency may redelegate such

authority only to a senior official designated pursuant to section 3506(b)

of Title 44, United States Code. Waiver shall be granted only when:

a. Compliance with a standard would adversely affect the accomplishment

of the mission of an operator of a Federal computer system; or

b. Compliance with a standard would cause a major adverse financial

impact on the operator which is not offset by Government-wide savings.

Agency heads may act upon a written waiver request containing the

information detailed above. Agency heads may also act without a written

waiver request when they determine that conditions for meeting the standard

cannot be met. Agency heads may approve waivers only by a written decision

which explains the basis on which the agency head made the required

finding(s). A copy of each decision, with procurement sensitive or

classified portions clearly identified, shall be sent to: National Institute

of Standards and Technology; ATTN: FIPS Waiver Decisions, Technology

Building, Room B-154, Gaithersburg, MD 20899.

In addition, notice of each waiver granted and each delegation of authority

to approve waivers shall be sent promptly to the Committee on Government

Operations of the House of Representatives and the Committee on Government

Affairs of the Senate and shall be published promptly in the Federal

Register.

When the determination on a waiver applies to the procurement of equipment

and/or services, a notice of the waiver determination must be published in

the Commerce Business Daily as a part of the notice of solicitation for

offers of an acquisition or, if the waiver determination is made after that

notice is published, by amendment to such notice.

A copy of the waiver, any supporting documents, the document approving the

waiver and any accompanying documents, with such deletions as the agency is

authorized and decides to make under 5 United States Code Section 552(b),

shall be part of the procurement documentation and retained by the agency.

18. Special Information. In accordance with the Qualifications Section of

this standard, reviews of this standard have been conducted every 5 years

since its adoption in 1977. The standard was reaffirmed during each of those

reviews. This revision to the text of the standard contains changes which

allow software implementations of the algorithm and which permit the use of

other FIPS approved cryptographic algorithms.

19. Where to Obtain Copies of the Standard. Copies of this publication are

for sale by the National Technical Information Service, U.S. Department of

Commerce, Springfield, VA 22161. When ordering, refer to Federal Information

Processing Standards Publication 46-2 (FIPS PUB 46-2), and identify the

title. When microfiche is desired, this should be specified. Prices are

published by NTIS in current catalogs and other issuances. Payment may be

made by check, money order, deposit account or charged to a credit card

accepted by NTIS.

FIPS PUB 44-2

Supersedes FIPS PUB 46-1

1988 January 22

Federal Information

Processing Standards Publication 46-2

1993 December 30

Specifications for

DATA ENCRYPTION STANDARD

The Data Encryption Standard (DES) shall consist of the following Data

Encryption Algorithm to be implemented in special purpose electronic

devices. These devices shall be designed in such a way that they may be used

in a computer system or network to provide cryptographic protection to

binary coded data. The method of implementation will depend on the

application and environment. The devices shall be implemented in such a way

that they may be tested and validated as accurately performing the

transformations specified in the following algorithm.

DATA ENCRYPTION ALGORITHM

Introduction

The algorithm is designed to encipher and decipher blocks of data consisting

of 64 bits under control of a 64-bit key.** Deciphering must be accomplished

by using the same key as for enciphering, but with the schedule of

addressing the key bits altered so that the deciphering process is the

reverse of the enciphering process. A block to be enciphered is subjected to

an initial permutation IP, then to a complex key-dependent computation and

finally to a permutation which is the inverse of the initial permutation

IP-1. The key-dependent computation can be simply defined in terms of a

function f, called the cipher function, and a function KS, called the key

schedule. A description of the computation is given first, along with

details as to how the algorithm is used for encipherment. Next, the use of

the algorithm for decipherment is described. Finally, a definition of the

cipher function f is given in terms of primitive functions which are called

the selection functions Si and the permutation function P. Si, P and KS of

the algorithm are contained in the Appendix.

The following notation is convenient: Given two blocks L and R of bits, LR

denotes the block consisting of the bits of L followed by the bits of R.

Since concatenation is associative, B1B2...B8, for example, denotes the

block consisting of the bits of B1 followed by the bits of B2...followed by

the bits of B8.

** Blocks are composed of bits numbered from left to right, i.e., the left

most bit of a block is bit one.

Figure 1. Enciphering computation.

Enciphering

A sketch of the enciphering computation is given in Figure 1.

The 64 bits of the input block to be enciphered are first subjected to the

following permutation, called the initial permutation IP:

IP

58 50 42 34 26 18 10 2

60 52 44 36 28 20 12 4

62 54 46 38 30 22 14 6

64 56 48 40 32 24 16 8

57 49 41 33 25 17 9 1

59 51 43 35 27 19 11 3

61 53 45 37 29 21 13 5

63 55 47 39 31 23 15 7

That is the permuted input has bit 58 of the input as its first bit, bit 50

as its second bit, and so on with bit 7 as its last bit. The permuted input

block is then the input to a complex key-dependent computation described

below. The output of that computation, called the preoutput, is then

subjected to the following permutation which is the inverse of the initial

permutation:

IP-1

40 8 48 16 56 24 64 32

39 7 47 15 55 23 63 31