Re: DES Expansion Permute + S-Boxes Duplicates ?
From: Matt (matt_crypto_at_yahoo.co.uk)
Date: 13 Jun 2003 07:31:36 -0700
Cal Page <email@example.com> wrote:
> I rechecked and got the same results:
> >in = 0x00000010 00000000000000000000000000010000
> >ep = 0x000000a0 00000000000000000000000010100000
> >ep in groups 000000 000000 000000 000000 000000 000000 000010 100000
> >sbox 0x d 4 c 2 7 a 1 4
I think you have the S-boxes in the reverse order; S-Box 1 should be
applied to the leftmost group of six bits.
> For example,
> Look at the second sbox and note that in the first case, row = 1, col =
> 2 and we get 1 out.
> For the second case, row = 3 and col = 8, and we still get a 1 out.
Yep, this is normal. Neither the S-boxes or the F-function are
one-to-one (at most one input for each output). The S-boxes are if you
fix the outer two bits of the input, though.
>>Have I made an error in my algorithm? If not, it would mean
>>that one half the possible output values don't exist.
Almost: in , it was found experimentally that for the F-function
with fixed subkey, about a third of the output values have no
 E. F. Brickell, J. H. Moore and M. R. Purtill, "Structure in the
S-Boxes of the DES", CRYPTO '86.