Also known as: DES, Data Encryption Standard
The Data Encryption Standard (DES) is a symmetric block cipher built as a 16-round Feistel network, encrypting 64-bit blocks under a 56-bit key.1 Standardised as FIPS 46 in 1977 and dominant for two decades, its short key is now trivially brute-forceable, so DES is obsolete — yet it survives as DES-OFB in legacy P25 secure voice.
How it works
DES is the textbook Feistel cipher. A 64-bit block is split into left and right 32-bit halves and passed through 16 identical rounds:
- Round function F. The right half is expanded from 32 to 48 bits, XORed with a 48-bit round subkey, then fed through eight S-boxes that map 6 bits to 4 (the nonlinear heart of the cipher), and finally a fixed permutation.
- Feistel structure. F’s output XORs into the left half, and the halves swap. Because the round is invertible regardless of what F does, decryption is the same machinery with the subkeys applied in reverse order.
- Key schedule. The 64-bit key is really 56 effective bits (8 are parity); a schedule of rotations and permutations derives the sixteen 48-bit subkeys.
- Initial/final permutations bookend the rounds and add no cryptographic strength.
The design (with its later-explained S-box choices) resists differential and linear cryptanalysis remarkably well. Its fatal flaw is not the algorithm but the key length: 56 bits is only ~7.2×10¹⁶ keys.
Variants
- Triple DES (3DES). Encrypt–decrypt–encrypt with two or three keys restores an effective ~112-bit strength; used to extend DES’s life in finance and legacy systems.
- DES-OFB / DES-CFB. Running DES in output-feedback mode turns the block cipher into a stream cipher — a keystream XORed with the digitised voice. This is the form P25 uses (Algorithm ID 0x81), so the block cipher never touches the audio bits directly.
- DES-XL / ADP. Motorola-proprietary DES-derived modes seen in older public-safety radios.
In practice
DES fell to brute force publicly in 1998–99, when the EFF’s “Deep Crack” machine and a distributed effort recovered a key in days, then hours. Modern FPGAs and GPUs do it far faster. That is why NIST withdrew DES in favour of AES.
Relevance to SDR
On the air a scanner still meets DES as DES-OFB on older P25 systems that have not migrated to AES-256. GopherTrunk can detect and follow such calls — reading the talkgroup, source, and the encryption algorithm/key ID in the clear — but it does not carry out key search and does not decrypt the voice: recovering the audio would require the actual 56-bit key or an out-of-band brute-force attack that is outside the project’s scope and legality. DES’s weakness is real in theory, but GopherTrunk remains a receiver of clear and scrambled traffic, not a codebreaker of keyed voice — the same honest boundary that applies to AES.
Sources
-
Data Encryption Standard — Wikipedia, for the Feistel structure, 56-bit key, S-boxes, and DES’s brute-force obsolescence. ↩