Python实现DES

Contents

1. 1. 前言
2. 2. 简介
3. 3. 原理及步骤
4. 4. Python完整代码
   1. 4.1. 按步骤，代码较繁琐
   2. 4.2. 速度快，占内存小

前言

密码学作业之DES

简介

DES全称为Data Encryption Standard，即数据加密标准，是一种使用密钥加密的块算法，1977年被美国联邦政府的国家标准局确定为联邦资料处理标准（FIPS），并授权在非密级政府通信中使用，随后该算法在国际上广泛流传开来。需要注意的是，在某些文献中，作为算法的DES称为数据加密算法（Data Encryption Algorithm,DEA），已与作为标准的DES区分开来。

原理及步骤

初始置换
DES算法使用64位的密钥key将64位的明文输入块变为64位的密文输出块，并把输出块分为L0、R0两部分，每部分均为32位。

加密处理–迭代过程

经过初始置换后，进行16轮完全相同的运算，在运算过程中数据与秘钥结合。
函数f的输出经过一个异或运算，和左半部分结合形成新的右半部分，原来的右半部分成为新的左半部分

F函数
F函数由四步运算构成：
秘钥置换(Kn的生成，n=0~16)；扩展置换；S-盒代替；P-盒置换

F函数–秘钥置换–子密钥生成*
DES算法由64位秘钥产生16轮的48位子秘钥。在每一轮的迭代过程中，使用不同的子秘钥。

F函数–密钥置换选择1—PC-1
64位秘钥降至56位秘钥不是说将每个字节的第八位删除，而是通过缩小选择换位表1（置换选择表1）的变换变成56位。

F函数–扩展置换E
通过扩展置换E，数据的右半部分Rn从32位扩展到48位。扩展置换改变了位的次序，重复了某些位。

F函数–S-盒代替
异或以后的结果作为输入块进行S盒代替运算
功能是把48位数据变为32位数据
代替运算由8个不同的代替盒(S盒)完成。每个S-盒有6位输入，4位输出。
所以48位的输入块被分成8个6位的分组，每一个分组对应一个S-盒代替操作。
经过S-盒代替，形成8个4位分组结果。

F函数– P-盒置换
S-盒代替运算，每一盒得到4位，8盒共得到32位输出。这32位输出作为P盒置换的输入块。

P盒置换将每一位输入位映射到输出位。任何一位都不能被映射两次，也不能被略去。

经过P-盒置换的结果与最初64位分组的左半部分异或，然后左右两部分交换，开始下一轮迭代。

逆置换
将初始置换进行16次的迭代，即进行16层的加密变换，这个运算过程我们暂时称为函数f。得到L16和R16，将此作为输入块，进行逆置换得到最终的密文输出块。

DES解密

加密和解密可以使用相同的算法。加密和解密唯一不同的是秘钥的次序是相反的。就是说如果每一轮的加密秘钥分别是K1、K2、K3…K16，那么解密秘钥就是K16、K15、K14…K1。为每一轮产生秘钥的算法也是循环的。加密是秘钥循环左移，解密是秘钥循环右移。

合理性分析
DES是一个对称密码体制，加密和解密使用同一密钥，有效的密钥长度为56位。DES是一个分组密码算法，分组长度为64位，明文和密文的长度相同。另外，DES采用了Feistel结构，具有加密与解密相识的特性。

安全性分析
DES算法具有极高安全性，到目前为止，除了用穷举搜索法对DES算法进行攻击外，还没有发现更有效的办法。而56位长的密钥的穷举空间为256，这意味着如果一台计算机的速度是每一秒种检测一百万个密钥，则它搜索完全部密钥就需要将近2285年的时间，可见，这是难以实现的，当然，随着科学技术的发展，当出现超高速计算机后，我们可考虑把DES密钥的长度再增长一些，以此来达到更高的保密程度。
DES还存在以下的问题：
（1） 互补性（DES的最大弱点）
（2） 弱密钥
（3） 迭代轮数
（4） 密钥长度

Python完整代码

按步骤，代码较繁琐

这个是完整的按照上面的步骤来的，比较复杂的代码(看的同学的，我没写出来)。

#coding:utf-8
key = "this is a key"

Ip = [58,50,42,34,26,18,10,2,60,52,44,36,28,20,12,4,62,54,46,38,30,22,14,6,64,56,48,40,32,24,16,8,
	  57,49,41,33,25,17,9,1,59,51,43,35,27,19,11,3,61,53,45,37,29,21,13,5,63,55,47,39,31,23,15,7]

Ip_1= [40,8,48,16,56,24,64,32,39,7,47,15,55,23,63,31,38,6,46,14,54,22,62,30,37,5,45,13,53,21,61,29,
		36,4,44,12,52,20,60,28,35,3,43,11,51,19,59,27,34,2,42,10,50,18,58,26,33,1,41,9,49,17,57,25]

PC_1 = [57,49,41,33,25,17,9,1,58,40,42,34,26,18,10,2,59,51,43,35,27,19,11,3,60,52,44,36,63,55,47,    
		39,31,23,15,7,62,54,46,38,30,22,14,6,61,53,45,37,29,21,13,5,28,20,12,4]

E = [32,1,2,3,4,5,4,5,6,7,8,9,8,9,10,11,12,13,12,13,14,15,16,17,16,17,18,19,20,21,20,21,22,23
		 ,24,25,24,25,26,27,28,29,28,29,30,31,32,1]

PC_2 = [14,17,11,24,1,5,3,28,15,6,21,10,23,19,12,4,26,8,16,7,27,20,13,2,41,52,31,37,47,55,30,40,
		51,45,33,48,44,49,39,56,34,53,46,42,50,36,29,32]

left_mov = [1,1,2,2,2,2,2,2,1,2,2,2,2,2,2,1]

S = [[14,4,13,1,2,15,11,8,3,10,6,12,5,9,0,7,0,15,7,4,14,2,13,1,10,6,12,11,9,5,3,8,
     	  4,1,14,8,13,6,2,11,15,12,9,7,3,10,5,0,15,12,8,2,4,9,1,7,5,11,3,14,10,0,6,13],   #S1

    	 [15,1,8,14,6,11,3,4,9,7,2,13,12,0,5,10,3,13,4,7,15,2,8,14,12,0,1,10,6,9,11,5,
     	  0,14,7,11,10,4,13,1,5,8,12,6,9,3,2,15,13,8,10,1,3,15,4,2,11,6,7,12,0,5,14,9],	  #S2

    	 [10,0,9,14,6,3,15,5,1,13,12,7,11,4,2,8,13,7,0,9,3,4,6,10,2,8,5,14,12,11,15,1,
		  13,6,4,9,8,15,3,0,11,1,2,12,5,10,14,7,1,10,13,0,6,9,8,7,4,15,14,3,11,5,2,12],	  #S3

    	 [7,13,14,3,0,6,9,10,1,2,8,5,11,12,4,15,13,8,11,5,6,15,0,3,4,7,2,12,1,10,14,9,
     	  10,6,9,0,12,11,7,13,15,1,3,14,5,2,8,4,3,15,0,6,10,1,13,8,9,4,5,11,12,7,2,14],	  #S4

    	 [2,12,4,1,7,10,11,6,8,5,3,15,13,0,14,9,14,11,2,12,4,7,13,1,5,0,15,10,3,9,8,6,	  #S5
     	  4,2,1,11,10,13,7,8,15,9,12,5,6,3,0,14,11,8,12,7,1,14,2,13,6,15,0,9,10,4,5,3],

    	 [12,1,10,15,9,2,6,8,0,13,3,4,14,7,5,11,10,15,4,2,7,12,9,5,6,1,13,14,0,11,3,8,	  #S6
     	  9,14,15,5,2,8,12,3,7,0,4,10,1,13,11,6,4,3,2,12,9,5,15,10,11,14,1,7,6,0,8,13],

	     [4,11,2,14,15,0,8,13,3,12,9,7,5,10,6,1,13,0,11,7,4,9,1,10,14,3,5,12,2,15,8,6,	  #S7
     	  1,4,11,13,12,3,7,14,10,15,6,8,0,5,9,2,6,11,13,8,1,4,10,7,9,5,0,15,14,2,3,12],

	     [13,2,8,4,6,15,11,1,10,9,3,14,5,0,12,7,1,15,13,8,10,3,7,4,12,5,6,11,0,14,9,2,	  #S8
     	  7,11,4,1,9,12,14,2,0,6,10,13,15,3,5,8,2,1,14,7,4,10,8,13,15,12,9,0,3,5,6,11]]

P = [16,7,20,21,29,12,28,17,1,15,23,26,5,18,31,10,2,8,24,14,
		 32,27,3,9,19,13,30,6,22,11,4,25]

def init_IP(m1):		#IP初始置换，将明文转化成64比特后置换
	mp = []
	for i in range(0,64):
		mp.append(m1[Ip[i]-1])
	return mp

def init_IP_1(m1):			#IP逆初始置换
	mp_1 = []
	for i in range(0,64):
		mp_1.append(m1[Ip_1[i]-1])
	return mp_1

def F(L,R,r):							#F()函数
	right = []
	for i in range(0,48):				#扩展置换E
		right.append(R[E[i]-1])
	a = []
	k=setKey(pKey(key),r)
	for i in range(0,48):				#密钥加
		a.append(str((int(right[i])+int(k[i]))%2))
	s = ""
	for i in range(0,8):								#S盒代换
		b = a[:6]
		a = a[6:]                           #S盒代换
		h = int((b[0]+b[5]),2)
		l = int((b[1]+b[2]+b[3]+b[4]),2)
		s += str(bin(S[i][h*16+l])[2:]).zfill(4)
	p = []
	t = list(s)
	for i in range(0,32):								#置换运算P
		p.append(t[P[i]-1])
	return p

def pKey(k):		#密钥置换，将密钥从64位置换成56位
	str1 = ""
	for i in k:
		str1 += str(bin(ord(i))[2:]).zfill(8)
	list_t = list(str1)
	list_k = []
	for i in range(0,56):
		list_k.append(list_t[PC_1[i]-1])
	return list_k

def setKey(t,r):			#生成每一轮迭代的48位密钥
	for i in range(0,r):
		ll = t[:28]
		lr = t[28:]
		ll = ll[left_mov[i]:]+ll[:left_mov[i]]
		lr = lr[left_mov[i]:]+lr[:left_mov[i]]
		t = ll+lr
	list_k = []
	for i in range(0,48):
		list_k.append(list_t[PC_2[i]-1])
	return list_k

def desEncrypt(m):
	print "Encrypt: "
	list_m = init_IP(m)
	L = list_m[:32]
	R = list_m[32:]
	for i in range(1,17):     	#16轮迭代
		list_p = F(L,R,i)
		temp = R
		x = ""
		for j in range(0,32):
		 	x += str((int(list_p[j])+int(L[j]))%2)
		R = list(x)
		L = temp
	c = init_IP_1(list(R+L))	
	print "".join(c)
	return "".join(c)

def desDecrypt(c):
	print "Decrypt:"
	list_c = init_IP(c)
	L = list_c[:32]
	R = list_c[32:] 
	for i in range(1,17):     	#16轮迭代
		list_p = F(L,R,17-i)
		temp = R
		x = ""
		for i in range(0,32):
		 	x += str((int(list_p[i])+int(L[i]))%2)
		R = list(x)
		L = temp
	list_m = init_IP_1(list(R+L))	
	m = ""
	for i in range(0,8):
		a = "".join(list_m[:8])
		m += chr(int(a,2))
		list_m = list_m[8:]
	print m
	return m

if __name__ == '__main__':
	m = "cumt2016"
	str1 = ""
	for i in m:
		str1 = str1+str(bin(ord(i))[2:]).zfill(8)
	list_t = list(str1)
	c = desEncrypt(list_t)
	desDecrypt(list(c))

速度快，占内存小

这个是大神写的，在网上看到的，不知道哪位大佬的。

from functools import partial  
  
class DES(object):  
    __ip = [  
        58,50,42,34,26,18,10,2,60,52,44,36,28,20,12,4,  
        62,54,46,38,30,22,14,6,64,56,48,40,32,24,16,8,  
        57,49,41,33,25,17, 9,1,59,51,43,35,27,19,11,3,  
        61,53,45,37,29,21,13,5,63,55,47,39,31,23,15,7,  
    ]  
    __ip1 = [  
        40,8,48,16,56,24,64,32,39,7,47,15,55,23,63,31,  
        38,6,46,14,54,22,62,30,37,5,45,13,53,21,61,29,  
        36,4,44,12,52,20,60,28,35,3,43,11,51,19,59,27,  
        34,2,42,10,50,18,58,26,33,1,41, 9,49,17,57,25,  
    ]  
    __e = [  
        32, 1, 2, 3, 4, 5,  
        4 , 5, 6, 7, 8, 9,  
        8 , 9,10,11,12,13,  
        12,13,14,15,16,17,  
        16,17,18,19,20,21,  
        20,21,22,23,24,25,  
        24,25,26,27,28,29,  
        28,29,30,31,32, 1,  
    ]  
    __p = [  
        16, 7,20,21,29,12,28,17,  
        1 ,15,23,26, 5,18,31,10,  
        2 ,8 ,24,14,32,27, 3, 9,  
        19,13,30, 6,22,11, 4,25,  
    ]  
    __s = [  
        [  
        0xe,0x4,0xd,0x1,0x2,0xf,0xb,0x8,0x3,0xa,0x6,0xc,0x5,0x9,0x0,0x7,  
        0x0,0xf,0x7,0x4,0xe,0x2,0xd,0x1,0xa,0x6,0xc,0xb,0x9,0x5,0x3,0x8,  
        0x4,0x1,0xe,0x8,0xd,0x6,0x2,0xb,0xf,0xc,0x9,0x7,0x3,0xa,0x5,0x0,  
        0xf,0xc,0x8,0x2,0x4,0x9,0x1,0x7,0x5,0xb,0x3,0xe,0xa,0x0,0x6,0xd,  
        ],  
        [  
        0xf,0x1,0x8,0xe,0x6,0xb,0x3,0x4,0x9,0x7,0x2,0xd,0xc,0x0,0x5,0xa,  
        0x3,0xd,0x4,0x7,0xf,0x2,0x8,0xe,0xc,0x0,0x1,0xa,0x6,0x9,0xb,0x5,  
        0x0,0xe,0x7,0xb,0xa,0x4,0xd,0x1,0x5,0x8,0xc,0x6,0x9,0x3,0x2,0xf,  
        0xd,0x8,0xa,0x1,0x3,0xf,0x4,0x2,0xb,0x6,0x7,0xc,0x0,0x5,0xe,0x9,  
        ],  
        [  
        0xa,0x0,0x9,0xe,0x6,0x3,0xf,0x5,0x1,0xd,0xc,0x7,0xb,0x4,0x2,0x8,  
        0xd,0x7,0x0,0x9,0x3,0x4,0x6,0xa,0x2,0x8,0x5,0xe,0xc,0xb,0xf,0x1,  
        0xd,0x6,0x4,0x9,0x8,0xf,0x3,0x0,0xb,0x1,0x2,0xc,0x5,0xa,0xe,0x7,  
        0x1,0xa,0xd,0x0,0x6,0x9,0x8,0x7,0x4,0xf,0xe,0x3,0xb,0x5,0x2,0xc,  
        ],  
        [  
        0x7,0xd,0xe,0x3,0x0,0x6,0x9,0xa,0x1,0x2,0x8,0x5,0xb,0xc,0x4,0xf,  
        0xd,0x8,0xb,0x5,0x6,0xf,0x0,0x3,0x4,0x7,0x2,0xc,0x1,0xa,0xe,0x9,  
        0xa,0x6,0x9,0x0,0xc,0xb,0x7,0xd,0xf,0x1,0x3,0xe,0x5,0x2,0x8,0x4,  
        0x3,0xf,0x0,0x6,0xa,0x1,0xd,0x8,0x9,0x4,0x5,0xb,0xc,0x7,0x2,0xe,  
        ],  
        [  
        0x2,0xc,0x4,0x1,0x7,0xa,0xb,0x6,0x8,0x5,0x3,0xf,0xd,0x0,0xe,0x9,  
        0xe,0xb,0x2,0xc,0x4,0x7,0xd,0x1,0x5,0x0,0xf,0xa,0x3,0x9,0x8,0x6,  
        0x4,0x2,0x1,0xb,0xa,0xd,0x7,0x8,0xf,0x9,0xc,0x5,0x6,0x3,0x0,0xe,  
        0xb,0x8,0xc,0x7,0x1,0xe,0x2,0xd,0x6,0xf,0x0,0x9,0xa,0x4,0x5,0x3,  
        ],  
        [  
        0xc,0x1,0xa,0xf,0x9,0x2,0x6,0x8,0x0,0xd,0x3,0x4,0xe,0x7,0x5,0xb,  
        0xa,0xf,0x4,0x2,0x7,0xc,0x9,0x5,0x6,0x1,0xd,0xe,0x0,0xb,0x3,0x8,  
        0x9,0xe,0xf,0x5,0x2,0x8,0xc,0x3,0x7,0x0,0x4,0xa,0x1,0xd,0xb,0x6,  
        0x4,0x3,0x2,0xc,0x9,0x5,0xf,0xa,0xb,0xe,0x1,0x7,0x6,0x0,0x8,0xd,  
        ],  
        [  
        0x4,0xb,0x2,0xe,0xf,0x0,0x8,0xd,0x3,0xc,0x9,0x7,0x5,0xa,0x6,0x1,  
        0xd,0x0,0xb,0x7,0x4,0x9,0x1,0xa,0xe,0x3,0x5,0xc,0x2,0xf,0x8,0x6,  
        0x1,0x4,0xb,0xd,0xc,0x3,0x7,0xe,0xa,0xf,0x6,0x8,0x0,0x5,0x9,0x2,  
        0x6,0xb,0xd,0x8,0x1,0x4,0xa,0x7,0x9,0x5,0x0,0xf,0xe,0x2,0x3,0xc,  
        ],  
        [  
        0xd,0x2,0x8,0x4,0x6,0xf,0xb,0x1,0xa,0x9,0x3,0xe,0x5,0x0,0xc,0x7,  
        0x1,0xf,0xd,0x8,0xa,0x3,0x7,0x4,0xc,0x5,0x6,0xb,0x0,0xe,0x9,0x2,  
        0x7,0xb,0x4,0x1,0x9,0xc,0xe,0x2,0x0,0x6,0xa,0xd,0xf,0x3,0x5,0x8,  
        0x2,0x1,0xe,0x7,0x4,0xa,0x8,0xd,0xf,0xc,0x9,0x0,0x3,0x5,0x6,0xb,  
        ],  
    ]  
    __k1 = [  
        57,49,41,33,25,17, 9,  
        1 ,58,50,42,34,26,18,  
        10, 2,59,51,43,35,27,  
        19,11, 3,60,52,44,36,  
        63,55,47,39,31,23,15,  
        7 ,62,54,46,38,30,22,  
        14, 6,61,53,45,37,29,  
        21,13, 5,28,20,12, 4,  
    ]  
    __k2 = [  
        14,17,11,24, 1, 5, 3,28,  
        15, 6,21,10,23,19,12, 4,  
        26, 8,16, 7,27,20,13, 2,  
        41,52,31,37,47,55,30,40,  
        51,45,33,48,44,49,39,56,  
        34,53,46,42,50,36,29,32,  
    ]  
    __k0 = [  
        1,1,2,2,2,2,2,2,1,2,2,2,2,2,2,1,  
    ]  
    __hex_bin = {  
        '0':'0000','1':'0001','2':'0010','3':'0011',  
        '4':'0100','5':'0101','6':'0110','7':'0111',  
        '8':'1000','9':'1001','a':'1010','b':'1011',  
        'c':'1100','d':'1101','e':'1110','f':'1111',  
        ' ':'0000'  
    }  
  
    __re = lambda t, s: ''.join(s[i-1] for i in t)  
  
    __IP = partial(__re, __ip)  
    __IP1 = partial(__re, __ip1)  
    __E = partial(__re, __e)  
    __P = partial(__re, __p)  
    __K1 = partial(__re, __k1)  
    __K2 = partial(__re, __k2)  
  
    __B = partial( lambda hex_bin, s: ''.join(hex_bin[w]  for w in ''.join('%2x' % ord(w) for w in s)), __hex_bin)  
   
    __DB = partial( lambda s: ''.join(chr(int(s[i:i+8], 2)) for i in range(0, len(s), 8)))  
    
    __S = partial( lambda hex_bin, __s, s: ''.join(hex_bin['%x' % __s[i][int(s[i*6]+s[i*6+5], 2)*16 + int(s[i*6+1:i*6+5], 2)]] for i in range(8)),__hex_bin, __s)  
   
    __F = partial( lambda s, k: ''.join('0' if s[i]==k[i] else '1' for i in range(len(s))))  
    
    __K0 = partial( lambda k0, K2, k: map(K2,(k[k0[i]:28]+k[0:k0[i]] + k[k0[i]+28:56]+k[28:k0[i]+28] for i in range(16))),__k0, __K2)  
    
    __K = partial( lambda K1, K0, k: K0(K1(k)),__K1, __K0)  
  
    def __init__(self):  
        pass  
  
    def input_key(self, key, base=10):  
        if base == 2:  
            pass  
        elif base == 16:  
            key = ''.join(self.__class__.__hex_bin[w] for w in key)  
        else:  
            key = self.__class__.__B(key)  
        self.__k = self.__class__.__K(key)  
  
    def __code(self, s, k):  
        s = self.__IP(s)  
        l, r = s[0:32], s[32:64]  
        for i in range(16):  
            r_t = r  
            r = self.__E(r)  
            r = self.__F(r, k[i])  
            r = self.__S(r)  
            r = self.__P(r)  
            r = self.__F(r, l)  
            l = r_t  
        return self.__class__.__IP1(r+l)  
  
    def encode(self, s):  
        a = ''  
        s += ' ' * ((8-len(s)%8)%8)  
        for i in range(0, len(s), 8):  
            before = self.__class__.__B(s[i:i+8])  
            after = self.__code(before, self.__k)  
            a += '%16x' % int(after, 2)  
        return ''.join(w if w!=' ' else '0' for w in a)  
  
    def decode(self, s):  
        a = ''  
        s.lower()  
        for i in range(0, len(s), 16):  
            before = ''.join(self.__class__.__hex_bin[s[j]] for j in range(i, i+16))  
            after = self.__code(before, self.__k[::-1])  
            a += self.__class__.__DB(after)  
        return a.rstrip()  
  
  
if __name__ == '__main__':  
    d = DES()
    key="this is a key"
    d.input_key(key)  
    s = 'this is a text' 
    print "m=",s
    print "key=",key
    print "Encrypt:",
    a = d.encode(s)  
    print a
    print "Decrypt:",
    b = d.decode(a)  
    print b