New modification on feistel DES algorithm based on multi-level keys

The data encryption standard (DES) is one of the most common symmetric encryption algorithms, but it experiences many problems. For example, it uses only one function (XOR) in the encryption process, and the combination of data is finite because it occurs only twice and operates on bits. This paper presents a new modification of the DES to overcome these problems. This could be done through adding a new level of security by increasing the key space (using three keys) during the 16 rounds of the standard encryption algorithm and by replacing the predefined XOR operation with a new # operation. Our proposed algorithm uses three keys instead of one. The first key is the input key used for encrypting and decrypting operations. The second key is used for determining the number of bits, while the third key is used for determining the table numbers, which are from 0 to 255. Having evaluated the complexity of our proposed algorithm, the results show that it is the most complex compared with the well-known DES and other modified algorithms. Consequently, in our proposed algorithm, the attacker try a number of attempts 21173 at minimum to decrypt the message. This means that the proposed DES algorithm will increase the security level of the well-known DES.

In this paper, we focus on the Feistel network applied in the DES algorithm. It is the earliest symmetric encryption algorithm developed by IBM in 1972 and was adopted in 1977 as the Federal Information Processing Standard by the National Bureau of Standards. The DES algorithm is best suitable for implementation in hardware. Conversely, it tends to demonstrate slow implementation in software. The algorithm accepts 64-bit keys, where only 56 bits have previously been used because the remaining 8 bits were used for error detection purposes [11][12][13].
The principle work of the DES algorithm can be summarised as follows: input the plaintext (64 bits) of the algorithm, which is processed with an initial permutation, then 16 rounds of the key and plaintext are applied, and the inverse permutation is the final step in the algorithm. The structure of the DES algorithm is based on the Feistel network, which divides the input plaintext (64 bits) block into two halves: left (32 bits) and right (32 bits) [14,15].
The core work of the DES Feistel is the F function, which is key-dependent and consists of four phases as follows [16][17][18]: -Expansion phase: The 32-bit input word is expanded into 48 bits by duplicating and reordering the bits of the word. -Key mixing phase: The result word from the previous phase uses XOR with a round key constructed by selecting 48 bits from the 56-bit key, and in each round, a different selection of bits is used. -Substitution phase: The step uses eight S-boxes to map the 48 bit for producing 32 new bit.
-Permutation phase: The 32-bit result from the S-boxes is reordered according to a fixed permutation choice table.
In the undo step, the modified right block then uses XOR operation with the left block, and the result from this step is provided in the next right block. The unmodified right block is fed to the next left block register. The same process is iterated sixteen times for making sixteen rounds of DES [19]. The work of well-known DES algorithm in steps cited in [16,20]: Any encryption algorithm depends on the key as the significant element can be "defined as a "numeric, "alpha numeric text or special symbol [11,21]. Most modern cryptographic algorithms "depend on functions "with two "states (0, 1) for "encryption and decryption. DES, as one of the block algorithms uses the classical logical operation (XOR) which depends on two states: simply (0, 1) which has several weak points lead to break the DES, such as being simple where it can be deciphered easily by attackers. Consequently researchers have attempted to replace the two states with four "ones (0, 1, 2, 3) as shown in Figure 1 in the following sections for increasing key space [22]. In this paper, we focus on the weak points of XOR by replacing it with a new # operation with variable block bit sizes (n): (1 or 2 or 4 or 8) instead of one block size. Each block will generate different states tables based on addition in GF (2 n ). The overall new # operation is managed by using additional two keys. This work is repeated in each round of DES to increase the security level of the algorithm. Our results show that this new modification on DES algorithm will increase the security level of the encryption by increasing the complexity in each round and thus the protection of encrypted messages will be guaranteed.

RELATED WORK
This section presents the overview of the related literature on various modifications of the DES algorithm and uses the truth tables in the key distribution. In 2009 [22], researchers presented the work by combining the curve security methods with quantum cryptography concepts to increase the security and key space to make the encryption operation more secure and robust. In this work, the proposed modification focuses on the use of four different states (0, 1, 2, and 3) instead of two (0 and 1). This is to make variations in the polarised angles that have been used in the quantum description encoded in these four tables in addition to the output descriptions that have used polarised state angles according to the tables. Then, manipulation ciphers convert the plaintext into ciphertext by changing the actual state pattern of each character using a logical operator (#). The operator # has the following figure truth tables.
The work of the # operation involves three inputs. The first input refers to the table number, which should be used to compute the result among the four tables. The other two inputs determine the row and column numbers in the given table to give the result as a cross point. In 2010, [23] researchers introduced a proposal for a new method to improve the performance of the DES algorithm. This improvement is demonstrated by replacing the predefined XOR operation applied during the 16 rounds in the standard algorithm Feistel with a new # operation that depends on using two keys. Each key consists of a combination of four states (0, 1, 2, and 3) instead of the ordinary two-state keys (0 and 1) using different truth tables proposed in [22] Figure 1. The first key is used to determine the table number among the four tables, and the second key is used in the encryption algorithm. This replacement adds a new level of security to the algorithm against attackers through increasing the level of complexity. In our proposed method, we operate on multi-states as combination of 0-or 1-or 4-or 8-bits for representing (0, 1, 2, 3, … 255) while the proposed in [23] operate only 2-bits to represent (0, 1, 2, 3). Consequently, our proposed more randomness and more security. In 2017, [5] the authors have proposed a new modification on DES by extended the standard bit size from 64-bit to 128-bit for both plaintext and key size in order to increase the security of algorithm. This is done by doubling the size of tables, function and keys. "By" increasing " the" overall "size" in "cipher" will "made" the "algorithm" stronger against brute-force attack.

PROPOSED IMPROVEMENT OF THE DATA ENCRYPTION STANDARD
The DES is considered unsecure for many applications for several reasons. It primarily depends on only a single bit (0 or 1). Similarly, it uses only one function (XOR), as it does not contain enough randomness and is vulnerable to attacks. Therefore, to overcome these problems, in this section, we introduce a new method to modify the DES to improve the encryption performance and make the algorithm more complex against attacks. This is can be achieved by making a modification on a binary function and key generation using multiple keys in each round of the standard DES algorithm instead of one. Each key is generated independently. The first key is the input key used for encrypting and decrypting operations. The second key is generated randomly in binary format called the key number of bits , which is used to determine the number of bits (block bit size) taken from key and message. The third key is called key no. of table , which is used to select one state table among different state tables that is used to apply the # operation. This work is done by replacing the XOR function with a new logical operation called the # operation. This # operation needs three inputs: the first one specifies the state table number, which should be used to calculate the result among different state tables. The other two inputs identify the row and column numbers in the specified state table where their cross point gives the results. However, the number of tables with more states are used in this work to increase the randomness in the algorithm.
In this paper, a new manipulation of the bit process has been introduced because the well-known DES algorithm is based on XOR, which operates only on (0,1), whereas the proposed algorithm uses a new operation (#), which works on different truth state tables. These state tables are generated in the same manner as for the tables of the previous section shown in Figure 1, yet with more spaces. These tables are mainly constructed based on the addition operation in the Galois field GF(2 n ), where n is the value depend on the block bit size that specify by the key number of bits . In our work, four variable block bit size:1,2,4 and 8 are used, there are 2-state tables (0 and 1) for GF (2 1 ), 4-state tables (0, 1, 2, and 3) for GF (2 2 ), 16-state tables (0, 1, …, 15) for GF (2 4 ), and 256 -state tables (0, 1, …, 255) for GF (2 8 ), the samples of theses tables shown in the next section Tables 1 to 6. The following examples illustrate the process how generate state tables based on block bit size and select one state from them. Let, K b = key number of bits , and K c =key no. of table , then: -K b = 000110110101010 … (generated randomly for encryption and decryption); -At each round, take two bits from the K b and check it : -If K b = 00, then the block bit size=1 and recall 2-state tables: K c select randomly one table either 0 or 1 for encrypting and decrypting. The overall process of the # operation for each round in the proposed DES algorithm as shown in Figure 2.

Construction of the state tables
This section show samples of tables that constructed based on the addition mathematical operation in Galois Field (GF (2 n )). Tables 1, 2, 3 and Tables 4, 5, 6 represent the addition in GF (2 4 ) and GF (2 8 ) consecutively.

Proposed data encryption standard in steps
This section proposes the proposed DES algorithm in steps as shown hereunder. Modified steps have been highlighted with the red colour: Algorithm 1: Proposed DES using multi-level keys Input: Plaintext message 64 bits and key 64 bits called K. Output: Produce cipher block of 64 bits Begin Step 1: Key is processed to produce sixteen (48-bit) sub_keys Ki from K as follows: Step1.1: The 8 parity bits are removed from the key using the initial Permutation table.
Step 1.2: Split K into two halves: Ci and Di.
Step 1.3: Each half of the key is shifted by one or two bits depending on the round.
Step 1.4: The halves are recombined and subject to compression.
Step 1.5: Permutation is used to reduce the key from 56 bits to 48 bits.
Step 2: Generate randomly control key 32 bits in binary form called Kbi (number of bits) for16 round.
Step 3: Use the IP table to permute the bits of plaintext block (64 bits).
Step 4: The block result from Step 3 is split into two 32-bit halves (L0, R0) left and right.

SIMULATION RESULTS
Cryptography is the science that provides secure communication over unsecure channels. The message is encrypted using the key by applying mathematical operations to produce the ciphertext. Consequently, without knowing the key, an attacker as a third party cannot calculate the message from the ciphertext. Moreover, the number of attempts to estimate the key by the attackers can be defined as brute force attacks. As an illustration, one of the algorithms that is vulnerable to this type of attack is the DES algorithm [24,25]. Thus, this paper introduces a new modification of the DES algorithm. This is to enhance the security level by increasing the key space using multiple control keys to determine the number of bits used from the block to encrypt into the specified table. Hence, it will be very difficult to estimate the key. This section presents three metrics evaluation (complexity, encryption time, throughout, NIST tests and histogram analysis) of the proposed DES algorithm as shown below, where the simulation of the algorithm is done to perform the evaluation tests on Intel Core i7-8550U@2.00 GHz processor using Microsoft visual studio c# 2017.

Security complexity analysis
We calculate the complexity of the proposed algorithm by computing the number of possibilities of keys, which the attacker needs to decrypt the cipher-text with 64 bits using three keys with four blocks of (1, 2, 4, or 8) bit size and different state tables. First, we compute the complexity of the well-known DES algorithm using a predefined XOR binary operation (0, 1); thus, computing the number of possible keys used in the encryption and decryption is calculated as follows: 2 × (2) 8 × 32 × 2 = 2 × (2) 8 × 2 5 × 2 = 2 15 (1) Second, when using the # operation n the modified DES algorithm [23] with four states (0, 1, 2, and 3) and two bits instead of one bit, the number of key possibilities used in the encryption and decryption is computed as follows: (2 2 ) 16 × (2 2 ) 8 × 2 2 × 32 × 2 = 2 32 × 2 32 × 2 2 × 2 5 × 2 = 2 72 (2) Finally, we compute the complexity of the proposed algorithm using three keys. The overall complexity of our proposed algorithm is as follows: ( (21) Table 7 summarises the results based on computing the complexity as the comparison between our proposed algorithm with the well-known DES algorithm and the modified algorithm cited in [23]. The findings show that our proposed algorithm is more complex than the others. Figure 3 shows the security complexity of proposed DES for 16 round with two algorithms (well-known DES and DES modified with 4-states cited in [23]. These results have shown in Table.7 and Figure 3 proved that our proposed algorithm has been more complex than others. Consequently, our proposed become stronger against brute-force attacks.

Encryption time and throughput
As another metric for measuring the performance of the algorithm, the encryption time is computed by the time required for converting the plaintext into an unrecognised form. The throughput metric as applied in this context is calculated as [26]: From these Table 8 and Figure 4, the original, modified, and the proposed DES algorithms are equivalent in terms of computation time. However, our proposed method offers more effective results related to the complexity evaluation against attacks, which enables our DES algorithm to be more difficult for an attacker to retrieve the original message.

Nist tests analysis
The output of the encryption algorithm should be more random" and unpredictable. Several methods exist for computing the randomness, such as NIST (" National "Institute of Standards "and Technology), Diehard tests, and TestU01. In this paper, we use 15 statistical tests from NIST statistical for testing the "randomness" of the binary" sequences, as shown in Table 9. This and the modified tests are calculated over multiple cypher-text produced from the well-known DES. The probability value (p-value) is set" to a value of 0.01 to confirm if the output is random. The average tests are computed and listed in Table 9. If the test results provide a p-value "asymptotically approaching 1, then the output should appear to have complete randomness. A p-value equal to zero signifies that the output is non-random. The pass status represents that the p-value of these tests is greater than 0.001 and denotes the output is acceptable (e.g., offers good randomness). The p-values of most of the tests from the proposed DES algorithm are greater than the p-values of the well-known DES, as shown in Table 9. Consequently, the proposed DES is better than the original DES in most tests.

Discussion the results
Our proposed DES uses three keys through 16 rounds with each round using three keys, including an input key for encryption and decryption, a second key for determining the number of blocks of 1-, 2-, 4-or 8-bits then generating the number of state tables, and a third key to select one state table for encryption and decryption. This approach indicates that using these coefficient parameters (i.e., three keys with dynamic block sizes) in each round increases the complexity of our proposed DES against attack. When comparing with a triple DES, which works by using DES three times, then we use only three keys through a total of 48 rounds. Moreover, our proposed DES manipulates the bits with different states since the triple DES manipulates the bits only with two states (0 and 1). So, the complexity of the triple DES is less than our proposed DES.
From the histogram analysis, the correlation between the pixels in an image allows us to select three different images. In image1, the correlation between the pixels is high while being less in image2. In image3, little correlation exists. The effect of the dynamic block size is selected each time for encryption and decryption. As shown in the previous figures, the distribution of the pixels in our proposed DES is equivalent to a uniform distribution suggesting that it is stronger compared to the original DES for these three types of images.

CONCLUSION
The DES is one of the most popular and earliest encryption algorithms that has been used until very recently. The DES is considered insecure for many applications due to its many weaknesses. Examples of such weaknesses include the key length, using only one function, containing less randomness, etc. Thus, it is necessary to increase the security of this algorithm by adding new levels of security to make it more secure. An additional key is added, and the old XOR is replaced by a new operation called the # operation, with more truth tables. In this paper, this change is suggested to give more strength to the DES algorithm. This will make it more powerful against any kind of snooping. Using multi-keys instead of one key increases the reliability of the key. Using a variable block bit size in each round increase the security of the algorithm. However, this will increase the efficiency of the encryption and decrease the probabilities of a break against differential analysis from brute force attacks. The modification of the DES algorithm adds complexity in computing the key but saves the time taken in mathematical computation, as shown in the previous section.