In cryptography we often encrypt and sign messages that contains characters, but asymmetric key cryptosystems (Alice and Bob uses different keys) such as RSA and ElGamal are based on arithmetic operations on integer. And symmetric key cryptosystems (Alice and Bob uses the same key) such as DES and AES are based on bitwise operations on bits (a bit is either equal 0 or 1 and is an abbreviation for binary digit). Therefore, we have to convert the characters into integers or bits before we apply the cryptosystem to the message.
Because a computer can only handle bits, there already exists a method for converting characters into integers or bits, that uses the ASCII (American Standard Code for Information Interchange) table. A part of the ASCII table from Wikipedia is listed in the following table (notice that the binary representation on the Wikipedia site is only seven bits but we use eight bits, i.e. we have prepended an extra 0):
Character  Decimal  Hexadecimal  Binary 

(space)  32  20  00100000 
!  33  21  00100001 
\( \vdots \)  \( \vdots \)  \( \vdots \)  \( \vdots \) 
A  65  41  01000001 
B  66  42  01000010 
\( \vdots \)  \( \vdots \)  \( \vdots \)  \( \vdots \) 
a  97  61  01100001 
b  98  62  01100010 
\( \vdots \)  \( \vdots \)  \( \vdots \)  \( \vdots \) 
E.g. if Alice wants to send the message "Hey Bob!" encrypted to Bob with a symmetric key cryptosystem, she first converts it into its integer representation and then into its binary representation:
\( \eqalign{ H &\rightarrow 72 &&\rightarrow 01001000 \\ e &\rightarrow 101 &&\rightarrow 01100101 \\ y &\rightarrow 121 &&\rightarrow 01111001 \\ &\rightarrow 32 &&\rightarrow 00100000 \\ B &\rightarrow 66 &&\rightarrow 01000010 \\ o &\rightarrow 111 &&\rightarrow 01101111 \\ b &\rightarrow 98 &&\rightarrow 01100010 \\ ! &\rightarrow 33 &&\rightarrow 00100001 } \)
I.e. the message "Hey Bob!" is represented with integers as "72 101 121 32 66 111 98 33" and in binary as "01001000 01100101 01111001 00100000 01000010 01101111 01100010 00100001".
In math we are all familiar with the arithmetic operations such as addition, subtraction, multiplication and division. However, a computer works on bit strings, i.e. strings of 0's and 1's, and therefore needs similar operations when given two bit strings. The most important bitwise operations are NOT, AND, OR and XOR. In the following we give the result of the operations with one or two bits as input.
The NOT operation is often represented as !:
The AND operation is represented as \( \wedge \):
The OR operation is represented as \( \vee \):
The XOR (exclusive OR) operation is represented as \( \oplus \):
Alice and Bob's adversary Eve can make the following types of attacks on a symmetric key cryptosystem such as DES and AES:
Symmetric key cryptosystems can be divided into two groups; deterministic and probabilistic cryptosystems. A deterministic cryptosystem such as DES and AES uses no randomness during the encryption, i.e. the same plaintext encrypted twice with the same key returns always the same ciphertext (which can be observed by Eve). This problem can be solved with a probabilistic cryptosystem such as the various modes of operations there exists for DES and AES, which uses randomness in form of an initialization vector.
In a good deterministic cryptosystem there should be no relation between the plaintext and ciphertext whatsoever when the key is unknown, i.e. encryption in a deterministic cryptosystem should behave like a truly random function. If this is the case we say that the encryption function is a pseudorandom function (PRF) and the cryptosystem is PRFsecure if Eve's advantage in guessing correct in the following game is negligible:
Eve sends a message \( m \) to an oracle and it returns a ciphertext \( c \) where \( c \) is either an encryption of \( m \) using the encryption function of the cryptosystem or an encryption of \( m \) using a truly random function. Eve then tries to guess which encryption function the oracle used.
With a probabilistic cryptosystem we can achieve higher security compared to a deterministic cryptosystem and therefore we require that Eve can't tell the difference between a real encryption of hers message \( m \) and an encryption of a random message with no relation at all to \( m \). We say that a probabilistic cryptosystem is CPAsecure if Eve's advantage in guessing correct in the following game is negligible:
Eve sends a message \( m \) to an oracle and it returns a ciphertext \( c \) where \( c \) is either an encryption of \( m \) or a random message with the same length as \( m \). Eve then tries to guess what \( c \) is an encryption of.
Hence, if a probabilistic cryptosystem is CPAsecure the only information that a ciphertext leaks is the length of the encrypted message.
The Data Encryption Standard (DES) cryptosystem was developed by IBM in the early 1970s in association with the United States National Security Agency (NSA) as a modification of an earlier cryptosystem called Lucifer. In 1977 DES was adopted as a government standard and it was only expected that DES would be used as a standard for 1015 years, however it was a standard until 1999 where developing of its replacement the Advanced Encryption Standard (AES) had begun.
DES is a special type of iterated cipher called a Feistel cipher because the encryption and decryption algorithm are almost the same. The only difference is that during decrypting are the round keys used in reverse order compared to encryption.
In DES uses Alice and Bob the same 56bit key \( K \) (the key is actually 64bit, but 8 bits are used to validate the key) for encrypting and decrypting where plaintexts and ciphertexts are 64bit. Because Alice and Bob uses the same key is DES called a symmetric cryptosystem where e.g. Alice sends the key to Bob with an asymmetric cryptosystem such as RSA or ElGamal. The reason why symmetric key cryptosystems are used when they first have to use an asymmetric cryptosystem to exchange the key, is because they are much faster than asymmetric cryptosystems.
A big difference between the following description of DES and an asymmetric cryptosystem is that we will operate with bits and their bitwise operations instead of integers and their arithmetic operations. And hence, plaintexts and ciphertexts are sometimes referred to as blocks in symmetric cryptosystems because they are bitstrings.
As previously described is DES based on the iterated Feistel cipher where the block (the plaintext or ciphertext) in each round (iteration) is divided into two halves \( L^{i} \) and \( R^{i} \) of equal length. Then in each round are \( L^{i} \) and \( R^{i} \) computed as:
\( \eqalign{ L^{i} &= R^{i1} \\ R^{i} &= L^{i1} \oplus f(R^{i1}, K^{i}) } \)
where \( f \) is called the round function and is given the right half of the previously block \( R^{i1} \) and the current round key \( K^{i} \) as input.
The encryption and decryption algorithm in DES is the above round repeated 16 times as illustrated in Figure 1 (see below) where the bock \( x \) (the plaintext or ciphertext) is first permuted accordingly to the initial permutation \( IP \) where the output is the two halves \( L^{0} \) and \( R^{0} \) (each 32bit) which is used in the first round, i.e. \( IP(x) = L^{0}R^{0} \). After the 16 rounds is the block again permuted accordingly to the inverse initial permutation \( IP^{1} \) where the output \( y \) is either the ciphertext (encryption) or the plaintext (decryption), i.e. \( y = IP^{1}(R^{16}L^{16}) \) (notice that the two halves \( L^{16} \) and \( R^{16} \) are swapped before the inverse permutation is applied). The two permutations \( IP \) and \( IP^{1} \) are fixed and have no cryptographic influence.
As illustrated in Figure 1 uses each round a 48bit round key \( K^{i} \), but as previously described agrees Alice and Bob only on a single 56bit key \( K \). To solve this problem they use a key schedule which diverts from the 56bit key \( K \) the 16 round keys \( K^{1}, K^{2}, \dots, K^{16} \) where \( K^{i} \) is a certain permuted selection of bits from \( K \).
The round function \( f \) is illustrated in Figure 2 and executes the following steps:
To clarify the use of the Sboxes we show how to compute the output \( C_{1} \) when given the input \( B_{1} = 011011 \) and the Sbox \( S_{1} \) (see below). The first and last bits are \( b_{1}b_{6} = 01 \), which is the binary representation of the integer 1, i.e. the row is \( r_{1} = 1\). The middle four bits are \( b_{2}b_{3}b_{4}b_{5} = 1101 \), which is the binary representation of the integer 13, i.e. the column is \( c_{1} = 13 \). Finally the result is the integer in entry \( (1, 13) \) (remember the first row and the first column in the table starts at index 0) which is \( 5 \) and in binary \( 0101 \), i.e. \( C_{1} = 0101 \).
The Sbox \( S_{1} \)  

0  1  2  3  4  5  6  7  8  9  10  11  12  13  14  15  
0  14  4  13  1  2  15  11  8  3  10  6  12  5  9  0  7 
1  0  15  7  4  14  2  13  1  10  6  12  11  9  5  3  8 
2  4  1  14  8  13  6  2  11  15  12  9  7  3  10  5  0 
3  15  12  8  2  4  9  1  7  5  11  3  14  10  0  6  13 
The Sboxes were designed to prevent certain types of attacks, especially a method called differential cryptanalysis which was discovered by IBM in the 1970s but kept secret in almost 20 years until it was rediscovered by Biham and Shamir in the early 1990s. Therefore, at the time DES was proposed some people suggested that the Sboxes might contain hidden trapdoors which would allow the NSA to decrypt messages while claiming that DES was secure. But when Biham and Shamir (re)discovered differential cryptanalysis it was clear that the Sboxes were designed to prevent this type of attack and not to make DES insecure.
Another property of the Sboxes that is vital to the security of DES is that the Sboxes are the only nonlinear function in DES (the linear functions are the permutation \( P \) and the expanding function \( E \)). A cryptosystem that is only based on linear functions is easy to break with e.g. a known plaintext attack (given a plaintext and its corresponding ciphertext it's easy to compute the secret key). A function \( g \) is linear if it satisfies that \( g(A \oplus B) = g(A) \oplus g(B) \) for two bitstrings \( A \) and \( B \). E.g. let \( A = 101000 \) and \( A = 011011 \). We now want to show that the permutation \( P \) and the expanding function \( E \) are linear, but the Sboxes \( S_{i} \) are nonlinear. Assume that the permutation is given as \( P(X) = x_{2}x_{4}x_{1}x_{3}x_{5}x_{6} \):
\( \eqalign{ P(A) \oplus P(B) &= P(101000) \oplus P(011011) = 001100 \oplus 100111 = 101011 \\ P(A \oplus B) &= P(101000 \oplus 011011) = P(110011) = 101011 } \)
i.e. \( P(A \oplus B) = P(A) \oplus P(B) \) and the permutation is a linear function. Now assume the expanding function is given by \( E(X) = x_{1}x_{2}x_{3}x_{4}x_{3}x_{4}x_{5}x_{6} \), i.e. it expands 6bit to 8bit:
\( \eqalign{ E(A) \oplus P(B) &= E(101000) \oplus E(011011) = 10101000 \oplus 01101011 = 11000011 \\ E(A \oplus B) &= E(101000 \oplus 011011) = E(110011) = 11000011} \)
i.e. \( E(A \oplus B) = E(A) \oplus E(B) \) and the expanding function is linear. FInally for the Sboxes we use the Sbox \( S_{1} \):
\( \eqalign{ S_{1}(A) \oplus S_{1}(B) &= S_{1}(101000) \oplus S_{1}(011011) = 1101 \oplus 0101 = 1000 \\ S_{1}(A \oplus B) &= S_{1}(101000 \oplus 011011) = S_{1}(110011) = 1011 } \)
i.e. \( S_{1}(A \oplus B) \neq S_{1}(A) \oplus S_{1}(B) \) and the Sboxes are nonlinear functions.
A serious flaw of DES is its short 56bit keys and already in the 1990s it became feasible to break DES by a bruteforce attack. I.e. given an input block \( x \) and an output block \( y \), we run the DES algorithm \( DES \) with difference keys until \( y = DES_{K}(x) \), and hence we have found the used key \( K \). One solution to this problem is to use DES multiple times. The most used method is called Triple DES and runs the DES algorithm three times using different keys:
\( y = TDES_{K_{1},K_{2},K_{3}}(x) = DES_{K_1}(DES_{K_2}(DES_{K_3}(x))) \)
Notice that \( K_{1} \), \( K_{2} \) and \( K_{3} \) are not the 48bit round keys but 56bit main keys.
A variant of Triple DES replace the middle DES encryption by a DES decryption, i.e. the middle DES algorithm runs with the round keys in reverse order. Now, if we chooses the keys in this version as \( K_{1} = K_{2} = K_{3}\) it's the same as running the DES algorithm once because we first encrypts and then decrypts the message which have no influence and finally we encrypts the message again. Another variant chooses the keys as \( K_{1} = K_{3} \), which reduces the key size. Finally, a variant called DESX uses a single DES encryption combined with the input block \( x \) XORed with \( K_{1} \) and the output block \( y \) XORed with \( K_{3} \):
\( y = XDES_{K_{1},K_{2},K_{3}}(x) = DES_{K_2}(x \oplus K_{1}) \oplus K_{3} \)
Key exchange  
Alice and Bob agree on the 56bit key \( K \).  
Encryption  
Alice: Uses the key \( K \) in the key schedule to generate the 16 48bit round keys \(K^{1}, K^{2}, \dots, K^{16} \). Uses the round keys in the order \( K^{1}, K^{2}, \dots, K^{16} \) in the DES algorithm \( DES \) to encrypt the message \( m \) by \( c = DES_{K}(m) \). 

Alice sends the 64bit ciphertext \( c \) to Bob.  
Decryption  
Bob: Uses the key \( K \) in the key schedule to generate the 16 48bit round keys \( K^{1}, K^{2}, \dots, K^{16} \). Uses the round keys in the reverse order \( K^{16}, K^{15}, \dots, K^{1} \) in the DES algorithm \( DES \) to decrypt the ciphertext \( c \) by \( m = DES_{K}(c) \). 
Try a demo of the encryption scheme here.
Alice wants to send an encrypted message \( m \) to Bob. They first agree on a 56bit key \( K = 10101001 \dots\) and both generates the 16 48bit round keys with the key schedule:
\( \eqalign{ K^{1} &= \dots 10001000 \\ K^{2} &= \dots 11110001 \\ &\vdots \\ K^{16} &= \dots 00000000 } \)
Alice then encrypts the 64bit message \( m = 10110011 \dots\) using the round keys in the order \( K^{1}, K^{2}, \dots K^{16} \) and sends the 64bit ciphertext \( c = DES_{K}(m) = 10101011 \dots \) to Bob.
Bob decrypts the received ciphertext with the round keys in the reverse order \( K^{16}, K^{15}, \dots K^{1} \) by computing \( m = DES_{K}(c) = 10110011 \dots \).