FIPS PUB 46-3
FEDERAL INFORMATION
PROCESSING STANDARDS PUBLICATION
Reaffirmed
1999 October 25
U.S. DEPARTMENT OF COMMERCE/National Institute of Standards and Technology
DATA ENCRYPTION STANDARD (DES)
CATEGORY: COMPUTER SECURITY
SUBCATEGORY: CRYPTOGRAPHY
2
U.S. DEPARTMENT OF COMMERCE, William M. Daley, Secretary
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY,
Raymond G. Kammer, Director
Foreword
The Federal Information Processing Standards Publication Series of the National Institute of
Standards and Technology (NIST) is the official series of publications relating to standards and
guidelines adopted and promulgated under the provisions of Section 5131 of the Information
Technology Management Reform Act of 1996 (Public Law 104-106), and the Computer Security
Act of 1987 (Public Law 100-235). These mandates have given the Secretary of Commerce and
NIST important responsibilities for improving the utilization and management of computer and
related telecommunications systems in the Federal Government. The NIST, through its Information
Technology Laboratory, provides leadership, technical guidance, and coordination of Government
efforts in the development of standards and guidelines in these areas.
Comments concerning Federal Information Processing Standards Publications are welcomed and
should be addressed to the Director, Information Technology Laboratory, National Institute of
Standards and Technology, 100 Bureau Dr. Stop 8900, Gaithersburg, MD 20899-8900.
William Mehuron, Director
Information Technology Laboratory
Abstract
The selective application of technological and related procedural safeguards is an important
responsibility of every Federal organization in providing adequate security to its electronic data
systems. This publication specifies two cryptographic algorithms, the Data Encryption Standard
(DES) and the Triple Data Encryption Algorithm (TDEA) which may be used by Federal
organizations to protect sensitive data. Protection of data during transmission or while in storage
may be necessary to maintain the confidentiality and integrity of the information represented by the
data. The algorithms uniquely define the mathematical steps required to transform data into a
cryptographic cipher and also to transform the cipher back to the original form. The Data Encryption
Standard is being made available for use by Federal agencies within the context of a total security
program consisting of physical security procedures, good information management practices, and
computer system/network access controls. This revision supersedes FIPS 46-2 in its entirety.
3
Key words: computer security, data encryption standard, triple data encryption algorithm, Federal
Information Processing Standard (FIPS); security.
1
Federal Information
Processing Standards Publication 46-3
1999 October 25
Announcing the
DATA ENCRYPTION STANDARD
Federal Information Processing Standards Publications (FIPS PUBS) are issued by the National
Institute of Standards and Technology after approval by the Secretary of Commerce pursuant to
Section 5131 of the Information Technology Management Reform Act of 1996 (Public Law 104-
106), and the Computer Security Act of 1987 (Public Law 100-235).
1. Name of Standard. Data Encryption Standard (DES).
2. Category of Standard. Computer Security, Cryptography.
3. Explanation. The Data Encryption Standard (DES) specifies two FIPS approved
cryptographic algorithms as required by FIPS 140-1. When used in conjunction with American
National Standards Institute (ANSI) X9.52 standard, this publication provides a complete description
of the mathematical algorithms for encrypting (enciphering) and decrypting (deciphering) binary
coded information. Encrypting data converts it to an unintelligible form called cipher. Decrypting
cipher converts the data back to its original form called plaintext. The algorithms described in this
standard specifies both enciphering and deciphering operations which are based on a binary number
called a key.
A DES key consists of 64 binary digits ("0"s or "1"s) of which 56 bits are randomly generated and
used directly by the algorithm. The other 8 bits, which are not used by the algorithm, may be used
for error detection. The 8 error detecting bits are set to make the parity of each 8-bit byte of the key
odd, i.e., there is an odd number of "1"s in each 8-bit byte
1
. A TDEA key consists of three DES
keys, which is also referred to as a key bundle. Authorized users of encrypted computer data must
have the key that was used to encipher the data in order to decrypt it. The encryption algorithms
specified in this standard are commonly known among those using the standard. The cryptographic
1
Sometimes keys are generated in an encrypted form. A random 64-bit number is generated
and defined to be the cipher formed by the encryption of a key using a key encrypting key. In
this case the parity bits of the encrypted key cannot be set until after the key is decrypted.