Proof DES is injective - is this a valid argument

Question

Without going too much into detail into the crpytography of the matter since not every mathematician is interested or knowledgable in the field, there is an encryption process called DES (data encryption standard). It was used before but out of date now.

I won't go into detail of how this is performed, but you could say that DES is a function that works on 17 variables $DES(P,k_1,k_2,...,k_{16})=C$ where $P$ stands for plaintext and $C$ stands for ciphertext.

I won't prove it, but it turns out that $DES(C,k_{16},k_{15},...,k_1)=P$. Meaning, to understand a message that has been encrypted by DES method, we need to reapply the DES method, but where the keys are in inverted order.

My question is a simple one, does this argument, that DES could be inverted if we flip the order of the keys, does this imply that DES is injective? To me it seems to imply that DES is a bijection, but it can't be a bijection because it takes $17$ variables, 17 binary strings, and it gives me one string. So you could say that $DES: B^{17} \to B$ where $B$ is the set of all binary strings of a fixed length, so finite set. So it wouldn't make sense for it to be a bijection. But we can invert it. So I'm conflicted.

Answer 1

For a fixed choice of $k_1,\ldots, k_{16}$, DES is a map $P\mapsto C$ and it is this map that is bijective because there exists a (two-sided) inverse map.

Answer 2

Note: For DES, the messages, keys and round keys all have different lengths (64, 56 and 48 bits respectively). For this answer I'll use $M$ for messages and $K$ for round keys.

OT1H, for fixed keys, yes. Any invertible function $f$ on a finite set is bijective (both injective and surjective). For this argument, take $f = \mathrm{DES}(-,k_1,\ldots,k_{16})$. This is independent of how the inversion works.

OTOH, no. You seem to be asking whether the function $$ g : (k_1,\ldots,k_{16}) \mapsto (P \mapsto \mathrm{DES}(P,k_1,\ldots,k_{16})), $$ is injective? Here we mean mapping $g : K^{16} \rightarrow {\frak S}_M$, into symmetric group on the message space $M$. When $g$ is not injective cryptographers say the encryption scheme has equivalent keys. Equivalent keys exist and your argument that $f$ is injective by no means ensures that $g$ is injective.