• No results found

FPGA IMPLEMENTATION OF AREA OPTIMIZED AES ALGORITHM FOR SECURE COMMUNICATION APPLICATIONS

N/A
N/A
Protected

Academic year: 2020

Share "FPGA IMPLEMENTATION OF AREA OPTIMIZED AES ALGORITHM FOR SECURE COMMUNICATION APPLICATIONS"

Copied!
21
0
0

Loading.... (view fulltext now)

Full text

(1)

FPGA IMPLEMENTATION OF AREA OPTIMIZED AES

ALGORITHM FOR SECURE COMMUNICATION

APPLICATIONS

E.Kavitha

1

1

Assistant Professor, Vidya Jyothi Institute Of Technology, Aziz nagar, c.b.post.

ABSTRACT:

Nowadays there is a lot of importance given to the data security in internet. The AES is one of the most preferred block cipher encryption/decryption methods used at present. AES is substitution-permutation network, which is a series of mathematical operations that use substitutions and permutations and their careful definition implies that each output bit depends on every input bit.AES is an iterated block cipher with a fixed block size of 128 bits input data and a variable key length The different transformations operate on the intermediate results, called state. The state is a rectangular array is of dimensions 4X4. The cipher key is similarly pictured as a rectangular array with four rows.

The Main Aim of this paper is to do hardware implementation of optimized area block cipher Advanced Encryption Standard (AES-128) using Field Programmable Gate Array. The core includes the key schedule expansion and storage, the encryption, the decryption, and 8-bit input/output data interfaces with full control.The design is based on optimized area by using the time sharing of certain resources and iteration architecture. In this paper, AES algorithm is studied and modelled in VHDL targeting for optimized area in FPGA. The design is functionally simulated in Modelsim . The area optimization is verified by implementing this design on FPGA using Xilinx ISE synthesis tools.

Keywords: FPGA, AES-128, ENCRYPTION, DECRYPTION, XILINX ISE

1. Introduction:

Cryptography plays an important role in the security of data. It enables us to store sensitive information or transmit it across insecure networks so that unauthorized persons cannot read it. The urgency for secure ex-change of digital data resulted in large quantities of different encryption algorithms which can be classified into two groups: 1) Asymmetric encryption algorithms (with public key algorithms)

2) Symmetric encryption algorithms (with private key algorithms).

In a symmetric cipher, both parties must use the same key for encryption and decryption. This means that the encryption key must be shared between the two parties before any messages can be decrypted. Symmetric systems are also known as shared secret systems or private key systems.

In an asymmetric cipher, the encryption key and the decryption keys are separate. In an asymmetric system, each person has two keys. One key, the public key, is shared publicly. The second key, the private key, should never be shared with anyone. DES and AES/Rijndael are symmetric ciphers. RSA and Diffie-Hellman are asymmetric

ciphers. Symmetric key algorithms are in general much faster to execute electronically than asymmetric key algorithms. The Advanced Encryption Standard, in the following referenced as AES, is the winner of the contest, held in 1997 by the US Government, after the Data Encryption Standard was found too weak because of its small key size and the technological advancements in processor power. Fifteen candidates were accepted in 1998 and based on public comments the pool was reduced to five finalists in 1999. In October 2000, one of these five algorithms was selected as the forthcoming standard: a slightly modified version of the Rijndael.

(2)

Rijndael is a symmetric byte-oriented iterated (each iteration is called a round) block cipher that can process data blocks of 128 bits (4 words), using keys with length of 128, 192 and 256 bits. Unlike DES, which is based on a Feistel network, AES is a substitution-permutation network (SPN), which is a series of mathematical operations that use substitutions (also called S-Box) and permutations (P-Boxes) and their careful definition implies that each output bit depends on every input bit.

[image:2.595.112.226.352.454.2]

The algorithm is composed of three main parts: Cipher, Inverse Cipher and Key expansion. Cipher converts data to an unintelligible form called cipher text while Inverse cipher converts data back into its original form called plaintext. Key Expansion generates a Key Schedule that is used in Cipher and Inverse Cipher procedure. Cipher and Inverse Cipher are composed of specific number of rounds. For the AES algorithm, the number of rounds to be performed during the execution of the algorithm is dependent on the key length can see in Table 1.1

Table.1.1 Representation of No. of rounds depending on the Key length 1.1 Objective of the Paper:

The goal of this paper is to do hardware implementation of optimized area block cipher Advanced Encryption Standard (AES-128) using Field Programmable Gate Array (FPGA). The core includes the key schedule expansion and storage, the encryption, the decryption, and 8-bit input/output data interfaces with full control. The design is based on optimized area by using the time sharing of certain resources and iteration architecture.

1.2 Motivation of the paper:

With the use of more handheld wireless devices and increasing networking and wireless data transfer, the issue of security is being addressed from many different directions. The National Institute of Standards and Technology (NIST) selected the Rijndael algorithm as a new Advanced Encryption Standard (AES) in 2001. This standard was first developed for secure data encryption/decryption for high-end applications.

Since the standardization of the encryption protocol, successful attempts have been made in incorporating this protocol into reprogrammable flash memory, such as the FPGA chip in use in small, low end devices such as PDAs. It addressed that the throughput of the AES would have to be as fast as the throughput of the standardized network communication, as well as the need for it to be inexpensive and have low power consumption to make it viable to incorporate in future handheld PDA devices. It was also cost effective proving that their implementation can easily be flashed on a Xilinx FPGA Spartan3e chips due to the following reasons:

 The operations required by the algorithms in AES are generally simple in terms of hardware logic and implementation.  The time-to-market and overall cost of the

FPGA is significantly less compared to an ASIC design

 The reconfigurability of the FPGA is attractive to designers to allow for modifiability from the initial design in case any flaws are exploited

2. Design Implementation:

Based on the application, the AES algorithm can be implemented in various methods. So that the characteristics of algorithm like speed and area occupied by the algorithm changes. This chapter explains two implementation methods of AES algorithm those are

1. Loop Unrolling method of architecture 2. Loop rolling method of architecture

These two methods are explained with block diagrams. In our design to optimize the area, chosen loop rolling architecture method that is discussed in the following sections. This chapter provides the design implementation of loop rolling method of AES algorithm top block and its various sub blocks in detail.

2.1.1 Loop Unrolling architecture:

The unrolling architecture of AES algorithms is shown in Fig.2.1.1

[image:2.595.338.503.645.714.2]
(3)

The unrolling loop architecture executes each encryption round using its own dedicated hardware circuit for each of 10 rounds and storing the results of each round in 10 different 128 bit registers. This method increase in throughput and also occupies large area so this method can be used for high end devices.

2.1.2 Loop rolling architecture

[image:3.595.331.514.234.409.2]

The rolling algorithm runs a loop using rotating inputs from the key expansion block and the 128-bit state register to hold all plaintext input states. This method decreases throughput but occupies less area so this method can be used for low end customer products, where speed is not criteria. So our method of implementation mainly concentrating on area optimization by executing each encryption round using only block of hardware and the loop is repeatedly rotated using control FSM. The rolling architecture of AES algorithm is shown in Fig.2.2.

Fig.2.2 Rolling architecture of AES with 128-bit key

In the encryption/decryption core only one round is implemented and the cipher must iterate ten rounds to perform encryption/decryption. Iterative looping is a subset of loop unrolling where only one round is unrolled. This approach minimizes the hardware required for the implementation and an effort is made to get moderate speed. Thus one round is implemented with combinational logic supplemented with registers, memories and multiplexers. First the input block is fed to the and the initial round is executed. In this round the input data is XORed with the cipher key. A control unit generates control signals for the other units, solving the problem of separation between control and data path logic.

2.2 AES encryption flow chart:

Each encryption round has four stages of transformations:

[image:3.595.78.277.336.527.2]

SubBytes( ), ShiftRows(), MixColumns(), AddRoundKey(). AES encryption flow is shown in Fig.2.3.

Fig. 2.3 AES Encryption flowchart For encryption plaintext and key of size is 128 bits, that are two inputs for that and cipher text is the output of size is128 bits. Mainly in encryption it is having 10 rounds of arithmetic operation i.e. consists of substitute bytes, shift rows, mix columns, add round key block operations. Living to this before first round we have to do add round key operation. In 10th round we will not do mix column operation living to that all other operation we will do it in other rounds.

The following Fig.2.4 represents the ten rounds of encryption process.

[image:3.595.353.561.598.717.2]
(4)

For decryption cipher text (i.e. encryption output) and key of size is 128 bits are the two inputs. Finally plaintext is the output of decryption block i.e. nothing but an encryption input only. In this block also we will do same operation only but in a reverse order.

2.3 Proposed architecture of AES top block diagram:

In this proposed design, the encryption/decryption core only one round is implemented and this round must iterate ten rounds to perform encryption/decryption. The Initial round is performed out side of the Encryption round. All operations encryption, decryption, add round key and key expansion all are controlled by the control unit.

[image:4.595.315.557.71.237.2]

The top block diagram for AES is shown in Fig.2.5.

Fig.2.5 AES top block diagram

As shown in above diagram, AES top block diagram consists the following units.

 control FSM,  encryption,  decryption,  add round key  key expansion.

[image:4.595.78.291.310.461.2]

Control FSM: This block will control the whole operation for this top block diagram. For encryption, decryption, key expansion and add round key input data will be given by this control unit onlyFor encryption, input plain text and round key of 128 bit data will be given by control unit, output from encryption will be given back to control unit. Same thing it is done for decryption also.The following Fig.2.6 shows the implementation of top block in VHDL code.

Fig. 2.6 Implementation of AES top block in VHDL code

In the above top block, initially the plaintext of 128 bit data is XORed with the keyin of 128 bit in the addroundkey unit. The output of addround key unit i.e Add_out which is a 128 bit resultant data is send to Encryption round unit through the control FSM. This initial round output will become the input for the first round operation of Encryption unit i.e it enters as a Rnd_in into the Round Encryption unit. The output of the Round encryption i.e Rnd_out will become the input for the next round operation and passed through the control FSM unit into the Round Encryption unit. This loop will continue for ten rounds.

The Round Encryption unit is composed of four sub blocks those are Subbytes, shiftrows, Mixcolumn and addround key. While doing encryption round operation the Mix_en pin is set to „1‟ up to 9 rounds and at 10th

round of operation this pin is disabled i.e it is set to „0‟. So that the at 10th round of Encryption process the mixcolumn operation is omitted and the remaining operations are performed in the same way.

(5)

In this process Decry_en pin is enabled i.e it is set to‟0‟ for all 9 rounds whereas for the 10th round it is set to „1‟. So that the Inv mix column operation is omitted and remaining transformations are done as usual. Now the final round output data that is Rnd_dec_out10 is same as that of the input plain text.

The Key expansion unit generates sub keys as a four no. of 32-bit words (128-bit) and supplies a new four 32-bit for each round of encryption. So that Key expansion block generates a total of 44 no.of 32-bit words that is a total of 11 subkeys. All these sub keys are supplied to Round encryption block through the control FSM block.

2.4The encryption and decryption units:

2.4.1 Encryption Round:

The encryption algorithm has been designed this way that the generation of the subkey and the round calculations can be parallelly executed. In the first order it executes the round number zero (which is the EXOR input data with the main key) and it is calculated the subkey to the round number one. Then it is executed the round and it is calculated the subkey to the next round. The advantage of this design is the fact that we do not need to store the subkeys; they are currently calculated.

[image:5.595.325.508.257.414.2]

The Fig.2.7 shows the encryption loop block diagram.

Fig. 2.7 Encryption loop block diagram As shown in above diagram, Encryption loop block diagram consists of Mux, Round Encryption, and PIPO nbit.

The Mux will select Add round out0 or PIPO out depending upon selection line as an output. The complete encryption block diagram will be repeated for 10 rounds. For the 1st round

selection line will kept to 0, from next round onwards selection line will be kept 1.that round encryption executes for 10 times, it will receive different keys for each round from control FSM. The PIPO nbit will receive output from round encryption, which will be passed to mux as an input for 9 rounds after that it will be given to encryption as an output.

[image:5.595.112.284.462.641.2]

As shown in Fig 2.8, each Round Encryption block diagram consists of S BOX RAM, SHIFT REG, MIX COLUMN and ADD ROUND KEY.

Fig. 2.8 One Round of encryption block diagram Enc_Rnd_in is an input to the Encryption round block which is of 128-bit data and it is transformed through various sub blocks and finally it comes out from the add round key block after XORing with the sub key as Enc_Rnd_out which is also of 128-bit data. This 128-bit data will become input for the next round and this loop continues upto 9th round.

S-Box Ram:

The non-linear ByteSub transformation contains 16 parallely working S-boxes. S box ram is a predefined table as shown in table 2, first whatever input will be received as an input to round encryption block will be given to s-box ram. The 128-bit input block is divided into 16 bytes. Each byte state is the input to the S-box and the output is also a byte. The outputs of all S-boxes are concatenated to constitute the output of the ByteSub transformation.

Shift Register:

(6)
[image:6.595.315.559.73.199.2]

The bytes Aij[7..0] are the elements of the table representing the intermediate state of encrypted block. The output of the ShiftRow transformation is composed of the bytes Bij[7..0], where i,j €{0,1,2,3}that is shown in Fig.4.11 The input 128-bit data is framed as 16 bytes as shown in Fig 4.9.

Fig.2.9 Input to the shift row

[image:6.595.80.273.169.218.2]

transformation (128-bit is divided into 16 bytes) The realizations of these transformations shift the byte according to the units depicted in Fig 2.10. and framing of all 16 output bytes after shift row transformation is shown Fig 2.11.

Fig. 2.10 The Shiftrow transformation

Fig. 2.11 Output of the Shift row Mix column:

The result of the shiftrow operation will be given to matrix multiplication (mix column block). In the MixColumn transformation the 128 bit input block is divided into 16 bytes denoted Aij[7..0], where i,j € {0,1,2,3}, and the output bytes are denoted Bij[7..0]. Each column is multiplied with a fixed polynomial c(x) and the resultant values are replaced with new bytes. Each column of the state is multiplying with a fixed polynomial is shown in Fig.4.12

Fig. 2.12. Each column of the state is multiplied with a fixed polynomial c(x).

Where c(x) polynomial is

In matrix form is shown below

b0,0= (02. a0, 0) + (03. a1, 0) + a2, 0 + a3, 0

b1,0 = a0,0 + (02 . a1,0) + (03 . a2,0) + a3,0

b2,0 = a0,0 + a1,0 + (02 . a2,0) + (03 . a3,0)

b3,0 = (03 . a0,0) + a1,0 + a2,0 + (02 . a3,0)

Cryptography and Network Security, that multiplication of given binary value by 02 can be implemented as a 1-bit left shift. If the leftmost bit of the original value (before the shift) is 1 then XOR with 1B in hexadecimal (00011011 in binary).

Let x = 8-bit binary value

T1 = 02.x << 1 bit left shift if MSB bit = 0

<< (1bit left shift) XOR 00011011 if MSB bit = 1

T2 = 03.x = (02.x) XOR x = T1 XOR x

[image:6.595.116.270.337.471.2]
(7)

This procedure follows to do inverse matrix multiplication in Decryption unit. After matrix multiplication of four columns, all 16 bytes are concatenated to get 128-bit length. After matrix multiplication that results will be given to add round key to do XOR operation.

2.4.2 Decryption Round

The decryption algorithm has been designed in the similar way. In the first order it is calculated the tenth subkey (the one whitch has been used in the final round of the encryption round), then there are executed simultaneously the calculations of the inverse of the final round and the generation of the subkey for the next decryption round.

[image:7.595.317.517.242.287.2]

The decryption loop block diagram is depicted in Fig. 2.13.

Fig. 2.13 Decryption loop block diagram The 128-bit cipher text is given to the add round key block where initial key and cipher text is XORed. The output of add round key (initial round) is given to the Decryption round block where it is a combination of Inv shift rows, Inv sub bytes, Add round key and Inv Mix column transformation that shown in Fig.2.14.

Fig.2.14. One Round Decryption block diagram

Inverse Shift row:

[image:7.595.120.238.323.435.2]

The output of initial round is given to Inv shift register to shift according to shift operation. Here the 128-bit data is sub divided into 16 bytes denoted as Aij[7..0], where i,j € {0,1,2,3} as shown in fig . The bytes Aij[7..0] are the elements of the table representing the intermediate state of decrypted block. The output of the ShiftRow transformation is composed of the bytes Bij[7..0], where i,j €{0,1,2,3}that is shown in fig. The input 128-bit data is framed as 16 bytes as shown in Fig.4.15.

Fig. 2.15 Input to the Invshift row transformation (128-bit is divided into 16 bytes)

[image:7.595.88.277.588.710.2]

The realizations of these transformations shift the byte according to the units depicted in Fig 4.16 that is in the right direction and Fig 2.17 shows the output of the shift row operation.

Fig. 2.16. The InvShiftRow transformation

(8)

Inv Sub bytes transformation:

After inverse shift row operation as shown above the result will be given to Inv S-BOX which is a predefined 16x16 table consists a total of 256 no. of bytes as shown in fig. Each byte is replaced with the new byte. The resultant all 16 bytes are concatenated as 128-bit and is added or XORed with the key.The resultant is given to Inverse matrix multiplication.

Inv matrix multiplication;

[image:8.595.337.452.114.318.2]

To do inverse matrix multiplication, it uses another polynomial d(x). The polynomial in the matrix form is shown. In inverse matrix multiplication each column is multiplied with this predefined matrix as shown in Fig.4.18

Fig. 2.18 Inverse Mixcolumn transformation () Where d(x) = {0B. x3} + {0D.x2} + 09. x + 0E

In matrix form:

Inverse matrix multiplication is as follows

b0,0 = 0e. (a0,0) + 0b. a1,0 + 09 . a2,0 + 0e . a3,0

b1,0 = 09. (a0,0) + 0e. a1,0 + 0b . a2,0 + 0d . a3,0

b2,0 = 0d. (a0,0) + 09. a1,0 + 0e . a2,0 + 0b . a3,0

b3,0 = 0b. (a0,0) + 0d. a1,0 + 09 . a2,0 + 0e . a3,0

Similarly all other bytes can be calculated. Here addition means ex-or operation.

2.5 Control FSM:

The following Fig. 2.19 shows the state machine for Encryption process.

[image:8.595.77.298.285.396.2]

[image:8.595.359.466.415.633.2]

Fig. 2.19 Control FSM for Encryption process Fig 2.20. Shows the state machine for decryption

process

Fig. 2.20 Control FSM for Decryption process 3. Simulation Results:

= = = = = = = = = = = = = = = = = = = = = = = = SIMULATION RESULTS: (Using ModelSIM) = = = = = = = = = = = = = = = = = = = = = = = =

[image:8.595.120.232.475.549.2]
(9)

 Total no. of cycles for Encryption and Decryption : 65 cycles(approx) Device utilization summary

===================== Selected Device: XC3S500E

 Number of occupied Slices: 2227 out of 4656 (47%)  Number of Slice

registers(flipflops+latches): 1111 out of 9312 (11%)  Number of 4 input LUTs:

3952 out of 9312 (42%)  Number of bonded IOBs:

130 out of 232 (56%)  Number of GCLKs:

5 out of 24 (04%)  Number of Block RAMs:

16 out of 20 (80%)

Timing Summary: =============== Speed Grade: -4

 Minimum period:

 Maximum Frequency: 101.471MHz

6.2.1 Simulation results of encryption process

Encryption initial round (AddRoundKey)  PLAIN TEXT :

00112233445566778899AABBCCDDEE FF

 KEY :

000102030405060708090A0B0C0D0E0F

 OUTPUT OF ADD ROUND KEY:

00102030405060708090A0B0C0D0E0F0

Fig. 3.1 Encryption initial round (rolling) Round – 1

 INPUT :

00102030405060708090A0B0C0D0E0F0

 KEY :

D6AA74FDD2AF72FADAA678F1D6AB76FE

 OUTPUT :

[image:9.595.75.569.60.736.2]

89D810E8855ACE682D1843D8CB128FE4

Fig 3.2 Encryption round – 1(rolling) Round – 2

 INPUT :

89D810E8855ACE682D1843D8CB128FE4

 KEY :

B692CF0B643DBDF1BE9BC5006830B3FE  OUTPUT :

4915598F55E5D7A0DACA94FA1F0A63F7

Fig.3.3. Encryption round - 2(rolling) Round – 3

 INPUT :

4915598F55E5D7A0DACA94FA1F0A63F7  KEY :

B6FF744ED2C2C9BF6C590CBF0469BF41  OUTPUT :

FA636A2825B339C940668A3157244D17

(10)

Round – 4

 INPUT :

FA636A2825B339C940668A3157244D17

 KEY :

47F7F7BC95353E03F96C32BCFD058DFD  OUTPUT :

247240236966B3FA6ED2753288425B6C

Fig.3.5. Encryption round - 4(rolling) Round – 5

 INPUT :

247240236966B3FA6ED2753288425B6C

 KEY :

3CAAA3E8A99F9DEB50F3AF57ADF622AA  OUTPUT :

C81677BC9B7AC93B25027992B0261996

Fig.3.6. Encryption round - 5(rolling)

Round – 6

 INPUT :

C81677BC9B7AC93B25027992B0261996

 KEY :

5E390F7DF7A69296A7553DC10AA31F6B  OUTPUT :

C62FE109F75EEDC3CC79395D84F9CF5D

Fig.3.7. Encryption round - 6(rolling)

Round – 7

 INPUT :

C62FE109F75EEDC3CC79395D84F9CF5D

 KEY :

14F9701AE35FE28C440ADF4D4EA9C026  OUTPUT :

D1876C0F79C4300AB45594ADD66FF41F

Fig.3.8. Encryption round - 7(rolling) Round – 8

 Input : d1876c0f79c4300ab45594add66ff41f  Key : 47438735a41c65b9e016baf4aebf7ad2  Output : fde3bad205e5d0d73547964ef1fe37f1

Fig.3.9. Encryption round - 8(rolling)

Round – 9

 Input : fde3bad205e5d0d73547964ef1fe37f1  Key : 549932d1f08557681093ed9cbe2c974e  Output : bd6e7c3df2b5779e0b61216e8b10b689

(11)

Round – 10

 INPUT :

BD6E7C3DF2B5779E0B61216E8B10B689

 KEY :

13111D7FE3944A17F307A78B4D2B30C5  MIXCOLUMN_EN = 1

 OUTPUT :

69C4E0D86A7B0430D8CDB78070B4C55A

Fig.3.11. Encryption round - 10(rolling) 3.2.2 Simulation results of decryption process:

Decryption Initial round

 INPUT :

69C4E0D86A7B0430D8CDB78070B4C55A

 KEY :

13111D7FE3944A17F307A78B4D2B30C5  OUTPUT :

7AD5FDA789EF4E272BCA100B3D9FF59F

Fig.3.12. Decryption Initial round (rolling) Round – 1

 Input : 7ad5fda789ef4e272bca100b3d9ff59f  Key : 549932d1f08557681093ed9cbe2c974e  Output : 54d990a16ba09ab596bbf40ea111702f

Fig.3.13.Decryption round - 1(rolling)

Round – 2

 Input : 54d990a16ba09ab596bbf40ea111702f  Key : 47438735a41c65b9e016baf4aebf7ad2  Output : 3e1c22c0b6fcbf768da85067f6170495

Fig.3.14.Decryption round - 2(rolling) Round – 3

 Input: 3e1c22c0b6fcbf768da85067f6170495  Key: 14f9701ae35fe28c440adf4d4ea9c026  Output: b458124c68b68a014b99f82e5f15554c

Fig.3.15.Decryption round - 3(rolling) Round – 4

 Input: b458124c68b68a014b99f82e5f15554c  Key: 5e390f7df7a69296a7553dc10aa31f6b  Output: e8dab6901477d4653ff7f5e2e747dd4f

Fig.3.16.Decryption round - 4(rolling) Round – 5

(12)

Fig.3.17.Decryption round - 5(rolling) Round – 6

 Input : 36339d50f9b539269f2c092dc4406d23  Key : 47f7f7bc95353e03f96c32bcfd058dfd  Output : 2d6d7ef03f33e334093602dd5bfb12c7

Fig.3.18.Decryption round - 6(rolling) Round – 7

 Input : 2d6d7ef03f33e334093602dd5bfb12c7  Key : b6ff744ed2c2c9bf6c590cbf0469bf41  Output : 3bd92268fc74fb735767cbe0c0590e2d

Fig.3.19.Decryption round - 7(rolling) Round – 8

 Input :

3bd92268fc74fb735767cbe0c0590e2d  Key :

b692cf0b643dbdf1be9bc5006830b3fe  Output :

a7be1a6997ad739bd8c9ca451f618b61

Fig.3.20.Decryption round - 8(rolling) Round – 9

 Input : a7be1a6997ad739bd8c9ca451f618b61  Key : d6aa74fdd2af72fadaa678f1d6ab76fe  Output : 6353e08c0960e104cd70b751bacad0e7

Fig.3.21.Decryption round - 9(rolling) Round – 10

 Input : 6353e08c0960e104cd70b751bacad0e7  Key : 000102030405060708090a0b0c0d0e0f  Output : 00112233445566778899aabbccddeeff

Fig.3.22.Decryption round - 10(rolling)

6.3 The simulation and synthesis results of Unrolling architecture of AES are presented below.

(13)

 Encryption : 11 cycles (approx)  Decryption : 19 cycles (approx)  Total no. of cycles for Encryption and

Decryption : 30 cycles(approx)

= = = = = = = = = = = = = = = = = = = = = = = = SYNTHESIS RESULTS: (Using Xilinx ISE 9.1i) = = = = = = = = = = = = = = = = = = = = = = = =

Device utilization summary =====================

Selected Device: XC3S500E  Number of occupied Slices:

23299 out of 4656 (500%) --- OVERMAPPED

 Number of Slice Flip Flops: 7613 out of 9312 (81%)  Number of 4 input LUTs:

44510 out of 9312 (477%) --- OVERMAPPED

 Number of bonded IOBs: 130 out of 232 (56%)  Number of GCLKs:

1 out of 24 (04%)  Number of SLICEM:

9440 out of 2328 (405%) --- OVERMAPPED

Timing Summary: =============== Speed Grade: -4

 Minimum period: 8.836ns

 Maximum Frequency: 113.173MHz 

6.3.1 Simulation results of encryption process:

Initial round

 PLAIN TEXT :

00112233445566778899AABBCCDDEEFF  KEY :

000102030405060708090A0B0C0D0E0F  OUTPUT OF ADD ROUND KEY:

[image:13.595.85.571.55.753.2]

00102030405060708090A0B0C0D0E0F0

Fig. 3.23 Encryption initial round (unrolling) Round – 1

 INPUT :

00102030405060708090A0B0C0D0E0F0

 KEY :

D6AA74FDD2AF72FADAA678F1D6AB76FE  OUTPUT :

89D810E8855ACE682D1843D8CB128FE4

Fig 3.24 Encryption round - 1(unrolling) Round – 2

 INPUT :

89D810E8855ACE682D1843D8CB128FE4

 KEY :

B692CF0B643DBDF1BE9BC5006830B3FE  OUTPUT :

4915598F55E5D7A0DACA94FA1F0A63F7

Fig.3.25. Encryption round - 2(unrolling) Round – 3

 INPUT :

4915598F55E5D7A0DACA94FA1F0A63F7  KEY :

B6FF744ED2C2C9BF6C590CBF0469BF41  OUTPUT :

[image:13.595.314.569.72.185.2]
(14)

Fig.3.26. Encryption round - 3(unrolling) Round – 4

 INPUT :

FA636A2825B339C940668A3157244D17

 KEY :

47F7F7BC95353E03F96C32BCFD058DFD  OUTPUT :

247240236966B3FA6ED2753288425B6C

Fig.3.27. Encryption round - 4(unrolling) Round – 5

 INPUT :

247240236966B3FA6ED2753288425B6C

 KEY :

3CAAA3E8A99F9DEB50F3AF57ADF622AA  OUTPUT :

C81677BC9B7AC93B25027992B0261996

Fig.3.28. Encryption round - 5(unrolling)

Round – 6

 INPUT :

C81677BC9B7AC93B25027992B0261996

 KEY :

5E390F7DF7A69296A7553DC10AA31F6B  OUTPUT :

C62FE109F75EEDC3CC79395D84F9CF5D

Fig.3.29. Encryption round - 6(unrolling) Round – 7

 INPUT :

C62FE109F75EEDC3CC79395D84F9CF5D

 KEY :

14F9701AE35FE28C440ADF4D4EA9C026  OUTPUT :

D1876C0F79C4300AB45594ADD66FF41F

Fig.3.30. Encryption round - 7(unrolling) Round – 8

 Input : d1876c0f79c4300ab45594add66ff41f  Key : 47438735a41c65b9e016baf4aebf7ad2  Output: fde3bad205e5d0d73547964ef1fe37f1

(15)

Round – 9

 Input : fde3bad205e5d0d73547964ef1fe37f1  Key : 549932d1f08557681093ed9cbe2c974e  Output : bd6e7c3df2b5779e0b61216e8b10b689

Fig.3.32. Encryption round - 9(unrolling)

Round – 10

 INPUT :

BD6E7C3DF2B5779E0B61216E8B10B689

 KEY :

13111D7FE3944A17F307A78B4D2B30C5  MIXCOLUMN_EN = 1

 OUTPUT:

69C4E0D86A7B0430D8CDB78070B4C55A

Fig.3.33. Encryption round - 10(unrolling) 3.2.2 Simulation results of decryption process:

Decryption Initial round

 INPUT :

69C4E0D86A7B0430D8CDB78070B4C55A

 KEY :

13111D7FE3944A17F307A78B4D2B30C5  OUTPUT :

7AD5FDA789EF4E272BCA100B3D9FF59F

Fig.3.34. Decryption Initial round (unrolling) Round – 1

 Input : 7ad5fda789ef4e272bca100b3d9ff59f  Key : 549932d1f08557681093ed9cbe2c974e  Output : 54d990a16ba09ab596bbf40ea111702f

Fig.3.35.Decryption round - 1(unrolling) Round – 2

 Input : 54d990a16ba09ab596bbf40ea111702f  Key : 47438735a41c65b9e016baf4aebf7ad2  Output : 3e1c22c0b6fcbf768da85067f6170495

Fig.3.36.Decryption round - 2(unrolling) Round – 3

(16)

Fig.3.37.Decryption round - 3(unrolling) Round – 4

 Input: b458124c68b68a014b99f82e5f15554c  Key: 5e390f7df7a69296a7553dc10aa31f6b  Output: e8dab6901477d4653ff7f5e2e747dd4f

Fig.3.38.Decryption round - 4(unrolling) Round – 5

 Input : e8dab6901477d4653ff7f5e2e747dd4f  Key : 3caaa3e8a99f9deb50f3af57adf622aa  Output : 36339d50f9b539269f2c092dc4406d23

Fig.3.39.Decryption round - 5(unrolling)

Round – 6

 Input : 36339d50f9b539269f2c092dc4406d23  Key : 47f7f7bc95353e03f96c32bcfd058dfd  Output : 2d6d7ef03f33e334093602dd5bfb12c7

Fig.3.40.Decryption round - 6(unrolling) Round – 7

 Input : 2d6d7ef03f33e334093602dd5bfb12c7  Key : b6ff744ed2c2c9bf6c590cbf0469bf41  Output : 3bd92268fc74fb735767cbe0c0590e2d

Fig.3.41.Decryption round - 7(unrolling) Round – 8

 Input : 3bd92268fc74fb735767cbe0c0590e2d  Key : b692cf0b643dbdf1be9bc5006830b3fe  Output : a7be1a6997ad739bd8c9ca451f618b61

Fig.3.42.Decryption round - 8(unrolling) Round – 9

(17)

Fig.3.43.Decryption round - 9(unrolling) Round – 10

 Input : 6353e08c0960e104cd70b751bacad0e7  Key : 000102030405060708090a0b0c0d0e0f  Output : 00112233445566778899aabbccddeeff

Fig.3.44.Decryption round - 10(unrolling) 3.4 Tabulation of intermediate results of Encryption and Decryption:

The intermediate results of Cipher or encryption process are shown below:

CIPHER (ENCRYPT):

PLAINTEXT : 00112233445566778899aabbccddeeff

KEY : 000102030405060708090a0b0c0d0e0f

Round [0]

Input: 00112233445566778899aabbccddeeff

Key: 000102030405060708090a0b0c0d0e0f

Round [1]

Input : 00102030405060708090a0b0c0d0e0f0

S_box :63cab7040953d051cd60e0e7ba70e18c

Shiftrow : 6353e08c0960e104cd70b751bacad0e7

Mix_col :5f72641557f5bc92f7be3b291db9f91a

Key : d6aa74fdd2af72fadaa678f1d6ab76fe

Output : 89d810e8855ace682d1843d8cb128fe4

Round [2]

Input : 89d810e8855ace682d1843d8cb128fe4

S_box :a761ca9b97be8b45d8ad1a611fc97369

Shift_row :a7be1a6997ad739bd8c9ca451f618b61

Mix_col :ff87968431d86a51645151fa773ad009

Key : b692cf0b643dbdf1be9bc5006830b3fe

Round [3]

Input : 4915598f55e5d7a0daca94fa1f0a63f7

S_box :3b59cb73fcd90ee05774222dc067fb68

Shiftrow : 3bd92268fc74fb735767cbe0c0590e2d

Mix_col : 4c9c1e66f771f0762c3f868e534df256

Key : b6ff744ed2c2c9bf6c590cbf0469bf41

Output : fa636a2825b339c940668a3157244d17

Round [4]

Input : fa636a2825b339c940668a3157244d17

S_box : 2dfb02343f6d12dd09337ec75b36e3f0

Shiftrow : 2d6d7ef03f33e334093602dd5bfb12c7

Mix_col : 6385b79ffc538df997be478e7547d691

Key : 47f7f7bc95353e03f96c32bcfd058dfd

Output : 247240236966b3fa6ed2753288425b6c

Round [5]

Input : 247240236966b3fa6ed2753288425b6c

S_box : 36400926f9336d2d9fb59d23c42c3950

Shiftrow : 36339d50f9b539269f2c092dc4406d23

Mix_col : f4bcd45432e554d075f1d6c51dd03b3c

Key : 3caaa3e8a99f9deb50f3af57adf622aa

Output : c81677bc9b7ac93b25027992b0261996

Round [6]

Input : c81677bc9b7ac93b25027992b0261996

S_box : e847f56514dadde23f77b64fe7f7d490

Shitrow : e8dab6901477d4653ff7f5e2e747dd4f

Mix_col : 9816ee7400f87f556b2c049c8e5ad036

Key : 5e390f7df7a69296a7553dc10aa31f6b

(18)

Round [7]

Input : c62fe109f75eedc3cc79395d84f9cf5d

S_box : b415f8016858552e4bb6124c5f998a4c

Shiftrow : b458124c68b68a014b99f82e5f15554c

Mix_col : c57e1c159a9bd286f05f4be098c63439

Key : 14f9701ae35fe28c440adf4d4ea9c026

Output : d1876c0f79c4300ab45594add66ff41f

Round [8]

Input : d1876c0f79c4300ab45594add66ff41f

S_box : 3e175076b61c04678dfc2295f6a8bfc0

Shiftrow : 3e1c22c0b6fcbf768da85067f6170495

Mix_col : baa03de7a1f9b56ed5512cba5f414d23

Key : 47438735a41c65b9e016baf4aebf7ad2

Output : fde3bad205e5d0d73547964ef1fe37f1

Round [9]

Input : fde3bad205e5d0d73547964ef1fe37f1

S_box : 5411f4b56bd9700e96a0902fa1bb9aa1

Shiftrow : 54d990a16ba09ab596bbf40ea111702f

Mix_col : e9f74eec023020f61bf2ccf2353c21c7

Key : 549932d1f08557681093ed9cbe2c974e

Output : bd6e7c3df2b5779e0b61216e8b10b689

Round [10]

Input : bd6e7c3df2b5779e0b61216e8b10b689

S_box : 7a9f102789d5f50b2beffd9f3dca4ea7

Shiftrow : 7ad5fda789ef4e272bca100b3d9ff59f

Key : 13111d7fe3944a17f307a78b4d2b30c5

Output : 69c4e0d86a7b0430d8cdb78070b4c55a

INVERSE CIPHER (DECRYPT):

The intermediate results of Decipher or Decryption process are shown below

Round [0]

Input : 69c4e0d86a7b0430d8cdb78070b4c55a

Key : 13111d7fe3944a17f307a78b4d2b30c5

Output : 7ad5fda789ef4e272bca100b3d9ff59f

Round [1]

Input : 7ad5fda789ef4e272bca100b3d9ff59f

Invshift_row : 7a9f102789d5f50b2beffd9f3dca4ea7

Invs_box : bd6e7c3df2b5779e0b61216e8b10b689

Key : 549932d1f08557681093ed9cbe2c974e

Add round key : e9f74eec023020f61bf2ccf2353c21c7

Inv_Mix_col : 54d990a16ba09ab596bbf40ea111702f

Round [2]

Input : 54d990a16ba09ab596bbf40ea111702f

Invshiftrow : 5411f4b56bd9700e96a0902fa1bb9aa1

Invs_box : fde3bad205e5d0d73547964ef1fe37f1

Key : 47438735a41c65b9e016baf4aebf7ad2

Addroundkey : baa03de7a1f9b56ed5512cba5f414d23

Inv_Mix_col : 3e1c22c0b6fcbf768da85067f6170495

Round [3]

Input : 3e1c22c0b6fcbf768da85067f6170495

Invshiftrow : 3e175076b61c04678dfc2295f6a8bfc0

Invs_box : d1876c0f79c4300ab45594add66ff41f

Key : 14f9701ae35fe28c440adf4d4ea9c026

Addroundkey : c57e1c159a9bd286f05f4be098c63439

Inv_Mix_col : b458124c68b68a014b99f82e5f15554c

Round [4]

Input : b458124c68b68a014b99f82e5f15554c

Invshift_row :b415f8016858552e4bb6124c5f998a4c

Invs_box : c62fe109f75eedc3cc79395d84f9cf5d

Key : 5e390f7df7a69296a7553dc10aa31f6b

Addroundkey : 9816ee7400f87f556b2c049c8e5ad036

Inv_Mix_col : e8dab6901477d4653ff7f5e2e747dd4f

Round [5]

Input :e8dab6901477d4653ff7f5e2e747dd4f

Invshift_row :e847f56514dadde23f77b64fe7f7d490

Invs_box : c81677bc9b7ac93b25027992b0261996

Key : 3caaa3e8a99f9deb50f3af57adf622aa

(19)

Inv_Mix_col : 36339d50f9b539269f2c092dc4406d23

Round [6]

Input : 36339d50f9b539269f2c092dc4406d23

Invshift_row : 36400926f9336d2d9fb59d23c42c3950

Invs_box : 247240236966b3fa6ed2753288425b6c

Key : 47f7f7bc95353e03f96c32bcfd058dfd

Addroundkey : 6385b79ffc538df997be478e7547d691

Inv_Mix_col : 2d6d7ef03f33e334093602dd5bfb12c7

Round [7]

Input : 2d6d7ef03f33e334093602dd5bfb12c7

Invshift_row : 2dfb02343f6d12dd09337ec75b36e3f0

Invs_box :fa636a2825b339c940668a3157244d17

Key : b6ff744ed2c2c9bf6c590cbf0469bf41

Addroundkey : 4c9c1e66f771f0762c3f868e534df256

Inv_Mix_col : 3bd92268fc74fb735767cbe0c0590e2d

Round [8]

Input : 3bd92268fc74fb735767cbe0c0590e2d

Invsshift_row : 3b59cb73fcd90ee05774222dc067fb68

Invs_box : 4915598f55e5d7a0daca94fa1f0a63f7

Key : b692cf0b643dbdf1be9bc5006830b3fe

Addroundkey : ff87968431d86a51645151fa773ad009

Inv_Mic_col : a7be1a6997ad739bd8c9ca451f618b61

Round [9]

Input : a7be1a6997ad739bd8c9ca451f618b61

Invshift_row : a761ca9b97be8b45d8ad1a611fc97369

Invs_box : 89d810e8855ace682d1843d8cb128fe4

Key : d6aa74fdd2af72fadaa678f1d6ab76fe

Addroundkey : 5f72641557f5bc92f7be3b291db9f91a

Inv_Mix_col : 6353e08c0960e104cd70b751bacad0e7

Round [10]

Input : 6353e08c0960e104cd70b751bacad0e7

Invshift_row : 63cab7040953d051cd60e0e7ba70e18c

Invs_box : 00102030405060708090a0b0c0d0e0f0

Key : 000102030405060708090a0b0c0d0e0f

Addroundkey : 00112233445566778899aabbccddeef

3.5 Key generation simulation results:

Input key :

000102030405060708090a0b0c0d0e0f

[image:19.595.316.544.140.435.2]

for Nk = 4, which results in

Fig 3.45 Simulation result of Key expansion 3.5.1 Tabulation of Key generation results

The key generation results are tabulated in Table 6.1

Table 6.1 Key expansion results

S.No. i W(i)

1 0 00010203

2 1 04050607

3 2 08090a0b

4 3 0c0d0e0f

5 4 d6aa74fd

6 5 d2af72fa

7 6 daa678f1

8 7 d6ab76fe

9 8 b692cf0b

10 9 643dbdf1

[image:19.595.434.530.527.759.2]
(20)

12 11 6830b3fe

13 12 b6ff744e

14 13 d2c2c9bf

15 14 6c590cbf

16 15 0469bf41

17 16 47f7f7bc

18 17 95353e03

19 18 f96c32bc

20 19 fd058dfd

21 20 3caaa3e8

22 21 a99f9deb

23 22 50f3af57

24 23 adf622aa

25 24 5e390f7d

26 25 f7a69296

27 26 a7553dc1

28 27 0aa31f6b

29 28 14f9701a

30 29 e35fe28c

31 30 440adf4d

32 31 4ea9c026

33 32 47438735

34 33 a41c65b9

35 34 e016baf4

36 35 aebf7ad2

37 36 549932d1

38 37 f0855768

39 38 1093ed9c

40 39 be2c974e

41 40 13111d7f

42 41 e3944a17

43 42 f307a78b

44 43 4d2b30c5

4. Conclusion:

In this chapter shown the simulation and synthesized results of rolling and unrolling architecture methods of AES algorithm and programming results of encryption.bit file and decryption. Bit file on FPGA chip.

5. Conclusion And Future Scope:

Hardware implementation of optimized area blocks cipher AES have been implemented using Field programmable gate array (FPGA). By applying area optimization techniques i.e by using rolling architecture method the occupied area is reduced. This technique can be used in low end customer products with lower throughput, such as PDAs, wireless network devices, and many other embedded applications where speed is not a criteria.

The AES (unrolling technique) achieves a high throughput but occupies large area comparatively our design method. So it is used in high end devices such as Satellite communication, Internet Routers etc. where speed is more criteria.The function of the AES algorithm is simulated using Modelsim and the area optimization is verified by implementing this algorithm on Xilinx Spartan 3e FPGA using Xilinx synthesis tools.

Since this paper is concentrated on design considerations at the algorithmic level, future research could also carry out a similar performance analysis on designs targeting the hardware level using optimization techniques such as pipelining. It is also found that this 8-bit AES implementation can further applied to 32-bit AES implementation to reduce the slice numbers and increase the working frequency.

6. References:

[1] Alireza Hodjat, Ingrid Verbauwhede,"Minimum Area Cost for a 30 to 70 Gbits/s AES Processor", IEEE Computer society Annual Symposium on VLSI, 2004. Proceedings, Page(s):83 - 88, Feb. 2004.

[2]http://www.progressivecoding.com/tutorial.php?id=0 [3]http://en.wikipedia.org/wiki/Advanced_encryption_sta ndard [4] http://csrc.nist.gov/publications/fips/fips197.pdf [5]http://www.abisoft.net/documents/AESbyExample.ht m [6]http://www.opencores.org/projects.cgi/web/aes_crypto _core/overview.

(21)

[8] NIST. Announcing the advanced encryption standard (AES), FIPS 197 Technical report, National Institute of Standards and Technology, November 2001.

[9] Pawel Chodowiec, Kris Gaj,"Very Compact FPGA Implementation of the AES Algorithm", CHES 2003, LNCS 2779, pp. 319-333, 2003.

[10] Tim Good,Mohammed Benaissa “very small FPGA Application-Specific instruction processor for AES”,IEEE Trans. Circuit and System, volume.53, no.7, 2006.

[11] William stallings, “Cryptography and Network security principles and practices”, Pearson, 2nd

edition, page (19-126), 2005.

[12] William stallings, “Network security essentials applications and standards”, Pearson, Page (42-82), 2008.

[13] X.Zhang , K.K.Parthi,“High-speed VLSI architecture for the AES algorithm”, IEEE Transaction, Very Large Scale Integrated Circuit (VLSI) system, Volume No.12, no.9, September 2004, pp: 957-967.

References

Related documents

With the concept of photovoice [9] and the social-ecological model of health [2], the project team developed a health promotion programme titled ‘Make a Change through

LLOQ for gallic acid, danshensu, rosmarinic acid, salvia- nolic acid A, aloe-emodin, rhein and emodin was 0.1, 0.5, 0.1, 0.1, 1.0, 1.0 and 0.1 ng/mL, respectively, which were suf

The Information De- scription block structures cybersecurity information for ex- change purposes, the Information Discovery block identifies and discovers cybersecurity information

Allocate resources for cloud based video services on user request from multiple regions to distributed data centres and dynamically computes the near and optimal

Solvent molecules lie in the continuous channels between columns of stacked heterocyclic

if we are to understand the subsequent developments of the Atlantic 4 bronze industries and their regional organisation. Firstly: during Hallstatt C the economies

Morbidity rates and weight loss after Roux-en- Y gastric bypass, sleeve gastrectomy, and adjust- able gastric banding in patients older than 60 years old: Which Procedure to

Study design Obese (body mass index ≥ 35 kg/m 2 ) adolescents (13-17 years of age) with biopsy-proven NAFLD underwent LSG, lifestyle intervention plus intragastric weight loss