## Design and Implementation of Encryption Unit

## Based on Customized AES Algorithm

### Nabil Hamdy

#1### , Khaled Shehata

#2### , Haitham Eldemerdash

#2#1

Electronics and communication Department, MIU, Cairo, Egypt. #2

Electronics and communication Department, AAST, Cairo, Egypt. eng_haitham80@yahoo.com

**Abstract ****— This encryption unit adopts the AES (Advanced **

**Encryption Standard) as the encryption algorithm because it has **
**been extensively challenged, evaluated, and, i t is the most **
**popularly used symmetric key algorithm. In this paper, we **
**propose a customized version of the “AES” block cipher to suit **
**proprietary data encryption applications. We designed the **
**customization of the AES to cover three main AES cryptographi c **
**functions, these are: S -box Generation, Mix Column **
**Transformation, and Key Expansion Function. The S -Box **
**generation process results in a new S -Box. The new S -Box is **
**tested to be sure of satisfying the required cryptographic **
**features: algebraic degree, non linearity, propagation criteria, **
**correlation immunity, and balancedness. The customized AES is **
**tested also against statistical randomness properties. The **
**encryption unit is finally designed, implemented, and tested **
**using FPGA technology. **

**Index Term —**** Advanced Encryption Standard (AES ), S -Box **

**generation, S -Box testing, Field programmable gate arrays **
**(FPGA). **

I. INT RODUCT ION

Customizing the AES algorithm attracted attention of researchers to provide proprietary security. In this work, we propose a customized version of the “AES” block cipher to suit proprietary data encryption applications. More over, the customized AES is incorporated in an encryption unit that is implemented using FPGA. The structure of the original AES algorithm is built in four main cryptographic functions [1], [2]. We design the customization of the AES to cover the following three main AES cryptographic functions:

(1) S-box Generation.

(2) Mix Column Transformation. (3) Key Expansion Function.

Using FPGA, the architecture of the encryption unit is composed of four main functional block, these are the loop controller module, the encryption and decryption round module, key expansion function module, and the ram module. In the next sections we discuss the customized algorithm structure and performance testing the building blocks of the architecture of the encryption unit. We also provide the details of the simulation results. The results of statistical randomness tests for the customized algorithm are provided in the appendix.

II. THE CUST OMIZED ALGORIT HM

In the customized AES algorithm we keep the same sequence of the standard encryption and decryption procedures shown below in Fig. 1 [3], but we introduced major modifications into three main cryptographic functions by generating and testing a brand new S-Box instead of the one described in the standard AES version, and modify the standard primitive polynomial which used for mix column transformation and key expansion function.

*A. The Proposed Design for the New S-box *
*A.1 Generation of the new S-box *

Substitution is a nonlinear transformation which performs confusion of bits. A nonlinear transformation is essential for every modern encryption algorithm and is proved to be a strong cryptographic primitive against linear and differential cryptanalysis [4]. The first question arises as to the best method of selecting the S-box (SB) entries there is four approaches of S-box design [3],[15]. These methods are Random method, Random with testing method, Human -made method, and Math-made method. We selected the second technique by using (RC4) algorithm as stream random generation for customized S-boxes; RC4 algorithm is variable key size stream cipher with byte oriented operation. RC4 algorithm is based on the use of a random permutation of 256 bit state [3], [10]. Variation on the second technique is to use S-boxes with random process, which starts with S-boxes filled with pseudorandom digits from (RC4) generation and alters the contents using the key. Tables I and Table II represent an example, of new S-box and its inverse, generated by RC4 when the key of RC4 is: 7FC023A814B5D69E.

TABLE I AES-RC4 S-box

TABLE II T he Inverse S-box

*A.2 Testing the new S-box *

Testing the contents of the new S-box is essential to insure that all required parameters of S-box in AES design are achieved by this design. For testing the S-box parameters we used the S-box Evaluation Software Package [5], which measures the following S-box cryptographic parameters: algebraic degree (AD), non linearity (NL), propagation criteria (PC), correlation immunity (CI), and balancedness (BL) [6]. The output results of these tests on the generated new S-boxes (using the RC4) are illustrated in the following Table III:

TABLE III

T est results for 10 samples of new S-Boxes generated by RC4

No.

Parameters

Key Sequence

AD NL PC CI BL

1 0123456789ABCDEF 6 92 0 0 1

2 C60D3A781BE2F495 7 88 0 0 1

3 D195AF73E028B46C 6 96 0 0 1

4 50D1C783EA29BF46 6 94 0 0 1

5 9FCD45EA172AC8FB 6 88 0 0 1

6 B5D1428AE73C69F0 6 92 0 0 1

7 AE73C69F0B5D1428 6 94 0 0 1

8 D391E60CA4257B8F 6 92 0 0 1

9 A4257B8FD391E60C 6 96 0 0 1

10 7FC023A814B5D69E 7 94 0 0 1

Consequently, we selected the new S-Box that is generated

by the key sequence number (10), because it has the highest Algebraic Degree between all tested samples and it has the same Algebraic Degree as Standard AES S-Box which is 7, all the projections of each S-Box are balanced, and the result for propagation criteria and Correlation immunity for the S-Boxes generated by RC4 are the same as standard AES S-Box, moreover the nonlinearity is very close to the standard AES S-Box which is 112.

*B. Standard Shift Rows Transformation *

Shift Rows Transformation is a linear diffusion process, operating on individual rows. Depending on the row location, offset of left shift varies from zero to three bytes. The forward shift row transformation, called Shift Rows (SR) [3], is depicted in Fig. 2. The (SR) is a cyclic shift of each row by different byte offsets. Row 0 is not changed. Row 1 is left rotated by one time. Row 2 is left rotated twice, and row 3 three times.

Fig. 2. Standard Shift Row T ransformation.

each of the second, third and fourth rows with a one-byte circular right shift for the second row, and so on.

*C. Proposed Mix Column Transformation *

Mix Column Transformation is Matrix multiplication over GF (2^8). Column vector is multiplied with a fixed matrix where the bytes are treated as polynomials rather than numbers [7], [8], the standard polynomial of the AES; A (x) is given as:

A (x) = {03} x3 + {01} x2 + {01} x + {02} (1) Mix Column operates on the State of the data to be encrypted column by column. Each column is considered as a polynomial over GF (2^8) which is given by:

M (x) = X8_{+ X}4_{+ X}3_{+ X + 1 (2) }
multiplication of a value by x (i.e., by {02}) can be implemented
as a 1-bit left shift followed by a conditional bitwise XOR with
{1B} for standard polynomial if the leftmost bit o f the original
value (prior to the shift) is 1 [3]. Proposed MixColumn
transformation: Consider the customized polynomial B(x) is
given as:

B (x) = {02} x3

+ {03} x2

+ {01} x + {01} (3)

This polynomial has self-inverse with respect to (x4+1) [14]. The transformation based on this polynomial is the following proposed MixColumn transformation in a matrix form, this is written as:

###

###

###

###

###

###

###

###

###

###

###

###

###

*C*

*b*

*C*

*b*

*C*

*b*

*C*

*b*

### ,

### 3

### '

### ,

### 2

### '

### ,

### 1

### '

### ,

### 0

### '

###

###

###

###

###

###

###

###

###

###

###

###

### 01

### 01

### 03

### 02

### 02

### 01

### 01

### 03

### 03

### 02

### 01

### 01

### 01

### 03

### 02

### 01

###

###

###

###

###

###

###

###

###

###

###

###

*C*

*b*

*C*

*b*

*C*

*b*

*C*

*b*

### ,

### 3

### ,

### 2

### ,

### 1

### ,

### 0

(4)These variations are designed over the Galois field GF (2^8) generated by the selected irreducible primitive polynomial that tested by Matlab 7 package tool to check its permittivity and irreducibility, this polynomial N(x) is:

N (x) = X8_{+ X}4 _{+ X}3_{+ X}2 _{+ 1 (5) }

And it is multiplied with modified polynomial B(x) modulo (X4+1), a conditional bitwise XOR with {1D} for customized polynomial if the leftmost bit of the original value is 1.The new Mix Column transformation has self-inverse and uses the coefficients 01, 02, and 03. Multiplication by these coefficients involves at most a shift and an XOR. Therefore proposed Mix column transformation is invertible and constructed with the polynomial D (x) which given by:

D (x) = {0D} x3

+ {09} x2

+ {0E} x + {0B} (6)

*D. Proposed Key Expansion Function *

The AES key expansion algorithm takes as input a 4 words (16 bytes) key and produces a linear array of 44 words (176 bytes). This is sufficient to provide a 4 words round key for the initial Add Round Key stage and each of the 10 rounds of the cipher. The round constant is a word in which the three rightmost bytes are always 0. Thus the effect of an XOR of a word with Rcon is to perform an XOR on the leftmost byte of the word. The round constant is different for each round and is defined as Rcon (j) = (RC (j), 0, 0, 0), with RC (1) = 1 [3].

RC(j) = 2 • RC(j - 1) (7) Rcon for customized AES given by the newly proposed irreducible polynomials with multiplication defined over the field GF (2^8):

N (x) = X8_{+ X}4 _{+ X}3_{+ X}2 _{+ 1 (8) }

The values of Rcon (9) and Rcon (10) are changed from its standard values according the variations of irreducible polynomial [2].Table IV gives the Rcon values in hexadecimal related to standard and customized polynomials.

TABLE IV Rcon values

**Rcon (J) ** **RC _{(1) }**

**RC**

_{(2) }**RC**

_{(3) }**RC**

_{(4) }**RC**

_{(5) }**RC**

_{(6) }**RC**

_{(7) }**RC**

_{(8) }**RC**

_{(9) }

_{(10) }RC**Standard **

**Polynomial ** **01 ** **02 ** **04 ** **08 ** **10 ** **20 ** **40 ** **80 ** **1B ** **36 **

**Customized **

**Polynomial ** **01 ** **02 ** **04 ** **08 ** **10 ** **20 ** **40 ** **80 ** **1D ** **3A **

*E. Software Simulation *

Fig. 3. Software SimulationInterface

*F. Statistical Randomness Tests *

For testing the algorithm output (the ciphertext) a specialized software package called "The Exhaustive Statistical Test Package” is used. This test package exists at "The Communications and Encryption Lab" in "Science and Technology Center of Excellence (STCE)" of the Ministry of Military Production. The snapshots from these test results are included in appendix A. The following Table V provides the conclusive results from all statistical randomness tests which were performed on 28 plaintext files with different formats (text, picture, audio and video). These tests help detecting any deviation from the assumed randomness property of ciphertexts generated by the customized AES.

TABLE V Conclusion T est Results

No. of Tested Files

Overall No. Of Tests

No. of Tests (Passed)

No. of Tests (Failed)

Result (%) 28 388 374 14 96.4 This is done by taking samples out of encryption unit and subjecting it to the following statistical tests:

1) Frequency Test. 2) Serial Test. 3) Poker Test. 4) Runs Test.

5) Longest Run of Ones Test. 6) Binary Matrix Rank Test. 7) Auto-correlation Test. 8) Maurer's Universal Test. 9) Lempel-Ziv Compression Test.

10) Approximate Entropy Test. 11) Cumulative Sums Test.

12) Random Excursions Variant Test. 13) Random Excursions Test.

14) Non Overlapping Template Matching Test. 15)OVERLAPPING TEMPLAT E MAT CHING TEST.

III. FPGADESIGN ARCHIT ECT URE

In this section, we provide a detailed description of our proposed FPGA architecture for the Customized AES Algorithm [9], [11]. The design consists of four main units; the first unit is loop controller module which responsible for controlling the encryption and decryption processes by receiving an external interrupt and mode select signals which are used to control the data processing during the round operations in the second module, the second unit is AES Encryption & Decryption Round module this module performs the encryption and decryption operations during the round functions by receiving data, round keys, and control signals from other modules. It consists of four main components, four mix column units to perform mix column function, 32 Rom units which contain S-box and inverse S-box values. Four inverse mix column units to perform inverse operation of mix column function and the last component is the add _round _key to make XOR operation of data and round key.

Fig. 4. T op Level of a Customized Unit

word. The last main unit is Ram module; it is responsible for generating the output sequence of (128) output round key. All the four basic units are illustrated in Fig. 4. All modules are designed using VHDL design Entry .The used tools is FPGA advantage 5.2 from Mentor Graphics [12].

IV. SIMULAT ION

The simulation tool, used to verify the validity of the design, is the ModelSim SE PLUS 5.5e which is a downstream tool in the FPGA advantage 5.2 package. The simulation result of the top design of AES encryption process is shown in Fig. 5. The data with length of 128-bit is received on port (aes_ip) in AES controller module and then encrypted using the (seed_key)

with its sub rounds keys to get the ciphered data output 128-bit denoted as (round_out). The fig. shows the main 5 control signals produced by the loop controller module and key controller module. The enc_dec signal is used for mode selection between encryption and decryption process, both

(ip_intr) and (key_intr) interrupt signals are used to apply input data and seed key data, (key_rdy) and (output_rdy) that give the information that both key generation in key expansion function and encryption operation are completed.

Fig. 6, shows the simulation waveforms for decryption process to be confirm that the plain data will be recovered again from ciphered data. From simulation results we find that the key expansion process finished and generated all round keys in (112 m sec) and also the encryption process take (8300 n sec) till the cipher output is ready. For decryption process, the overall operation takes (20200 n sec). The clock speed used is 50 MHz this mean that the design clock duration is 50 n sec [13]. From Fig. 6 we observe that the value of enc_dec control signal changed according to the process selection between encryption and decryption operations.

V. CONCLUSION

Implementation of new encryption unit based on customized AES Algorithm is introduced. This customization depends on variations of three main functions in the standard AES. The customized S-Box is generated using the random output of the

Key Interrupt

Key Ready

Input Interrupt

Seed Key

Reset _{Output Ready }

Cipher Data Plain Data

Clock

Mode Select Enc/Dec

Fig. 5. Simulation of the encryption process

Cipher Data Plain Data

Seed Key Mode Select Enc/Dec

RC4 algorithm , testing the new S-Box is carried out to insure that the new S-boxes contents satisfy the required cryptographic features ; Nonlinearity, Algebraic Degree, Correlation immunity, Propagation criteria, and Balancedness. The proposed Mix Column Transformation and Key Expansion function was implemented using different primitive polynomial. The proposed encryption unit is implemented using FPGA. The ciphered output was tested using exhaustive statistical test package, and other National Institute of Standards and Technology (NIST) tests [2]. Using customized algorithm increase the complexity and also makes the differential and linear cryptanalysis more difficult

APPENDIX ▪ Snapshots from Randomness Test Results :

Fig. 7. Final Result of Frequency T est

Fig. 8. Final Result of Runs T est

Fig. 9. Final Result of Serial T est

Fig. 10. Final Result of Cumulative Sums T est

Fig. 12. Final Result of Poker T est

Fig. 13. Final Result of Maurer’s T est

Fig. 14. Final Result of Lempel-Ziv Compression T est

Fig. 15. Final Result of Approximate Entropy T est

Fig. 16. Final Result of Random Excursions Variant T est

REFERENCES

[1] J. Daemen, V. Rijmen, AES proposal: Rijndael Document version 2, 1999.

[2] National Institute of Standards and T echnology (NIST ), Advanced Encryption Standard (AES), Federal Information Processing Standards Publications (FIPS) PUBS #197, 2001.

[3] William Stallings, "Cryptography and Network Security Principles and Practices", Fourth Edition, 2005.

[4] Kazys KAZLAUSKAS, Jaunius KAZLAUSKAS "Key-Dependent S-Box Generation in AES Block Cipher System", paper 2009. [5] Adham Elhosary, Evaluation software package on platform Linux

Ubuntu, Kernel 2.6.32-25 used in "Wireless Computer Communication Network" , a Ph.D. Dissertation, Registered at MT C, 2008, (in Progress).

[6] Claude Carlet, "Boolean Functions for Cryptography and Error Correcting Codes”, University of Paris, France, 2008.

[7] V.CH.Venkaiah, K, Srinathanan Bruhadeshwar, “Variations to S-box and MixColumn T ransformations of AES", international institute of information technology, paper 2005.

[8] Hua Li ,Zac Friggstad, "An Efficient Architecture for the AES Mix Columns Operation" ,Department of Mathematics and Computer Science University of Lethbridge. Canada, 2005.

[9] Douglas L. Perry, "VHDL: Programming by Example", Fourth Edition, 2002.

[10] Bruce Schneier, “Applied Cryptography”, Second Edition,1996. [11] Volnei A. Pedroni, “Circuit Design with VHDL” Fourth Edition,

2004.

[12] Clive “Max” Maxfield, “T he Design Warrior’s Guide to FPGAs” 2004.

[13] Xilinx, “Spartan-3 Starter Kit Board User Guide” V1.0, 2004. [14] Brian Carter, Ari Kassin, and T anja Magoc, “Advanced Encryption

Standard”, 2007.

[15] Eltayeb Salih Abuelyman, and Mohamed Ahmed El- Affendi"An Optimized Real T ime Generation of S-Box Inverses Using Arithmetic Modulo Powers of T wo", IJCSNS International Journal of Computer Science and Network Security, VOL.7 No.12, December 2007