International Con ference on VLSI, Communication & Instrumentation (IC VCI) 2011 Proceedings published by International Journal of Computer

App lica tions (IJC A)

Flowchart Approach to Scalable Encryption Algorithm Design and Implementation in FPGA

Dilja.K Dr. S. Natarajan

PG scholar/Appli ed Electronics Bannari Amman Institute of Technology Sathyamangal am-638 401, Tamilnadu

Asst. professor, Department of ECE Bannari Amman Institute of Technology Sathyamangal am-638 401, Tamilnadu

ABSTRACT
The imp lementation of encryption/decry ption algorithm is the most essential p art of the secure communication. In curr ently existing encry ption algor ithms there is a tradeoff b etween imp lementation cost and r esulting p erformances. Scalable encry ption algorithm is targeted for small-emb edded ap p lication with limited resources (such as memory size, p rocessor cap acity ). SEA n, b is p arametric in the text, key and p rocessor word size and uses a limited instruction set (i.e. NOT, AND, OR, XOR gates, word rotation and modular addition). And it has a p rovable security against linear and d ifferential cry ptanaly sis. This p ap er includes the conv ersion of loop arch itecture of SEA into flowchart, in such a way that encryp tion and decryption p rocess are sep arated, loop is sp lit into two p arts and controlling inp uts are removed. By this method it is easy to design in VHDL lan guage, for imp lementation in FPGA.

b p rocessor (or word) size; nb = n/2b number of words p er Feistel branch; nr number of blo ck cip her rounds. As an only constraint, it is required that n is a multip le of 6b (Because both the p lain text are sep arated into 2 p arts, and all the op eration ar e done in 3 words). Examp le- usin g 8-bit p rocessor, we can derive a 48-bit block cip hers, denoted as SEA48, 8. Let x be a n/2-bit vector. We consider the followin g two rep resentations. Bit rep resentation: x b = x ((n/2)-1) x(2) x(1) x(0). Word rep resentation: x w = x nb-1 x nb-2 x2 x1 x0.

Keywords:
VHDL, FPGA.

S calable

Encryption

Algorithm,

2.2 Basic Operations

Due to its simp licity constraints, SEAn,b is based on a limited number of elementary op erations (selected for their availability in any p rocessing device) denoted as follows: 1) Bit wise XOR 2) M od 2b addition 3) A 3-bit substitution box S: = [0, 5, 6, 7, 4, 3, 1, 2] that can be app lied bit wise to any set of 3-bit words for efficiency p urp oses. In addition, we use the followin g rotation op erations: 4) Word rotation R, defined on nb-word vectors R: x y = R (x) y i+1 = x i 0<=I<=nb-2 y 0 = x n b -1 5) Bit rotation r, defined on nb-word vectors R: x y = r (x) y = x3i >>>1 y
3i+1

1. INTRODUCTION

Scalable encry ption algorithm (SEA) is a p arametric block cip her for resource-constrained sy stems (e.g., sensor networks, RFIDs) that has been introduced in [4]. It was initially designed as a lowcost encryp tion/ authentication routine (i.e., with small code size and memory ) targeted for p rocessors with a limited instruction set (i.e., AND, OR, XOR gates, word rotation, and modular add ition). The algorithm takes the p laintext, key , and the bus sizes as p arameters and, therefore, can be straightforwardly adapted to various imp lementation contexts and/or security requirements. SEA benefits from a stronger security analy sis, derived from recent advances in blo ck cip her design /cry ptanaly sis. In p ractice, SEA has been p roven to be an efficient solution for embedded software app lications using micro controllers.

2. ALGORITHM DESCRIPTION 2.1 Parameters And Definitions

SEAn,b op erates on various text, key , and word sizes. It is based on a Feistel structure with a variable nu mber of rounds, and is

= x 3i+1

defined with resp ect to the following p arameters: n p laintext size, key size; 20

International Con ference on VLSI, Communication & Instrumentation (IC VCI) 2011 Proceedings published by International Journal of Computer App lica tions (IJC y 3i+2 = x 3i+2 <<<1 A) Where 0<= i <=(nb/3) 1 and >>> and <<<, resp ectively , rep resent the cy clic right and left shifts inside a word.

21

Li

Ri

KLi

KRi

Ci

Ci R

r R-1

Li+1

Ri+1

KLi+1

KRi+1

Fig 1. Encry pt/decrypt Round and key round

2.3 Round and Key Round

Based on the p revious definitions, the encrypt round FE, decrypt round FD, and key round FK are p ictured in Fig.1 and def ined as

L0&R0=P; KL0&KR0=K;

[L i+1, R i+1 ] = FE (Li , Ri , Ki )

R i+1 = R (Li) L i+1 = Ri [L i+1, R i+1] = FD (Li , Ri , Ki) R i+1 = R-1 (Li r (S (Ri Ki ))) L i+1 = Ri [ K L i+1, KR i+1 ] = FK ( KLi, KRi , Ci) KR i+1 = KLi R (r (S (Ri KL i+1 = KRi Ki ))) r ( S ( Ri Ki ))

2.4 Complete cipher

The cip her iterates an odd number nr of rounds. The following p seudo-C code encryp ts a p laintext P under a key K and p roduces a cip her text C. P, C, and K has a p arametric bit size n. The op erations within the cip her are p erformed considerin g p arametric b-bit words. Pseudo-C code C=SEAn,b (P,K) %Initialization

%Key scheduling for i in 1 to [nr/2] KLi,KRi =FK(KLi-1,KRi-1,C(i)); Switch KL[nr/2], KR[nr/2]; for i in [nr/2] +1 to nr/2-1 KLi,KRi =FK(KLi-1,KRi-1,C(r-i)); % Encry ption for i in 1 to [nr/2] KLi,KRi =FE(Li-1, Ri-1, KRi-1) ; for i in [nr/2] +1 to nr/2 KLi,KRi =FK(Li-1, Ri-1, KLi-1)); %final C=Rnr&Lnr; Where & is the concatenation op erator, KR[ n /2] is taken before the switch and C(i) is a nb-word vector of which all the words have value 0 excep ted the LSW that equals i. Decry ption is exactly the same, usin g the decry pt round FD.

3. LOOP ARCHITECTURE OF S EA

The structure of our loop architecture for SEA is d ep icted in Fig.2, with the round function on the left p art and the key schedule on the right p art. Resource-consumin g blo cks are the S boxes and the mod2b adder ; the Word Rotate and Bit Rotate blocks are imp lemented by swapp ing wires.

Data in Left

Data in Right

NotS tate0 NotS tate0

Key in Left

Key in Right

NotS tate0 NotS tate0

Encry pt

0 1

Const_i

r r

S box S box R Half r S box

R-1 R-1

Exec

Decrypt

1 0

1 0

S witch M od 2b addition

S witch

Word rotate

R-1

Word Rotate Inverse

Bit Rotate

XOR op eration

Fig .2. Loop a rchitecture for S EA Accordin g to the sp ecifications, the key schedule contains two multip lexors allowin g to switch the right and left p art of the round key at half the execution of the algor ithm using the app rop riate command signal Switch. The multip lexor controlled by Half Exec p rovides the round function with the right p art of the round key for the first half of the execution and transmit s its left p art instead after the switch. To supp ort both encryption and decryption, finally added two multip lexors controlled by the Encryp t signal. Sup p lementary area consump tion will be caused by the two routing p aths. In the round function, the mod 2 adders ar e realized by using nb, b-bits adders workin g in p arallel without carry p rop agation between them. In the key schedule, the signal Const_i (p rovided by the control p art) can only take a value b etween 0 and nr/2.

YPTION FLOWCHAR T
Figure.3 shows the encry ption flow chart used in design of the p rogram. The data and key are the inp uts. In the next step both

4. ENCR YPTION AND DECR

22

inp uts are divided into two p arts and app lied to the p rocessing blocks. The encry ption is comp leted in two loop op erations. In first loop i will take a v alue of 1 to nr/2. That is the half execution p art, the right p art of the key is selected during this op erations. Both key and data swap in end of each, iteration. After finishin g the half execution switch op eration is p erformed. It is done by swap left and right p art of key and the remainin g rounds the key p art will not swap in the next loop . The same op eration is p erformed in next loop excep t that the left p art key is selected in the round op eration. Finally the encry pt outp ut is t aken by concatenatin g right and left p art out p ut of encrypt round. Figure.4 shows decryp tion flow chart, the same p rocess is done during this flowchart excep t that inverse word rotation op eration is p erformed after bit rotation, instead in encry pt round t he word rotation is p erformed before bitwise XOR.

23

S TART

S TART

DATA, KEY i =n r/2+1

DATA, KEY

i =n r/2+1

N=DATA (LEFT) X=DATA (RIGHT) L=KEY (LEFT) G=MOD ADD(Z,C) C =C +1

N=DATA (LEFT) X=DATA (RIGHT) L=KEY (LEFT) G=MOD ADD(Z,C) C =C +1

i =1

i =1

H=SBO X(G) C =C +1 G=MODADD (Z,C) K=WORD RO TATE H=SBO X(G) M=BIW IS E J=BITRO TATE (H) K=WORD RO TATE W =MODADD(X,Y) R=SBO X (W) S =BITRO TATE (R) Y=Z (KEY IN RIGHT PART) XO R C =C +1 G=MODADD (Z,C)

H=SBO X(G)

J=BITRO TATE (H)

J=BITRO TATE (H)

K=WORD RO TATE

H=SBO X(G)

M=BIW IS E

XOR

J=BITRO TATE (H) Y=L (KEY IN LEFT PART) K=WORD RO TATE Y=L (KEY IN LEFT PART)

M=BIW IS E

XO R

M=BIW IS E

XOR

W =MODADD(X,Y)

Y=Z (KEY IN RIGHT PART)

R=SBO X (W) S =BITRO TATE (R)

W =MODADD(X,Y) R=SBO X (W)

P=WORDRO TATE

W =MODADD(X,Y) R=SBO X (W)

P=BITW IS EXO R(N,S

Q=BIWIS E XO R (S ,P) S =BITRO TATE (R) P=WORDRO TATE i =n r/2+1

Q=INV-

N=X, X=Q , L=M, Z=Z

S =BITRO TATE (R) P=BITW IS EXO R(N,S Q=BIWIS E XO R (S ,P)

N=X, X=Q , L=M, Z=Z

i =n r/2+1

Q=INVN=X, X=Q , L=Z, Z=M Is i >n r/2 N=X, X=Q , L=Z, Z=M Is i >n r/2

i =i +1

i =i +1 LEFT=N, RIGHT=X LEFT=N, RIGHT=X Is i >n r/2 DEO UT= LEFT&RIGH T

Is i >n r/2

ENO UT= LEFT&RIGH

Z=L, L=M (SW ICH OPERATIO N)

S TO P

Z=L, L=M (SW ICH OPERATIO N)

S TO P

Fig 3. Encry ption flowchart

Fig 4. Decr ypti on fl owc har t

5. EXPERIMENTAL RESULTS

The Scalable Encry ption Algorithm has is written in VHDL codin g and sy nthesized using ISE 9.1i tool from Xilin x on a vertex4 p latform with sp eed grade of 12. The device utilization summary and timing summary is given b elow. From the device utilization summary we can see that 1071 slices are used out of 6144, that is only 17% of the total slices, and look up table used is 1878 out of 12288, that is only 15% of total LUTs. And from timing summary we can see that maximum combin ational p ath delay is 140.603ns. The sy nthesis rep ort is given below. The Scalable Encry ption Algorithm has is written in VHDL codin g and sy nthesized using ISE 9.1i tool from Xilin x on a vertex4 p latform with sp eed grade of 12. The device utilization summary and timing summary is given b elow. From the device utilization summary we can see that 1071 slices are used out of 6144, that is only 17% of the total slices, and look up table used is 1878 out of 12288, that is only 15% of total LUTs. And from timing summary we can see that maximum combin ational p ath delay is 140.603ns. The sy nthesis rep ort is given below. Device utilization summary : ---------------------------------------------------------------------------Selected Device : 4vlx15sf363-12 Number of Slices: Number of 4 inp ut LUTs: Number of IOs: Number of bonded IOBs: Timing Summary : ----------------------------------------------------------------------------Sp eed -12 Grade: 1071 out of 6144 17% 1878 out of 12288 15% 144 96 out of 240 40%

iterations, hence look up table is reduced comp ared to other encry ption methods.

Fig.5-Simulati on output

7. REFERENCES

[1] A. J. Elbirt, W. Yip , B. Chetwy nd, and C. Paar, An FPGA imp lementation and p erformance evaluation of the AES block cip her candidate algorithm fin alists, in Proc. AES Candidate Conf., 2000, p p . 1312 .Oct 2005. [2] K. Jarvinen, M . Tommiska, and J. Sky tta, Comp arative survey of high-p erformance cry p tograp hic algorithm imp lementations on FPGAs, IEE Proc. Inf. Secur ity , vol. 152, pp . 312, Oct. 2005. [3] F. M ac, F.-X. Standaert, and J.-J. Quisquater, FPGA Imp lementation(s) of a Scalable Encry p tion AlgorithmIEEE Transactions on very large scale integr ation (VLSI) sy stem .vol. 16, no. 2, FEB 2008. [4] F.-X. Standaert, G. Piret, N. Gershenfeld, and J.-J. Quisquater, Sea: A scalable encry ption algorithm for small embedded ap p lications, in Proc. CARDIS, 2006, pp . 222 236. F.-X. Standaert, G. Piret, G. Rouvroy , and J.-J. Quisquater, FPGA imp lementations of the ICEBERG block cip her, in Proc. ITCC, 2005, pp . 556561. K.Wong, M .Wark and E.Dawson A single- chip FPGA imp lementation of the data encry ption standard (des) algorithm Glob al Telecommunications Conference, 1998. GLOBECOM 98. The Bridge to Global Integration. IEEE, 10.1109/ GLOCOM .1998.776849

----------------------------------------------------------------------------

M inimum p eriod: No p ath found M inimum inp ut arrival time before clock: No p ath found M aximum outp ut required time after clock: No p ath found M aximum co mbinational p ath delay : 140.603ns ---------------------------------------------------------------------------The Scalab le Encry p tion Algorithm is written in VHDL coding and comp iled and simulated in M odelSim SE 5.7 g and forced with 2 inp ut values. The waveform of fig.5 shows that we have obtained an outp ut, which is entirely different from the p lain text value. That is we have got an encry pted outp ut. [6] [5]

6. ION

CONCLUS

Scalable encry ption algorithm constitutes a suitable solution for a low cost embedd ed sy stem app lication like RFID, wher e ar ea and p ower is minimum. The on-the-fly key derivation done for

[7] Advanced Encry p tion Standard, FIPS PUB 197, Nov. 2001. [8] Data Encryp tion Standard, FIPS PUB 46-3, Oct. 1999