06998769
-
Upload
walid-mohanna -
Category
Documents
-
view
220 -
download
0
Transcript of 06998769
7/26/2019 06998769
http://slidepdf.com/reader/full/06998769 1/6
The First International Conference of Electrical, Communication, Computer, Power and Control Engineering ICECCPCE'13/December17-18, 2013
FPGA Implementation of a Modied AdvancedEncryption Standard Algorithm
Ali A AedDepartent of Coputer Engineering
University of Basra, IAQaaad baahoo com
Absr- In this paper, a method to improve the security levelof advanced encryption standard (AES) algorithm is proposed.The proposed algorithm, which is based on the standard AES,
increases the complexity of the encryption process leading to amore dicultness against attacking and decryption of theplaintext without using the correct encryption key. The researchinvestigates the AES algorithm with regard to Field
Programmable Gate Array (FPGA) and the Very High Speed
Integrated Circuit Hardware Description Language (VHDL).ModelSim-Altera Starter Edition Soware for Quartus II isused for simulation and optimization of the structural VHDL
code. All the required transformations of the encryption anddecryption processes are done using a pipelined cyclic designmethod to minimize hardware consumptions. The pipelineddesign is implemented on Altera Cyclone IV family of FPGA
devices and a good throughput is achieved with minimal area.
Kyrds Encryption, Decryption, AES, FPGA, VHDL
I. INTRODUCTON
The National Institute of S tandards and Tecnology(NIST) decided proposals for the AES algorit. The AES,
which is a Federal Infoation Processing S tandad (FIPS), isa crptographic algorit ipleented to protect eleconicdigital data against attacking and it is widely accepted due toits strong encrption, sophisticated processing and its
resistance to Brte-force attack [1] . It is a 128-bit syetric block cipher that can encipher and decipher digitalinforation. Encrption converts data to unintelligible foatcalled cipher text. Decrption of the cipher text leads to retu
back data to its original plaintext. The crptographic key thatcan be adopted in AES is 128, 192, or 256 bits length [1].Although key size deteines the level of secit, aea and power consuption becoes crucial especially in ebedded hardware in obile devices [2].
In this paper, the Rijndael algorit is adopted since it had the best overall scores in securit, perforance, eciency,exibilit, and ipleentation abilit [3]. The hardwareipleentation of the Rijndael algorit can provide either
high perfoance or low cost for specic applications. Forsoe counication systes or servers, it is not favorable to
Ali A JawadDepartent of Electrical Power,Tecnical College, Basra, IQ
alijwdail com
lose processing speed, which degrades the eciency of thesyste during runing of the crptographic algorit insoware. Hence, a low cost and sall design FPGAcrptographic card will be designed. The trade-off betweenlevel of securit, troughput and area consuption depends on
requred need [2]. This card can be used in sart applicationsallowing a wide range of secure equipent.
In spite of the any works on AES and FPGA design of this crptography algorit but it can rther iproved. In [3], the classical AES is ipleented without any odication. In[4], a odication in AES is done but it is prograed withMA TLAB leading to a non-reduced aea logic design. Theauthor of [5] ied to apply the pipeline principle to theclassical AES algorit and ipleented it with VirexFPGA. In this paper, we have done any different facilitieswith a odied version of AES.
The rest of the paper is organized as follows: Section II isconceed with explanation of the encrption process with our
proposed odication. In section III, the decrption process isdisplayed. Section IV deal with the VHDL soware
ipleentation of the odied AES
.S
ection V provides theFPGA hardware ipleentation of encrption/decrptionsyste. In section VI, the obtained results and verication aregiven with soe requred discussion. Section I suarize theain conclusions.
II. ENCRYPTON ROCSS
The ow chart of this process is illusated in Figure 1 [3]. Itcontains a nuber of ansfoations applied sequentially on adata block in a xed nuber of rounds (Nr). This Nr dependson the length of the encrption key.
A. Bytes Substitution Transformation
Bytesub (state) is a non-linear substitution of bytes thatoperates independently on each byte of the state using asubstitution table (S-Box) [4]. The state is four rows of bytes
that the inteal operations of AES are perfored on it. Theapplication of the S-Box to each byte of the state is shown in
7/26/2019 06998769
http://slidepdf.com/reader/full/06998769 2/6
The First International Conference of Electrical, Communication, Computer, Power and Control Engineering ICECCPCE'13/December17-18, 2013
AddRoundKe( )
BteS ub( )
S hiRow( )
MixColn( )
AddRoundKe( )
S hiRow( )
AddRoundKe( )
Figure Encryption rocess
Figure 2 [1].
, ,1 , , ', ',1 ', ',
1, 1,1 1, 1, Nw \ \,1 \ \
, ,1 �
8x .
',1 ', ',:.
, ,1 , , ', .,1 ', ',
Figure 2 Bytes substitution using the S-Box
The proposed odication in AES is described in Figure 3.
S-Box Value (i) Key(i)
Constant
New S-Box Value (i)
Figure Modication in AE
The proposed AES involves the creation of new S-Box andinverse S-Box depending on Figure 3 as given in Figures 4and Figure 5. Each value of the old S-Box is odied toobtain new values for S-Box. The constant value (secret
nuber) is ultiplied (ANDed) with key nuber and the result is added to the old S-Box value. As an exaple, ifS=[63] then the substitution value is obtained by theintersection of row 6 with colun 3 in the S-Box to get thevalue S\=[]. Aer applying of the odied operation,
then S\ = [a6]. To recover the encrypted data, an inverseof the new S-Box is perfored and then the decryption
process continued. It is difcult to decrpt cipher text withoutadopting the correct key used in the generation of the S-Box.
7< 5d 56 A' 7 2 E 2 f 55 6 E1 F6 . 0
OS 9d D6 2D Db 5 7 82 A 80 6 8b 6d Of
A E2 7 17 E Ed IS . F. 0 6, C7 2 0.
lb EO 3, ' 45 B7 1 85 18 33 9f 86 4 7 93 542 9 9 8f f 7b F7 2 b 6 C2 AS
72 C, 2 F2 f E 2b 75 D Al 26 6b 5 79 "
Cf F F, A6 62 52 2 D 5. 5 2 C d 61 B, F5
7 6 5 A, d " 27 . A A9 C5 E D2 Cd
9 F C. 5b 99 B 5' C 2
7f 9, S Fd d 5 f 97 59 Fl f b Ff 2. C
Bd 2d 25 57 ld 9 5 Dd C B 7d Fb 66
F 07 9 k F 51 d 9 Eb Cb 65 Bl Ad
E7 67 7 7 89 Ab 92 C9 7 29 16 A2 9 95
6f 9b b 69 5, E9 7, 6 9 A7 0 2 C
C D9 7 76 C6 D. 85 J 22 8 Ef . 7 2
Dl 96 2 A F9 If 77 6 6 ' 9! b 9. m
Fgure The New S-Box
Cb E9 0 C IS A6 7 2 7 Ff 2 f 9b F. 9.
Fb 07 F 56 2 2 AS 6 b A 25 F6
52 . 6. 9 A2 5b 76 C. 9, 57 66 Al 2 Ad 7< 6 9 b 95 B 0 2 9 7b 5
9d d A7 " . 7 0. B9 Ed Fd E B 592 86 65 5d f m 2 A 6 9 6 6 69 J OS .
F 6d 6 Bd A C D9 D Sf f 2 0
7 C2 S C S 5 E F7 C9 5, d 6 Ab D 9
82 7 Ef I. E 7 F9 E2 B7 2 . 22 7 k 96
C7 C, Cf F2 97 Db F, D! 9! .F 5. Cd 7 9 f 6 2 79 D2 C6 8 8f 7
lb B, l A4 Eb E7 b 5 9 C5 2 ld 75 A 6,
E d Of 9f 7. 5 2d 6b C 5 8b A9 7f 51 6
2b F 7, f 59 2 B1 67 El E6 A Dd If
7d ' 2 55 7 72 C 26 D6 77 8. 2 27 b
6 99 5 B5 6f d B F5 2. A, F1 9 62 9
Fgure 5 The New Inverse S-Box
B. Sht Rows Transformation
ShRows akes the bytes in the last tree rows of thestate to be cyclically le shied by 1, 2, and 3 bytes for the2 , 3
, and 4 rows (the rst row is not shied) [1] . It proceeds as follows:
Src=Sr c+shrNb mo Nb for r < and c <
Where is nuber of bytes in each row of the state array,which is block length divided by 32.
For =4, shi(,4)= , shi(2,4)=2, shi(3,4)=3, as shown inFigure 6.
, ,1 , , , ,1 , ,
1, 1,1 1, 1,
1,1 1, 1, 1,ShiftRows
, ,1 , , , , , ,1
, ,1 , , , , ,1 ,Fgure 6 Sh rows transformatOn
Ming of Columns Transformation
It is based on Galois eld (GF) ltiplication. Each byte of acolun is replaced with another value that is a nction of allfour bytes in the given colun. As a result of theMixColumnO ansfoation, the four bytes in a colun are
replaced by the following four bytes [1] :
S'=({02}.S) ({03}.S) S S
7/26/2019 06998769
http://slidepdf.com/reader/full/06998769 3/6
The First International Conference of Electrical, Communication, Computer, Power and Control Engineering ICECCPCE'13/December17-18, 2013
S' =S S ({02}.S ) ({03}S )
S'=({03}.S) S S ({02}.S )
How to calculate: {02. S } and {03. S }?
The ultiplication by 02 (which is equivalent to ltiplication by x) can be ipleented as a 1 bit le shi followed by a bitwise XOR with (0001 1011) if the leost bit of theoriginal value before the shi is 1.
Examples
• {d4}.{02}=1101 0100«1 (le shi by 1)
=1010 1000 0001 1011
=1011 0011=[b3]
• {03}.{b
bf=1011 1111
03=11 = 10
Then:
{03}. {b={}.{1011 111}
={011 1111. }{1011 1111.01}
={ 0111 1110 1011 111}1 1011
=1101 1010= [da]
D. Addiion of Round Key Transformation
In AddRoundKey ( transfoation, a round key is added to the state by a bitwise XOR. Each round key contains Nbwords obtained o the key schedule generation odule.These Nb words ae each added with the coluns of the stateas follows [1]:
{S/ S/ S/ S/ j- {S S S S jwO 2 3 - 0, 2 3 +
Where =round no. *Nb; c <; Wi are the key generatedwords which will be explained in the next section. The initial round key addition occs at round 0 before the rstapplication of the round nction ( round < Nr
E. Key Schedual Generation
A round key is an Nk words array obtained as follows: each byte of the previous round key is XORed with a constant thatdepends on the current round, and the result of the S-Box
lookup for Wi to constitute the next round key. The rst round key is the original user key. The Nb, Nk and Nr for 128 bit AES is 4, 4 and 10 respectively [1] .
. DECRYPTION ROCESS
The ow chart of this process is shown in Figure 7 [3]. It is adrect inverse of the encrption process. Hence, all the transforations applied for encrption are inversel
applied todecrption. The last round values (data an
key) forencrption ae the rst rod values for decrption andfollows in descending order.
InvByteS ub( )
InvS hiRow( )
InvMixColun( )
AddRoundKey( )[i*Nb]
W[O]
Figure 7 ecryption rocess
A. Inverse Bytes Substiution Transformation
InvSubByte ( is the sae as for encryption with replacing the new S-Box with the new inverse S-Box of Figure 5.
B. Inverse Sh Rows TransformationInvShRows does the sae nction of the ShRows but the bytes the last tee rows of the state are cyclica
ly
right shied. Hence, this ansforation proceeds as follows:
Sr c+shrNb mo Nb = Src for O r <4 and O c<Nb
Inverse Ming of Columns Transformation
As a result of the InvMColumnO transfoation, the four bytes in a colun are replaced by the following four bytes:
S'=({e}.S) ({ b}.S") ({d.S ) ({09.S)
S=({09}.S) ({e}.S") ({ b.S ) ({d.S)
S' =({d}.S) ({09}.S") ({e.S ) ({ b.S)
S'=({ b}.S) ({d}.S") ({09.S ) ({eS)
V. VHDL OFTWARE MPEMENTATION
VHDL is used because of its exibility to exchange aongenvironents. ModelSi-Altera S tarter Edition Soware forQuartus II [6] is used for siulation and optiization of thestrctural VHDL code. This soware is adopted for writing,
7/26/2019 06998769
http://slidepdf.com/reader/full/06998769 4/6
The First International Conference of Electrical, Communication, Computer, Power and Control Engineering ICECCPCE'13/December17-18, 2013
debugging and optzmg effors, tting, siulating andchecking the perfoance. A coplete VHDL code is written
to satis all the required operations of the AES algorith.
V. FGA HARWARE MPEMENTATION
FPGA is an integrated circuit that can be recongured withina action of second to perfo different nctions. FPGAconsists of thousands of congurable logic blocks (CLBs)conected by prograable interconnections to constitutedigital circuits [7] suitable for ebedded systes. Forcrptography, FPGA provides an alternative to ApplicationS pecic Integrated Circuits (ASICs). Ipleentation of AES
with FPGA has any advantages as copared toipleentation with ASICs such as: shorter design cycle;cheap CAD tools, verication, and testing; fast, low cost,ulti reprograing, and ulti architectures can besatised; high accuracy design. Fro a very large nuber ofFPGA failies, we have chosen cyclone IV faily oAltera (Figure 8) for ipleenting our hardware AES
encryption/decryption syste because it has advancedfeatures that ae useful for our application beyond traditionalLUTs and registers.
Figure 8: hoto of the FGA Kit
The coplete hardware ipleentation of the cipheringsyste is shown in Figure 9.
Plaintext/Cipher text 128 bit
CLK
En=1 or 0
CLK2
SecretKey 128
bit
Output (128 bits)EncryptionDecrption
r:__ .
_ _
.
8 bit Key Input
Key ScheduleGeneration
Figure 9 AE Hardware Implementation
V. ESTS AN DISCUSSION
A coplete VHDL code is written for encryption anddecrption of our odied AES algorit. The results are
based on siulations o the Altera ModelSi forQuartusII. The top odule results are applied on Cyclone IVEP4CE22F17C6N FPGA device.
A. Fitter Summary for Encryption
Logic utilization
Combiaional ALUTs
Mey L
Ddiae logi regis
3%
9,816/38,0 (26 % )
0/9000 0%
,438,0033 %64oal gse s
oal pins
oal viual pins
oal lc k oy is
DSP lck 18-� een
oal PLLs
oal LLs
385 488 ( 79% )o78
240/5 455 872 14%
0/384 (%)
0/4%)
0/4%)
B. ming Summa for Encption
Type Slac Requir ed e
Wost-case tsu -. ns 2. ns
Wo t-case tco s s
Wostcase th 4 ns 2 ns
Clock Se up: 'lk' s 4 MHz ( pe id 25 s )
Clock Hod ' s 40 MHz ( pe id 250 s )
otal nmbe f failed pahs
ter Summa for Decryption
Logc u tilza ion
Combiata ALUTs
Memoy AUs
Dedca ed logc regste
Toal eis te
Toal pins
Toal vtal ins
Toal block meoy bis
DSP lo 8-b elee s
Toal PLs
Toal DLLs
%
5438004 ,00 0 %
1 3805%
38 4887%
o
778445874%
384%
4 0%
4 0%
D. ming Summa for DecptionT e Slack Required TmeWorst-cae tsu 0.097 n 3.000 ns
Worstcae to 0129n 5.000 nsWorstcae th 0.08 n 2.000 s
Cck Set
p
l 443 40.0 MHz pe
ri
o
d
- 0
od : '' 0329n 40000 Mz ( period = 250
T
t
al mber of fed pths
E. Simulation Inputs/Outputs for Encryption/Decryption
The input plaintext, cipher key, round keys, round states, and the nal output cipher text of the encryption stage are
7/26/2019 06998769
http://slidepdf.com/reader/full/06998769 5/6
The First International Conference of Electrical, Communication, Computer, Power and Control Engineering ICECCPCE'13/December17-18, 2013
siulated in Figure 10. Also, the input cipher text, cipher key, round keys, round states, and the nal output plaintext of the decryption stage are siulated in Figure II
I wave - de fut-
File Ed Vew Add Format Tos Wind w
Figure 0 he Encryption tage Inputs/utputs
! wav e d ul
l d Vw Add m l ind w
-
Figure he decryption stage Inputs/utputs
-.
�
7/26/2019 06998769
http://slidepdf.com/reader/full/06998769 6/6
The First International Conference of Electrical, Communication, Computer, Power and Control Engineering ICECCPCE'13/December17-18, 2013
. ONCUSIONS
A odied version of AES algorit was ipleented witha pipelined architecture. Optiized and synthesizable VHDLcode is developed for the building of AES
encryption/decrption syste. Each code segent is testedindividually with saple vectors and output results are
perfect with iniu sall tie delay and iniized area.This VHDL code is downloaded in an Altera Cyclone IVFPGA kit to get ebedded hardware equipent for cipherand inverse cipher syste ready to be used in anycounication, network, or control systes.
EFERENCES
[1] FIPS Publication 197, "Advanced Encryption Standard",November 26, 200.
[2] S. E Adib and N. Raissouni, "ES Encryption Algorithm Hardware Implementation: Throughput and area Comparison of128, 192, and 256-bits Key", IJES, Vol., No.2, pp. 67�74,2012.
[3] R. Manteena, "A VHDL Implementation of Advanced Encryption Standard-Rijndael Algorithm", M.Sc. thesis,University of South Florida, 2004.
[4] H. M. Azzawi, "A proposed Algorithm to Improve the Securitylevel of Advanced Encryption Standard", Iraqi Journal of Applied Physics, Vol. 8, No. 4, pp. 29�32, 2012.
[5] K. Lala, et al., "Enhanced Throughput ES Encryption", JECSE,Vol. 1, No. 4, pp. 2132�2137.
[6] D. Tietz, "Quartus and ModeSim", Department of Electrical andComputer Engineering, University of Florida.
[7] A. M. Deshpande et al. "FPGA Implementation of AES Encryption and Decryption", International Conference on
Control, Automation, Communication, and EnergyConservation, 4 �6 June 2009, India.