06998769

7/26/2019 06998769

http://slidepdf.com/reader/full/06998769 1/6

The First International Conference of Electrical, Communication, Computer, Power and Control Engineering ICECCPCE'13/December17-18, 2013

FPGA Implementation of a Modied AdvancedEncryption Standard Algorithm

Ali A AedDepartent of Coputer Engineering

University of Basra, IAQaaad baahoo com

Absr- In this paper, a method to improve the security levelof advanced encryption standard (AES) algorithm is proposed.The proposed algorithm, which is based on the standard AES,

increases the complexity of the encryption process leading to amore dicultness against attacking and decryption of theplaintext without using the correct encryption key. The researchinvestigates the AES algorithm with regard to Field

Programmable Gate Array (FPGA) and the Very High Speed

Integrated Circuit Hardware Description Language (VHDL).ModelSim-Altera Starter Edition Soware for Quartus II isused for simulation and optimization of the structural VHDL

code. All the required transformations of the encryption anddecryption processes are done using a pipelined cyclic designmethod to minimize hardware consumptions. The pipelineddesign is implemented on Altera Cyclone IV family of FPGA

devices and a good throughput is achieved with minimal area.

Kyrds Encryption, Decryption, AES, FPGA, VHDL

I. INTRODUCTON

The National Institute of S tandards and Tecnology(NIST) decided proposals for the AES algorit. The AES,

which is a Federal Infoation Processing S tandad (FIPS), isa crptographic algorit ipleented to protect eleconicdigital data against attacking and it is widely accepted due toits strong encrption, sophisticated processing and its

resistance to Brte-force attack [1] . It is a 128-bit syetric block cipher that can encipher and decipher digitalinforation. Encrption converts data to unintelligible foatcalled cipher text. Decrption of the cipher text leads to retu

back data to its original plaintext. The crptographic key thatcan be adopted in AES is 128, 192, or 256 bits length [1].Although key size deteines the level of secit, aea and power consuption becoes crucial especially in ebedded hardware in obile devices [2].

In this paper, the Rijndael algorit is adopted since it had the best overall scores in securit, perforance, eciency,exibilit, and ipleentation abilit [3]. The hardwareipleentation of the Rijndael algorit can provide either

high perfoance or low cost for specic applications. Forsoe counication systes or servers, it is not favorable to

Ali A JawadDepartent of Electrical Power,Tecnical College, Basra, IQ

alijwdail com

lose processing speed, which degrades the eciency of thesyste during runing of the crptographic algorit insoware. Hence, a low cost and sall design FPGAcrptographic card will be designed. The trade-off betweenlevel of securit, troughput and area consuption depends on

requred need [2]. This card can be used in sart applicationsallowing a wide range of secure equipent.

In spite of the any works on AES and FPGA design of this crptography algorit but it can rther iproved. In [3], the classical AES is ipleented without any odication. In[4], a odication in AES is done but it is prograed withMA TLAB leading to a non-reduced aea logic design. Theauthor of [5] ied to apply the pipeline principle to theclassical AES algorit and ipleented it with VirexFPGA. In this paper, we have done any different facilitieswith a odied version of AES.

The rest of the paper is organized as follows: Section II isconceed with explanation of the encrption process with our

proposed odication. In section III, the decrption process isdisplayed. Section IV deal with the VHDL soware

ipleentation of the odied AES

.S

ection V provides theFPGA hardware ipleentation of encrption/decrptionsyste. In section VI, the obtained results and verication aregiven with soe requred discussion. Section I suarize theain conclusions.

II. ENCRYPTON ROCSS

The ow chart of this process is illusated in Figure 1 [3]. Itcontains a nuber of ansfoations applied sequentially on adata block in a xed nuber of rounds (Nr). This Nr dependson the length of the encrption key.

A. Bytes Substitution Transformation

Bytesub (state) is a non-linear substitution of bytes thatoperates independently on each byte of the state using asubstitution table (S-Box) [4]. The state is four rows of bytes

that the inteal operations of AES are perfored on it. Theapplication of the S-Box to each byte of the state is shown in

7/26/2019 06998769



AddRoundKe( )

BteS ub( )

S hiRow( )

MixColn( )

AddRoundKe( )

S hiRow( )

AddRoundKe( )

Figure Encryption rocess

Figure 2 [1].

, ,1 , , ', ',1 ', ',

1, 1,1 1, 1, Nw \ \,1 \ \

, ,1 �

8x .

',1 ', ',:.

, ,1 , , ', .,1 ', ',

Figure 2 Bytes substitution using the S-Box

The proposed odication in AES is described in Figure 3.

S-Box Value (i) Key(i)

Constant

New S-Box Value (i)

Figure Modication in AE

The proposed AES involves the creation of new S-Box andinverse S-Box depending on Figure 3 as given in Figures 4and Figure 5. Each value of the old S-Box is odied toobtain new values for S-Box. The constant value (secret

nuber) is ultiplied (ANDed) with key nuber and the result is added to the old S-Box value. As an exaple, ifS=[63] then the substitution value is obtained by theintersection of row 6 with colun 3 in the S-Box to get thevalue S\=[]. Aer applying of the odied operation,

then S\ = [a6]. To recover the encrypted data, an inverseof the new S-Box is perfored and then the decryption

process continued. It is difcult to decrpt cipher text withoutadopting the correct key used in the generation of the S-Box.

7< 5d 56 A' 7 2 E 2 f 55 6 E1 F6 . 0

OS 9d D6 2D Db 5 7 82 A 80 6 8b 6d Of

A E2 7 17 E Ed IS . F. 0 6, C7 2 0.

lb EO 3, ' 45 B7 1 85 18 33 9f 86 4 7 93 542 9 9 8f f 7b F7 2 b 6 C2 AS

72 C, 2 F2 f E 2b 75 D Al 26 6b 5 79 "

Cf F F, A6 62 52 2 D 5. 5 2 C d 61 B, F5

7 6 5 A, d " 27 . A A9 C5 E D2 Cd

9 F C. 5b 99 B 5' C 2

7f 9, S Fd d 5 f 97 59 Fl f b Ff 2. C

Bd 2d 25 57 ld 9 5 Dd C B 7d Fb 66

F 07 9 k F 51 d 9 Eb Cb 65 Bl Ad

E7 67 7 7 89 Ab 92 C9 7 29 16 A2 9 95

6f 9b b 69 5, E9 7, 6 9 A7 0 2 C

C D9 7 76 C6 D. 85 J 22 8 Ef . 7 2

Dl 96 2 A F9 If 77 6 6 ' 9! b 9. m

Fgure The New S-Box

Cb E9 0 C IS A6 7 2 7 Ff 2 f 9b F. 9.

Fb 07 F 56 2 2 AS 6 b A 25 F6

52 . 6. 9 A2 5b 76 C. 9, 57 66 Al 2 Ad 7< 6 9 b 95 B 0 2 9 7b 5

9d d A7 " . 7 0. B9 Ed Fd E B 592 86 65 5d f m 2 A 6 9 6 6 69 J OS .

F 6d 6 Bd A C D9 D Sf f 2 0

7 C2 S C S 5 E F7 C9 5, d 6 Ab D 9

82 7 Ef I. E 7 F9 E2 B7 2 . 22 7 k 96

C7 C, Cf F2 97 Db F, D! 9! .F 5. Cd 7 9 f 6 2 79 D2 C6 8 8f 7

lb B, l A4 Eb E7 b 5 9 C5 2 ld 75 A 6,

E d Of 9f 7. 5 2d 6b C 5 8b A9 7f 51 6

2b F 7, f 59 2 B1 67 El E6 A Dd If

7d ' 2 55 7 72 C 26 D6 77 8. 2 27 b

6 99 5 B5 6f d B F5 2. A, F1 9 62 9

Fgure 5 The New Inverse S-Box

B. Sht Rows Transformation

ShRows akes the bytes in the last tree rows of thestate to be cyclically le shied by 1, 2, and 3 bytes for the2 , 3

, and 4 rows (the rst row is not shied) [1] . It proceeds as follows:

Src=Sr c+shrNb mo Nb for r < and c <

Where is nuber of bytes in each row of the state array,which is block length divided by 32.

For =4, shi(,4)= , shi(2,4)=2, shi(3,4)=3, as shown inFigure 6.

, ,1 , , , ,1 , ,

1, 1,1 1, 1,

1,1 1, 1, 1,ShiftRows

, ,1 , , , , , ,1

, ,1 , , , , ,1 ,Fgure 6 Sh rows transformatOn

Ming of Columns Transformation

It is based on Galois eld (GF) ltiplication. Each byte of acolun is replaced with another value that is a nction of allfour bytes in the given colun. As a result of theMixColumnO ansfoation, the four bytes in a colun are

replaced by the following four bytes [1] :

S'=({02}.S) ({03}.S) S S

7/26/2019 06998769



S' =S S ({02}.S ) ({03}S )

S'=({03}.S) S S ({02}.S )

How to calculate: {02. S } and {03. S }?

The ultiplication by 02 (which is equivalent to ltiplication by x) can be ipleented as a 1 bit le shi followed by a bitwise XOR with (0001 1011) if the leost bit of theoriginal value before the shi is 1.

Examples

• {d4}.{02}=1101 0100«1 (le shi by 1)

=1010 1000 0001 1011

=1011 0011=[b3]

• {03}.{b

bf=1011 1111

03=11 = 10

Then:

{03}. {b={}.{1011 111}

={011 1111. }{1011 1111.01}

={ 0111 1110 1011 111}1 1011

=1101 1010= [da]

D. Addiion of Round Key Transformation

In AddRoundKey ( transfoation, a round key is added to the state by a bitwise XOR. Each round key contains Nbwords obtained o the key schedule generation odule.These Nb words ae each added with the coluns of the stateas follows [1]:

{S/ S/ S/ S/ j- {S S S S jwO 2 3 - 0, 2 3 +

Where =round no. *Nb; c <; Wi are the key generatedwords which will be explained in the next section. The initial round key addition occs at round 0 before the rstapplication of the round nction ( round < Nr

E. Key Schedual Generation

A round key is an Nk words array obtained as follows: each byte of the previous round key is XORed with a constant thatdepends on the current round, and the result of the S-Box

lookup for Wi to constitute the next round key. The rst round key is the original user key. The Nb, Nk and Nr for 128 bit AES is 4, 4 and 10 respectively [1] .

. DECRYPTION ROCESS

The ow chart of this process is shown in Figure 7 [3]. It is adrect inverse of the encrption process. Hence, all the transforations applied for encrption are inversel

applied todecrption. The last round values (data an

key) forencrption ae the rst rod values for decrption andfollows in descending order.

InvByteS ub( )

InvS hiRow( )

InvMixColun( )

AddRoundKey( )[i*Nb]

W[O]

Figure 7 ecryption rocess

A. Inverse Bytes Substiution Transformation

InvSubByte ( is the sae as for encryption with replacing the new S-Box with the new inverse S-Box of Figure 5.

B. Inverse Sh Rows TransformationInvShRows does the sae nction of the ShRows but the bytes the last tee rows of the state are cyclica

ly

right shied. Hence, this ansforation proceeds as follows:

Sr c+shrNb mo Nb = Src for O r <4 and O c<Nb

Inverse Ming of Columns Transformation

As a result of the InvMColumnO transfoation, the four bytes in a colun are replaced by the following four bytes:

S'=({e}.S) ({ b}.S") ({d.S ) ({09.S)

S=({09}.S) ({e}.S") ({ b.S ) ({d.S)

S' =({d}.S) ({09}.S") ({e.S ) ({ b.S)

S'=({ b}.S) ({d}.S") ({09.S ) ({eS)

V. VHDL OFTWARE MPEMENTATION

VHDL is used because of its exibility to exchange aongenvironents. ModelSi-Altera S tarter Edition Soware forQuartus II [6] is used for siulation and optiization of thestrctural VHDL code. This soware is adopted for writing,

7/26/2019 06998769



debugging and optzmg effors, tting, siulating andchecking the perfoance. A coplete VHDL code is written

to satis all the required operations of the AES algorith.

V. FGA HARWARE MPEMENTATION

FPGA is an integrated circuit that can be recongured withina action of second to perfo different nctions. FPGAconsists of thousands of congurable logic blocks (CLBs)conected by prograable interconnections to constitutedigital circuits [7] suitable for ebedded systes. Forcrptography, FPGA provides an alternative to ApplicationS pecic Integrated Circuits (ASICs). Ipleentation of AES

with FPGA has any advantages as copared toipleentation with ASICs such as: shorter design cycle;cheap CAD tools, verication, and testing; fast, low cost,ulti reprograing, and ulti architectures can besatised; high accuracy design. Fro a very large nuber ofFPGA failies, we have chosen cyclone IV faily oAltera (Figure 8) for ipleenting our hardware AES

encryption/decryption syste because it has advancedfeatures that ae useful for our application beyond traditionalLUTs and registers.

Figure 8: hoto of the FGA Kit

The coplete hardware ipleentation of the cipheringsyste is shown in Figure 9.

Plaintext/Cipher text 128 bit

CLK

En=1 or 0

CLK2

SecretKey 128

bit

Output (128 bits)EncryptionDecrption

r:__ .

_ _

.

8 bit Key Input

Key ScheduleGeneration

Figure 9 AE Hardware Implementation

V. ESTS AN DISCUSSION

A coplete VHDL code is written for encryption anddecrption of our odied AES algorit. The results are

based on siulations o the Altera ModelSi forQuartusII. The top odule results are applied on Cyclone IVEP4CE22F17C6N FPGA device.

A. Fitter Summary for Encryption

Logic utilization

Combiaional ALUTs

Mey L

Ddiae logi regis

3%

9,816/38,0 (26 % )

0/9000 0%

,438,0033 %64oal gse s

oal pins

oal viual pins

oal lc k oy is

DSP lck 18-� een

oal PLLs

oal LLs

385 488 ( 79% )o78

240/5 455 872 14%

0/384 (%)

0/4%)

0/4%)

B. ming Summa for Encption

Type Slac Requir ed e

Wost-case tsu -. ns 2. ns

Wo t-case tco s s

Wostcase th 4 ns 2 ns

Clock Se up: 'lk' s 4 MHz ( pe id 25 s )

Clock Hod ' s 40 MHz ( pe id 250 s )

otal nmbe f failed pahs

ter Summa for Decryption

Logc u tilza ion

Combiata ALUTs

Memoy AUs

Dedca ed logc regste

Toal eis te

Toal pins

Toal vtal ins

Toal block meoy bis

DSP lo 8-b elee s

Toal PLs

Toal DLLs

%

5438004 ,00 0 %

1 3805%

38 4887%

o

778445874%

384%

4 0%

4 0%

D. ming Summa for DecptionT e Slack Required TmeWorst-cae tsu 0.097 n 3.000 ns

Worstcae to 0129n 5.000 nsWorstcae th 0.08 n 2.000 s

Cck Set

p

l 443 40.0 MHz pe

ri

o

d

- 0

od : '' 0329n 40000 Mz ( period = 250

T

t

al mber of fed pths

E. Simulation Inputs/Outputs for Encryption/Decryption

The input plaintext, cipher key, round keys, round states, and the nal output cipher text of the encryption stage are

7/26/2019 06998769



siulated in Figure 10. Also, the input cipher text, cipher key, round keys, round states, and the nal output plaintext of the decryption stage are siulated in Figure II

I wave - de fut-

File Ed Vew Add Format Tos Wind w

Figure 0 he Encryption tage Inputs/utputs

! wav e d ul

l d Vw Add m l ind w

-

Figure he decryption stage Inputs/utputs

-.

�

7/26/2019 06998769



. ONCUSIONS

A odied version of AES algorit was ipleented witha pipelined architecture. Optiized and synthesizable VHDLcode is developed for the building of AES

encryption/decrption syste. Each code segent is testedindividually with saple vectors and output results are

perfect with iniu sall tie delay and iniized area.This VHDL code is downloaded in an Altera Cyclone IVFPGA kit to get ebedded hardware equipent for cipherand inverse cipher syste ready to be used in anycounication, network, or control systes.

EFERENCES

[1] FIPS Publication 197, "Advanced Encryption Standard",November 26, 200.

[2] S. E Adib and N. Raissouni, "ES Encryption Algorithm Hardware Implementation: Throughput and area Comparison of128, 192, and 256-bits Key", IJES, Vol., No.2, pp. 67�74,2012.

[3] R. Manteena, "A VHDL Implementation of Advanced Encryption Standard-Rijndael Algorithm", M.Sc. thesis,University of South Florida, 2004.

[4] H. M. Azzawi, "A proposed Algorithm to Improve the Securitylevel of Advanced Encryption Standard", Iraqi Journal of Applied Physics, Vol. 8, No. 4, pp. 29�32, 2012.

[5] K. Lala, et al., "Enhanced Throughput ES Encryption", JECSE,Vol. 1, No. 4, pp. 2132�2137.

[6] D. Tietz, "Quartus and ModeSim", Department of Electrical andComputer Engineering, University of Florida.

[7] A. M. Deshpande et al. "FPGA Implementation of AES Encryption and Decryption", International Conference on

Control, Automation, Communication, and EnergyConservation, 4 �6 June 2009, India.

06998769

Documents

Transcript of 06998769