Encryption / Decryption on FPGA
Final PresentationWritten by: Daniel Farcovich ID. 303710388
Saar Vigodskey ID. 039608153Advisor: Mony Orbach
Summer Semester 2011 (August – December)
Project Goal• Creation of data cryptography system using hardware
components of type FPGA DE2-110 with cyclone II
EP2C35 device, designated to external memory
devices such as Disk-On-Key
• The system will encrypt the data efficiently according
to standard encryption algorithms, which are being
used by the private sector.
• The encryption will be symmetric or asymmetric and
made by keys.
Algorithm DescriptionMost of the AES calculations are made through 10 rounds. Each round
consists 4 steps, state transformation. The state describes the current
data block as a 2D, 4X4 array of bytes. In each round a “Round Key” is
created by the key-expansion process.
AES encryption includes 4 steps:
1) SubBytes
2) ShiftRows
3) MixColumns
4) AddRoundKey
AddRoundKey SubBytes ShiftRows MixColumns AddRoundKey
SubBytes ShiftRows AddRoundKey
AddRoundKey InvShiftRows
InvSubBytes AddRoundKey Inv
MixColumns
InvShiftRows
InvSubBytes AddRoundKey
Key Expansion
data
data
encrypteddata
encrypted data
x9
x9
key
Cipher
Inverse Cipher
Full Piped ArchitectureTop Level
INPUTdata [0..127] – raw dataed – ‘0’ for encryption, ‘1’ for decryptionclk – system clockrst – high activekey[0..127] – 128 bit cryptography key
OUTPUTdata_out [0..127] – processed datavalid_out – ‘1’ when key expansion is ready
KEY EXPANSION
ENCRYPTION DECRYPTION valid data
data[0..127]ed
clk
rst
Key[0..127]
enable
valid out
data out[0..127]valid data out
Round Module
Cryptography direction determined using ‘e_d’ signal. When encryption (decryption) is needed, the decryption (encryption) components are not active.
SUBBYTES & INV_SUBBYTES
e/dclken
S_in[0..127]SHIFTROWS
INV SHIFTROWS
MIXCOLUMNS
INV MIXCOLUMNS
round_key[0..127]
round_out[0..127]
ADDROUNDKEY
ADDROUNDKEY
128
128128
0
1
AES Compilation Summery
Post Synthesis Simulation
Expanded key is ready
Data input
1. Set key.2. Reset3. Key expansion process (40 cycles)4. System is ready to receive data, set data.5. Each cycle set 128 input data.6. First output is given after 10 cycles from step 4.
Post Synthesis Simulation
Timing AnalysisAccording to Quartus the clock frequency is 57.8MHz.After some testings, the system operates as needed at 50MHz.
Throughput: processing 6.4 * 10^9 bit/sec or 763 Mbytes/SecFor comparison, software implementation of AES algorithm on Pentium M 1.7GHz reaches 60Mbytes/sec.
Latency: each block goes through 10 rounds in AES. Each round lasts 20nsec.Therefor the latency is 0.2µsec.
Testing and verification
Vhdl editor
Modelsim simulation
Post synthesis simulation
ok
synthesis
ok
Testing using Signaltap
and memory sampling
program
ok
yes yes yes
end
start
no
no
no
• The verification was done using Example Vectors taken from the AES standard and typical inputs.
• The final test is to encrypt data using the encryption block and to decrypt the output using the decryption block and compare the result with the original data.
DE2
FPGA
Testing Environment
SRAM
Verification System
Verification Waveform
2 rounds as previously described.A: FIFO_IN is filled with data from SRAM.B: Expanded key is calculated, encryption/decryption is being performed. Calculated data is written to FIFO_OUT.C: Data is written from FIFO_OUT to SRAM.
Verification Process• Writing test pattern to SRAM using DE2 Control Panel Program.• Running Encryption and Decryption.• Comparing original data and decrypted data.• Tests were performed with different keys.• Patterns used in tests:
o Random text from the web.o Random values.o Incremental Values (0123456789ABCDEF)o Decremental Values (FEDCBA9876543210)o Constant Values (7777…)o Test Vectors from standard (3243F6A8885A308D313198A2E0370734).
Bugs1. Dual Port ROM – bug was found in Modelsim Gate Level simulation. Second data
output changes one cycle later than expected. No problems were found during verification. The bug is only at Gate Level simulation.
Bugs2. Inverted FIFO Values – FIFO components show inverted words in output blocks. for example:
:0000 0001 0002 0003 0004 0005 0006 0007 0008 0009 000A 000B 000C 000D 000E 000FBlock x Block y
Expected arrangment
The solution was correction component attached to the FIFO, which reorganized the words inside the block.
:0007 0006 0005 0004 0003 0002 0001 0000 000F 000E 000D 000C 000B 000A 0009 0008Block x Block y
Actual arrangment
Conclusions• All project goals were reached.• Before implementation, an architecture has to be designed,
and compared to different possible implementations.• Always check if the best architecture fits the FPGA area.• During coding, use the coding guidelines according to the
FPGA manufacturer.• Code robustness – keep the code simple. Code changes with
little affect on other code parts.• Plan the project timetable, and allow enough time for testing
and debug (at least as long as the design took).
Top Related