Seventh IEEE/ACIS International Conference on Computer and Information Science

Implementation of a model of Conventional Encryption

using Hardware Description Language
G.M. Bhat1, M. Mustafa2, Shabir Ahmad2 and Javaid Ahmad2
1
University Science Instrumentation Center, University of Kashmir, Srinagar, India
2
Post Graduate Department of Electronics and Instrumentation Technology,
University of Kashmir, Srinagar, India
shabireltrahmad@gmail.com

Abstract: In this work, we present an This implementation is achieved using the

application based on the encryption algorithm
IDEA. The application is to encrypt the plain
text data into a cipher text by using another
plain text of fixed length. IDEA algorithm
which is a symmetric block cipher was
introduced and developed by Xueja Lai and
James Massey. The revised version of the
algorithm is so designed to be stronger, against
differential cryptanalytic attacks. IDEA is one
of the conventional encryption algorithms that
have been proposed to replace Data Encryption
Standard (DES). Furthermore, we
demonstrated the results of implementation of
IDEA structure on to a Field Programmable
Gated Array with various performance
parameters.
hardware description language VHDL and
Field Programmable Gate Array Technology
(FPGA). The approach is particularly
appropriate for packet encryption for a
proposed security meta-layer.
In the subsequent four sections, we provide a
summary of the algorithm, and the
methodology used in designing the hardware
circuitry. The results are demonstrated by the
timing diagrams and timing reports.
The details of the implementation process are
shown in sections IV, V and VI respectively.
Finally, we present a summary and our
conclusions.

Keywords:- IDEA, encryption, data security, II. THE ALGORITHM

FPGA, VHDL, architecture.
I. INTRODUCTION
In a previous work, Xueja Lai and James
Massey of the swiss federal institute have
developed a conventional encryption algorithm
that is called International Data Encryption
Algorithm (IDEA).
Basically the algorithm is a block cipher that
uses 128-bit key to encrypt data in blocks of 64
bits .The characteristics of IDEA includes
block length of 64 bit, key length of 128 bit,
confusion and diffusion. In this algorithm the
concept of diffusion is been achieved by three
different operations and each operation is been
performed on two 16 bit inputs.

In this study, we present an architecture
hardware implementation of this algorithm and
also an application of using this algorithm for
encrypting a plain text with another plain text.
The various operations are EX-OR, Addition of
integers modulo 216, Multiplication of integers
modulo 216+1. The various steps involved in
encrypting the plain text are summarized as
follows:

978-0-7695-3725-2/08 $25.00 © 2008 IEEE 1270

 
 1. From the plain text file, each character is
read and has been replaced by a predefined 8
bit code. The process is continued until 8
characters are read to have a total block length
of 64 bit.
2. 16 characters are read from another plain
text file. Each character has been replaced by a
predefined 8 bit code total of 128 bits are
obtained. These 128 bits are used as 128-bit
key.
3. The obtained 64 bit block data from the first
step is applied to the IDEA algorithm to
convert into 64 bit cipher data.
4. Obtained cipher data is written into a new
cipher text file after converting into text data.
5. The same procedure is repeated for all the
characters of plain text file.
Read 8 characters from plain
text file. Convert these
characters into predefined 8
bits each. 
The decryption process is achieved by using
the cipher text file and the same key text file
that is available to both sender and receiver in
advance. A summary of this method is shown
in Fig. 1.
III. METHODOLOGY
The architecture is designed taking into
consideration real-time applications. Recently,
there has been a worldwide competition
between various algorithms to select the most 
suitable algorithm for implementation using
FPGA. Our algorithm consisting of three 
operations XOR,  modulo addition and modulo
multiplication. Consequently appreciably short
time delays, makes it a superior candidate for
such applications. 
IV. IDEA ENCRYPTION AND DECRYPTION
64-Bit Plaintext X

Read 16 characters from key

text file. Convert these
characters into predefined 8
bits each 

Apply all the 64 bits from the

plain text file and 128 bits from
the key text file to IDEA
algorithm to obtain 64 bit
cipher data. 

Resulted cipher data is converted

into text and written into a new
cipher text file. 

Repeat the procedure for all the

characters of the text file.  64-Bit Cipher text Y
Fig.2: IDEA general structure
Fig. 1: Summary of the Encryption Algorithm

1271
 
 The encryption (decryption) subkeys are made
ready for the encryption (decryption) using the
specified functions generateEncSubKeys and
generateDecSubKeys. The encryption
(decryption) works by taking a list of elements
representing the plaintext (ciphertext) and the
private key. Then, the list of plaintext
(ciphertext) is segmented as segments of 4-
elements each element representing a 16-bit
word. These packed lists are then passed to
encryption or decryption along with the input
private key.
A functional specification of IDEA encryption
is formulated as a function encryption. The
encryption function works by firstly
segmenting the input list using the function
segs. Secondly, it maps the function
responsible for a single block encryption with
the input private key to all segmented input
list elements. The function responsible for
encrypting a single 4-element list is called
encryptSegs.
i. Single Round Specification
The main part of the IDEA algorithm consists
of the application of 8 similar rounds to the
input plaintext and the key as shown in Fig.2.
In this section we introduce the round
construct by introducing each of its building
blocks.
A round is specified as a function singleRound
with two input lists, one representing the input
block from the plaintext and the other a pack
of subkeys. A singleRound works by
composing three different functions
firstSubRound, secondSubRound, and
thirdSubRound (fig.3).
The function firstSubRound employs modular
multiplication and addition to the first 4
elements of both input lists. This function also
forwards the last two subkeys from input to
output list.

The decryption has a similar specification.

Fig.2 shows the structure and the block
diagram for the IDEA. A single 64-bit block
from the plaintext segmented as a list of 4
elements each of 16-bit inputs to this
structure. The output has a similar type, but it
represents a block from the ciphertext.

We specify the encryption of one block as the

function encryptSegs. This function firstly
packs the encryption subkeys. Then, it folds
(using the high-order-function foldl) with an
initial list xs the function singleRound
distributing the packed subkeys to each round.
Note that the function singleRound is the
formal specification of a round. The folded
output is then passed to the function
outputTransformation along with the last pack
of subkeys, giving the final output. The
function outputTransformation specifies the Figure.3: IDEA round.
output transformation stage found as the final
stage in IDEA encryption (decryption).

1272
 
 In IDEA, each plaintext bit influence every
cipher text bit. The spreading out of a single
plaintext bit over many cipher text bits hides
the statistical nature of the plaintext. This
diffusion is provided by the basic building
block of the algorithm known as the
multiplication/addition (MA) structure shown
in Fig.3. The function that specifies this
structure is called mA, and the Fig.4
multiplication/addition is done using the
functions mulMod/addMod.

The function secondSubRound employs the

function mA over two subkeys and the result
of XORing 4 elements from its own input.
A third subround is specified to complete the
scene of a whole round. This function, namely
thirdSubRound, is responsible for XORing its
inputs. Fig.5
ii. Output Transformation Specification
PLAIN TEXT INPUT:
This stage is designed to allow the decryption
India is my country. All Indians are my
to have the same structure as encryption. The
brothers and sisters. I love my country.
specification is the same as that for the
function firstSubRound.
128 bit KEY INPUT:
I LoVe India….
V.VHDL CODE
CIPHER TEXT OUTPUT:
The architecture has been implemented
SÂÅ6Û~~~¤"×ó.~~ÜôC~Á~~ï¯"~ç~x!ã_~~æ
employing VHDL hardware description
~~âåDà_I|s~p2[r~fKÿ~~~~°e~´×~~c\]˲Y~\~
language and Xilinx workstation for
?~xp½
computer-aided design (CAD). The following
Fig.6
few lines, show a sample VHDL for the
processor implementation.
CIPHER TEXT OUTPUT:
VI. SIMULATION RESULTS
SÂÅ6Û~~~¤"×ó.~~ÜôC~Á~~ï¯"~ç~x!ã_~~æ
~~âåDà_I|s~p2[r~fKÿ~~~~°e~´×~~c\]˲Y~\~
Fig. 4, shown below, illustrates the encryption
?~xp½
output for a given input bit sequence. Fig. 5,
128 bit KEY INPUT:
on the other hand, shows the output of
I LoVe India….
decryption. Fig. 6 demonstrates the output of
encryption of a text file. Fig.7 demonstrates
PLAIN TEXT INPUT:
the output of decryption of the cipher text
India is my country. All Indians are my
shown in Fig.6. All of the above Figs.4, 5 and
brothers and sisters. I love my country.
6 were obtained using Xilinx CAD
workstation. Fig.7

1273
 
 VII. CONCLUSION
Motivated by the need for a fast procedure
suitable for packet-level encryption, we have
provided a implementation of IDEA
algorithm. The distinctive features of this
implementation are as follows:
• An encryption processor is designed using
only three low-level instructions XOR,
Modulo-addition, Modulo-multiplication.
These three instructions formed the basis of
the algorithm and its hardware
implementation.
• An subkey generator is designed using three
different operations for encryption and
decryption. For encryption circular shift
operation is used and 52 subkey’s each of 16
bit is generated from an 128 bit key. For
decryption same 128bit key is used and two
operations namely multiplicative inverse,
additive inverse are used to produce 52
subkey’s of 16 bit each.
Comparing this architecture with other types
of encryption algorithm implementations, we
have demonstrated the superiority of our
algorithm in time-critical applications. Packet-
level encryption is one of these applications.
As it is well known, this technique is applied
when using public network links between two
private local area networks. This is known as
Virtual Private Networks (VPN). The
implemented processor can be integrated in
the system before the sender router and after
the receiver router with slight modifications to
the processor internal functions.
For higher degrees of data security, the
process can be repeated on the resulting
pointer file. That is using more than one round
of encryption cycles. The number of rounds
should be agreed upon by sender and receiver
before transmission begins.
1274
We believe that the algorithm and its hardware
implementation offer a prominent degree of
LAN security against any type of cipher
attacks. Moreover, the simplicity of the
approach provides a relatively minimal delay
for packet-level encryption technique.
References
[1] M. SAEB, A. BAITH, “An Encryption
Algorithm for Data Security,” Recent
Advances in Information Science &
Technology, N.E. Mastorakis, (editor), World
Scientific Publishing Company, pp. 350-354,
1998.
[2] VICTOR FISCHER, “Realization of the
Round 2 AES Candidates using Altera
FPGA,” www.micronic.sk, 2000.
[3] Ronald Rivest, “The RC5 Encryption
Algorithm,” Dr. Dobb’s Journal, #226,
pp.146-148, January, 1995.
[4] Kris Gaj and Pawel Chodowiec, George
Mason University, “Comparison of the
hardware performance of the AES candidates
using reconfigurable hardware,”
http://ece.gmu.edu/crypto-text.htm, 2000.
[5] Alfred J. Menezes et al., Handbook of
Applied Cryptography, CRC Press, 1997.
[6] A. E. Abdallah. Derivation of Parallel
Algorithms from Functional Specifications to
CSP Processes. Mathematics of Program
Construction, LNCS 947, (Springer Verlag,
1995), pages 67–96, 1995.
[7] J. Hawkins and A. E. Abdallah. Functional
process modelling. Proceedings of the 7th
IEEE International Conference on
Electronics, Circuits and Systems, December
2000.
[8] I. Damaj, J. Hawkins, and A. Abdallah.
Mapping high level algorithms onto massively
parallel reconfigurable hardware. ACS/IEEE
International Conference on Computer
Systems and Applications, pages 14–22, July
2003.
[9] Celoxica. Handel-c documentation.
http://www.celoxica.com/, 2003.
 [10] National Bureau of Standards, U.S.
Department of Commerce. Data encryption
standard, January 1977.
[11] B. Schneier. Applied Cryptography. John
Wiley and Sons, New York, 1996.
[12] X. Lai and J. Massey. A proposal for a
new block encryption standard. In
Proceedings of the EUROCRYPT 90
Conference, pages 389–904, 1990.
[13] A. Tanenbaum. Computer Networks.
Prentice Hall, Upper Saddle River, NJ, third
edition, 1997.
[14] J. Daemen, R. Govaerts, and J.
Vandewalle. Weak keys for IDEA. Springer-
Verlag, pages 224–231, 1994.
[15] William Stallings. Network Security
Essentials. Prentice Hall, third edition,
November 2002.
[16] D. Runje and M. Kovac. Universal strong
encryption FPGA core implementation. In
Proceedings of Design, Automation and Test
in Europe, pages 923–924, 1998.
[17] O. Y. H. Cheung, K. H. Tsoi, P. H. W.
Leong, and M. P. Leong. Tradeoffs in parallel
and serial implementations of the international
data encryption algorithm IDEA. Lecture
Notes in Computer Science, 2162:333, 2001.
[18] Jean-Luc Beuchat and Jean-Michel
Muller. Modulo m multiplication-addition:
Algorithms and FPGA implementation.
Electronics Letters, 40(11):654–655, May
2004.
[19] O. Mencer, M. Morf, and M.J. Flynn.
Hardware software tri-design of encryption for
mobile communication units. In Proceedings
of the 1998 IEEE International Conference on
coustics, Speech and Signal Processing,
volume 5, pages 3045–3048, 1998.

1275