Professional Documents
Culture Documents
INTRODUCTION
1.1 BACKGROUND AND OBJECTIVES:
In todays digital world, encryption is emerging as a disintegrable
part of all communication networks and information processing systems,
for protecting both stored and in transit data. Encryption is the
transformation of plain data (known as plaintext) into unintelligible data
(known as ciphertext) through an algorithm referred to as cipher. There
are numerous encryption algorithms that are now commonly used in
computation, but the U.S. government has adopted the Advanced
Encryption Standard (AES) to be used by Federal departments and
agencies for protecting sensitive information. The National Institute of
Standards and Technology (NIST) has published the specifications of this
encryption standard in the Federal Information Processing Standards
(FIPS) Publication 197. [1]
1.3.2 LANGUAGES:
The hardware model was then completely verified using a testbench,
which took advantage of the Verilogs programming feature, by
constructing random test objects and providing them to the model. Then,
the verified model was synthesized using the Synopsis Design-Compiler
tool to get an estimate of the number of gates, area and timing of the
hardware model. Finally, the performances of software and hardware
implementations were compared.
2
1.3 FINITE FIELDS:
3
In the AES, the irreducible polynomial of P(x) = x^8 + x^4 + x^3 + x
+ 1 is used to construct GF(2^8). Each element in GF(2^8) is
represented by a polynomial of degree 7, having 8 coecients in
GF(2). Furthermore, all the eld operations are carried out using the
above mentioned irreducible polynomial.
4
3. Processing of Plain text: A Block cipher processes the input one
block at a time, producing an output block for each input block. A
Stream cipher processes the input elements continuously producing
output elements on the fly.
5
Brief Overview of some known algorithms:
6
called state (shown in dotted rectangles in Figure 2.1), whose entries are
eight bits. cryptanalysis is one of the two most widely used attacks on
block ciphers; the other is differential cryptanalysis.
Differential cryptanalysis:
Differential cryptanalysis is a general form of cryptanalysis applicable
primarily to block ciphers, but also to stream ciphers. In the broadest
sense, it is the study of how differences in an input can affect the resultant
difference at the output. In the case of a block cipher, it refers to a set of
techniques for tracing differences through the network of transformations,
discovering where the cipher exhibits non-random behaviour, and
exploiting such properties to recover the secret key.
7
2.3 Analysis of symmetric-encryption Algorithms
In this section several symmetric encryption algorithms will be analyzed.
The history of the algorithms, their key sizes, block sizes, code sizes 1,
number of rounds of algorithms and security levels will be discussed. We
focus on block ciphers since they are much easier implemented in
software. Implementing in software will avoid time-consuming bit
manipulations as long as they operate on data in computer-sized blocks.
Security of AES:
Three possible approaches to attacking the AES algorithm are as follows:
Brute Force: This involves trying out all the possible private keys.
Mathematical attacks: There are several approaches, all equivalent
in effect to factoring the product of 2 primes.
Timing attacks: These depend on the running time of the
decryption algorithm.
Choosing large p and q values can prevent such attacks. Security of RSA
thus lies in choosing the value n, which makes such attacks extremely
difficult.
8
CHAPTER-2
PROJECT DESCRIPTION
9
[23], patterns that appear twice the expected probability (the second byte
bias) [14], partial message recovery [14], full key recovery attacks [4],
analysis of biased distribution of RC4 initial permutation [17], and
predicting and distinguishing attacks [13]. Knudsen et al. have attacked
versions of RC4 with n < 8 by their backtracking algorithm [11]. Fluhrer
et al. observed the most serious weakness in RC4 in [4] where RC4 was
proved to have a practical attack in the security protocol WEP.
10
schedule. The expanded key array is used with both
encryption/decryption routines and its length is dependent on the number
of rounds. The operations performed on the data blocks include bitwise
exclusive-OR of words, data-dependent rotations by means of circular
left and right rotations and Two's complement addition/subtraction of
words, which is modulo-2 w addition/subtraction, where w is the word
size in bits. They always affect a complete 16, 32 or 64-bit data block at
a time.
There are two inputs to the encryption function, which are the plain
image to be encrypted and the expanded secret key. For RC5 image
encryption, the image header is extracted from the image to be encrypted
and the image data stream is divided into blocks of 64-bit length [11].
The first 64-bit block of image is entered as the plain image to the
encryption function of RC5. The second input the RC5 encryption
algorithm is the expanded secret key that is derived from the user-
supplied secret key by the key schedule. Then, the next 64-bit plain image
block follows it, and so on with the scan
Groups:
A mathematical structure consisting of a set G and a binary operator on
G is a group if,
a, b G, if c = a b, then c G (Closure)
a (b c) = (a b) c, a, b, c G (Associative)
e G, such that a G, a e = e a = a (Identity element)
a G, a G such that, a a = a a = e. a is unique for each
a and is called the inverse of a.
11
The group is represented as G, . Additionally, a group is said to be
abelian if it also satisfies the commutative property, i.e., a, b G, if, a
b = b a.
Rings:
A Ring is a set R with two binary operations + and (Addition and
multiplication) defined on R such that the following conditions are
satisfied.
R, + is an Abelian group
a (b c) = (a b) c, a, b, c R (Associativity of )
a (b + c) = (a b) + (a c), a, b, c R (Distributivity of over
+)
12
If F is a field and V is an additive abelian group, then V is called the
vector space over F, if an operation F x V V is defined such that:
a (v + u) = av + au
(a + b) v = av + bv
a (bv) = (a.b) v
1.v = v
where, a, b F and u, v V.
The elements of F are called the scalars and the elements of V are called
the vectors.
A set S = u1, u2, , un are said to the basis of V iff all the elements of S
are linearly independent and span V. If a vector space V over a field F has
a basis of a finite number of vectors, then this number is called the
dimension of V over F.
13
Finite Fields:
A field of a finite number of elements is denoted F q or GF(q), where
q is the number
of elements. This is also known as a Galois Field.
m 1
represented as = a
i 0
i i , where ai 0, 1, 0 i m
14
The string 0, 1, 2, , m-1 is called the basis of F2m over F2. Given
such a basis, every field element can be represented as a bit string
(a0a1a2am-1). Generally two kinds of basis are used to represent binary
finite fields: polynomial basis and normal basis.
The finite field F2m is comprised of all polynomials over F2 of degree less
than m, i.e.:
F2 m = am-1xm-1 + am-2xm-2 + + a2x2 + a1x + a0 : ai 0, 1.
Thus, the elements of F2m can be represented by the set of all binary
strings of length m. The multiplicative identity 1 is represented by the bit
string (00001) and the bit string of all zeroes represents the additive
identity 0.
15
Addition: If a = (am-1am-2a2a1a0) and b = (bm-1bm-2b2b1b0) are
elements of F2m , then, c = a + b = (cm-1cm-2c2c1c0), where ci = (ai
+ bi) mod 2 = ai bi.
Multiplication: If a = (am-1am-2a2a1a0) and b = (bm-1bm-2b2b1b0)
are elements of F2m , then, c = a . b = (cm-1cm-2c2c1c0), where the
polynomial
cm-1xm-1 + cm-2xm-2 + + c2x2 + c1x + c0 is the remainder when the
polynomial
(am-1xm-1 + am-2xm-2 + + a1x + a0) (bm-1xm-1 + bm-2xm-2 + + b1x +
b0) is divided by f(x) over F2.
Inversion: If a is a nonzero element in F2m , then the inverse of a,
denoted a1, is a unique element c F2m , where a.c = c.a = 1
m 1
where F2m . Any element a F2m can be written as a = a
i0
i
i
,
where ai 0, 1.
Gaussian Normal Bases (GNB): A GNB representation of F2m exists if
there exists a positive integer T such that p = Tm + 1 is prime and
gcd(Tm/k , k) = 1, where k is the multiplicative order of 2 modulo p. The
GNB representation is called a type T GNB for F2 m .
The following operations are defined over F2 m when using a type T GNB
representation.
16
Addition: If a = (am-1am-2a2a1a0) and b = (bm-1bm-2b2b1b0) are
elements of F2m , then, c = a + b = (cm-1cm-2c2c1c0), where ci = (ai
+ bi) mod 2 = ai bi.
Squaring: Let a = (am-1am-2a2a1a0) F2m . Squaring is a linear
operation in F2 m . Hence
2
m -1
m -1 i 1 m -1
2i
a m - 1a0 a 2 a m - 2 .
i
2
a
ai
i0
ai 2
i0
a i - 1 2
i0
Hence
18
CHAPTER-3
WORKING OF PROJECT
3.1 OVERVIEW:
Cryptographic algorithms can be divided on the basis of key usage
as Symmetric and Asymmetric ciphers. In symmetric ciphers a key is
used as a parameter to the encryption algorithm which takes the data and
converts it into a random sequence of characters which have no relation
(ideally) to the original data. This random sequence of characters is
known as cipher text.
This cipher text is sent to the receiver over the medium. The receiver
then gives the same key as input to the decryption algorithm and converts
the cipher text back to the plain text. If the key used for encryption is not
the same as the key used for decryption, the cipher is asymmetric.
Asymmetric ciphers are mainly used to exchange the keys for exchanging
the symmetric keys which are used to establish a secure connection
between devices. Asymmetric ciphers are not used extensively because
they are inherently slower compared to symmetric ciphers.
19
3.2 BASIC PRIMITIVES:
20
3.2.1 Key Expansion
This routine expands the users secret key K to fill the expanded key
array S, S resembles an array of t=2(r+1) random binary words
determined by K. It uses two word-sized binary constants Pw and Qw.
3.2.2 Specifications
21
3.3 ENCRYPTION AND DECRYPTION
START
A = A+S0; B = B + S1;
Round = Round - 1
Round = 0
END
We assume that the input block is given in two w-bit registers A and
B. We also assume that key expansion has already been performed, so
that the arrays(0, t-1) has been computed. Here is the encryption
algorithm in following figure 1
22
Here in this diagram illustrates the Fiestal structure which is basic
principle of the symmetric data security process. Basic operation of RC5
encryption algorithm was discussed in chapter 1.
The third process is to mix in the users secret key in the array S and
L array.
i=j=0;
A=B=0;
Do 3*max(t,c) times;
A=S[i]=(S[i]+A+B)<<< 3;
B=L[i]=(L[i]+A+B)<<< (A+B);
i= (i+1)mod (t);
j= (j+1)mod (c);
23
3.3.2 . Initializing the array S
.S[0]=Pw;
S[i]=S[i-1]+Qw
24
CHAPTER-4
HARDWARE AND SOFTWARE USED
4.1 FPGA
A field-programmable gate array (FPGA) is an integrated circuit
designed to be configured by the customer or designer after
manufacturinghence "field-programmable".
The FPGA configuration is generally specified using a hardware
description language (HDL), similar to that used for an application-
specific integrated circuit (ASIC) (circuit diagrams were previously used
to specify the configuration, as they were for ASICs, but this is
increasingly rare). FPGAs can be used to implement any logical function
that an ASIC could perform.
4.1.1 Introduction
25
The area of field programmable gate array (FPGA) design is
evolving at a rapid pace. The increase in the complexity of the FPGA's
architecture means that it can now be used in far more applications than
before. The newer FPGAs are steering away from the plain vanilla type
"logic only" architecture to one with embedded dedicated blocks for
specialized applications.
Definitions of Relevant Terminology are
Field-programmable Device (FPD) a general term that
refers to any type of integrated circuit used for implementing digital
hardware, where the chip can be configured by the end user to realize
different designs.
26
that FPGAs were among the first semiconductor products to move to the
0.13m technology, and again recently to 90nm technology.
27
The players in the current programmable logic market are Altera,
Atmel, Actel, Cypress, Lattice, Quick logic and Xilinx. Some of the
larger and
more popular device families are: Stratix from Altera, Accelerator from
Actel, is XPGA from Lattice and Virtex from Xilinx.
Between these FPGA devices, many major electronics applications
such as communications, video, image and digital signal processing,
storage area networks and aerospace are covered.
28
Pro
Clock DCM PLL PLL Sys
management Up to 12 Up to 12 Up to 8 CLOCK
PLL up to
8
Embedded Block RAM Tri Matrix Embedded Sys MEM
memory Up to 10 Memory RAM Blocks
blocks Mbit Up to10 Up to 338K Up to 414K
Mbit
Data CLB and LEs and Logic PFU based
processing 18-bitx 18-bit embedded modules
Multipliers multipliers (C-cell &R-
cell)
Programmable Select IO Advanced Advanced Sys IO
I/O s IO Support IO Support
Special Embedded DSP blocks Per pin Sys Hs 1
features power PC405 FIFOs for for high
Cores bus speed serial
application interface
30
4.2.1 Block Diagram of the DE0 Board:
Figure 4.2 gives the block diagram of the DE0 board. To provide
maximum flexibility for the user, all connections are made through the
Cyclone IIII FPGA device. Thus, the user can configure the FPGA to
implement any system design.
31
SDRAM
One 8-Mbyte Single Data Rate Synchronous Dynamic RAM
memory chip
Supports 16-bits data bus
Flash memory
4-Mbyte NOR Flash memory
Support Byte (8-bits)/Word (16-bits) mode
SD card socket
Provides both SPI and SD 1-bit mod SD Card access
Pushbutton switches
3 pushbutton switches
Normally high; generates one active-low pulse when the switch is
pressed
Slide switches
10 Slide switches
A switch causes logic 0 when in the DOWN position and logic 1
when in the UP position
General User Interfaces
10 Green color LEDs (Active high)
4 seven-segment displays (Active low)
16x2 LCD Interface (Not include LCD module)
Clock inputs
50-MHz oscillator
VGA output
Uses a 4-bit resistor-network DAC
With 15-pin high-density D-sub connector
Supports up to 1280x1024 at 60-Hz refresh rate
Serial ports
One RS-232 port (Without DB-9 serial connector)
32
One PS/2 port (Can be used through a PS/2 Y Cable to allow you to
connect a keyboard and mouse to one port)
Two 40-pin expansion headers
72 Cyclone III I/O pins, as well as 8 power and ground lines, are
brought out to two 40-pin expansion connectors 40-pin header is
designed to accept a standard 40-pin ribbon cable used for IDE
hard drives
4. SOFTWARES USED
ModelSim-Altera Edition
33
Recommended for simulating all FPGA designs (Cyclone, Arria,
and Stratix series FPGA designs)
33 percent faster simulation performance than ModelSim-Altera
Starter Edition.
No line limitations
Buy today for $945.
34
developers and educational institutions have no overheads from the
cost of development software.
35
CHAPTER-5
IMPLEMENTATION OF ALGORITHM
5.1 OVERVIEW:
A primary objective of this project was to develop a synthesizable
model for the AES128 encryption algorithm. Synthesis is the process of
converting the register transfer level (RTL) representation of a design into
an optimized gate-level netlist. This is a major step in ASIC design flow
that takes an RTL model closer to a low-level hardware implementation.
36
Verilog Package, then the synthesis tool needs to enable the semantics
of a package. In addition, the synthesis tool needs to know if there are
multiple instances of calling an automatic function in the design, to
preserve separate values for each instance.
After this step, a 40MHz clock signal is applied to the clock port of
the root module, and the synthesis tool is programmed not to modify the
clock tree during the optimization phase. In addition, an arbitrary input
delay of 5ns with respect to the clock port is applied to all input and
output ports (except the clock port itself) to set a safe margin by
considering any unintended source of delay such as the delay associated
with driving module/modules.
37
Finally, the tool compiles the design with high effort and reports any
warning related the mapping and final optimization step. At the end, the
tool generates reports for the optimized gate level netlist area, the worst
combinational path timing, and any violated design constraint.
38
5.4 SYNTHESIS AREA RESULT:
The synthesis area report shows the total number of cells and nets in
the netlist. It also uses the area parameter associated with each cell in the
LSI_10K library file, to calculate the total combinational and sequential
area of the netlist. The total area of the gate level netlist is unknown
since it depends on total area of the interconnects, which itself is a
function of the wiring load model used in physical design. The total cell
area in the netlist is reported as 22978 units, which is the sum of
combinational and sequential areas. The synthesis area report is shown
below:
39
CHAPTER-6
RESULT AND DISCUSSION:
MODEL SIM OUTPUT:
40
AREA UTILIZATION REPORT:
41
PERFORMANCE REPORT:
42
Figure 18.Fmax. summary report of slow carner.
PERFORMANCE REPORT:
43
Figure 19.Fmax. summary report of fast carner.
SYNTHESIS REPORT:
44
Figure 20.RTL Schematic report.
45
MAP VIEWER:
46
POWER ANALYZES:
47
Fig. Power dissipation report
48
CONCLUSIONS AND FUTURE WORK
The advantage of this over the other Fault detection systems are proved
by parameters .The key strength of this systems in comparison to other is
fault detection is impleted in all levels of algorithm implementation and
this will increase reliability.
FUTURE WORK
The future research is also to design and implement a fault detection
scheme for the AES which is independent of the internal structures of the
S-box (and inverse S-box). For this reason and considering the fact that
the S-box and inverse S-box consist of inversion in GF(28) and ane
(inverse ane) transformation, we denote the input and the output of the
multiplicative inversion section of S-Box as 8-bit I and I1 , respectively.
The above mentioned scheme can also be expanded to multiple-bit parity
scheme depending on the desirable fault coverage needed and the critical
path delay and area overhead that can be tolerated, i.e., instead of one bit
parity, one can use n bit parity. As n increases, the timing and area
overhead increase while better fault coverage is achieved.
49
Finally, considering the power consumption as one of the critical
factors in FPGA or ASIC designs, the mentioned fault detection schemes
can be designed and optimized for low power implementations.
50
REFERANCES:
[1] M. Akkar and C. Giraud, An Implementation of DES and AES,
Secure against Some Attacks, In Proc. of the Workshop on
Cryptographic Hardware and Embedded Systems (CHES2001), Paris,
France, pp. 315-325, May 2001.
[2] http://www.altera.com/products/software/products/quartus2/qts-
index.html
[3] R. Anderson, E. Biham, and L. Knudsen, Serpent: A Proposal for the
Advanced Encryption Standard, AES algorithm submission, June 1998.
[4] G. Bertoni, L. Breveglieri, I. Koren, P. Maistri, and V. Piuri, Error
Analysis and Detection Procedures for a Hardware Implementation of the
Advanced Encryption Standard, IEEE Trans. on Computers, vol. 52, no.
4, pp. 492-505, April 2003.
[5] G. Bertoni, L. Breveglieri, I. Koren, and P. Maistri, An ecient
hardwarebased fault diagnosis scheme for AES: performances and cost,
In Proc. of the IEEE International Symposium on Defect and Fault
Tolerance in VLSI Systems (DFT2004), Cannes, France, pp. 130-138,
Oct. 2004.
[6] D. Boneh, R. A. DeMillo, and R. J. Lipton, On the Importance of
Eliminating Errors in Cryptographic Computations, Journal of
Cryptology, vol. 14, no. 2, pp. 101-119, 2001.
[7] L. Breveglieri, I. Koren, and P. Maistri, Incorporating Error
Detection and Online Reconguration into a Regular Architecture for the
Advanced Encryption Standard, In Proc. of the IEEE International
Symposium on Defect and Fault Tolerance in VLSI Systems (DFT2005),
Monterey, CA, USA, pp. 72-80, Oct. 2005.
[8] C. Burwick et al., MARS-A Candidate Cipher for AES, AES
algorithm submission, August 1999, available at http://www.nist.gov/.
51
[9] D. Canright, A Very Compact Rijndael S-box, Naval Postgraduate
School Technical Report: NPS-MA-05-001, May 2005.
[10] G. C. Cardarilli, M. Ottavi, S. Pontarelli, M. Re, and A. Salsano,
Fault localization, error correction, and graceful degradation in radix 2
signed digit-based adders, IEEE Trans. on Computers, vol. 55, no. 5, pp.
534-540, May 2006.
[11] G. C. Cardarilli, S. Pontarelli, M. Re, and A. Salsano, A self
checking Reed Solomon encoder: design and analysis, In Proc. of the
IEEE International Symposium on Defect and Fault Tolerance in VLSI
Systems (DFT2005), Monterey, CA, USA, pp. 111-119, Oct. 2005.
[12] A. Elbirt, W. Yip, B. Chetwynd, and C. Paar, An FPGA-based
performance evaluation of the AES block cipher candidate algorithm
nalists, IEEE Trans. of VLSI Systems, pp. 545-557, August 2001.
[13] S. Fenn, M. Gossel, M. Benaissa, and D. Taylor, On-Line Error
Detection for Bit-Serial Multipliers in GF(2^m ), Journal of Electronic
Testing: Theory and Applications, vol. 13, no. 1, August 1998.
[14] A. Hodjat and I. Verbauwhede, Area-Throughput Trade-Os for
Fully Pipelined30 to 70 Gbits/s AES Processors, IEEE Trans. on
Computers, vol. 55, no. 4,pp. 366-372, April 2006.
[15] T. Ichikawa et al, Hardware Evaluation of the AES Finalists, In
Proc. 3th AES Candidate Conference, New York, April 2000.
[16] R. Karri, W. Kaijie, P. Mishra, and K. Yongkook, Fault-based Side-
Channel Cryptanalysis Tolerant Rijndael Symmetric Block Cipher
Architecture, In Proc.of the IEEE International Symposium on Defect
and Fault Tolerance in VLSI Systems (DFT2001), San Francisco, CA,
USA, pp. 418-426, 2001.
[17] M. Karpovsky, K. J. Kulikowski, and A. Taubin, Dierential Fault
Analysis Attack Resistant Architectures for the Advanced Encryption
Standard, CARDIS 04: Sixth smart Card Research and Advanced
52
Application IFIP Conference,Toulouse, France, vol. 153, pp. 177-192,
August 2004.
[18] R. Lidl and H. Niederreiter, Introduction to Finite Fields and Their
Applications, Cambridge University Press, 1994.
[19] S. Lin and D. J. Costello, Error Control Coding, Prentice Hall,
second edition, Upper Saddle River, NJ, USA, 2004.
[20] T. G. Malkin, F. Standaert, and M. Yung, A Comparative
Cost/Security Analysis of Fault Attack Countermeasures, In Proc. of the
Workshop on Fault Diagnosis and Tolerance in Cryptography
(FDTC2006), Yokohama, Japan, pp. 159-172,
Oct. 2006.
53