Lecture 2B. RTL Design Methodology. Transition from Pseudocode & Interface to a Corresponding Block Diagram

Similar documents
ECE 545 Lecture 8b. Hardware Architectures of Secret-Key Block Ciphers and Hash Functions. George Mason University

Comparison of the Hardware Performance of the AES Candidates Using Reconfigurable Hardware

Lecture 8. RTL Design Methodology. Transition from Pseudocode & Interface to a Corresponding Block Diagram

Lecture 2. RTL Design Methodology. Transition from Pseudocode & Interface to a Corresponding Block Diagram

Advanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50

ECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos

Fast implementation and fair comparison of the final candidates for Advanced Encryption Standard using Field Programmable Gate Arrays

ECE 646 Lecture 8. Modes of operation of block ciphers

IDEA, RC5. Modes of operation of block ciphers

Midterm Exam ECE 448 Spring 2019 Wednesday, March 6 15 points

CHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P))

Using block ciphers 1

Block Cipher Operation. CS 6313 Fall ASU

AES as A Stream Cipher

Cryptography and Network Security

Fast implementations of secret-key block ciphers using mixed inner- and outer-round pipelining

Secret Key Cryptography

FPGA and ASIC Implementations of AES

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

ECE 545 Fall 2013 Final Exam

AES1. Ultra-Compact Advanced Encryption Standard Core AES1. General Description. Base Core Features. Symbol. Applications

ECE 646 Lecture 7. Modes of Operation of Block Ciphers. Modes of Operation. Required Reading:

Compact Dual Block AES core on FPGA for CCM Protocol

Crypto Library. Microchip Libraries for Applications (MLA) Copyright (c) 2012 Microchip Technology Inc. All rights reserved.

ECE 545 Fall 2014 Midterm Exam

Chapter 8. Encipherment Using Modern Symmetric-Key Ciphers

2 Gbit/s Hardware Realizations of RIJNDAEL and SERPENT: A Comparative Analysis

Block Cipher Modes of Operation

Block cipher modes. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 75

Encryption and Decryption by AES algorithm using FPGA

Stream Ciphers An Overview

Homework 2. Out: 09/23/16 Due: 09/30/16 11:59pm UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING

Cryptography CS 555. Topic 11: Encryption Modes and CCA Security. CS555 Spring 2012/Topic 11 1

Double-DES, Triple-DES & Modes of Operation

Introduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

ENEE 459-C Computer Security. Symmetric key encryption in practice: DES and AES algorithms

Hardware-Focused Performance Comparison for the Standard Block Ciphers AES, Camellia, and Triple-DES

Low area implementation of AES ECB on FPGA

Implementation and Comparative Analysis of AES as a Stream Cipher

ENGI 8868/9877 Computer and Communications Security III. BLOCK CIPHERS. Symmetric Key Cryptography. insecure channel

CIS 4360 Secure Computer Systems Symmetric Cryptography

Block Cipher Modes of Operation

Lecture 4: Symmetric Key Encryption

Lecture 3. RTL Design Methodology. Transition from Pseudocode & Interface to a Corresponding Block Diagram

Chapter 6 Contemporary Symmetric Ciphers

Block ciphers. CS 161: Computer Security Prof. Raluca Ada Popa. February 26, 2016

page 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas

Symmetric Key Encryption. Symmetric Key Encryption. Advanced Encryption Standard ( AES ) DES DES DES 08/01/2015. DES and 3-DES.

Advanced Encryption Standard and Modes of Operation

Modern Symmetric Block cipher

Documentation. Design File Formats. Constraints Files. Verification. Slices 1 IOB 2 GCLK BRAM

A High-Performance VLSI Architecture for Advanced Encryption Standard (AES) Algorithm

RC6 Implementation including key scheduling using FPGA

Symmetric Cryptography

ECE 646 Lecture 7. Secret-Key Ciphers. Data Encryption Standard DES

Some Aspects of Block Ciphers

Optimized AES Algorithm Using FeedBack Architecture Chintan Raval 1, Maitrey Patel 2, Bhargav Tarpara 3 1, 2,

Design Of High Performance Rc4 Stream Cipher For Secured Communication

Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard

Lecture 3: Symmetric Key Encryption

ECE 545 Fall 2010 Exam 1

CIS 6930/4930 Computer and Network Security. Topic 3.1 Secret Key Cryptography (Cont d)

Digital Logic Design using Verilog and FPGA devices Part 2. An Introductory Lecture Series By Chirag Sangani

AES Core Specification. Author: Homer Hsing

Fast implementation and fair comparison of the final candidates for Advanced Encryption Standard using Field Programmable Gate Arrays

AES Advanced Encryption Standard

Chapter 6: Contemporary Symmetric Ciphers

Practical Aspects of Modern Cryptography

FPGA CAN BE IMPLEMENTED BY USING ADVANCED ENCRYPTION STANDARD ALGORITHM

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl

Block ciphers used to encode messages longer than block size Needs to be done correctly to preserve security Will look at five ways of doing this

Network Security Essentials Chapter 2

Sharing Resources Between AES and the SHA-3 Second Round Candidates Fugue and Grøstl

Introduction to Cryptography. Lecture 2. Benny Pinkas. Perfect Cipher. Perfect Ciphers. Size of key space

CSC 474/574 Information Systems Security

Stream ciphers. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 91

Introduction to Cryptography. Lecture 3

CPSC 467b: Cryptography and Computer Security

Network Security Essentials

128 Bit ECB-AES Crypto Core Design using Rijndeal Algorithm for Secure Communication

Block ciphers, stream ciphers

High Aberrance AES System Using a Reconstructable Function Core Generator

The Encryption Standards

ECE 545 Lecture 12. Datapath vs. Controller. Structure of a Typical Digital System Data Inputs. Required reading. Design of Controllers

CS 161 Computer Security. Week of September 11, 2017: Cryptography I

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

The Salsa20 Family of Stream Ciphers

Symmetric Key Cryptography

ECEU530. Schedule. ECE U530 Digital Hardware Synthesis. Datapath for the Calculator (HW 5) HW 5 Datapath Entity

CPSC 467b: Cryptography and Computer Security

Implementation and Analysis of the PRIMATEs Family of Authenticated Ciphers

ECE 545 Lecture 12. FPGA Resources. George Mason University

CS6701- CRYPTOGRAPHY AND NETWORK SECURITY UNIT 2 NOTES

SOLUTIONS FOR HOMEWORK # 1 ANSWERS TO QUESTIONS

OpenSSL is a project comprising (1) a core library and (2) a toolkit. The core library offers an API for developers of secure applications.

CIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm

Geldy : A New Modification of Block Cipher

Implementation of Full -Parallelism AES Encryption and Decryption

Part XII. From theory to practice in cryptography

Transcription:

Lecture 2B RTL Design Methodology Transition from Pseudocode & Interface to a Corresponding Block Diagram

Structure of a Typical Digital Data Inputs Datapath (Execution Unit) Data Outputs System Control Signals Status Signals Control & Status Inputs Controller (Control Unit) Control & Status Outputs

Hardware Design with RTL VHDL Pseudocode Interface Datapath Controller Block diagram ASM chart VHDL code VHDL code

Steps of the Design Process Introduced in Class Today 1. Text description 2. Interface 3. Pseudocode 4. Block diagram of the Datapath 5. Interface divided into Datapath and Controller 6. ASM chart of the Controller 7. RTL VHDL code of the Datapath, Controller, and Toplevel Unit 8. Testbench for the Datapath, Controller, and Top-Level Unit 9. Functional simulation and debugging 10. Synthesis and post-synthesis simulation 11. Implementation and timing simulation 12. Experimental testing using FPGA board 4

Class Exercise 2 CIPHER

Pseudocode Split input I into four words, I3, I2, I1, I0, of the size of w bits each A = I3; B = I2; C = I1; D=I0 B = B + S[0] D = D + S[1] for i = 1 to r do { T = (B*(2B + 1)) <<< k U = (D*(2D + 1)) <<< k A = ((A T) <<< U) + S[2i] C = ((C U) <<< T) + S[2i + 1] (A, B, C, D) = (B, C, D, A) } A = A + S[2r + 2] C = C + S[2r + 3] O = (A, B, C, D)

Notation w: word size, e.g., w=8 (constant) k: log 2 (w) (constant) A, B, C, D, U, T: w-bit variables I3, I2, I1, I0: Four w-bit words of the input I r: number of rounds (constant) O: output of the size of 4w bits S[j] : 2r+4 round keys stored in two RAMs. Each key is a w-bit word. The first RAM stores values of S[j=2i], i.e., only round keys with even indices. The second memory stores values of S[j=2i+1], i.e., only round keys with odd indices.

Operations : XOR + : addition modulo 2 w : subtraction modulo 2 w * : multiplication modulo 2 w X <<< Y : rotation of X to the left by the number of positions given in Y X >>> Y : rotation of X to the right by the number of positions given in Y (A, B, C, D) : Concatenation of A, B, C, and D.

Circuit Interface clk reset I write_i 4w CIPHER 4w O DONE Sj w Write_Sj j m

Interface Table Note: m is a size of index j. It is a minimum integer, such that 2 m -1 2r+3.

Protocol (1) An external circuit first loads all round keys S[0], S[1], S[2],, S[2r+2], [2r+3] to the two internal memories of the CIPHER unit. The first memory stores values of S[j=2i], i.e., only round keys with even indices. The second memory stores values of S[j=2i+1], i.e. only round keys with odd indices. Loading round keys is performed using inputs: Sj, j, write_sj, clk. Then, the external circuits, loads an input block I to the CIPHER unit, using inputs: I, write_i, clk. After the input block I is loaded to the CIPHER unit, the encryption starts automatically.

Protocol (2) When the encryption is completed, signal DONE becomes active, and the output O changes to the new value of the ciphertext. The output O keeps the last value of the ciphertext at the output, until the next encryption is completed. Before the first encryption is completed, this output should be equal to zero.

Assumptions 2r+4 clock cycles are used to load round keys to internal RAMs one round of the main for loop of the pseudocode executes in one clock cycle you can access only one position of each internal memory of round keys per clock cycle As a result, the encryption of a single input block I should last r+2 clock cycles.

Typical Internal Structure of a Secret-Key Block Cipher Round Key[0] Initial Transformation i:=1 Round Key[i] Cipher Round i<#rounds? i:=i+1 #rounds times Round Key[#rounds+1] Final Transformation

Basic iterative architecture (no Initial Transformation, no Final Transformation) input multiplexer register round key combinational logic one round output

Basic architecture: Timing CLK IN OUT P1 P2 C1 #rounds clock_period P3 C2

Primary parameters of hardware implementations of secret-key block ciphers Latency Throughput M i+2 M i Encryption/ decryption C i Time to encrypt/decrypt a single block of data M i+1 M i Encryption/ decryption C i+2 C i+1 C i Number of bits encrypted/decrypted in a unit of time

Advanced Encryption Standard AES

AES Encryption

AES Decryption

Basic Iterative Architecture of AES (Encryption and Decryption) round key Data input Encryption circuit Decryption circuit R1 SubBytes" &" InvSubBytes ShiftRows MixColumns round key round key InvShiftRows round key InvMixColumns Data output

Data input Initial Transformation round key round key Encryption input Encryption round Decryption input Decryption round round key Encryption feedback output Encryption final output Decryption final output Decryption feedback output Data output

Top Level Block Diagram control input key Control unit input interface encryption/decryption output interface key scheduling memory of round keys output

Modes of Operation

Block vs. stream ciphers M 1, M 2,, M n m 1, m 2,, m n K Block cipher K Internal state - IS Stream cipher C 1, C 2,, C n c 1, c 2,, c n C i =f K (M i ) c i = f K (m i, IS i ) IS i+1 =g K (m i, IS i ) Every block of ciphertext is a function of only one corresponding block of plaintext Every block of ciphertext is a function of the current block of plaintext and the current internal state of the cipher

Typical stream cipher Sender key initialization vector (seed) Receiver key initialization vector (seed) Pseudorandom Key Generator Pseudorandom Key Generator k i keystream k i keystream m i plaintext c i ciphertext c i ciphertext m i plaintext

Standard modes of operation of block ciphers Block cipher Block cipher turned into a stream ciphers ECB mode Counter mode CFB mode CBC mode

ECB (Electronic CodeBook) mode

Electronic CodeBook Mode ECB Encryption M 1 M 2 M 3 M N-1 M N K K K K K E E E E E... C 1 C 2 C 3 C N-1 C N C i = E K (M i ) for i=1..n

Electronic CodeBook Mode ECB Decryption C 1 C 2 C 3 C N-1 C N K K K K K D D D D D... M 1 M 2 M 3 M N-1 M N C i = E K (M i ) for i=1..n

Counter Mode

E Counter Mode - CTR Encryption IV IV+1 IV+2 IV+N-2 IV+N-1... K K K K K E E E E... k 1 k 2 k 3 k N-1 k N m 1 m 2 m 3 m N-1 m N c 1 c 2 c 3 c N-1 c N c i = m i k i k i = E K (IV+i-1) for i=1..n

E Counter Mode - CTR Decryption IV IV+1 IV+2 IV+N-2 IV+N-1... K K K K K E E E E... k 1 k 2 k 3 k N-1 k N c 1 c 2 c 3 c N-1 c N m 1 m 2 m 3 m N-1 m N m i = c i k i k i = E K (IV+i-1) for i=1..n

IV Counter Mode CTR (simplified block diagram) IV counter counter IS i IS i IN IN K E K E OUT OUT c i c i IS 1 = IV m i m i c i = E K (IS i ) m i IS i+1 = IS i +1

Counter Mode Potential for Parallel Processing IV IV+1 IV+2 IV+N-1 IV+N... E E E E E... M 0 M 1 M 2 M N-1 M N C 1 C 2 C 3 C N-1 C N C i = M i AES(IV+i) for i=0..n

Increasing speed by parallel processing Encryption/ decryption unit Encryption/ decryption unit Encryption/ decryption unit Encryption/ decryption unit Encryption/ decryption unit Encryption/ decryption unit

Increasing speed using pipelining Cipher 1 Cipher 2 round 1 round 1 round 2 target clock period, e.g., 20 ns...... round 10 round 16 block size Throughput = target_clock_period

CFB (Cipher FeedBack) Mode

IV E Cipher Feedback Mode - CFB Encryption... E E E E... k 1 k 2 k 3 k N-1 k N m 1 m 2 m 3 m N-1 m N c 1 c 2 c 3 c N-1 c N c i = m i k i k i =E K (c i-1 ) for i=1..n, and c 0 = IV

IV E Cipher Feedback Mode - CFB Decryption... E E E E... k 1 k 2 k 3 k N-1 k N m 1 m 2 m 3 m N-1 m N c 1 c 2 c 3 c N-1 c N m i = c i k i k i =E K (c i-1 ) for i=1..n, and c 0 = IV

IV Cipher Feedback Mode CFB (simplified block diagram) IV register register IS i IS i IN IN K E IS 1 = IV K E OUT OUT c i = E K (IS i ) m i IS i+1 = c i c i c i m i m i

CBC (Cipher Block Chaining) Mode

Cipher Block Chaining Mode - CBC Encryption IV m 1 m 2 m 3... m N-1 m N E E E E E... c 1 c 2 c 3 c N-1 c N c i = E K (m i c i-1 ) for i=1..n c 0 =IV

Cipher Block Chaining Mode - CBC Decryption c 1 c 2 c 3 c N-1 c N IV D D D... D D... m 1 m 2 m 3 m N-1 m N m i = D K (c i ) c i-1 for i=1..n c 0 =IV

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback