FPGA IMPLEMENTATION OF AREA OPTIMIZED AES …ijarcet.org/wp-content/uploads/IJARCET-VOL-5-ISSUE-4-948-968.pdf · FPGA IMPLEMENTATION OF AREA OPTIMIZED AES ... A control unit generates

ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)

Volume 5, Issue 4, April 2016

948

All Rights Reserved © 2016 IJARCET

FPGA IMPLEMENTATION OF AREA OPTIMIZED AES

ALGORITHM FOR SECURE COMMUNICATION

APPLICATIONS

E.Kavitha1

1Assistant Professor, Vidya Jyothi Institute Of Technology, Aziz nagar, c.b.post.

ABSTRACT:

Nowadays there is a lot of importance given to the data security in internet. The AES is one of the

most preferred block cipher encryption/decryption methods used at present. AES is substitution-permutation

network, which is a series of mathematical operations that use substitutions and permutations and their

careful definition implies that each output bit depends on every input bit.AES is an iterated block cipher with

a fixed block size of 128 bits input data and a variable key length The different transformations operate on

the intermediate results, called state. The state is a rectangular array is of dimensions 4X4. The cipher key is

similarly pictured as a rectangular array with four rows.

The Main Aim of this paper is to do hardware implementation of optimized area block cipher

Advanced Encryption Standard (AES-128) using Field Programmable Gate Array. The core includes the key

schedule expansion and storage, the encryption, the decryption, and 8-bit input/output data interfaces with

full control.The design is based on optimized area by using the time sharing of certain resources and

iteration architecture. In this paper, AES algorithm is studied and modelled in VHDL targeting for optimized

area in FPGA. The design is functionally simulated in Modelsim . The area optimization is verified by

implementing this design on FPGA using Xilinx ISE synthesis tools.

Keywords: FPGA, AES-128, ENCRYPTION, DECRYPTION, XILINX ISE

1. Introduction:

Cryptography plays an important role in

the security of data. It enables us to store sensitive information or transmit it across insecure networks

so that unauthorized persons cannot read it. The

urgency for secure ex-change of digital data

resulted in large quantities of different encryption

algorithms which can be classified into two groups:

1) Asymmetric encryption algorithms (with public

key algorithms)

2) Symmetric encryption algorithms (with private

key algorithms).

In a symmetric cipher, both parties must

use the same key for encryption and decryption.

This means that the encryption key must be shared between the two parties before any messages can

be decrypted. Symmetric systems are also known

as shared secret systems or private key systems.

In an asymmetric cipher, the encryption

key and the decryption keys are separate. In an

asymmetric system, each person has two keys. One

key, the public key, is shared publicly. The second

key, the private key, should never be shared with

anyone. DES and AES/Rijndael are symmetric

ciphers. RSA and Diffie-Hellman are asymmetric

ciphers. Symmetric key algorithms are in general

much faster to execute electronically than

asymmetric key algorithms. The Advanced

Encryption Standard, in the following referenced as

AES, is the winner of the contest, held in 1997 by

the US Government, after the Data Encryption

Standard was found too weak because of its small

key size and the technological advancements in

processor power. Fifteen candidates were accepted

in 1998 and based on public comments the pool was reduced to five finalists in 1999. In October

2000, one of these five algorithms was selected as

the forthcoming standard: a slightly modified

version of the Rijndael.

From the initial candidates, Rijndael

algorithm was selected as the Advanced Encryption

Standard (AES) due to the combination of security,

performance, efficiency, ease of implementation and flexibility. The Rijndael, whose name is based

on the names of its two Belgian inventors, Joan

Daemen and Vincent Rijmen, is a Block cipher,

which means that it works on fixed-length group of

bits, which are called blocks.



949


Rijndael is a symmetric byte-oriented

iterated (each iteration is called a round) block

cipher that can process data blocks of 128 bits (4

words), using keys with length of 128, 192 and 256

bits. Unlike DES, which is based on a Feistel

network, AES is a substitution-permutation

network (SPN), which is a series of mathematical

operations that use substitutions (also called S-Box)

and permutations (P-Boxes) and their careful

definition implies that each output bit depends on

every input bit.

The algorithm is composed of three main

parts: Cipher, Inverse Cipher and Key

expansion. Cipher converts data to an

unintelligible form called cipher text while Inverse

cipher converts data back into its original form

called plaintext. Key Expansion generates a Key

Schedule that is used in Cipher and Inverse Cipher procedure. Cipher and Inverse Cipher are

composed of specific number of rounds. For the

AES algorithm, the number of rounds to be

performed during the execution of the algorithm is

dependent on the key length can see in Table 1.1

Table.1.1 Representation of No. of

rounds depending on the Key length

1.1 Objective of the Paper:

The goal of this paper is to do hardware

implementation of optimized area block cipher

Advanced Encryption Standard (AES-128) using Field Programmable Gate Array (FPGA). The core

includes the key schedule expansion and storage,

the encryption, the decryption, and 8-bit

input/output data interfaces with full control. The

design is based on optimized area by using the time

sharing of certain resources and iteration

architecture.

1.2 Motivation of the paper:

With the use of more handheld wireless

devices and increasing networking and wireless

data transfer, the issue of security is being addressed from many different directions. The

National Institute of Standards and Technology

(NIST) selected the Rijndael algorithm as a new

Advanced Encryption Standard (AES) in 2001.

This standard was first developed for secure data

encryption/decryption for high-end applications.

Since the standardization of the encryption

protocol, successful attempts have been made in

incorporating this protocol into reprogrammable

flash memory, such as the FPGA chip in use in

small, low end devices such as PDAs. It addressed

that the throughput of the AES would have to be as fast as the throughput of the standardized network

communication, as well as the need for it to be

inexpensive and have low power consumption to

make it viable to incorporate in future handheld

PDA devices. It was also cost effective proving that

their implementation can easily be flashed on a

Xilinx FPGA Spartan3e chips due to the following

reasons:

The operations required by the algorithms

in AES are generally simple in terms of

hardware logic and implementation.

The time-to-market and overall cost of the FPGA is significantly less compared to an

ASIC design

The reconfigurability of the FPGA is

attractive to designers to allow for

modifiability from the initial design in

case any flaws are exploited

2. Design Implementation:

Based on the application, the AES algorithm

can be implemented in various methods. So that

the characteristics of algorithm like speed and area occupied by the algorithm changes. This chapter

explains two implementation methods of AES

algorithm those are

1. Loop Unrolling method of architecture

2. Loop rolling method of architecture

These two methods are explained with

block diagrams. In our design to optimize the area,

chosen loop rolling architecture method that is discussed in the following sections. This chapter

provides the design implementation of loop rolling

method of AES algorithm top block and its various

sub blocks in detail.

2.1.1 Loop Unrolling architecture:

The unrolling architecture of AES

algorithms is shown in Fig.2.1.1

Fig. 2.1.1 Unrolling architecture of AES

encryption with 128 bit key



950


The unrolling loop architecture executes

each encryption round using its own dedicated

hardware circuit for each of 10 rounds and storing

the results of each round in 10 different 128 bit

registers. This method increase in throughput and

also occupies large area so this method can be used for high end devices.

2.1.2 Loop rolling architecture

The rolling algorithm runs a loop using

rotating inputs from the key expansion block and

the 128-bit state register to hold all plaintext input

states. This method decreases throughput but

occupies less area so this method can be used for

low end customer products, where speed is not criteria. So our method of implementation mainly

concentrating on area optimization by executing

each encryption round using only block of

hardware and the loop is repeatedly rotated using

control FSM. The rolling architecture of AES

algorithm is shown in Fig.2.2.

Fig.2.2 Rolling architecture of AES with 128-bit key

In the encryption/decryption core only one

round is implemented and the cipher must iterate ten rounds to perform encryption/decryption.

Iterative looping is a subset of loop unrolling where

only one round is unrolled. This approach

minimizes the hardware required for the

implementation and an effort is made to get

moderate speed. Thus one round is implemented

with combinational logic supplemented with

registers, memories and multiplexers. First the

input block is fed to the and the initial round is

executed. In this round the input data is XORed

with the cipher key. A control unit generates

control signals for the other units, solving the problem of separation between control and data

path logic.

2.2 AES encryption flow chart:

Each encryption round has four stages of

transformations:

SubBytes( ),

ShiftRows(),

MixColumns(),

AddRoundKey().

AES encryption flow is shown in Fig.2.3.

Fig. 2.3 AES Encryption flowchart

For encryption plaintext and key of size is

128 bits, that are two inputs for that and cipher text

is the output of size is128 bits. Mainly in

encryption it is having 10 rounds of arithmetic

operation i.e. consists of substitute bytes, shift

rows, mix columns, add round key block

operations. Living to this before first round we

have to do add round key operation. In 10th round

we will not do mix column operation living to that

all other operation we will do it in other rounds.

The following Fig.2.4 represents the ten rounds of encryption process.

Fig. 2.4 Ten rounds of encryption process



951


For decryption cipher text (i.e. encryption

output) and key of size is 128 bits are the two

inputs. Finally plaintext is the output of decryption

block i.e. nothing but an encryption input only. In

this block also we will do same operation only but

in a reverse order.

2.3 Proposed architecture of AES top block

diagram:

In this proposed design, the

encryption/decryption core only one round is

implemented and this round must iterate ten rounds

to perform encryption/decryption. The Initial round

is performed out side of the Encryption round. All

operations encryption, decryption, add round key and key expansion all are controlled by the control

unit.

The top block diagram for AES is shown in Fig.2.5.

Fig.2.5 AES top block diagram

As shown in above diagram, AES top block

diagram consists the following units.

control FSM,

encryption,

decryption,

add round key

key expansion.

Control FSM: This block will control the whole

operation for this top block diagram. For encryption, decryption, key expansion and add

round key input data will be given by this control

unit onlyFor encryption, input plain text and round

key of 128 bit data will be given by control unit,

output from encryption will be given back to

control unit. Same thing it is done for decryption

also.The following Fig.2.6 shows the

implementation of top block in VHDL code.

Fig. 2.6 Implementation of AES top block in VHDL code

In the above top block, initially the

plaintext of 128 bit data is XORed with the keyin

of 128 bit in the addroundkey unit. The output of

addround key unit i.e Add_out which is a 128 bit

resultant data is send to Encryption round unit

through the control FSM. This initial round output

will become the input for the first round operation

of Encryption unit i.e it enters as a Rnd_in into the Round Encryption unit. The output of the Round

encryption i.e Rnd_out will become the input for

the next round operation and passed through the

control FSM unit into the Round Encryption unit.

This loop will continue for ten rounds.

The Round Encryption unit is composed

of four sub blocks those are Subbytes, shiftrows,

Mixcolumn and addround key. While doing encryption round operation the Mix_en pin is set to

„1‟ up to 9 rounds and at 10th round of operation

this pin is disabled i.e it is set to „0‟. So that the at

10th round of Encryption process the mixcolumn

operation is omitted and the remaining operations

are performed in the same way.

The output of 10th round i.e Rnd_out10 is a cipher text which will become the input for the

initial round operation of the Decryption block. The

Decryption round block is composed of

Invshiftrows, Invsubbytes, add roundkey and Inv

mixcolumn. This128-bit cipher text is XORed with

the sub key word of (W40:W43). Sub keys are

supplied in reverse order i.e the last key used in

encryption will be given as first key in decryption

initial round. Similarly the first key used in

encryption is given as last key for Decryption last

round. The initial round output i.e Add_dec_out

will become the input for Decryption round operation. This output is entered into the Round

decryption as a Rnd_dec_in into the Round

Decryption block through the control FSM. The

each round output will become the input for the

next round in the decryption round unit. This loop

will be continued for the ten rounds of operation.



952


In this process Decry_en pin is enabled i.e

it is set to‟0‟ for all 9 rounds whereas for the 10th

round it is set to „1‟. So that the Inv mix column

operation is omitted and remaining transformations

are done as usual. Now the final round output data

that is Rnd_dec_out10 is same as that of the input plain text.

The Key expansion unit generates sub

keys as a four no. of 32-bit words (128-bit) and

supplies a new four 32-bit for each round of

encryption. So that Key expansion block generates

a total of 44 no.of 32-bit words that is a total of 11

subkeys. All these sub keys are supplied to Round

encryption block through the control FSM block.

2.4 The encryption and decryption units:

2.4.1 Encryption Round:

The encryption algorithm has been

designed this way that the generation of the subkey and the round calculations can be parallelly

executed. In the first order it executes the round

number zero (which is the EXOR input data with

the main key) and it is calculated the subkey to the

round number one. Then it is executed the round

and it is calculated the subkey to the next round.

The advantage of this design is the fact that we do

not need to store the subkeys; they are currently

calculated.

The Fig.2.7 shows the encryption loop block

diagram.

Fig. 2.7 Encryption loop block diagram

As shown in above diagram, Encryption

loop block diagram consists of Mux, Round Encryption, and PIPO nbit.

The Mux will select Add round out0 or

PIPO out depending upon selection line as an

output. The complete encryption block diagram

will be repeated for 10 rounds. For the 1st round

selection line will kept to 0, from next round

onwards selection line will be kept 1.that round

encryption executes for 10 times, it will receive

different keys for each round from control FSM.

The PIPO nbit will receive output from round

encryption, which will be passed to mux as an input for 9 rounds after that it will be given to encryption

as an output.

As shown in Fig 2.8, each Round

Encryption block diagram consists of S BOX

RAM, SHIFT REG, MIX COLUMN and ADD

ROUND KEY.

Fig. 2.8 One Round of encryption block diagram

Enc_Rnd_in is an input to the Encryption

round block which is of 128-bit data and it is

transformed through various sub blocks and finally

it comes out from the add round key block after

XORing with the sub key as Enc_Rnd_out which is

also of 128-bit data. This 128-bit data will become

input for the next round and this loop continues

upto 9th round.

S-Box Ram:

The non-linear ByteSub transformation

contains 16 parallely working S-boxes. S box ram

is a predefined table as shown in table 2, first

whatever input will be received as an input to

round encryption block will be given to s-box ram.

The 128-bit input block is divided into 16 bytes. Each byte state is the input to the S-box and the

output is also a byte. The outputs of all S-boxes are

concatenated to constitute the output of the

ByteSub transformation.

Shift Register:

The result of the Byte sub transformation

will be given to shift register to shift according to

shift operation. In the ShiftRow transformation the 128 bit input block is divided into 16 bytes denoted

Aij[7..0], where i,j € {0,1,2,3} as shown in Fig .4.9



953


The bytes Aij[7..0] are the elements of the table

representing the intermediate state of encrypted

block. The output of the ShiftRow transformation is

composed of the bytes Bij[7..0], where i,j

€{0,1,2,3}that is shown in Fig.4.11 The input 128-

bit data is framed as 16 bytes as shown in Fig 4.9.

Fig.2.9 Input to the shift row

transformation (128-bit is divided into 16 bytes)

The realizations of these transformations

shift the byte according to the units depicted in Fig

2.10. and framing of all 16 output bytes after shift

row transformation is shown Fig 2.11.

Fig. 2.10 The Shiftrow transformation

Fig. 2.11 Output of the Shift row

Mix column:

The result of the shiftrow operation will be

given to matrix multiplication (mix column block).

In the MixColumn transformation the 128 bit input

block is divided into 16 bytes denoted Aij[7..0], where i,j € {0,1,2,3}, and the output bytes are

denoted Bij[7..0]. Each column is multiplied with

a fixed polynomial c(x) and the resultant values are

replaced with new bytes. Each column of the state

is multiplying with a fixed polynomial is shown in

Fig.4.12

Fig. 2.12. Each column of the state is multiplied

with a fixed polynomial c(x).

Where c(x) polynomial is

In matrix form is shown below

b0,0 = (02. a0, 0) + (03. a1, 0) + a2, 0 + a3, 0

b1,0 = a0,0 + (02 . a1,0) + (03 . a2,0) + a3,0

b2,0 = a0,0 + a1,0 + (02 . a2,0) + (03 . a3,0)

b3,0 = (03 . a0,0) + a1,0 + a2,0 + (02 . a3,0)

Cryptography and Network Security, that

multiplication of given binary value by 02 can be

implemented as a 1-bit left shift. If the leftmost bit

of the original value (before the shift) is 1 then

XOR with 1B in hexadecimal (00011011 in binary).

Let x = 8-bit binary value

T1 = 02.x << 1 bit left shift

if MSB bit = 0

<< (1bit left shift) XOR 00011011 if MSB

bit = 1

T2 = 03.x = (02.x) XOR x = T1 XOR x

T3 = 04.x = T1 + T1



954


This procedure follows to do inverse

matrix multiplication in Decryption unit. After

matrix multiplication of four columns, all 16 bytes

are concatenated to get 128-bit length. After

matrix multiplication that results will be given to

add round key to do XOR operation.

2.4.2 Decryption Round

The decryption algorithm has been

designed in the similar way. In the first order it is

calculated the tenth subkey (the one whitch has

been used in the final round of the encryption

round), then there are executed simultaneously the

calculations of the inverse of the final round and

the generation of the subkey for the next decryption round.

The decryption loop block diagram is depicted in

Fig. 2.13.

Fig. 2.13 Decryption loop block diagram

The 128-bit cipher text is given to the add

round key block where initial key and cipher text is

XORed. The output of add round key (initial

round) is given to the Decryption round block

where it is a combination of Inv shift rows, Inv sub

bytes, Add round key and Inv Mix column

transformation that shown in Fig.2.14.

Fig.2.14. One Round Decryption block diagram

Inverse Shift row:

The output of initial round is given to Inv

shift register to shift according to shift operation.

Here the 128-bit data is sub divided into 16 bytes

denoted as Aij[7..0], where i,j € {0,1,2,3} as shown

in fig . The bytes Aij[7..0] are the elements of the table representing the intermediate state of

decrypted block. The output of the ShiftRow

transformation is composed of the bytes Bij[7..0],

where i,j €{0,1,2,3}that is shown in fig. The input

128-bit data is framed as 16 bytes as shown in

Fig.4.15.

Fig. 2.15 Input to the Invshift row

transformation (128-bit is divided into 16 bytes)

The realizations of these transformations shift the byte according to the units depicted in Fig

4.16 that is in the right direction and Fig 2.17

shows the output of the shift row operation.

Fig. 2.16. The InvShiftRow transformation

Fig. 2.17 Output of the InvShift row



955


Inv Sub bytes transformation:

After inverse shift row operation as shown above the result will be given to Inv S-BOX which is a

predefined 16x16 table consists a total of 256 no. of

bytes as shown in fig. Each byte is replaced with

the new byte. The resultant all 16 bytes are

concatenated as 128-bit and is added or XORed

with the key.The resultant is given to Inverse

matrix multiplication.

Inv matrix multiplication;

To do inverse matrix multiplication, it

uses another polynomial d(x). The polynomial in

the matrix form is shown. In inverse matrix

multiplication each column is multiplied with this

predefined matrix as shown in Fig.4.18

Fig. 2.18 Inverse Mixcolumn transformation ()

Where d(x) = {0B. x3} + {0D.x2} + 09. x + 0E

In matrix form:

Inverse matrix multiplication is as follows

b0,0 = 0e. (a0,0) + 0b. a1,0 + 09 . a2,0 + 0e .

a3,0

b1,0 = 09. (a0,0) + 0e. a1,0 + 0b . a2,0 + 0d .

a3,0

b2,0 = 0d. (a0,0) + 09. a1,0 + 0e . a2,0 + 0b .

a3,0

b3,0 = 0b. (a0,0) + 0d. a1,0 + 09 . a2,0 + 0e .

a3,0

Similarly all other bytes can be calculated. Here

addition means ex-or operation.

2.5 Control FSM:

The following Fig. 2.19 shows the state machine

for Encryption process.

Fig. 2.19 Control FSM for Encryption process

Fig 2.20. Shows the state machine for decryption

process

Fig. 2.20 Control FSM for Decryption process

3. Simulation Results:

= = = = = = = = = = = = = = = = = = = = = = = =

SIMULATION RESULTS: (Using ModelSIM)

= = = = = = = = = = = = = = = = = = = = = = = =

Encryption : 30 cycles (approx)

Decryption : 35 cycles (approx)



956


Total no. of cycles for Encryption and

Decryption : 65 cycles(approx)

Device utilization summary =====================

Selected Device: XC3S500E

Number of occupied Slices:

2227 out of 4656 (47%)

Number of Slice

registers(flipflops+latches):

1111 out of 9312 (11%)

Number of 4 input LUTs:

3952 out of 9312 (42%)

Number of bonded IOBs: 130 out of 232 (56%)

Number of GCLKs:

5 out of 24 (04%)

Number of Block RAMs: 16 out of 20 (80%)

Timing Summary: ===============

Speed Grade: -4

Minimum period:

Maximum Frequency: 101.471MHz

6.2.1 Simulation results of encryption process

Encryption initial round (AddRoundKey)

PLAIN TEXT :

00112233445566778899AABBCCDDEE

FF

KEY :

000102030405060708090A0B0C0D0E0F

OUTPUT OF ADD ROUND KEY:

00102030405060708090A0B0C0D0E0F0

Fig. 3.1 Encryption initial round (rolling)

Round – 1

INPUT :

00102030405060708090A0B0C0D0E0F0

KEY :

D6AA74FDD2AF72FADAA678F1D6AB76FE

OUTPUT :

89D810E8855ACE682D1843D8CB128FE4

Fig 3.2 Encryption round – 1(rolling)

Round – 2

INPUT :

89D810E8855ACE682D1843D8CB128FE4

KEY :

B692CF0B643DBDF1BE9BC5006830B3FE

OUTPUT :

4915598F55E5D7A0DACA94FA1F0A63F7

Fig.3.3. Encryption round - 2(rolling)

Round – 3

INPUT :


KEY :

B6FF744ED2C2C9BF6C590CBF0469BF41

OUTPUT :

FA636A2825B339C940668A3157244D17




957


Round – 4

INPUT :

FA636A2825B339C940668A3157244D17

KEY :

47F7F7BC95353E03F96C32BCFD058DFD

OUTPUT :

247240236966B3FA6ED2753288425B6C


Round – 5

INPUT :

247240236966B3FA6ED2753288425B6C

KEY :

3CAAA3E8A99F9DEB50F3AF57ADF622AA

OUTPUT :

C81677BC9B7AC93B25027992B0261996


Round – 6

INPUT :

C81677BC9B7AC93B25027992B0261996

KEY :

5E390F7DF7A69296A7553DC10AA31F6B

OUTPUT :

C62FE109F75EEDC3CC79395D84F9CF5D


Round – 7

INPUT :


KEY :

14F9701AE35FE28C440ADF4D4EA9C026

OUTPUT :

D1876C0F79C4300AB45594ADD66FF41F


Round – 8

Input : d1876c0f79c4300ab45594add66ff41f

Key : 47438735a41c65b9e016baf4aebf7ad2

Output : fde3bad205e5d0d73547964ef1fe37f1


Round – 9

Input : fde3bad205e5d0d73547964ef1fe37f1

Key : 549932d1f08557681093ed9cbe2c974e

Output : bd6e7c3df2b5779e0b61216e8b10b689




958


Round – 10

INPUT :

BD6E7C3DF2B5779E0B61216E8B10B689

KEY :

13111D7FE3944A17F307A78B4D2B30C5

MIXCOLUMN_EN = 1

OUTPUT :

69C4E0D86A7B0430D8CDB78070B4C55A


3.2.2 Simulation results of decryption process:

Decryption Initial round

INPUT :

69C4E0D86A7B0430D8CDB78070B4C55A

KEY :

13111D7FE3944A17F307A78B4D2B30C5

OUTPUT :

7AD5FDA789EF4E272BCA100B3D9FF59F

Fig.3.12. Decryption Initial round (rolling)

Round – 1

Input : 7ad5fda789ef4e272bca100b3d9ff59f

Key : 549932d1f08557681093ed9cbe2c974e

Output : 54d990a16ba09ab596bbf40ea111702f

Fig.3.13.Decryption round - 1(rolling)

Round – 2

Input : 54d990a16ba09ab596bbf40ea111702f


Output : 3e1c22c0b6fcbf768da85067f6170495


Round – 3

Input: 3e1c22c0b6fcbf768da85067f6170495

Key: 14f9701ae35fe28c440adf4d4ea9c026

Output: b458124c68b68a014b99f82e5f15554c


Round – 4

Input: b458124c68b68a014b99f82e5f15554c

Key: 5e390f7df7a69296a7553dc10aa31f6b

Output: e8dab6901477d4653ff7f5e2e747dd4f


Round – 5

Input : e8dab6901477d4653ff7f5e2e747dd4f

Key : 3caaa3e8a99f9deb50f3af57adf622aa

Output : 36339d50f9b539269f2c092dc4406d23



959



Round – 6

Input : 36339d50f9b539269f2c092dc4406d23

Key : 47f7f7bc95353e03f96c32bcfd058dfd

Output : 2d6d7ef03f33e334093602dd5bfb12c7


Round – 7

Input : 2d6d7ef03f33e334093602dd5bfb12c7

Key : b6ff744ed2c2c9bf6c590cbf0469bf41

Output : 3bd92268fc74fb735767cbe0c0590e2d


Round – 8

Input : 3bd92268fc74fb735767cbe0c0590e2d

Key :

b692cf0b643dbdf1be9bc5006830b3fe

Output :

a7be1a6997ad739bd8c9ca451f618b61


Round – 9

Input : a7be1a6997ad739bd8c9ca451f618b61

Key : d6aa74fdd2af72fadaa678f1d6ab76fe

Output : 6353e08c0960e104cd70b751bacad0e7


Round – 10

Input : 6353e08c0960e104cd70b751bacad0e7

Key : 000102030405060708090a0b0c0d0e0f

Output : 00112233445566778899aabbccddeeff


6.3 The simulation and synthesis results of

Unrolling architecture of AES are presented

below.

= = = = = = = = = = = = = = = = = = = = = = = =

SIMULATION RESULTS: (Using ModelSIM)

= = = = = = = = = = = = = = = = = = = = = = = =



960


Encryption : 11 cycles (approx)

Decryption : 19 cycles (approx)

Total no. of cycles for Encryption and

Decryption : 30 cycles(approx)

= = = = = = = = = = = = = = = = = = = = = = = =

SYNTHESIS RESULTS: (Using Xilinx ISE 9.1i)

= = = = = = = = = = = = = = = = = = = = = = = =

Device utilization summary

=====================

Selected Device: XC3S500E

Number of occupied Slices:

23299 out of 4656 (500%) -----

OVERMAPPED

Number of Slice Flip Flops:

7613 out of 9312 (81%)

Number of 4 input LUTs:

44510 out of 9312 (477%) ------- OVERMAPPED

Number of bonded IOBs:

130 out of 232 (56%)

Number of GCLKs: 1 out of 24 (04%)

Number of SLICEM:

9440 out of 2328 (405%) -----

OVERMAPPED

Timing Summary: ===============

Speed Grade: -4

Minimum period: 8.836ns

Maximum Frequency: 113.173MHz

6.3.1 Simulation results of encryption process:

Initial round

PLAIN TEXT :

00112233445566778899AABBCCDDEEFF

KEY :

000102030405060708090A0B0C0D0E0F

OUTPUT OF ADD ROUND KEY:

00102030405060708090A0B0C0D0E0F0

Fig. 3.23 Encryption initial round (unrolling)

Round – 1

INPUT :

00102030405060708090A0B0C0D0E0F0

KEY :

D6AA74FDD2AF72FADAA678F1D6AB76FE

OUTPUT :

89D810E8855ACE682D1843D8CB128FE4

Fig 3.24 Encryption round - 1(unrolling)

Round – 2

INPUT :

89D810E8855ACE682D1843D8CB128FE4

KEY :

B692CF0B643DBDF1BE9BC5006830B3FE

OUTPUT :


Fig.3.25. Encryption round - 2(unrolling)

Round – 3

INPUT :


KEY :

B6FF744ED2C2C9BF6C590CBF0469BF41

OUTPUT :

FA636A2825B339C940668A3157244D17



961



Round – 4

INPUT :

FA636A2825B339C940668A3157244D17

KEY :

47F7F7BC95353E03F96C32BCFD058DFD

OUTPUT :

247240236966B3FA6ED2753288425B6C


Round – 5

INPUT :

247240236966B3FA6ED2753288425B6C

KEY :

3CAAA3E8A99F9DEB50F3AF57ADF622AA

OUTPUT :

C81677BC9B7AC93B25027992B0261996


Round – 6

INPUT :

C81677BC9B7AC93B25027992B0261996

KEY :

5E390F7DF7A69296A7553DC10AA31F6B

OUTPUT :



Round – 7

INPUT :


KEY :

14F9701AE35FE28C440ADF4D4EA9C026

OUTPUT :

D1876C0F79C4300AB45594ADD66FF41F


Round – 8



Output: fde3bad205e5d0d73547964ef1fe37f1

Fig.3.31. Encryption round – 8(unrolling)



962


Round – 9


Key : 549932d1f08557681093ed9cbe2c974e



Round – 10

INPUT :

BD6E7C3DF2B5779E0B61216E8B10B689

KEY :

13111D7FE3944A17F307A78B4D2B30C5

MIXCOLUMN_EN = 1

OUTPUT:

69C4E0D86A7B0430D8CDB78070B4C55A


3.2.2 Simulation results of decryption process:

Decryption Initial round

INPUT :

69C4E0D86A7B0430D8CDB78070B4C55A

KEY :

13111D7FE3944A17F307A78B4D2B30C5

OUTPUT :

7AD5FDA789EF4E272BCA100B3D9FF59F

Fig.3.34. Decryption Initial round (unrolling)

Round – 1


Key : 549932d1f08557681093ed9cbe2c974e

Output : 54d990a16ba09ab596bbf40ea111702f

Fig.3.35.Decryption round - 1(unrolling)

Round – 2



Output : 3e1c22c0b6fcbf768da85067f6170495


Round – 3

Input: 3e1c22c0b6fcbf768da85067f6170495

Key: 14f9701ae35fe28c440adf4d4ea9c026

Output: b458124c68b68a014b99f82e5f15554c



963



Round – 4

Input: b458124c68b68a014b99f82e5f15554c

Key: 5e390f7df7a69296a7553dc10aa31f6b

Output: e8dab6901477d4653ff7f5e2e747dd4f


Round – 5

Input : e8dab6901477d4653ff7f5e2e747dd4f


Output : 36339d50f9b539269f2c092dc4406d23


Round – 6

Input : 36339d50f9b539269f2c092dc4406d23


Output : 2d6d7ef03f33e334093602dd5bfb12c7


Round – 7



Output : 3bd92268fc74fb735767cbe0c0590e2d


Round – 8


Key : b692cf0b643dbdf1be9bc5006830b3fe

Output : a7be1a6997ad739bd8c9ca451f618b61


Round – 9



Output : 6353e08c0960e104cd70b751bacad0e7



964



Round – 10


Key : 000102030405060708090a0b0c0d0e0f

Output : 00112233445566778899aabbccddeeff


3.4 Tabulation of intermediate results of

Encryption and Decryption:

The intermediate results of Cipher or encryption process are shown below:

CIPHER (ENCRYPT):

PLAINTEXT : 00112233445566778899aabbccddeeff

KEY : 000102030405060708090a0b0c0d0e0f

Round [0]

Input: 00112233445566778899aabbccddeeff

Key: 000102030405060708090a0b0c0d0e0f

Round [1]

Input : 00102030405060708090a0b0c0d0e0f0

S_box :63cab7040953d051cd60e0e7ba70e18c

Shiftrow : 6353e08c0960e104cd70b751bacad0e7

Mix_col :5f72641557f5bc92f7be3b291db9f91a


Output : 89d810e8855ace682d1843d8cb128fe4

Round [2]

Input : 89d810e8855ace682d1843d8cb128fe4

S_box :a761ca9b97be8b45d8ad1a611fc97369

Shift_row :a7be1a6997ad739bd8c9ca451f618b61

Mix_col :ff87968431d86a51645151fa773ad009


Round [3]

Input : 4915598f55e5d7a0daca94fa1f0a63f7

S_box :3b59cb73fcd90ee05774222dc067fb68

Shiftrow : 3bd92268fc74fb735767cbe0c0590e2d

Mix_col : 4c9c1e66f771f0762c3f868e534df256


Output : fa636a2825b339c940668a3157244d17

Round [4]

Input : fa636a2825b339c940668a3157244d17

S_box : 2dfb02343f6d12dd09337ec75b36e3f0

Shiftrow : 2d6d7ef03f33e334093602dd5bfb12c7

Mix_col : 6385b79ffc538df997be478e7547d691


Output : 247240236966b3fa6ed2753288425b6c

Round [5]

Input : 247240236966b3fa6ed2753288425b6c

S_box : 36400926f9336d2d9fb59d23c42c3950

Shiftrow : 36339d50f9b539269f2c092dc4406d23

Mix_col : f4bcd45432e554d075f1d6c51dd03b3c


Output : c81677bc9b7ac93b25027992b0261996

Round [6]

Input : c81677bc9b7ac93b25027992b0261996

S_box : e847f56514dadde23f77b64fe7f7d490

Shitrow : e8dab6901477d4653ff7f5e2e747dd4f

Mix_col : 9816ee7400f87f556b2c049c8e5ad036

Key : 5e390f7df7a69296a7553dc10aa31f6b

Output : c62fe109f75eedc3cc79395d84f9cf5d



965


Round [7]

Input : c62fe109f75eedc3cc79395d84f9cf5d

S_box : b415f8016858552e4bb6124c5f998a4c

Shiftrow : b458124c68b68a014b99f82e5f15554c

Mix_col : c57e1c159a9bd286f05f4be098c63439

Key : 14f9701ae35fe28c440adf4d4ea9c026

Output : d1876c0f79c4300ab45594add66ff41f

Round [8]


S_box : 3e175076b61c04678dfc2295f6a8bfc0

Shiftrow : 3e1c22c0b6fcbf768da85067f6170495

Mix_col : baa03de7a1f9b56ed5512cba5f414d23


Output : fde3bad205e5d0d73547964ef1fe37f1

Round [9]


S_box : 5411f4b56bd9700e96a0902fa1bb9aa1

Shiftrow : 54d990a16ba09ab596bbf40ea111702f

Mix_col : e9f74eec023020f61bf2ccf2353c21c7

Key : 549932d1f08557681093ed9cbe2c974e


Round [10]

Input : bd6e7c3df2b5779e0b61216e8b10b689

S_box : 7a9f102789d5f50b2beffd9f3dca4ea7

Shiftrow : 7ad5fda789ef4e272bca100b3d9ff59f

Key : 13111d7fe3944a17f307a78b4d2b30c5

Output : 69c4e0d86a7b0430d8cdb78070b4c55a

INVERSE CIPHER (DECRYPT):

The intermediate results of Decipher or Decryption process are

shown below

Round [0]

Input : 69c4e0d86a7b0430d8cdb78070b4c55a

Key : 13111d7fe3944a17f307a78b4d2b30c5

Output : 7ad5fda789ef4e272bca100b3d9ff59f

Round [1]


Invshift_row : 7a9f102789d5f50b2beffd9f3dca4ea7

Invs_box : bd6e7c3df2b5779e0b61216e8b10b689

Key : 549932d1f08557681093ed9cbe2c974e

Add round key : e9f74eec023020f61bf2ccf2353c21c7

Inv_Mix_col : 54d990a16ba09ab596bbf40ea111702f

Round [2]


Invshiftrow : 5411f4b56bd9700e96a0902fa1bb9aa1

Invs_box : fde3bad205e5d0d73547964ef1fe37f1


Addroundkey : baa03de7a1f9b56ed5512cba5f414d23

Inv_Mix_col : 3e1c22c0b6fcbf768da85067f6170495

Round [3]

Input : 3e1c22c0b6fcbf768da85067f6170495

Invshiftrow : 3e175076b61c04678dfc2295f6a8bfc0

Invs_box : d1876c0f79c4300ab45594add66ff41f

Key : 14f9701ae35fe28c440adf4d4ea9c026

Addroundkey : c57e1c159a9bd286f05f4be098c63439

Inv_Mix_col : b458124c68b68a014b99f82e5f15554c

Round [4]

Input : b458124c68b68a014b99f82e5f15554c

Invshift_row :b415f8016858552e4bb6124c5f998a4c

Invs_box : c62fe109f75eedc3cc79395d84f9cf5d

Key : 5e390f7df7a69296a7553dc10aa31f6b

Addroundkey : 9816ee7400f87f556b2c049c8e5ad036

Inv_Mix_col : e8dab6901477d4653ff7f5e2e747dd4f

Round [5]

Input :e8dab6901477d4653ff7f5e2e747dd4f

Invshift_row :e847f56514dadde23f77b64fe7f7d490

Invs_box : c81677bc9b7ac93b25027992b0261996


Addroundkey : f4bcd45432e554d075f1d6c51dd03b3c



966


Inv_Mix_col : 36339d50f9b539269f2c092dc4406d23

Round [6]

Input : 36339d50f9b539269f2c092dc4406d23

Invshift_row : 36400926f9336d2d9fb59d23c42c3950

Invs_box : 247240236966b3fa6ed2753288425b6c


Addroundkey : 6385b79ffc538df997be478e7547d691

Inv_Mix_col : 2d6d7ef03f33e334093602dd5bfb12c7

Round [7]


Invshift_row : 2dfb02343f6d12dd09337ec75b36e3f0

Invs_box :fa636a2825b339c940668a3157244d17


Addroundkey : 4c9c1e66f771f0762c3f868e534df256

Inv_Mix_col : 3bd92268fc74fb735767cbe0c0590e2d

Round [8]


Invsshift_row : 3b59cb73fcd90ee05774222dc067fb68

Invs_box : 4915598f55e5d7a0daca94fa1f0a63f7


Addroundkey : ff87968431d86a51645151fa773ad009

Inv_Mic_col : a7be1a6997ad739bd8c9ca451f618b61

Round [9]


Invshift_row : a761ca9b97be8b45d8ad1a611fc97369

Invs_box : 89d810e8855ace682d1843d8cb128fe4


Addroundkey : 5f72641557f5bc92f7be3b291db9f91a

Inv_Mix_col : 6353e08c0960e104cd70b751bacad0e7

Round [10]


Invshift_row : 63cab7040953d051cd60e0e7ba70e18c

Invs_box : 00102030405060708090a0b0c0d0e0f0

Key : 000102030405060708090a0b0c0d0e0f

Addroundkey : 00112233445566778899aabbccddeef

3.5 Key generation simulation results:

Input key : 000102030405060708090a0b0c0d0e0f

for Nk = 4, which results in

Fig 3.45 Simulation result of Key expansion

3.5.1 Tabulation of Key generation results

The key generation results are tabulated in Table 6.1

Table 6.1 Key expansion results

S.No. i W(i)

1 0 00010203

2 1 04050607

3 2 08090a0b

4 3 0c0d0e0f

5 4 d6aa74fd

6 5 d2af72fa

7 6 daa678f1

8 7 d6ab76fe

9 8 b692cf0b

10 9 643dbdf1

11 10 be9bc500



967


12 11 6830b3fe

13 12 b6ff744e

14 13 d2c2c9bf

15 14 6c590cbf

16 15 0469bf41

17 16 47f7f7bc

18 17 95353e03

19 18 f96c32bc

20 19 fd058dfd

21 20 3caaa3e8

22 21 a99f9deb

23 22 50f3af57

24 23 adf622aa

25 24 5e390f7d

26 25 f7a69296

27 26 a7553dc1

28 27 0aa31f6b

29 28 14f9701a

30 29 e35fe28c

31 30 440adf4d

32 31 4ea9c026

33 32 47438735

34 33 a41c65b9

35 34 e016baf4

36 35 aebf7ad2

37 36 549932d1

38 37 f0855768

39 38 1093ed9c

40 39 be2c974e

41 40 13111d7f

42 41 e3944a17

43 42 f307a78b

44 43 4d2b30c5

4. Conclusion:

In this chapter shown the simulation and synthesized results of rolling and unrolling

architecture methods of AES algorithm and

programming results of encryption.bit file and

decryption. Bit file on FPGA chip.

5. Conclusion And Future Scope:

Hardware implementation of optimized

area blocks cipher AES have been implemented

using Field programmable gate array (FPGA). By applying area optimization techniques i.e by using

rolling architecture method the occupied area is

reduced. This technique can be used in low end

customer products with lower throughput, such as

PDAs, wireless network devices, and many other

embedded applications where speed is not a

criteria.

The AES (unrolling technique) achieves a

high throughput but occupies large area

comparatively our design method. So it is used in

high end devices such as Satellite communication, Internet Routers etc. where speed is more

criteria.The function of the AES algorithm is

simulated using Modelsim and the area

optimization is verified by implementing this

algorithm on Xilinx Spartan 3e FPGA using Xilinx

synthesis tools.

Since this paper is concentrated on design

considerations at the algorithmic level, future

research could also carry out a similar performance

analysis on designs targeting the hardware level

using optimization techniques such as pipelining. It

is also found that this 8-bit AES implementation can further applied to 32-bit AES implementation

to reduce the slice numbers and increase the

working frequency.

6. References:

[1] Alireza Hodjat, Ingrid Verbauwhede,"Minimum Area Cost for a 30 to 70 Gbits/s AES Processor", IEEE Computer society Annual Symposium on VLSI, 2004. Proceedings, Page(s):83 - 88, Feb. 2004.

[2]http://www.progressivecoding.com/tutorial.php?id=0

[3]http://en.wikipedia.org/wiki/Advanced_encryption_standard

[4] http://csrc.nist.gov/publications/fips/fips197.pdf

[5]http://www.abisoft.net/documents/AESbyExample.htm

[6]http://www.opencores.org/projects.cgi/web/aes_crypto_core/overview.

[7] J. Bhasker, “ A VHDL primer”, Pearson, 3rd edition, 2004.

http://www.progressivecoding.com/tutorial.php?id=0

http://en.wikipedia.org/wiki/Advanced_encryption_standard



http://csrc.nist.gov/publications/fips/fips197.pdf

http://www.design-reuse.com/exit/?url=http://www.abisoft.net/documents/AESbyExample.htm



http://www.opencores.org/projects.cgi/web/aes_crypto_core/overview





968


[8] NIST. Announcing the advanced encryption standard (AES), FIPS 197 Technical report, National Institute of Standards and Technology, November 2001.

[9] Pawel Chodowiec, Kris Gaj,"Very Compact FPGA Implementation of the AES Algorithm", CHES 2003,

LNCS 2779, pp. 319-333, 2003.

[10] Tim Good,Mohammed Benaissa “very small FPGA Application-Specific instruction processor for AES”,IEEE Trans. Circuit and System, volume.53, no.7, 2006.

[11] William stallings, “Cryptography and Network security principles and practices”, Pearson, 2nd edition, page (19-126), 2005.

[12] William stallings, “Network security essentials

applications and standards”, Pearson, Page (42-82), 2008.

[13] X.Zhang , K.K.Parthi,“High-speed VLSI architecture for the AES algorithm”, IEEE Transaction, Very Large Scale Integrated Circuit (VLSI) system, Volume No.12, no.9, September 2004, pp: 957-967.

Documents

FPGA IMPLEMENTATION OF AREA OPTIMIZED AES …ijarcet.org/wp-content/uploads/IJARCET-VOL-5-ISSUE-4-948-968.pdf · FPGA IMPLEMENTATION OF AREA OPTIMIZED AES ... A control unit generates