Optimizing VLSI Architecture for Data Encryption Standard with FPGA Realization
Abstract—To achieve the goal of secure communication,
cryptography is an essential operation. Many applications,
including health-monitoring and biometric data based
recognition system, need short-term data security. To design
short-term security based applications, there is an essential need
of high-performance, low cost and area-efficient VLSI
implementation of lightweight ciphers. Data encryption standard
(DES) is well-suited for the implementation of low-cost
lightweight cryptography applications. In this paper, we propose
an efficient VLSI architecture for DES algorithm based
encryption/decryption engine. Depending upon the
encryption/decryption needs, the same set of architecture
performs both encryption and decryption operations. In the
implementation of DES algorithm, a chain of multiplexer-based
architecture is used to implement the substitution operations (S-
Boxes). The proposed architecture is modeled in the VHDL
design language and synthesized in the Xilinx Virtex-5 xc5vfx70t
field-programmable gate array (FPGA) device. Hardware
synthesis result shows that the proposed design utilizes only 1.07
% slice LUTs, 0.31 % slice registers and 29.22 % of bonded IOBs
of the FPGA device fabric.
Keywords—DES; encryption/decryption; block cipher;
lightweight cryptography; VLSI architectures; FPGAs.
I. INTRODUCTION
In modern authentication-based applications, such as: bank
transactions, electronic mail, audio/video conferencing etc.,
secure communication is very essential. The secure
communication requires a mechanism, which insures that no
unauthorized person can access the communicated information
over the unsecure medium. Thus, to accomplish the task of
information security; cryptography is must [1,2].
Cryptography is a science that enables the confidentiality
of communication through an insecure channel [1]. The basic
cryptographic processes consist of conversion of plaintext into
a ciphertext by the process of encryption and retrieval of the
plaintext from the ciphertext by decryption process. The
cryptographic process is used for authentication in many
applications such as: in bank cards, wireless telephones,
e-commerce, pay-TV, etc. [2]. Encryption/decryption is also
required for the access control in many systems, such as car-
lock systems, lifts, metro trains, etc. Nowadays it is widely
used for electronic payment in prepaid telephone cards, e-cash
cards etc. [1,2].
Some of the applications including health-monitoring and
biometric data based recognition applications need short-term
security. In addition, with advent of embedded computing and
omnipresent smart embedded devices, there is a need of high-
performance, area-efficient and low cost very-large-scale
integration (VLSI) implementation of lightweight ciphers such
as data encryption standard (DES). For the implementation of
low-cost lightweight cryptography, the DES algorithm is very
well suited [3,4]. DES algorithm is a symmetric block cipher
and it provides adequate level of security with low hardware
cost [5]. Though, the 56-bit key limits the security level, yet,
brute-forcing this key space using software requires a few
months alongwith several computing engines [4,6]. Although,
DES has evolved into the advanced encryption standard (AES)
[7], nonetheless, many applications continue to rely on DES
for cryptography and information security. Therefore, the
designers and implementers continue to support for efficient
architecture for the DES in many short-term security
applications [6]. Thus, there is always a need of optimized,
high-performance hardware implementation of DES and other
lightweight ciphers [3].
Based on the above discussion, a lightweight DES
implementation has been reported in [4]. Here, they have used
a single substitution box, which are used eight times. The
implemented design has been used for resource-limited
applications that include, radio frequency identification
(RFID) tags, wireless sensor nodes applications, etc. In
another implementation [8], a JBits programming language
based implementation of the DES algorithm for Xilinx Virtex
field- programmable gate array (FPGA) has been described. In
this implementation, sixteen rounds of the DES algorithm have
been fully unrolled. A performance analysis of DES, 3DES,
Blowfish and AES encryption/decryption algorithms have
been provided in [9].
In this paper, we have proposed a simple and efficient
VLSI architecture for computation of DES algorithm [10,11].
The proposed architecture requires nineteen clock cycles to
encrypt a plaintext into ciphertext. The decryption process is
identical to encryption operation and it completes the
decryption process in nineteen clock cycles. The key
generation process is realized in a combinational datapath and
it provides all the required sixteen round keys to the
encryption/decryption block in the first cycle of the clock. By
this, it makes the decryption block to start the decryption
process by using the last round key, which is mandatory as per
the DES decryption algorithm. To implement an S-Box, five
multiplexers (MUXs) are used. Out of the five MUXs, four
MUXs are of 4-bit, 16-to-1 MUXs and one 4-bit, 4-to-1 MUX.
To make the design work in pipelined mode the inputs and
outputs are registered.
 Rest of this paper is organized as follows: in Section II, an
Input 64
overview of the DES algorithm has been provided. Section III
has been used to present the proposed architecture for the DES Key Clk Key
encryption/decryption. This section has also been use to cover Generation
detailed architectural design of the various basic building
Clk
blocks of the proposed architecture. Section IV has been used
to provide FPGA-based implementation of the proposed Reset Controller 48 Round Key
architecture and its experimental results. Finally, conclusions
EN_DE
are drawn in Section V.
Encryption/
II. THE DATA ENCRYPTION STANDARD (DES) ALGORITHM Clk Decryption
Plain 64
The DES algorithm is a symmetric block cipher. It is an Text
iterated block cipher algorithm, which is realized on 64 Ciphertext/
permutation, XOR and substitution operations. All these Plaintext
operations are sequential in nature and iterates in sixteen
internal rounds. The algorithm is based on the principles of Fig. 1. A top-level block disgarm for DES encryption/decryption.
Feistel cipher structure [2]. Here, a round function F consists
The controller is designed to generate various required
of expansion/permutation, XOR, and substitution operations.
control signals for controlling the key generation process and
Here, a 64-bit plaintext is divided into, two, 32-bit halves, the encryption/decryption engine. The detailed scheme for the
L0 (left) and R0 (right). These two halves pass through sixteen controller is given in Subsection B. Subsection C is used to
rounds of internal processing and then combine to produce the discuss the architecture for a substitution box (S-Box).
64-bit ciphertext. Each round i has inputs Li-1 and Ri-1 derived A detailed view of the proposed VLSI architecture for
from the previous round. In addition, each round function F, encryption/decryption using DES algorithm is shown in Fig. 2.
requires a 48-bit unique subkey Ki, which is generated from Here, the datapath of this architecture consists of a set of
the 64-bit input key K by the round key generation process. multiplexers, registers, permutation/expansion and substitution
The overall processing at each round is summarized as: operations. The permutation/ expansion operation is a simple
bit-transposition operation, which requires only simple data
Li  Ri 1 (1) routing. The substitution operation requires eight different
R i  Li  F , Ki (2) substitution boxes [2]. To implement an S-Box, we have
proposed a multiplexer based design, which is explained in
1
Ri1  Subsection C.
The 32-bit R input is first expanded to 48-bits by using
permutation plus expansion. The output is then XORed with Plain Text
64
Key
63 0
round key Ki. This 48-bit output passes through a substitution Initial Permutation
table (S-Box) that produces a 32-bit output, which is permuted
as per the DES algorithm [2]. The key generation process 32

32
32

32
64

starts with first permutation choice, which transforms the 64- 0 1

Sel_L_Mux 0 1
bit input key into 56-bit permutated output.
Sel_R_Mux
MuxL MuxR

This output is treated as two 28-bits data C0 and D0. At EN_L_Reg

Li-1 Ri-1
EN_R_Reg
Reset
each round, Ci-1 and Di-1 are separately and circularly left-
Reset
Clk L-Reg Clk
R-Reg
shifted by 1 or 2 bits which serve as input to the next round
[1]. The shifted data is then provided to the second Expansion (E)
0
48
48
K0

permutation choice, which produces a 48-bit output that serves 48 1 K1

as input to the function F Ri1 , Ki  as required in (2). In next

32 48
XOR
F
48
48
Sel

section, we propose an architecture for the DES 15 K15

S-Box1 S-Box2 S-Box8
4

encryption/decryption engine. 32

Permutation (P)
UP/Down
III. A VLSI ARCHITECTURE FOR THE DES ALGORITHM 32
Counter
XOR
A top-level view of proposed architecture for the DES 32
algorithm is shown in Fig. 1. Here, both the encryption and 32 32

decryption operations use the same set of hardware building EN_Swap

Data Swapping
blocks. The three main components of the DES
encryption/decryption computing scheme are: key generation, EN_Inv_Perm
Inverse Permutation

controller and a encryption/decryption engine. EN_Out

Clk

Reset
ntrolle
The key generation block is use to take 64-bit input key Reset
Clk
Output Register EN_DE

and it generates sixteen, 48-bit round keys for the sixteen Ciphertext/Plaintext

individual rounds. The complete round key generation process

is covered in Subsection A. Fig. 2. A VLSI architecture for DES encryption/decryption computation.
 The main building blocks of the proposed architecture
have been arranged in different subsections, which are
described below.
A. Round Keys Generation Process
As per the DES algorithm needs, the architecture shown in
Fig. 2 requires a round key in each rounds. The steps for the
round key generation process are shown in Fig. 3. The round
key generation process is use to generate 48-bit unique round
keys for the each individual rounds.
In the DES algorithm, sixteen rounds are required to
generate the sixteen round keys. To start the round key
generation process, first a 64-bit input key is provided to the
permutation choice-1 (permutation-1) block [1,2].The
permutation-1 block permutes the input key into 48-bit data,
which are provided to two 28-bit blocks (C and D). After that,
the two 28-bit data are circularly left shifted by one or two
bits, which depends upon the number of round as per the DES
key generation algorithm [2]. The encryption/decryption
operation is managed by the controller, which is explained
below.
B. Controller for the Encryption/Decryption Operation
A controller has been designed for providing necessary Fig. 3. Round key generation scheme.
control signals to the proposed architecture of Fig. 2. The
proposed controller has six different states, which are shown In the Decrypt_Rounds state, the machine completes
in a form of finite state machine (FSM) in Fig. 4. As shown in sixteen decryption rounds, which are required as per the DES
the this figure, when the asynchronous reset input is at logic algorithm [2]. The next state of both, the Encrypt_Rounds
‘1’ value, the machine resides in the Idle state and it generates state and that of Decrypt_Rounds state is followed by a same
two control signals, Sel_L_Mux and Sel_R_Mux. Both of these state and it is called Result state. In the Result state, the
control signals are kept at logic ‘0’ level. After generating the generated control signals are: En_Swap, En_Inv_Perm and
above control signals, the machine waits for an external En_Out. All of these generated control signals have logic ‘1’
En_De input signal, which is used to select the level.
encryption/decryption operation. When the En_De signal is at
logic ‘1’, the machine enters into the Encrypt state otherwise
the next state would be a Decrypt state.
When the machine resides in the Encrypt state, two control
signals En_Counter and En_Encrypt both at logic ‘1’ level are
generated. Whereas, in the Decrypt state, the En_Counter
control signal is at logic ‘1’ and En_Encrypt control signal has
logic ‘0’ level. When the signal En_Encrypt is at logic ‘1’, the
counter shown in Fig. 2 is works as an up counter (counts
from 0 to 15). This counter has been used to select the round
keys in increasing order. Similarly, when the En_Encrypt
control signal is at logic ‘0’ the counter works as a down
counter and it selects the round keys in the decreasing order
(from 15 down to 0).
The Encrypt state is followed by the Encrypt_Rounds state
where the machine completes its sixteen encryption rounds, as
governed by the DES algorithm [2]. In the Encrypt_Rounds,
the generated control signals are, En_Counter, En_Encrypt,
Sel_L_Mux, Sel_R_Mux, En_L_Reg and En_R_Reg. All of
these generated control signals are kept at logic ‘1’ level.
Similar to this state, after the Decrypt state, the machine enters
into the Decrypt_Rounds state and it use to generate the
similar signals as with the Encrypt_Rounds, except the
En_Encrypt signal, which is at logic ‘0’ level.
Fig. 4. Control signal generation using a FSM.
C. Architecture for an S-Box
The substitution operation consists of a set of eight
substitution boxes (S-Boxes). Each S-Box accepts 6-bit input
and it provides 4-bits output. The S-Box transformation
operation is defined in [2]. The S-Boxes can be designed by
using only a set of five multiplexers (MUXs). Using this
approach, a proposed architecture for the realization of an
S-Box using the MUX-based approach is shown in Fig. 5.
Here, to implement the S-Box, five MUXs have been
used. The first four MUXs (MUX_S00, MUX_S01, MUX_S10,
MUX_S11) are of 4-bit, 16-to-1 MUX. These MUXs are used
to provide four rows of the S-Box[2]. The same select lines
drive the chain of four MUXs and it is used to select the
content of different individual rows. The select lines of these
MUXs arrive from the middle four bits of the input to the S-
Box as per the S-Box selection rule [2].
The right MUX (MUX_SBox) is a 4-bit, 4-to-1 MUX.
Here, the first-bit (MSB), S-Box_IN[5] and last-bit (LSB) S-
Box_IN[0], of the input to the MUX_SBox, form a 2-bit
binary number. These two bits are used as select lines for this
multiplexer. This multiplexer is used to select one of the four
outputs of the left four MUXs and provides 4-bit output signal
SBOX_Out.
The design of the proposed S-Box is very simple and
regular in nature. The architecture for the S-Box is highly
regular and has very simple routing connections. By this, to
design a set of eight S-Boxes (as shown in Fig. 2.), the above
S-Box has been utilized eight times with their corresponding
substitution values, which are provided by the DES algorithm
and also discussed in [1].
 S 00  0
 S 00 1
 S 00 15
 S 01 0
S 01 1
 S 01 15
 S 10 0
 S 10 1
 S 10  15
 S 11 0
 S 11 1
TABLE I.
 S 11 15
Fig. 5. Realization of an S-Box of DES algorithm.
D. The Encryption/Decryption Operation
The proposed architecture works for both encryptions as
well as for decryptions, which depends upon the input signal
‘EN_DE’. When the signal EN_DE is at logic ‘1’, the
controller resides in the Encrypt state and it asserts
En_Encrypt to logic high. The architecture performs the
encryption operation. Similarly, when EN_DE is at logic low
in the Decrypt state, the architecture performs decryption
operation.
As shown in the proposed architecture as in Fig. 2, and the
controller shown in Fig. 4, the Sel_L_Mux signal is used as a
selection line for the MuxL and the Sel_R_Mux signal is used
for input selection of MuxR. Initially, in Idle state, both of
these select signals are at logic ‘0’. These selection lines are
used for the selection of initial permutated inputs and routing
them to the L_Reg and R_Reg registers respectively.
The architectures require a 48-bit XOR gate for signal
‘E_XOR_K’. One of the input signals of the gate comes from
the expansion permutation operation (E) and the other signal is
one of the sixteen, 48-bit round keys. The output of the XOR
gate is provided to the substitution boxes (S-Boxes). The 32-
bit output of the eight S-Boxes is then permutated (P).As per
(2), the permutated output is then XORed with the left 32-bits
of the initial permutated 32-bits, which have been selected by
the MuxL. The output of the operation is then stored in the
register R-Reg as per (1).
The above operations are executed sixteen times and it is
controlled by the various control signals generated by the
controller shown in Fig. 4. After completion of all the rounds,
registered output is available after nineteen clock cycles.
Depending on the encryption/decryption operation, which is
controlled by EN_DE signal, the generated output is ciphertext
or plaintext.
IV. EXPERIMENTAL RESULTS
A ModelSim simulation result of the proposed design is
shown in Fig. 6. As depicted in the figure, the
encryption/decryption operation requires nineteen clock
cycles. In the operation, the En_DE signal is at logic ‘1’ for
the encryption. The signal has been set at logic ‘0’ for
performing the decryption operation. The design has been
thoroughly verified by providing sample vectors in the form of
uniform random numbers for plaintext and cipher keys.
The proposed architecture completes each of the
encryption/decryption rounds in one clock cycle. Further, to
make an estimate of the complete hardware resources need a
fully loop-unrolled DES algorithm implementation [8] is done.
The utilization of the macro statistics is shown in Table I.
The implemented design has been compared with the
implementation of [8].
MACRO-LEVEL COMAPRISION.
S. No. Macro Name Loop Unrolled Proposed
Design [8] Design
1. Multiplexers 640 44
2. XORs 32 2
3. Counter 0 1
4. Registers 3 3
5. Comparators 0 2
 Fig. 6. A Modelsim simulation result of the design.

As shown in Table I, in comparison to the loop-unrolled V. CONCLUSION

DES implementation given in [8], the proposed design utilizes In this paper, we have proposed an efficient VLSI
14.55 times lesser multiplexers and 16 times lesser XOR architecture for data encryption standard (DES) algorithm
gates. Additionally, the proposed design requires one 4-bit based encryption/decryption. As per the requirements of
counter and two comparators. encryption/decryption operation, the same set of architecture
The proposed architecture, shown in Fig. 2, is can be used to perform both encryption as well as the
implemented in the VHDL design language, and synthesized decryption. The substitution operation (S-Box) needed in the
using Xilinx ISE 14.4 for Virtex-5 xc5vfx70t FPGA device. DES algorithm has been implemented by multiplexer-based
The FPGA device utilization summary of the proposed architecture. The proposed architecture is very regular and it
architecture is given in Table II. requires very low amount of hardware resources, therefore it
TABLE II. FPGA DEVICE UTILIZATION SUMMARY. can be efficiently utilized in lightweight cryptography
applications. The design has been modeled in the VHDL
Elements
language and Device
it has been Utilization forUtilization
synthesized (%)
Xilinx Virtex-5 xc5vfx70t FPGA device.
Slice LUTs 478/44800 1.07 %
Slice Registers 138/44800 0.31 % REFERENCES
Bonded IOBs 187/640 29.22 %
BUFG 1/32 3.13 %
The FPGA device utilization of the synthesized design [1] W. Stallings, Cryptography and Network Security Principles and
shows that it utilizes, 1.07 % FPGA slices, 29.22 % Bounded Practice, 5th ed. Prentice Hall, 2011.
IOBs and 3.13 % of total BUFG elements. A synthesized RTL [2] S. Vaudenay, A Classical Introduction to Cryptography: Applications for
schematic view of the proposed architecture is shown in Fig. Communications Security. Springer Science & Business Media, 2006.
7. [3] T. Eisenbarth, S. Kumar, C. Paar, A. Poschmann, and L. Uhsadel, “A
survey of lightweight-cryptography implementations,” IEEE Design &
Test of Computers, vol. 24, no. 6, 2007, pp. 522-533.
[4] G. Leander, C. Paar, A. Poschmann, and K. Schramm, “New
Lightweight DES Variants,” in Fast Software Encryption (FSE 2007), A.
Biryukov, Ed. Springer Berlin Heidelberg: LNCS 4593, 2007, pp. 196-
210.
[5] E. Biham and A. Shamir, Differential Cryptanalysis of the Data
Encryption Standard. Springer Science & Business Media, 2012.
[6] S. Kelly. (2006, Dec.) Security implications of using the data encryption
standard (DES). [Online]. https://tools.ietf.org/html/rfc4772
[7] J. Daemen and V. Rijmen, The design of Rijndael: AES-the advanced
encryption standard. New York, USA: Springer Science & Business
Media, 2013.
[8] C. Patterson, “High performance DES encryption in Virtex FPGAs using
JBits,” in IEEE Symposium on Field-Programmable Custom Computing
Machines, Napa Valley, CA, 2000, pp. 113-121.
[9] O. P. Verma, R. Agarwal, D. Dafouti, and S. Tyagi, “Peformance
analysis of data encryption algorithms,” in 3rd Int'l Conf. on Electronics
Computer Technology (ICECT), vol. 5, Kanyakumari, 8-10 Apr. 2011,
pp. 399-403.
[10] M. E. Smid and D. K. Branstad, “Data encryption standard: past and
future,” Proc. of the IEEE, vol. 76, no. 5, pp. 550-559, 1988.
Fig. 7. FPGA implemention of the proposed architecture. [11] S. Landau, “Standing the test of time: The data encryption standard,”
Notices of the AMS, vol. 47, no. 3, Mar. 2000, pp. 341-349.