International Journal of Computer Applications (0975 – 8887)
Volume 23– No.4, June 2011
Efficient Modular Adders for Scalable
Encryption Algorithm
K.J. Jegadish Kumar K.Chenna Kesava
Assistant Professor Reddy
SSN College of Principal
Engineering Kalavakkam - Jyothismathi College of
603110 Chennai, India Engineering and Tec hnology
Shamirpet-500078, India
ABSTRACT
Scalable Encryption algorithm (SEA) is a symmetric block
cipher, specially designed for resources constrain systems
like, sensor nodes, RFIDs and other ultra low power
operated portable devices. SEA proposes low cost
encryption routines (i.e. small code size, memory and
power), targeted for processors with a limited instruction
set. SEA is parametric with text, key and processor size,
and allows efficient combination of encryption/decryption
and key derivation. In this paper, we investigate the
performance of SEA using efficient architectures of 2b and
2b-1 modular adders in a Field programmable gate array
(FPGA) device. For this purpose, an iterative loop design
of the block cipher is first implemented on FPGA. Beyond
its low cost performances, the proposed architecture is
fully flexible with any parameters and takes advantage of
generic VHDL coding. Our efficient modular adders‟
implementation achieves lower area and power
consumption on the target platform VIRTEX-4, xc4vl25 -
10ff668.
Keywords: Block ciphers, constrained applications,
M odular adders, FPGA implementation.
1 INTRODUCTION
Resource constrained encryption does not have an
extensive narration in symmetric cryptography. Notable
examples of such ciphers are the Tiny Encryption
Algorithm TEA or Yuval's proposal. However, both of
them are relatively old and do not provide provable
security against attacks such as linear and differential
cryptanalysis. Present block ciphers, like the Advanced
Encryption Standard Rijndael rather focus on finding a
good trade-off between cost, security and performance.
Hence, there arises a need for a new cryptosystem that
provides suitable solution for resource constrained
systems. Embedded applications such as building
infrastructures present a significant opportunity and
challenge for such new cryptosystems. One such new
cryptosystem is Scalable Encryption Algorithm (SEA).
1.1 SEA: An Ove rvie w
The purpose for SEA is to implement in limited processing
resources (e.g. a small processor); the proposed
architecture is parametric with respect to plaintext,
ciphertext, key and the processor size. Since the
architecture is parametric in nature, there is flexibility and
allows implementing in all platforms with minimum code
change. M ost algorithms perform differently on different
platforms but SEA is an exception as it allows obtaining a
S. Salivahanan
Principal
SSN College of Engineering
Kalavakkam-603110
Chennai, India
small encryption routine targeted to any given processor,
the security of the cipher being adapted in function of its
key size. Since we operate on a limited resource processor,
we only do some basic operations (i.e. XOR, AND, OR,
mod 2b addition).
1.2 Related Work
There are many cryptograp hic algorithms that require high
or moderate processing power and area. They are
Advanced Encryption Standards (AES), Data Encryption
Standard (DES), Tiny Encryption Algorithm (TEA), and
Extended TEA (XTEA). These encryption algorithms are
not best suited to be implemented in a resource constrained
system due to various complexities involved like i.e. Non
Scalability, Processor Intensive, and Security Level.
AES (Rijndael) [7, 9] comprises three block ciphers, all the
block cipher vary depending on the number of bits. AES is
a fixed block cipher of 128 bits with a key size of
128,192,256. AES requires four 256 entry, 32 bit tables, so
totally 4096 of memory which equals 1kilo byte for each
table. AES is more processor intensive and is non scalable,
so it cannot be implemented on constrained systems.
Though there are efficient implementations of AES [7] ,
there are still non- scalable for need of any processing
platform.
DES [4] is based on symmetric key algorithms of bit size
56. DES is the archetypal block cipher – an algorithm that
takes a fixed length string of plaintext bits and transforms
through the series of complicated operations into another
cipher bit string of the same key. DES by itself is not a
secure means of encryption but must instead be used in a
mode of operation as suggested by FIPS-81(Federal
Information Processing Standard). DES is more
processor intensive, non scalable and is breakable by
Linear Cryptanalysis.
TEA [5] is notable for its simplicity and implementable on
various platforms (scalability) and operates on 64 bit
blocks and uses 128 bit key. When crypt analyzed with
equivalent key, each key gives three other keys. So in
terms of security TEA is insecure [7]. XTEA was an
advanced version of TEA, mainly aimed at improving all
the security glitches. XTEA has complex key scheduling
and rearrangement of Shift XOR and addition operations.
XTEA is vulnerable to related key differential attack. Like
SEA, HIGHT [8] is also another Block Cipher for resource
constrained systems, but its non scalable and consumes
more number of gates and the throughput and operating
frequency are much less when compared to SEA. So,
1
 International Journal of Computer Applications (0975 – 8887)
Volume 23– No.4, June 2011

implementing SEA for constrained systems is a better
option.
This paper is organized as follows. The introduction and
literature survey are provided in section 1. Section 2
describes parameters, definitions and basic operations for
implementation of SEA. Section 3 Illustrates hardware
implementation of efficient M odular adders. In section 4
implementation results of different M odular adder
architectures are presented and compared. Finally,
conclusions are made in section 5.
In this section, we give a complete description of the
algorithm, starting with the important parameters, and then
emphasizing its basic operation. Afterwards follows the
round and key round description of SEA is presented [1].
2.2.2 Encrypt/Decrypt and Key round
The encrypt round FE, decrypt round FD and key round FK
are defined as:
Encryption Round FE :

2. IMPLEMENTATION OF SEA
M ost present symmetric encryption algorithms result from
a tradeoff between implementation cost and resulting
performances. In addition, they generally aim to be
Decryption Round FD :
implemented efficiently on a large variety of platforms.
SEA takes an opposite approach and considers a context
where we have very limited processing resources and
throughput requirements. It was initially designed as a
low-cost encryption and authentication routine targeted for
processors with a limited instruction set. Additionally and
contrary to most recent block ciphers (e.g. the DES and
AES Rijndael), the algorithm takes the plaintext, key and
the bus sizes as parameters and therefore can be
straightforwardly adapted to various implementation
contexts and/or security requirements. Compared to older
solutions for low cost encryption like TEA (Tiny
Encryption Algorithm) or Yuval‟s proposal, SEA also
benefits from a stronger security analysis, derived from
recent advances in block cipher design/cryptanalysis [2,3].
In practice, SEA was proven to be an efficient solution for
embedded software applications using microcontrollers,
but its hardware performances have not been investigated
meticulously. In this paper therefore proposes to
investigate the interest of this algorithm for area and power
in constrained applications. The investigation starts with
an exploration of the features of a low cost FPGA
encryption/ decryption core for SEA [1] and our progress
were to design efficient modular adders to reduce the
Figure. 2.1. Encrypt/decrypt round and key round,
hardware complexities in terms of area and power.
Key Scheduling Round FK :

2.2 Algorithmic Description

2.2.1 Basic Operations

Due to its simplicity constraints, SEA n,b is based on a
limited number of elementary operations (selected for their
availability in any processing device) denoted as bitwise
XOR , substitution box S, word (left) rotation R and
inverse word rotation R-1, bit rotation r, addition mod 2b .
The detailed description of algorithm has been presented in
[2]. Studies were done on each operator to understand
finally the Substitution Box and M odulo 2 b adders costs
for more hardware complexity. The fundamental addition
mod 2b is narrated [1] as follows
Addition mod 2b : The mod 2b addition is defined on
nb-word vectors:
2.2.3 The Complete Ciphe r
The cipher iterates an odd number nr of rounds. The
pseudo code[2] illustrates the necessary steps to encrypt a
plaintext P under a key K and produce a ciphertext C. P,C
and K have a parametric bit size n. The operations within
the cipher are performed considering parametric b-bit
words. In this pseudo code, the „&‟ relates to the
concatenation operator, KR nr/2 is taken before the switch
and C(i) is a nb -word vector of which all the words have
value 0 excepted the LSB that equals i. Decryption is
exactly the same, using the decrypt round FD. Since nr is
odd, for key scheduling and encryption the value of n r
must rounded up or down.

2.2.4 Suggested Number of rounds

The minimum required number of rounds to provide
security against known attacks would be nr = [3(n/4) +
2((n/2b )+ b/2)]. This roughly corresponds to the number

2
 International Journal of Computer Applications (0975 – 8887)
Volume 23– No.4, June 2011

of rounds to resist linear/differential attacks plus twice the Algorithm 3.1 M odulo m addition.
number of rounds to obtain complete diffusion (to prevent b-1 b
1: Choose b such that 2 < m < 2
both structural attacks and outer rounds improvements of 2: s 0 ← x + y
statistical attacks). The value of nr must be always odd, if b b
3: s 1 ← (s 0 mod 2 ) + 2 − m
not 1 must be added to make it odd.
4: if the carry-out bit of s 0 or s 1 is one then
b
5: (x + y) mod m ← s 1 mod 2
3. HARDWARE IMPLEMENTATION 6: else
b
7: (x + y) mod m ← s 0 mod 2
3.1 Implementation Description 8: end if
The first investigation step to the hardware implementation
of SEA proposes to take a look at a straightforward The architecture of implemented algorithm 3.1 is already
implementation of the algorithm on an FPGA platform, portrayed in[1] and in Figure 3.1 . Our proposed [1]
achieving one round per clock cycle and denoted as the modulo addition algorithm leads to smallest circuits, in
loop implementation. Resource-consuming blocks are the turn reduced overall circuit complexity of SEA.
S-boxes and the mod 2b adder; the Word Rotate and Bit
Rotate blocks are implemented by swapping wires.
According to the specifications, the key schedule contains
two multiplexors allowing switching the right and left part
of the round key at half the execution of the algorithm,
using the appropriate command signal Swap. The
multiplexer controlled by Switch provides the round
function with the right part of the round key for the first
half of the execution and transmits its left part instead after
the switch. The Generic Loop Architecture is simple and
only changes in the location of the R and R -1 Block. The
number of rounds nr is an optional input that can be
automatically derived from n and b. In this paper , we
mainly focused to propose different architectures of light
weight M odular adders in consider of efficient area and
low power optimization at the synthesizable VHDL
design level. We implemented each architecture of Figure 3.1
modular adders individually in VHDL and then combined
with other components to build a whole SEA.
3.2.1 Modulo (2b ± 1) Addition
3.2 Implementation of efficient Modular
adders Some improvements of the adder-based operator previ-
ously described are possible for specific values of m ie., 2b.
For instance, modulo (2b − 1) addition, or one‟s
Our proposed M odular adder designs[5] are constructed complement addition, is defined in [10] by:
using basic components like carry propagate adders, 2x1
multiplexers, OR gate. (x + y) mod (2b − 1)
The modulo m addition[5] of two numbers x and y
belonging to {0, . . .,m − 1} is defined by: = (x + y + 1) mod 2b if x + y + 1 ≥ 2b, (2)
(x + y) mod m = x + y if x +y < m, and (1) x+ y if x + y + 1 < 2b.
= x + y − m if x + y ≥ m,
and can be straightforwardly implemented by an adder, a Figure 3.2 depicts the architecture of the corresponding
comparator, and a subtractor. The comparison is however hardware operator. Due to the condition x + y + 1 ≥ 2 b, we
perform two additions in parallel and select the correct
expensive, both in terms of area and delay. The algorithms
result with a multiplexer. Remember that zero has a double
studied in this section allow to get rid of it and lead to representation in one‟s complement, namely “0 . . . 0” and
more efficient hardware operators. In this paper, b= [log2 “1 . . . 1” (i.e. 0 is congruent to 2b − 1 (modulo 2b − 1)). If
m]+1 denotes the number of bits which are required to the computation path accommodates the second encoding
encode both inputs and output of a modulo m arithmetic of zero, Equation (2) can be rewritten as follows:
operator. There are basically three methodologies to carry
out a modulo m addition [10]: (x + y) mod (2b − 1)
1. Table based operator method
2. Hybrid based operator method = (x + y + 1) mod 2b if x + y ≥ 2b, (3)
3. Adder-Based operator method. x+ y if x + y < 2b.

3.2.1 Adder-Based Operators. Implementing

Equation (3.1) and described by Algorithm 1 leads to the
circuit of Figure 3.1. Reference [6] provides for instance a
proof a correctness of this method. This architecture
requires only two carry-propagate adders and a
M ultiplexer and is therefore well suited for FPGAs.

3
 International Journal of Computer Applications (0975 – 8887)
Volume 23– No.4, June 2011

The implementation was done for variants bit data (n) and
a processor word size (b). We achieved reduction in
number of slice in Figure 4.1, area in terms of Gate Count
in Figure 4.2, Dynamic power consumption in Figure 4.3,
Static power consumption in Figure 4.4 and Total power
consumption Figure 4.5. Our implementation of SEA
exhibited a very small area utilization that comes at the
cost of increased throughput and reduced power
consumption. Consequently, it can be considered as the
interesting alternative for constrained devices.

Figure 3.2

Note that the carry -out cout from the sum x + y indicates
whether the incrementation must be performed. It is still
possible to evaluate x + y and x + y + 1 in parallel, and to
choose the correct result according to cout (Figure 3.2). An
alternate architecture, illustrated on Figure 3.3, simply
adds cout to the x + y.

Figure 4.1

Area(Gate Counts)
10000
No: of Gate Counts

8000
6000 Mod_adder
4000 1
2000
0 Mod_adder
Figure 3.3
2
144,4
108,6

144,12
48,4
72,6

4 IMPLEMENTATION RESULTS Mod_adder

We have written a synthesizable VHDL code with each 3
circuit illustrated on Figure 3.1, 3.2 and 3.3. DataSize Variants
Implementation results were extracted with the ISE 9.2i
tool from Xilinx on a device XC4VLX25, VIRTEX-4
platform with speed grade-12 and XPower Analyzer tool
was used to analyze the power consumption of the Figure 4.2
implementation. Three parameters allow to choose one of
the modulo adders, to specify the modulus m, and to insert
an optional pipeline stage. We have then conducted a
series of experiments with the tool in order to evaluate the
area and analyse power consumption of each modular
Dynamic Power
adder according to m. Our first experiment aims to
compare three architectures of a modular adders
Consumption
M od_adder1 (Figure 3.1), M od_adder2 (Figure 3.2) and
M od_adder3 (Figure 3.3). 60
Mod_adder
Dynamic power in mW

40
20 1
The operators depicted by Figure 3.2 do not significantly 0
improve the adder-based operator defined by Algorithm 1. Mod_adder
144,12
48,4
72,6
108,6
144,4

The last modulo (2b− 1) adder described in this paper 2

(Figure 3.3) does not require a multiplexer and is therefore
smaller. The area and power consumption of the three Mod_adder
circuits is comparable. This illustrates that a peculiar Datasize Variants 3
number encoding (i.e. the double representation of zero)
can sometimes lead to a better hardware implementation of
an arithmetic operator. Figure 4.3

4
 International Journal of Computer Applications (0975 – 8887)
Volume 23– No.4, June 2011

6. REFERENCE
Static Power [1] K.J.Jegadish Kumar, S.Salivahanan, K.Chenna
Kesava Reddy, “Implementation of Low power
Consumption Scalable Encryption algorithm”,International Journal
of Computer applications, Volume-11, Dec 2010,
150 pp.14-18.
100 Mod_adder
Static Power in mW

50 [2] F.M ace, F.X Standert, J J Quisquater “FPGA

1
0 implementation(s) of a Scalable Encryption
Mod_adder algorithm” IEEE Transactions on VLSI Systems,

144,12
72,6
48,4

108,6
144,4
2 Vol.16, 2008, pp.212-216.
[3] Francois-Xavier Standaert, Gilles Piret, Neil
Mod_adder Gershenfeld, Jean-Jacques Quisquater “SEA a
DataSize Variants 3 Scalable Encryption Algorithm for Small Embedded
Applications” in Proc.CARDIS, 2006, pp 222-236.
[4] Data Encryption Standard, FIPS PUB 46-3, Oct.
Figure 4.4 1999.
[5] D.J. Wheeler, R. Needham, TEA, a Tiny Encryption
Total Power Algorithm, in the proceedings of FSE 1994, Lecture
Notes in Computer Science, vol 1008, Springer-
Total power consumption in

Verlag, Leuven, Belgium, December 1994, pp 363-

Consumption 366.
150 [6] Beuchat,J.-L.; Lab. De l'Infonnatique du
100 Mod_adder Parallelisme, “ Some M odular adders and multipliers
mW

50 1 for Field programmable Gate arrays”, in Proc.

0 Parallel and Distributed processing symposium
Mod_adder 2003.
132,11
72,6
96,8
48,4

144,8

2
[7] Advanced Encryption Standard, FIPS PUB 197,
Mod_adder Nov. 2001.
Datasize Variants 3 [8] G. Yuval, “Reinventing the travois:
Encryption/M AC in 30 ROM bytes,” in Proc. Fast
Softw. Encryption (FSE), 1997, pp. 205–209.

Figure 4.5 [9] N. Pramstaller and J. Wolkerstorfer, “A universal

and efficient AES co-processor for field
programmable logic arrays,” in Proc. FPL, 2004, pp.
565–574.
5. CONCLUSION
SEA was initially proposed for low cost software [10] Francisco Rodriguez-Henriquez, N.A. Saqib,A.
implementations. While these design criteria turned out to Diaz-Perez,Cetin Kaya K09, “Cryptographic
allow low cost hardware implementations as well, it is Algorithms on Reconfigurable Hardware”, Springer
likely that targeting a cipher specifically for low cost Series on Signals and Communication
hardware would lead to even better solutions. Technology,2006.
[11] J. Daemen and V. Rijmen, The Design of Rijndael.
Through the hardware investigation of the SEA, we show New York: Springer-Verlag, 2001.
that this modular sy mmetric algorithm, targeted for low-
resources software solutions, can interestingly respond to [12] J.-L. Beuchat. “M odular M ultiplication for FPGA
constrained hardware needs. We first demonstrated that the Implementation of the IDEA Block Cipher”,
scalability of this algorithm can be kept in the hardware Technical Report 2002-32,Laboratoire de
description language(VHDL). The simple iterative loop l‟Informatique du Parall´elisme, Ecole
design achieves interesting performance in area and power NormaleSup´erieure de Lyon, 46 All´ee d‟Italie,
reduction, improvise throughputs in FPGA. In addition we 69364 LyonCedex 07, Sept. 2002.
analysed the power consumed by the SEA module for
[13] J.-L. Beuchat and A. Tisserand. “Small M ultiplier-
different variants in data block and word size.
based M ultiplication and Division Operators for
It is also important to emphasize a number of advantages Virtex-II Devices”, number 2438 in Lecture Notes in
Computer Science, Springer, 2002, pp 513–522.
in SEA that cannot be found in other recent block ciphers,
namely its simplicity, scalability(re-implementing SEA for
a new block size does not require to re-write code), good
combination of encryption and decryption.