Original Project
Original Project
SECURITY-LEVEL APPLICATIONS
CHAPTER 1
INTRODUCTION
AES allows a 128-bit data length that can be divided into four basic
operational blocks. These blocks are treated as array of bytes and
organized as a matrix of the order of 4 * 4 that is called the state. For
both encryption and decryption, the cipher begins with an Add Round
Key stage. However, before reaching the final round, this output goes
through nine main rounds, during each of those rounds four
transformations are performed; 1) Sub-Types 2) Shift-Rows 3) Mix-
Columns 4) Add Round Key. In the final round, there is no Mix-
Column transformation. Decryption is the reverse process of
encryption and using inverse functions: Inverse Substitute Bytes,
Inverse Shift Rows and Inverse Mix Columns. Different versions of
AES algorithm exist today (AES128, AES196, and AES256) depending
on the size of the encryption key.
1.3.3 RIVEST – SHAMIR-ADLEMAN:
Ron Rivest, Adi Shamir, and Leonard Adleman of Massachusetts
design RSA in 1978. It is one of the best-known public key
cryptosystems for key exchange or digital signature or encryption of
blocks of data. RSA uses a variable size encryption block and a
variable size key. It is an asymmetric (public key) cryptosystem on
number theory, which is a block cipher system. It uses two prime
numbers to generate the public and private keys. These two different
keys are used for encryption and decryption purpose. Sender encrypts
the message using receiver public key and when the message is
received by the receiver, than receiver can decrypt it using his own
private key. RSA operations can be decomposed into three broad
steps: key generation, encryption and decryption. RSA have many
flaws in its design therefore not preferred for the commercial use.
When the value of p and q is small for designing key then the
encryption process becomes too weak and one can be able to decrypt
the data by using random probability theory and side channel attacks.
where p & q are prime numbers. Padding techniques are required to
increases the systems overheads by taking more processing time.
CHAPTER 2
LITERATURE SURVEY
structure to boost security. The flaw is that the proposed system only
works with text files and not other types of data, such as image,
audio, and video.
Because sensitive data is frequently transmitted and stored in
today's digital technologies, encryption is widely used. The popular
encryption algorithm used to secure data is AES, which is the
industry standard. The problem of balancing area, power, and speed
is difficult when designing VLSI systems, and hardware encryption is
no exception. Certain performance factors are brought to the fore by
system needs, but it is not always clear how to modify design
implementations to satisfy performance requirements. There was a
dearth of a single comparison analysis despite the fact that numerous
resources in this field of study recognized and analysed interesting
AES algorithm elements and their effects on a few of the design trade
spaces. The six AES elements that are addressed in this work are key
size, mode specificity, round key storage, round unravelling, SBOX
implementation, and pipelining. By looking at a compressed image of
the resulting designs, readers may quickly analyse how each of the six
aspects influences speed, power, area, latency, and throughput.
2.2 DESIGN OF LOW POWER, HIGH SECURE AND EFFIC-
-IENT FSR BASED LBIST CRYPTOGRAPHIC SYSTEMS:
The main motive of our project is to design a crypto device with low
complexity and high security by using Advanced AES Algorithm using
LBIST concept and bit swapping LFSR. To accomplish high security
for a system we are using the crypto devices technique in our project.
Extra cost in terms of area is very low compared to other techniques,
because only one AES core will be originally embedded in the system.
This reduces the reduction of test cost will lead to the reduction of
overall production cost & 100% security of data.
Now a day’s most of the users are using wireless communication
for fast sending and receiving the mails in less time and in less cost.
CHAPTER 3
ADVANCED ENCRYPTION STANDARD (AES)
SubBytes( )
ShiftRows( )
MixColumns( )
AddRoundKey ( )
3.2.1 SUB-BYTE TRANSFORMATION:
The SubBytes is a byte substitution operation performed on
individual bytes of the State using a substitution table as shown in
below fig called S-box.
The bi is the ith bit of the byte and ci is the ith bit of a constant byte
with the value of {63}. The combination of the two transformations
can be expressed in matrix form as shown below:
b0' 1 0 0 0 1 1 1 1 b0 1
' 1 b
b
1 1 0 0 0 1 1 1 1
1
b2' 1 1 1 0 0 0 1 1 b2 0
'
3 1
b 1 1 1 0 0 0 1 b3 0
b ' 1 1 1 1 1 0 0
0 b4 0
4'
b5 0 1 1 1 1 1 0 0 b5 1
b ' 0 0 1 1 1 1 1
0 b6 1
6
b7
'
0 0 0 1 1 1 1 1b7
0
0 1 2 3 4 5 6 7 8 9 a b c d e f
0 63 7c 77 7b f2 6b 6f c5 30 01 67 2b fe d7 ab 76
1 ca 82 c9 7d fa 59 47 f0 ad d4 a2 af 9c a4 72 c0
2 b7 fd 93 26 36 3f f7 Cc 34 a5 e5 f1 71 d8 31 15
3 04 c7 23 c3 18 96 05 9a 07 12 80 e2 eb 27 b2 75
4 09 83 2c 1a 1b 6e 5a a0 52 3b d6 b3 29 e3 2f 84
5 53 d1 00 Ed 20 fc b1 5b 6a cb be 39 4a 4c 58 cf
6 d0 ef aa Fb 43 4d 33 85 45 f9 02 7f 50 3c 9f a8
7 51 a3 40 8f 92 9d 38 f5 bc b6 da 21 10 ff f3 d2
X
8 cd 0c 13 Ec 5f 97 44 17 c4 a7 7e 3d 64 5d 19 73
9 60 81 4f Dc 22 2a 90 88 46 ee b8 14 de 5e 0b db
A e0 32 3a 0a 49 06 24 5c c2 d3 ac 62 91 95 e4 79
B e7 c8 37 6d 8d d5 4e a9 6c 56 f4 ea 65 7a ae 08
C ba 78 25 2e 1c a6 b4 c6 e8 dd 74 1f 4b bd 8b 8a
D 70 3e b5 66 48 03 f6 0e 61 35 57 b9 86 c1 1d 9e
E e1 f8 98 11 69 d9 8e 94 9b 1e 87 e9 ce 55 28 df
F 8c a1 89 0d bf e6 42 68 41 99 2d 0f b0 54 bb 16
ShiftRows
MixColumns
S0,1 S’0,1
s0,0 s0,1 s0,2 s0,3 s0,0 s0,1
’
s0,2 s0,3
S 1,1
s1,0 Ss1,1
1,1
s1,2 s1,3 s1,1 s1,2 s1,3 s1,0
’
s2,0 Ss 2,1 s2,2 s2,3 s2,2 Ss2,3
2,1 s2,0 s2,1
}
}
Nk is the number of columns in the cipher key (128-bit -> 4, 192-bit -
> 5, 256-bit ->6), W is of type "word", which is 4-bytes.
Let me try to explain this in an easier understandable way:
The first n bytes of the expanded key are simply the cipher key (n =
the size of the encryption key). The RCON value i is set to 1 until we
have enough bytes of expanded key, we do the following to generate n
more bytes of expanded key (please note once again that "n" is used
here, this varies depending on the key size)
1. We do the following to generate four bytes
We use a temporary 4-byte word called t.
We assign the previous 4 bytes to t.
We perform the key schedule core on t, with i as RCON
value.
We increment i
We XOR t with the 4-byte word n bytes before in the
expanded Key (where n is once either either 16,24 or 32
bytes).
2. we do the following x times to generate the next x*4 bytes of the
expanded Key (x = 3 for n=16,32 and x = 5 for n=24)
We assign the previous 4-byte word to t.
We XOR t with the 4-byte word n bytes before in the
expanded Key (where n is once either either 16,24 or 32
bytes)
3. If n = 32 (and ONLY then), we do the following to generate 4
more bytes
We assign the previous 4-byte word to t.
We run each of the four bytes in t through Rijndael's S-
box.
We XOR ‘t’ with the 4-byte word 32 bytes before in the
expanded Key
Void expand Key (unsigned char *expanded Key, unsigned char *key,
enum key Size, size_t expandedKeySize);
CHAPTER 4
DESIGN AND IMPLEMENTATION OF EXISTING
METHOD
AES128_Cipher_Top ciphertext
plaintext
128 b 128 b
cipherkey
128 b
ld
rst done
AES128_Rcon
clk
AES128_Key_Expand
bytes rather than bits. Hence, AES treats the 128 bits of a plaintext
block as 16 bytes. These 16 bytes are arranged in four columns and
four rows for processing as a matrix.
Unlike DES, the number of rounds in AES is variable and
depends on the length of the key. AES uses 10 rounds for 128-bit
keys, 12 rounds for 192-bit keys and 14 rounds for 256-bit keys.
Each of these rounds uses a different 128-bit round key, which is
calculated from the original AES key.
The schematic of AES structure is given in the following illustration −
boxes, it can be expected that they will be fully tested by the time the
S-boxes received a sufficient number of test patterns.
4.3 DESIGN OF ENCRYPTION AND DECRYPTION:
Totally, 10 blocks are used for encryption and decryption
purpose. Each round performs same operations with different variable
constants. In order to perform these operations, a separate key is
needed. All 10 blocks operations together form encryption/decryption
operations. Concerning round key generation, either the keys are pre-
computed and stored in the circuit or the key generation module
calculates the sequence of keys, and the tenth round key is used as
the primary key for the next round key generation.
↑clk ↑clk
r2
Ld ↑clk
r1 r3
↑clk
r0 !Ld r4
rst
!rst Reset r5
↑clk
↑clk
r10 r6
↑clk ↑clk
States Outputs ·
r9 r7
--------------- ---------------------------------
R0 … R10 w0 = roundkey(Round*i)
w1 = roundkey(Round*i+1) r8
w2 = roundkey(Round*i+2) ↑clk ↑clk
w3 = roundkey(Round*i+3)
32 b w0
cipherkey
128 b
32 b w1
ld AES128_Key_Expand
rst 32 b w2
clk
32 b w3
ld
AES128_RCon 32 b rcon
rst
clk
Word Rotation
}
Implementation: RCON:-
Same as with the S-Box, the RCON values can be calculated on-
the-fly but once again I decide to store them in an array since they
only require 255 bytes of space.
Here's the code for RCON:
Void core (unsigned char *word, int iteration)
{
int i;
/* rotate the 32-bit word 8 bits to the left */
Rotate (word);
/* apply S-Box substitution on all 4 parts of the 32-bit word */
For (i = 0; i < 4; ++i)
{
Word[i] = getSBoxValue (word[i]);
}
/* XOR the output of the rcon operation with i to the first part
(leftmost) only */
Word [0] = word [0] ^getRconValue (iteration);
}
Each AES encryption round ‘n’ (white cells) is pipelined with the
key generation for round ‘n+1’ (gray cells). The most important
advantage of the pipelined design is the lower delay for each
encryption iteration, since the round keys for each encryption
iteration is present at the beginning of the iteration cycle. The lower
delay in each encryption iteration means faster completion of each
round of encryption. This reduces the overall encryption delay and
allows the design to operate at higher clock frequencies. The higher
clock frequency will increase the message encryption rate
(throughput) making this design suitable for time critical encryption
applications.
In 1 Stage Pipelining we place a register one immediately after
Shift row operation, in each round i.e., all 10 rounds. So when
executed shift row and Mix column performs parallel which reduces
time of execution. Similarly in 2 Stage Pipelining place two registers
one after Sub byte operation, and the last one after Mix column data
output. In 3 Stage Pipelining place three registers one after sub byte,
one after shift row, and last one after mix-column. This executes all
the phases at the same time which gives best delay when compared to
all the three pipelining. The same repeats for Decryption of all stages.
CHAPTER 5
DESIGN AND IMPLEMENTATION OF PROPOSED
METHOD
A State: A Key:
|a[0,0]||a[0,1]||a[0,2]||a[0,3]| |k[0,0]||k[0,1]||k[0,2]||k[0,3]|
|a[1,0]||a[1,1]||a[1,2]||a[1,3]| |k[1,0]||k[1,1]||k[1,2]||k[1,3]|
|a[2,0]||a[2,1]||a[2,2]||a[2,3]| |k[2,0]||k[2,1]||k[2,2]||k[2,3]|
|a[3,0]||a[3,1]||a[3,2]||a[3,3]| |k[3,0]||k[3,1]||k[3,2]||k[3,3]|
MIX-COLUMN
It is used to generate all type of test patterns for Circuit under Test.
Here, in this concept 128 bit LFSR is used as test pattern generator.
2128 –1 patterns are generated by using above LFSR. Since, XOR gate
is used to construct LFSR, all zeros combination is can’t be generated.
Here, in above block Circuit Under test is AES block. Output
Response Analyzer is last and vital device in this project. Final output
checking is done by this component. If any error occurred in whole
process or not is checked by this ORA. ORA takes input from AES
practical circuit and theoretical circuit, it compares both inputs using
XOR gates, yields final output. 128 xor gates are used to compare
produced outputs. Random pattern testability of crypto-cores has
been discussed in this process.
5.5 LINEAR FEEDBACK SHIFT REGISTER:
5.5.1 PESUDORANDOM TEST GENERATION:
Here we have to develop a battery of statistical tests to detect
non randomness in binary sequences constructed using random
number generators and pseudorandom number generators utilized in
cryptographic applications. Linear Feedback Shift Register (LFSR)
Weighted pseudo-random test generation, Adaptive pseudo-random
test generation.
Algorithm:
List primary inputs controlling location where a fault should be
detected.
Determine primary input conditions to activate a fault and to
sensitize the primary outputs such that the fault can be
observed.
Pseudo-Random Test Generation
Large set of patterns is generated by simple HW or SW pseudo-
random generator
The set is used to stimulate a system with fault simulator.
Fault coverage is analyzed and algorithmic approach is used to
cover remain faults.
5.6 CIPHER:
The basic scheme of a block cipher is depicted as follows:
LINEAR DECRYPTION
FEED THEORITICAL COMPARATOR o/p
BACK
SHIFT DECRYPTION
REGISTER PRATICAL
5.10 ADVANTAGES:
Low Power
Low Density
More Security
More Efficiency
High Reliability
5.11 APPLICATIONS:
Tele Communications
Bio Medical Systems
Military Systems
CHAPTER 6
SOFTWARE DESCRIPTION
All your designs for this lab must be specified in the above
VHDL input format. Note that the state diagram segment does not
exist for combinational logic designs.
6.2 CREATING A NEW PROJECT:
Xilinx Tools can be started by clicking on the Project Navigator
Icon on the Windows desktop. This should open up the Project
Navigator window on your screen. This window shows the last
accessed project.
Project Location: The directory where you want to store the new
project (Note: DO NOT specify the project location as a folder on
Desktop or a folder in the Xilinx\bin directory. Your H: drive is the
best place to put it. The project location path is NOT to have any
spaces in it eg: C:\Nivash\TA\new lab\sample exercises\o_gate is
NOT to be used)
Leave the top level module type as HDL.
Example: If the project name were “o_gate”, enter “o_gate” as the
project name and then click “Next”.
Clicking on NEXT should bring up the following window:
any text editor). In the previous window, click on the NEW SOURCE A
window pops up as shown in below Figure. (Note: “Add to project”
option is selected by default. If you do not select it then you will have
to add the new source file to the project manually.)
Then click on Next>to get a window showing all the new source
information. If any changes are to be made, just click on <Back to go
back and make changes. If everything is acceptable, click on Finish >
Next > Next > Finish to continue.
Fig 6.8: VHDL Source code editor window in the Project Navigator
The VHDL source code template generated shows the module
name, the list of ports and also the declarations (input/output) for
each port. Combinational logic code can be added to the VHDL code
after the declarations and before the endmodule line.
For example, an output z in an OR gate with inputs a and b can be
described as, assign z = a | b;
Remember that the names are case sensitive.
Other constructs for modeling the logic function: A given logic
function can be modeled in many ways in VHDL. Here is another
example in which the logic function, is implemented as a truth table
using a case statement:
module or_gate(a,b,z);
input a;
input b;
output z;
reg z;
always @(a or b)
begin
case ({a,b})
00: z = 1'b0;
01: z = 1'b1;
10: z = 1'b1;
11: z = 1'b1;
endcase
end
endmodule
Suppose we want to describe an OR gate. It can be done using the
logic equation as shown in below Figure or using the case statement
as shown in Figure. These are just two example constructs to design a
logic function. VHDL offers numerous such constructs to efficiently
model-designs.
CHAPTER 7
RESULTS
CHAPTER 8
CONCLUSION AND FUTURE SCOPE
8.1 CONCLUSION:
In this project, we designed a low power AES for secured
applications using the VHSIC HDL language. Here, the XILINX
software was used for simulation and verification of the model. Our
proposed model provides the high security, low power consumption
and reduces the delay associated with each round of encryption and
decryption. It provides more throughput compared with the previous
models. In the applications it occupies the lesser space.
With the presence of BIST, our model performs a self –test on
encryption and decryption outputs. The LFSR, increases the security
by providing the different random patterns.
Hence the proposed model provides the security with 100% of
accuracy.
8.2 FUTURE SCOPE:
In this project we are designing a crypto devices with low
complexity and high security which having the data and key length of
128. Further we can extend the key and data upon to 192 and 256
bits efficiently and successfully by using the same technique.
REFERENCES
1. S. Reddy, “Easily testable realizations for logic functions,” IEEE
Transactions on Computers, vol. 21, no. 11, pp. 1183–1188,
1972.
2. S. Golomb, Shift Register Sequences. Aegean Park Press, 1982.
3. R. K. Brayton, C. McMullen, G. Hatchel, and A. Sangiovanni-
Vincentelli, Logic Minimization Algorithms For VLSI Synthesis.
Kluwer Academic Publishers, 1984.
4. E. McCluskey, “Built-in self-test techniques,” IEEE Design and
Test of Computers, v Vol. 2, pp. 21–28, 1985.
5. D. H. Green, “Families of Reed-Muller canonical forms,”
International Journal of Electronics, vol. 70, pp. 259–280, 1991.
6. M. Abramovici, M. A. Breuer, and A. D. Friedman, Digital
Systems Testing and Testable Design. Jon Willey and Sons, New
Jersey, 1994.
7. H.-J. Wunderlich, “BIST for systems-on-a-chip,” Integration, the
VLSI Journal, vol. 26, no. 1-2, pp. 55 – 78, 1998.
8. M.G. Kuhn, R.J. Anderson. Soft tempest: hidden data
transmission using electromagnetic emanations. Information
Hiding 1998,LNCS 1525,pp.124-142,1998.
9. D.Bleichenbacher. Chosen Cipher text Attacks against Protocols
Based on the RSA Encryption Standard PKCS #1. CRYPTO'98,
LNCS 1462, pp.1-12, 1998.
10. K.Gandolfi,C.Mourte,F. Olivier. Electromagnetic Analysis:
Concrete Results. CHES 2001,LNCS 2162,pp.251-261, 2001.
11. J.J. Quisquater, D. Samyde. Electromagnetic analysis
(EMA): measures and counter measures for smart cards. E-
smart 2001,LNCS 2140,pp.200–210,2001.
12. D.Agrawal, B.Archambeault, J.R.Rao, P.Rohatgi. The EM
Side–Channel(s). CHES 2002, LNCS 2523, pp.29-45, 2003.
APPENDIX
BIST CODE:
library ieee;
use ieee.std_logic_1164.all;
entity bist is
port( clk,rst,CTRL : in std_logic;
int1_en,int2_de,int3_key : in std_logic_vector(127 downto 0);
out1,out2 : inout std_logic_vector(127 downto 0);
out1_f,out2_f : inout std_logic_vector(127 downto 0);
faulten,faultde : out std_logic);
end bist;
architecture str of bist is component lfsr is
port(
clk,rst : in std_logic;
init : in std_logic_vector(127 downto 0);
dataout : out std_logic_vector(127 downto 0);
lfsr_reg:inout std_logic_vector(127 downto 0)
);
end component;
component aesproj is
Port ( clk,CTRL : in std_logic;
input_ENCRYPTION,input_DECRYPTION : in
std_logic_vector(127 downto 0);
input_KEY:in std_logic_vector(127 downto 0);
out_KEYS: out std_logic_vector(1407 downto 0);
output_ENCRYPTION,output_DECRYPTION : out
std_logic_vector(127 downto 0)
);
end component;
component aesproj_f is
Port ( clk,CTRL : in std_logic;
input_ENCRYPTION,input_DECRYPTION : in std_logic_vector(127
downto 0);
input_KEY:in std_logic_vector(127 downto 0);
out_KEYS: out std_logic_vector(1407 downto 0);
output_ENCRYPTION,output_DECRYPTION : out std_logic_vector(127
downto 0) );
end component;
component misr is
port( clk,rst : in std_logic; init : in std_logic_vector(127 downto 0);
misr_out : inout std_logic_vector(127 downto 0));
end component;
signal w1_en,w2_de,w3_key : std_logic_vector(127 downto 0);
signal w4_keyout : std_logic_vector(1407 downto 0);
signal w5_enout,w6_deout : std_logic_vector(127 downto 0);
signal w7_keyout_f : std_logic_vector(1407 downto 0);
signal w8_enout_f,w9_deout_f : std_logic_vector(127 downto 0);
begin
u0:lfsr port map(clk,rst,int1_en,w1_en);
u1:lfsr port map(clk,rst,int2_de,w2_de);
u2:lfsr port map(clk,rst,int3_key,w3_key);
u3:aesproj port
map(clk,CTRL,w1_en,w2_de,w3_key,w4_keyout,w5_enout,w6_deout);
u4:aesproj_f port map(clk,CTRL,w1_en,w2_de,w3_key,w7_keyout_f ,
w8_enout_f,w9_deout_f);
u5:misr port map(clk,rst,w5_enout,out1);
u6:misr port map(clk,rst,w6_deout,out2);
u7:misr port map(clk,rst,w8_enout_f,out1_f);
u8:misr port map(clk,rst,w9_deout_f,out2_f);
process(out1,out2,out1_f,out2_f)
begin
if out1/=out1_f then
faulten<='1';
else
faulten<='0';
end if;
if out2/=out2_f then
faultde<='1';
else
faultde<='0';
end if;
end process;
end str;
LFSR CODE:
library ieee;
use ieee.std_logic_1164.all;
entity lfsr is
port( clk,rst : in std_logic; init : in std_logic_vector(127 downto 0);
dataout : out std_logic_vector(127 downto 0); lfsr_reg:inout
std_logic_vector(127 downto 0));
end lfsr;
architecture behaviour of lfsr is
begin
process(clk,rst,init)
variable lfsr_tap:std_logic;
variable tap:std_logic;
begin
if rst='0' then
lfsr_reg<=init;
elsif (clk' event and clk='1') then
lfsr_tap:=lfsr_reg(127) xor lfsr_reg(28) xor lfsr_reg(26) xor lfsr_reg(1);
lfsr_reg<=lfsr_reg(126 downto 0) & lfsr_tap;
end if;
end process;
dataout<=lfsr_reg;
end;
COURSE OUTCOMES
After completion of Project work Student can be able to:
LEVEL
(L1)
CO-PO MAPPING
PROJECT TITLE: Modified Advanced Encryption Standard Data Path
Optimization Strategies for Low-Power Multi
Security-Level Applications
STUDENT NAME:
1. S.GURUMURTHY 19JU1A0414
2. S.CHAITANYA 19JU1A0409
3. P.KRUPAL 19JU1A0428
4. J.KEERTHI KUMAR 19JU1A0424
Name of the Guide: Dr. A.RANGANAYAKULU
po Po Po Po Po Po Po Po Po Po Po Po P0 Ps Ps Ps
1 2 3 4 5 6 7 8 9 10 11 12 o1 o2 o3
co
C423.1 3 2 2 - - - - - - 2 - 3 - 3 1
C423.2 3 3 3 2 2 - - - 2 2 - 3 1 3 1
C423.3 3 3 3 2 2 - - - - 3 - 3 1 3 2
C423.4 3 3 3 3 3 - - - 3 3 - 3 3 3 2
C423.5 3 2 2 3 2 2 2 - - - - 3 2 3 2
P P P P P P P P P P P P PS PS PS
O O O O O O O O O O O O O1 O2 O3
1 2 3 4 5 6 7 8 9 1 1 1
0 1 2
Project 3 3 3 3 3 3 3 3 3 3 2 3 3 2 3