A Major Project Phase II Report

on

ADVANCED ENCRYPTION STANDARD ALGORITHM WITH

OPTIMAL S-BOX AND AUTOMATED KEY GENERATION
Submitted
In partial fulfillment of the requirements for award of degree of
BACHELOR OF TECHNOLOGY
IN

ELECTRONICS AND COMMUNICATION ENGINEERING

By
A KALYAN 21W91A0402
A ANIL NAYAK 21W91A0401
G AKHIL CHARY 21W91A0435
B HARIKA 21W91A0440

Under the Esteemed Guidance of

Mr. OWK. SRINIVASULU M.Tech,(Ph.D).
Associate Professor, ECE
Jawaharlal Nehru Technological University, Hyderabad

DEPARTMENT OF ELECTRONICS AND COMMUNICATION ENGINEERING

MALLA REDDY INSTITUTE OF ENGINEERING AND TECHNOLOGY
(UGC AUTONOMOUS)
(Sponsored by Malla Reddy Educational society)
(Affiliated to JNTU, Hyderabad)
Maisammaguda, Dhulapally post, Secunderabad – 500014
2024-2025

MRIET i ECE
 DEPARTMENT OF ELECTRONICS AND COMMUNICATION ENGINEERING

CERTIFICATE
This is to certify that the major project phase II entitled “ADVANCED ENCRYPTION
STANDARD ALGORITHM WITH OPTIMAL S-BOX AND AUTOMATED KEY GENERATION”
that is being submitted by “A.KALYAN(21W91A0402),A.ANIL NAYAK(21W91A0401),
G.AKHIL CHARY(21W91A0435),B.HARIKA(21W91A0440)” under the guidance of
Mr.OWK.SRINIVASULU M.Tech,(Ph.D) for the award of B.Tech Degree in ELECTRONICS
AND COMMUNICATION ENGINEERING from the MALLA REDDY INSTITUTE OF
ENGINEERING & TECHNOLOGY, Maisammaguda (Affiliated to JNTU Hyderabad) is a
record of Bonafide work carried out by them under our guidance and supervision. The
results embodied in this major project have not been submitted to any other university or
institute for the award of any degree.

Project Guide HOD

Mr. OWK. SRINIVASULU M.Tech,(Ph.D)

Department of ECE

External Examiner Principal

Dr. P SRINIVAS
 DECLARATION
We, A. KALYAN (21W91A0402), A.ANIL NAYAK (21W91A0401), G.AKHIL
CHARY (21W91A0435), B. HARIKA (21W91A0440) hereby declare that the major
project phase II entitled “ADVANCED ENCRYPTION STANDARD ALGORITHM
WITH OPTIMAL S-BOX AND AUTOMATED KEY GENERATION” is Bonafide work
done and submitted under the guidance of Mr. OWK. SRINIVASULU in partial
fulfillment of the requirement for the award of the degree of BACHELOR OF
TECHNOLOGY in ELECTRONICS AND COMMUNICATION ENGINEERING.

DEPARTMENT OF ECE
A KALYAN 21W91A0402
A ANIL NAYAK 21W91A0401
G AKHIL CHARY 21W91A0435
B HARIKA 21W91A0440
 ACKNOWLEDGEMENT
We are very much thankful to Director, Shri. P.PRAVEEN REDDY for giving us
this opportunity to do this major project. We express our deep sense of gratitude to him for
his constant guidance and inspiring words.
We express our profound thanks to our Principal, Dr. P. SRINIVAS, for extending
all the college facilities for the completion of the major project.
We would like to thank Mr. OWK. SRINIVASULU M.Tech,(Ph.D), Associate
Professor and Head of the Department of Electronics and Communication Engineering for
having provided the freedom to use all the facilities available in the department, especially
the laboratories and the library, at anytime.
We feel highly obliged to our Major Project coordinator Mr. S. RAMESH BABU,
Associate Professor and Project guide Mr. OWK. SRINIVASULU(Ph.D), Associate
Professor, Department of Electronics and Communication Engineering for their constant
encouragement and moral support. They have been a source of valuable guidance,
suggestions and kindness during the course of the project work. We find no words to
express our gratitude and thanks to them.
We sincerely thank all the staff of the Department of Electronics and
Communication Engineering, for their timely suggestions, healthy criticism and motivation
during the course of our study. We would also like to thank our friends for always being
there to provide required help or support. With great respect and affection, we thank our
parents who were the backbone behind our deeds.
Finally, we express our immense gratitude with pleasure to one and all who have
either directly or indirectly contributed to our need at right time for the development and
execution of project work.

DEPARTMENT OF ECE
A KALYAN 21W91A0402
A ANIL NAYAK 21W91A0401
G AKHIL CHARY 21W91A0435
B HARIKA 21W91A0440
 List of Contents

S.No Content Page No.

ABSTRACT 1
CHAPTER 1 – INTRODUCTION 2
CHAPTER 2 - ADVANCED ENCRYPTION STANDARD 4
2.1 Introduction 4
2.1.1 AES: Scope and Significance 4
2.1.2 Evaluation Criteria 5
2.2 Block Ciphers 6
2.2.1 Iterative Block Ciphers 7
2.2.2 Key-Alternating Block Ciphers 8
CHAPTER 3 - LITERATURE SURVEY 10
CHAPTER 4 - EXISTING SYSTEM 12
4.1 DES (Data Encryption Standard) 12
4.1.1. Processing the plaintext 13
4.1.2. Function 2- Round-Key generation 14
CHAPTER 5 - PROPOSED SYSTEM 15
5.1 AES Algorithm 15
5.2 AES Encryption 15
5.2.1 SubBytes Transformation 15
5.2.2 ShiftRows Transformation 17
5.2.3. MixColumns Transformation 19
5.2.4. Add Round Key Transformation 19
5.3 AES Decryption 20
5.3.1 AddRoundKey 20
5.3.2 InvShiftRows Transformation 20
5.3.3 InvSubBytes Transformation 20
5.3.4 InvMixColumns Transformation 21
CHAPTER 6 – VHDL( VHSIC Hardware Description Language) 23
6.1 VHDL 23
6.1.1 History of VHDL 23

MRIET i ECE
 6.1.2 Levels of Abstraction (Styles) 25
6.1.3 Need for VHDL 26
6.1.4 Advantages of VHDL 27
6.1.5 Design Methodology using VHDL 28
6.1.6 Elements of VHDL 28
6.1.7 VHDL language features 29
6.1.8 Data Types 35
6.1.9 Packages and Package Bodies 36
CHAPTER 7 - SOFTWARE REQUIREMENTS 37
7.1 XILINX 37
7.1.1 Introduction to XILINX ISE: 37
7.1.2 Implementation: 37
7.1.3 XILINX Design Process: 38
7.1.4 Creating a New Project 39
7.1.5 Opening a project 39
7.1.6 Simulating and Viewing the Output Waveforms: 44
7.1.7. Synthesis and Implementation of the Design: 46
7.1.8 View RTL Schematic: 47
CHAPTER 8 - SIMULATION RESULTS 48
8.1 Simulation Result 48
8.2 Block Diagram 49
8.3 RTL 49
8.4 Technology 50
CHAPTER 9 – FUTURE SCOPE AND CONCLUSION 51
Future Scope 51
Conclusion 51
REFERENCES 52

MRIET ii ECE
 List of Figures
Fig. No. Content Page No.

Figure 1 : Iterative block cipher with three rounds 7

Figure 2 : Key - alternating block cipher with two rounds 8
Figure 3 : General block diagram of DES algorithm 12
Figure 4 : Key Generation 14
Figure 5 : AES encryption structure 16
Figure 6 : ShiftRows operates on the rows of the state 18
Figure 7 : Pictograms for ShiftRows (left) and InvShiftRows (right) 18
Figure 8 : Composite S-box with non-linear transformation 21
Figure 9 : Levels of Abstraction 25
Figure 10 : Creating a project 39
Figure 11 : Opening a Project 39
Figure 12 : Simulating and Viewing the Output Waveforms 44
Figure 13 : Synthesis and Implementation of the Design 46
Figure 14 : View RTL Schematic 47
Figure 15 : Simulation result of Encryption 48
Figure 16 : Simulation result of Decryption 48
Figure 17 : Block diagram of Encryption 49
Figure 18 : Block diagram of Decryption 49
Figure 19 : RTL of Encryption 49
Figure 20 RTL of Decryption 50
Figure 21 : Technology of Encryption 50
Figure 22 : Technology of Decryption 50

MRIET iii ECE

 List of Table
Table No. Content Page No.

Table 1 : S-BOX TABLE 17

Table 2 : ShiftRows : shift offsets for different block lengths 18
Table 3 : Inverse Box Table 21

MRIET iv ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

ABSTRACT
The Advanced Encryption Standard (AES) algorithm plays a pivotal role in
ensuring data confidentiality in modern cryptographic and security applications. Among
its core components, the SubBytes transformation, implemented through the S-box
(Substitution box) module, is crucial for achieving high levels of confusion and diffusion,
which are fundamental principles in secure cipher design. However, this transformation
also introduces significant path delay overhead, especially in hardware implementations.
Typically, Look-Up Tables (LUTs) or embedded memory blocks are used to realize the S-
box, but these are often vulnerable to side-channel and fault injection attacks, thereby
posing serious threats to the security of practical cryptosystems.
To overcome these limitations, this paper presents the design and implementation
of SubBytes and Inverse SubBytes operations using composite field arithmetic, which not
only reduces the overall computational complexity but also strengthens the resistance of
the S-box against known cryptographic attacks. The proposed approach further
incorporates a multiple-round AES cryptosystem architecture, utilizing higher-order
transformations and composite field-based S-box formulations. In addition, various inner-
stage pipelining strategies are explored to enhance the throughput rate of the
encryption/decryption process while simultaneously optimizing critical path delay.
The entire design will be developed using VHDL (VHSIC Hardware Description
Language), enabling precise hardware-level modeling and simulation. For functional
verification and synthesis, the Xilinx ISE Design Suite will be employed, ensuring accurate
timing analysis, resource utilization reporting, and performance evaluation. This work aims
to contribute an efficient and secure AES architecture suitable for high-speed, real-time,
and resource-constrained cryptographic applications.

MRIET 1 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

CHAPTER 1 – INTRODUCTION
The Data Encryption Standard (DES) was considered as a standard for the
symmetric key encryption. DES has a key length of 56 bits. However, this key length is
currently considered small and can easily be broken. For this reason, the National Institute
of Standards and Technology (NIST) opened a formal call for algorithms in September
1997. A group of fifteen AES candidate algorithms were announced in August 1998. Next,
all algorithms were subject to assessment process performed by various groups of
cryptographic researchers all over the world. In August 2000, NIST selected five
algorithms: Mars, RC6, Rijndael, Serpent and Two fish as the final competitors. These
algorithms were subject to further analysis prior to the selection of the best algorithm for
the AES. Finally, on October 2, 2000, NIST announced that the Rijndael algorithm was the
winner. Rijndael can be specified with key and block sizes in any multiple of 32 bits, with
a minimum of 128 bits and a maximum of 256 bits. Therefore, the problem of breaking the
key becomes more difficult. In cryptography, the AES is also known as Rijndael. AES has
a fixed block size of 128 bits and a key size of 128, 192 or 256 bits.
The AES algorithm can be efficiently implemented by hardware and software.
Software implementations cost the smallest resources, but they offer a limited physical
security and the slowest process. Besides, growing requirements for high speed, high
volume secure communications combined with physical security, hardware
implementation of cryptography takes place. An FPGA implementation is an intermediate
solution between general purpose processors (GPPs) and application specific integrated
circuits (ASICs). It has advantages over both GPPs and ASICs. It provides a faster
hardware solution than a GPP. Also, it has a wider applicability than ASICs since its
configuring software makes use of the broad range of functionality supported by the
reconfigurable device.
Since its announcement in 2001, the Advanced Encryption Standard (AES) has
become a widely known and relied upon block cipher. It has been used for countless
different applications ranging in size and scale from internet banking operations performed
on large web servers to private communications between a wireless smart card and its
reader Every application has different requirements such as the speed at which security

MRIET 2 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

operations must be performed, the physical area for embedded hardware, or its power
budget Given this large range of applications and requirements, it isn’t surprising that AES
designs have been implemented using all sorts of platforms, ranging from software running
on general purpose computer hardware to fully customized hardware platforms which are
able to run much faster, or have a much smaller chip area and power consumption.
Given the diverse implementation platforms and performance requirements, AES
must be tailored to meet specific constraints in each use case. In resource-constrained
environments such as embedded systems, IoT devices, and smart cards, the focus is often
on minimizing power consumption, chip area, and latency, without compromising security.
Conversely, in high-performance systems like data centers or secure cloud infrastructures,
the priority shifts toward achieving maximum throughput, parallelism, and low latency
through techniques such as hardware acceleration, pipelining, and parallel AES cores. This
flexibility in implementation has led to extensive research in optimizing AES architectures,
where various trade-offs between area, speed, and energy efficiency are carefully evaluated
to meet application-specific demands. As a result, AES continues to be a central component
in modern cryptographic systems, with its adaptability ensuring relevance across a wide
spectrum of technologies and use cases.

MRIET 3 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

CHAPTER 2 - ADVANCED ENCRYPTION STANDARD

2.1 Introduction
In January 1997, the US National Institute of Standards and Technology (NIST)
announced the start of an initiative to develop a new encryption standard: the AES. The
new encryption standard was to become a Federal Information Processing Standard (FIPS)
, replacing the old Data Encryption Standard (DES) and triple-DES . Unlike the selection
process for the DES, the Secure Hash Algorithm (SHA-1) and the Digital Signature
Algorithm (DSA) , NIST had announced that the AES selection process would be open.
Anyone could submit a candidate cipher. Each submission, provided it met the
requirements, would be considered on its merits. NIST would not perform any security or
efficiency evaluation itself, but instead invited the cryptology community to mount attacks
and try to crypt analyze the different candidates, and anyone who was interested to evaluate
implementation cost. All results could be sent to NIST as public comments for publication
on the NIST AES web site or be submitted for presentation at AES conferences. NIST
would merely collect contributions using them to base their selection. NIST would
motivate their choices in evaluation reports.

2.1.1 AES: Scope and Significance

The official scope of a FIPS standard is quite limited: the FIPS only applies to the
US Federal Administration. Furthermore, the new AES would only be used for documents
that contain sensitive but not classified information. However, it was anticipated that the
impact .of the AES would be much larger than this: for AES is the successor of the DES,
the cipher that ever since its adoption has been used as a worldwide de facto cryptographic
standard by banks, administrations and industry.
Rijndael's approval as a government standard gives it an official ' certificate of
quality'. AES has been submitted to the International Organization for Standardization
(ISO) and the Internet Engineering Task Force (IETF) as well as the Institute of Electrical
and Electronics Engineers (IEEE) are adopting it as a standard. Still, even before Rijndael
was selected to become the AES, several organizations and companies declared their
adoption of Rijndael.

MRIET 4 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

2.1.2 Evaluation Criteria

The evaluation criteria for the first round were divided into three major categories:
security, cost and algorithm and implementation characteristics. NIST invited the
cryptology community to mount attacks and try to crypt analyse the different candidates,
and anyone interested to evaluate implementation cost. The result could be sent to NIST as
public comments or be submitted for presentation at the second AES conference. NIST
collected all contributions and would use these to select five finalists. In the following
sections we discuss the evaluation criteria.
Security
Security was the most important category, but perhaps the most difficult to assess.
Only a small number of candidates showed some theoretical design flaws. The large
majority of the candidates fell into the category 'no weakness demonstrated'.
Costs
The 'costs' of the candidates were divided into different subcategories. A first
category was formed by costs associated with intellectual property (IP) issues. First of all,
each submitter was required to make his cipher available for free if it would be selected as
the AES . Secondly, each submitter was also asked to make a signed statement that he
would not claim ownership or exercise patents on ideas used in another submitter 's
proposal that would eventually be selected as AES . A second category of ' costs' was
formed by costs associated with the implementation and execution of the candidates. This
covers aspects such as computational efficiency, program size and working memory
requirements in software implementations, and chip area in dedicated hardware
implementations.
Algorithm and Implementation Characteristics
The category algorithm and implementation characteristics grouped a number of
features that are harder to quantify. The first one is versatility, meaning the ability to be
implemented efficiently on different platforms. At one end of the spectrum should the AES
fit 8-bit micro-controllers and smart cards, which have limited storage for the program and
a very restricted amount of RAM for working memory? At the other end of the spectrum
the AES should be implement able efficiently in dedicated hardware, e.g. to provide on-
the-fly encryption/decryption of communication links at gigabit-per-second rates. In

MRIET 5 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

between there is the whole range of processors that are used in servers, workstations, PCs,
palmtops etc. , which are all devices ii1 need of cryptographic support A prominent place
in this range is taken by the Pentium family of processors due to its presence in most
personal computers.
A second feature is key agility. In most block ciphers, key set up takes some
processing. In applications where the same key is used to encrypt large amounts of data,
this processing is relatively unimportant. In applications where the key often changes, such
as the encryption of Internet Protocol (IP) packets in Internet Protocol Security (IPSEC) ,
the overhead due to key setup may become quite relevant . Obviously, in those applications
it is an advantage to have a fast key setup.

2.2 Block Ciphers

A block cipher transforms plaintext blocks of a fixed length nb to cipher text blocks
of the same length under the influence of a cipher key k. More precisely, a block cipher is
a set of Boolean permutations operating on nb-bit vectors. This set contains a Boolean
permutation for each value of the cipher key k. In this book we only consider block ciphers
in which the cipher key is a Boolean vector. If the number of bits in the cipher key is
denoted by nk , a block cipher consists of 2nk Boolean permutations.
Usually, block ciphers are specified by an encryption algorithm, being the sequence
of transformations to be applied to the plaintext to obtain the cipher text. These
transformations are operations with a relatively simple description. The resulting Boolean
permutation depends on the cipher key by the fact that key material, computed from in the
cipher key, is used in the transformations.
For a block cipher to be up to its task, it has to fulfill two requirements
1. Efficiency Given the value of the cipher key, applying the corresponding Boolean
permutation, or its inverse, is efficient, preferably on a wide range of platforms.
2. Security It must be impossible to exploit knowledge of the internal structure of the
cipher in cryptographic attacks.
All block ciphers of any significance satisfy these requirements by iteratively applying
Boolean permutations that are relatively simple to describe.

MRIET 6 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

2.2.1 Iterative Block Ciphers

In an iterative block cipher, the Boolean permutations are iterative. The block
cipher is defined as the application of a number of key-dependent Boolean permutations.
The Boolean permutations are called the round transformations of the block cipher. Every
application of a round transformation is called a round.
Example
The DES has 16 rounds. Since every round uses the same round transformation,
we say the DES has only one round transformation.
We denote the number of rounds by r. We have

In this expression, p(i) is called the ith round of the block cipher and k(i) is called
the ith round key. The round keys are computed from the cipher key. Usually, this is
specified with an algorithm. The algorithm that describes how to derive the round keys
from the cipher key is called the key schedule. The concatenation of all round keys is called
the expanded key, denoted by K.

Figure 1 : Iterative block cipher with three rounds

The length of the expanded key is denoted by nK. The iterative block cipher model
is illustrated in Figure 1. Almost all block ciphers known can be modeled this way. There
is however a large variety in round transformations and key schedules. An iterative block
cipher in which all rounds (with the exception of the initial or final round) use the same
round transformation is called an iterated block cipher.
𝐾 = 𝑘 (0) |𝑘 (1) |𝑘 (2) | … |𝑘 (𝑟)

MRIET 7 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

2.2.2 Key-Alternating Block Ciphers

Rijndael belongs to a class of block ciphers in which the round key is applied in a
particularly simple way: the key-alternating block ciphers. A keyalternating block cipher
is an iterative block cipher with the following properties.
1. Alternation The cipher is defined as the alternated application of key independent
round transformations and key additions. The first round key is added before the
first round and the last round key is added after the last round.
2. Simple key addition The round keys are added to the state by means of a simple
XOR A key addition is denoted by a [k].
We have

A graphical illustration is given in Figure 2.

Key-alternating block ciphers are a class of block ciphers that lend themselves to analysis
with respect to the resistance against cryptanalysis. A special class of key-alternating block
ciphers is the key-iterated block ciphers. In this class, all rounds (except maybe the first or
the last) of the cipher use the same round transformation. We have.

Figure 2 : Key - alternating block cipher with two rounds

In this case, p is called the round transformation of the block cipher. The relations
between the different classes of block ciphers. Key-iterated block ciphers lend themselves
to efficient implementations. In dedicated hardware implementations, one can hard-wire

MRIET 8 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

the round transformation and the key addition. The block cipher can be executed by simply
iterating the round transformation alternated with the right round keys.
In software implementations, the program needs to code only the one round
transformation in a loop and the cipher can be executed by executing this loop the required
number of times. In practice, for performance reasons, block ciphers will often be
implemented by implementing every round separately (so-called loop unrolling). In these
implementations, it is less important to have identical rounds. Nevertheless, the most-used
block ciphers all consist of a number of identical rounds.
This design approach of using identical round structures simplifies both the
implementation and analysis of block ciphers like AES, especially when considering
security proofs and cryptographic strength. The uniformity of rounds enhances modularity,
allowing for easier optimization, testing, and debugging across various platforms.
Moreover, techniques such as loop unrolling in software and parallel processing in
hardware can significantly improve performance, particularly in throughput-critical
applications. However, this comes at the cost of increased code size in software or hardware
resource usage in FPGA/ASIC implementations. Despite these trade-offs, the use of
identical rounds remains a preferred architectural choice as it supports scalable and
efficient implementations while preserving the algorithm’s inherent security properties.

MRIET 9 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

CHAPTER 3 - LITERATURE SURVEY

The AES algorithm is specified with a fixed block size of 128bits and a key size of
128,192, or 256bits. It is capable of using any key and block size for all multiples of
32bits.The key is expanded using Rijndael’s key schedule. Most AES computations are
done in a special finite field. AES operates on a 4×4 array of bytes called the state. For
encryption, each round of AES (except for the last round, which omits the MixColumns
stage) consists of four stages.

Computer has become an essential device now a day. The main use of computer is
to store data and send the data from one location to other. The information that is shared
must be transported in a secure manner. So to avoid such situations data may be encrypted
to some formats that is unreadable by an unauthorized person. Cryptography is the science
of information security which has become a very critical aspect of modern computing
systems to secure the data transmission and storage.

Advanced Encryption Standard (AES) is one of the most common symmetric

encryption algorithms. The hardware complexity in AES is dominated by AES substitution
box (S-box) which is considered as one of the most complicated and costly part of the
system because it is the only non-linear structure. The proposed work employs a
combinational logic design of S-Box implemented in Virtex II FPGA chip. The architecture
employs a Boolean simplification of the truth table of the logic function with the aim of
reducing the delay. The S-Box is designed using basic gates such as AND gate, NOT gate,
OR gate and multiplexer. Theoretically, the design reduces the overall delay and efficiently
for applications with high-speed performance. This approach is suitable for FPGA
implementation in term of gate area. The hardware, total area and delay are presented.

Advanced Encryption Standard (AES), a Federal Information Processing Standard

(FIPS), is an approved cryptographic algorithm that is used to protect electronic data. The
AES can be programmed in software or built with hardware. The paper presents a hardware
implementation of the AES algorithm on FPGA.

The algorithm was implemented in FPGA using Spartan 3E starter kit and Xilinx
ISE development suite. The purpose of this attempt was to test the correctness of the
MRIET 10 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

implemented algorithm and to gain experience in optimization of algorithm structure for

the embedded implementation in the target application.

A proposed FPGA-based implementation of the Advanced Encryption Standard

(AES) algorithm is presented in this paper. This implementation is compared with other
works to show the efficiency. The design uses an iterative looping approach with block and
key size of 128 bits, lookup table implementation of S-box. This gives low complexity
architecture and easily achieves low latency as well as high throughput. Simulation results,
performance results are presented and compared with previous reported designs.

MRIET 11 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

CHAPTER 4 - EXISTING SYSTEM

4.1 DES (Data Encryption Standard)
DES is a secret-key archetypal block cipher with block size of 64 bits. DES encrypts
a block of 64-bit plaintext into 64-bit cipher text using 64-bit secret key (Left most bit of a
block is bit one). Block diagram of the DES algorithm is shown in the Figure 3. DES
adopted in 1977 by the National Bureau of Standards now the National Institute of
Standards and Technology (NIST), as Federal Information Processing Standard 46 (FIPS
PUB 46).

Figure 3 : General block diagram of DES algorithm

A DES key consists of 64 binary digits ("0"s or "1"s) of which 56 bits are randomly
generated and used directly by the algorithm. The other 8 bits, which are not used by the
algorithm, may be used for error detection. The 8 error detecting bits are set to make the
parity of each 8-bit byte of the key odd, i.e., there is an odd number of "1"s in each 8-bit
byte. A TDEA key consists of three DES keys, which is also referred to as a key bundle.
Authorized users of encrypted computer data must have the key that was used to encipher
the data in order to decrypt it. The encryption algorithms specified in this standard are
commonly known among those using the standard. The cryptographic security of the data
depends on the security provided for the key used to encipher and decipher the data.

MRIET 12 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

Data can be recovered from cipher only by using exactly the same key used to
encipher it. Unauthorized recipients of the cipher who know the algorithm but do not have
the correct key cannot derive the original data algorithmically. However, it may be feasible
to determine the key by a brute force “exhaustion attack.” Also, anyone who does have the
key and the algorithm can easily decipher the cipher and obtain the original data. A standard
algorithm based on a secure key thus provides a basis for exchanging encrypted computer
data by issuing the key used to encipher it to those authorized to have the data.
DES Encryption process has two functions
A. Processing the plaintext
B. Round-Key generation

4.1.1. Processing the plaintext

The processing of plaintext proceeds in three phases.
• Conversion of Plain text into permuted input
• Production of preoutput using Feistel cipher structure
• Conversion of preoutput to cipher text
• Conversion of Plain text into permuted input
The 64-bit plaintext passes through an initial permutation (IP) that rearranges the
bits to produce the permuted input, which is split into two 32-bit halves L0 and R0 where
first 32 bit is L0 and next 32-bit is R0. Permutation is keyless and can be predetermined.
This has no cryptographic significance but included to facilitate loading blocks in and out
of hardware and to make DES run slower in software.
• Production of preoutput using Feistel cipher structure
Most symmetric block encryption algorithms are based on Feistel [14] structure.
Feistel proposed the use of a cipher that alternates substitutions and permutations which is
a practical application of a product cipher that alternates confusion and diffusion functions
producing Substitution-Permutation Network (SP Network) [15].
• Conversion of preoutput to cipher text
The preoutput is passed through a permutation (IP-1) that is the inverse of the initial
permutation function, to produce the 64-bit cipher text. This stage has no cryptography

MRIET 13 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

significance in DES. The initial and final permutations are straight P-boxes that are
inverses of each other.

4.1.2. Function 2- Round-Key generation

Figure 4 : Key Generation

DES takes 64-bit key as input. Among 64-bit key only 56 bitsare effective and used
directly by the algorithm. The other 8 bits, which are not used by the algorithm, may be
used for error detection or set arbitrarily or can be ignored [13]. The 8 error detecting bits
are set to make the parity of each 8-bit byte of the key odd, i.e., there is an odd number of
"1"s in each byte. The round-key generator creates sixteen 48-bit round/sub keys out of a
56-bit cipher key. The round key generation block is shown in Figure 4

MRIET 14 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

CHAPTER 5 - PROPOSED SYSTEM

5.1 AES Algorithm

The AES (Advanced Encryption Standard) algorithm uses the same key for both
encryption and decryption, ensuring fast and efficient data processing. It operates on fixed
block sizes, typically 128 bits, and supports key lengths of 128, 192, or 256 bits. Widely
adopted across the globe, AES provides a high level of security and is used in applications
ranging from secure communications to file encryption.

5.2 AES Encryption

The AES algorithm operates on a 128-bit block of data and executed Nr - 1 loop
times. A loop is called a round and the number of iterations of a loop, Nr, can be 10, 12, or
14 depending on the key length. The key length is 128, 192 or 256 bits in length
respectively. The first and last rounds differ from other rounds in that there is an additional
Add Round Key transformation at the beginning of the first round and no Mix Columns
transformation is performed in the last round. In this paper, we use the key length of 128
bits (AES-128) as a model for general explanation. An outline of AES encryption is given
in Fig 5.

5.2.1 SubBytes Transformation

The SubBytes transformation is a non-linear byte substitution, operating on each of
the state bytes independently. The SubBytes transformation is done using a once- pre-
calculated substitution table called S box. That S-box table contains 256 numbers (from 0
to 255) and their corresponding resulting values. More details of the method of calculating
the S-box table. In this design, we use a look-up table as shown in Table 1. This is a more
efficient method than directly implementing the multiplicative inverse operation followed
by affine transformation. This approach avoids complexity of hardware implementation
and has the significant advantage of performing the S-box computation in a single clock
cycle, thus reducing the latency.

MRIET 15 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

Figure 5 : AES encryption structure

MRIET 16 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

Table 1 : S-BOX TABLE

5.2.2 ShiftRows Transformation

In ShiftRows transformation, the rows of the state are cyclically left shifted over
different offsets. Row 0 is not shifted; row 1 is shifted one byte to the left; row 2 is shifted
two bytes to the left and row 3 is shifted three bytes to the left. The ShiftRows step is a
byte transposition that cyclically shifts the rows of the state over different offsets. Row 0
is shifted over Co bytes, row l over C1 bytes, row 2 over C2 bytes and row 3 over C3 bytes,
so that the byte at position j in row i moves to position (j -Ci) mod Nb. The shift offsets Co,
C1, C2 and C3 depend on the value of Nb.
Design criteria for the offsets The design criteria for the offsets are the following:
1. Diffusion optimal. The four offsets have to be different.
2. Other diffusion effects. The resistance against truncated differential attacks and
saturation attacks has to be maximized.
Diffusion optimality is important in providing resistance against differential and linear
cryptanalysis. The other diffusion effects are only relevant when the block length is larger

MRIET 17 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

than 128 bits. Selection of the offsets. The simplicity criterion dictates that one offset is
taken equal to O. In fact, for a block length of 1 28 bits, the offsets have to be 0, 1, 2 and
3. The assignment of offsets to rows is arbitrary. For block lengths larger than 128 bit, there
are more possibilities. Detailed studies of truncated differential attacks and saturation
attacks on reduced versions of Rijndael show that not all choices are equivalent. For certain
choices, the attacks can be extended with one round. Among the choices that are best with
respect to saturation and truncated differential attacks, we picked the simplest ones.
Different values are specified in table 2. Fig 6 illiterate the effect of the ShiftRows step on
the state. Figure 7 shows the pictograms for ShiftRows and its inverse.

Table 2 : ShiftRows : shift offsets for different block lengths

Figure 6 : ShiftRows operates on the rows of the state

Figure 7 : Pictograms for ShiftRows (left) and InvShiftRows (right)

MRIET 18 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

5.2.3. MixColumns Transformation

In Mix Columns transformation, the columns of the state are considered as
polynomials over GF (28) and multiplied by modulo x4 + 1 with a fixed polynomial c(x),
given by: c(x)={03}x3 + {01}x2 + {01}x + {02}.
The MixColumns step is a bricklayer permutation operating on the state column by
column.
Design criteria. The design criteria for the MixColumns step are the following:
1. Dimensions. The transformation is a bricklayer transformation operating on 4 byte
columns.
2. Linearity. The transformation is preferably linear over GF(2) .
3. Diffusion. The transformation has to have relevant diffusion power.
4. Performance on 8-bit processors. The performance of the transformation on 8-bit
processors has to be high.
The criteria about linearity and diffusion are requirements imposed by the wide trail
strategy . The dimensions criterion of having columns consisting of 4 bytes is to make
optimal use of 32-bit architectures in look-up table implementations . The performance on
8-bit processors is mentioned because MixColumns is the only step that good performance
on 8-bit processors is not trivial to obtain for.
5.2.4. Add Round Key Transformation
In the AddRoundKey transformation, a RoundKey is added to the State - resulted
from the operation of the MixColumns transformation - by a simple bitwise XOR
operation. The RoundKey of each round is derived from the main key using the Key
Expansion algorithm. The encryption/decryption algorithm needs eleven 128-bit
RoundKey, which are denoted RoundKey (the first RoundKey is the main key).
The round transformation is denoted Round, and is a sequence of four
transformations, called steps. This is shown in List below. The final round of the cipher is
slightly different. It is denoted Final Round and also shown in List below. In the listings,
the transformations (Round, SubBytes , ShiftRows , . . . ) operate on arrays to which
pointers (Stat e, Expanded Key [i]) are provided. It is easy to verify that the transformation
Final Round is equal to the transformation Round, but with the MixColumns step removed.

MRIET 19 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

5.3 AES Decryption

Decryption is a reverse of encryption which inverse round transformations to
computes out the original plaintext of an encrypted cipher-text in reverse order. The round
transformation of decryption uses the functions AddRoundKey, InvMixColumns,
InvShiftRows, and InvSubBytes successively.

5.3.1 AddRoundKey
The AddRoundKey step in AES is its own inverse because the XOR operation is
self-inverting. This means applying the same key again will restore the original data. For
decryption, the round keys are used in reverse order. The other transformations—
SubBytes, ShiftRows, and MixColumns—contribute to the cipher’s security and will be
described next.

5.3.2 InvShiftRows Transformation

The InvShiftRows operation is the reverse of ShiftRows in AES decryption. While
ShiftRows shifts the second, third, and fourth rows to the left, InvShiftRows shifts them to
the right by one, two, and three bytes respectively. The first row remains unchanged in
both operations. This step helps in reversing the diffusion applied during encryption.

5.3.3 InvSubBytes Transformation

The InvSubBytes transformation in AES decryption uses a precomputed lookup
table called the InvS-box. This table contains 256 entries, each mapping a byte value (0 to
255) to its inverse substitute. It is the reverse of the S-box used during encryption and
ensures the reversal of the non-linear substitution step. This operation restores the original
byte values altered during the SubBytes stage.

MRIET 20 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

Table 3 : Inverse Box Table

5.3.4 InvMixColumns Transformation

Figure 8 : Composite S-box with non-linear transformation

In the InvMixColumns transformation, the polynomials of degree less than 4 over

GF(28), which coefficients are the elements in the columns of the state, are multiplied
modulo (x4+ 1) by a fixed polynomial d(x) = {0B}x3 + {0D}x2 + {09}x +{0E}, where {0B},
{0D}; {09}, {0E} denote hexadecimal values. In the next section, a description of the
proposed design based on FPGA implementation of AES encryption/decryption function
is detailed.
MRIET 21 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

In this project, we have used S-box using composite field algorithm, which contains
sub-bytes and inverse sub-bytes operation. Both these modules can use encryption and
decryption in a shared way which requires less hardware. These blocks used successive
XOR operations and transformed the value into some other values . It consists of various
sub-modules like affine transformation, multiplication inverse, and multiplication with
constant. Composite S-box implementation is the fastest and safer method to implement.
It requires the text_in, text_out and key which have a 128 bits length. And the
control signals using to control the proper operations of the core are clk, reset_n, write,
direction, done and enable pins. The Key block loads keys and combines with Key Round
block to perform Key Expansion transformation, and generates proper Roundkeys under
the control signals from the Controller block. Controller block takes write signal, direction
signal, and enable signal from outside and generates all the control signals for the whole
system. The plain text (text_in) and key is loaded only when the write signal makes a low-
high-low transition (basically a pulse). The process is going to complete when the done
signal is pulsed after some clock cycles from the write signal goes low. The “done” signal
actives only in one clock cycle.
Each round key as well as round is completed in one clock cycle. However, the
round key is finished before the round is calculated by one clock cycle. Hence, combining
with one clock cycle for registering the input, a total clock cycle need for processing 128-
bit data is 13 clocks in encryption mode. In decryption, eleven round keys must be
completed before the first round is calculated. Because the last round key is used in the
firstround process, it takes 25 clock cycles to complete. With using the above iterative
looping approach, a minimal number of clock cycles required performing
encryption/decryption for each data block of 128-bit.

MRIET 22 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

CHAPTER 6 – VHDL( VHSIC Hardware Description

Language)
6.1 VHDL
VHDL is an acronym for Very High Speed Integrated Circuits Hardware
description Language. The language can be used to model a digital system at many levels
of abstraction ranging from the algorithmic level to the gate level. The complexity of the
digital system being modeled could vary from that of a simple gate to a complete digital
electronic system. The VHDL language can be regarded as an integrated amalgamation of
sequential, concurrent, net list and waveform generation languages and timing
specifications.

6.1.1 History of VHDL

VHDL stands for VHSIC (Very High Speed Integrated Circuit) Hardware
Description Language. It was developed in the 1980’s as spin-off of a high-speed integrated
circuit research project funded by the US department of defense. During the VHSIC
program, researchers were confronted with the daunting task of describing circuits of
enormous scale (for their time) and of managing very large circuit design problems that
involved multiple teams of engineers. With only gate-level tools available, it soon became
clear that more structured design methods and tools would be needed.
To meet this challenge, teams of engineers from three companies - IBM, Texas
Instruments and Inter metrics were contracted by the department of defense to complete
the specification and implementation of a new language based design description method.
The first publicly available version of VHDL, version 7.2 was released in 1985. In 1986,
the IEEE was presented with a proposal to standardize the language, which it did in 1987
and academic representatives. The resulting standard, IEEE 1076—1987 is the basis for
virtually every simulation and synthesis product sold today. An enhanced and updated
version of the language, IEEE 1076-1993, was released in 1994, and VHDL tool vendors
have been responding by adding these new language features to their products.
Although IEEE standard 1076 defines the complete VHDL language, there are
aspects of the language that make it difficult to write completely portable design
descriptions (description that can be simulated identically using different vendor’s tools).
The problem stems from the fact that VHDL supports many abstract data types, but it does
MRIET 23 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

not address the simple problem of characterizing different signal strengths or commonly
used simulation conditions such as unknowns and high impedances. Soon after IEEE 1076-
1987 was adopted, simulator companies began enhancing VHDL with new non-standard
types to allow their customers to accurately simulate complex electronic circuits. This
caused problems because design descriptions entered into one simulator were often
incompatible with another with other environments. VHDL was quickly becoming a non-
standard.
To get around the problem of non-standard data types, an IEEE committee adopted
another standard. This standard numbered 1164, defines a standard package (a VHDL
feature that allows commonly used declaration to be collected into an external library)
containing definition for a standard nine-value data type. This standard data type is called
standard logic, and the IELL 1164 package is often referred to as the standard logic
package. The IEEN 1076-1987 and IEEE 1164 standards together form the complete
VHDL standard in widest use today (IEEE 1076-1993 is slowly working its way into the
VHDL mainstream, but it does not add significant number of features for synthesis users).
In the search for a standard design and documentation tool for the Very High Speed
Integrated Circuits (VHSIC) program the United States Department of Defense (DOD) in
the summer of 1981 sponsored a workshop on HDLs at Woods Hole, Massachusetts. The
conclusion of the workshop was the need for a standard language, and the features that
might be required by such a standard in 1983.DoD established requirements for a standard
VHSIC hardware description language(VHDL), based on the recommendation of the
“Woods Hole” workshop. A contract for the development of the VHDL language, its
environment, and its software was awarded to IBM, Texas instruments and Intermetrics.
VHDL 2.0 was released only six months after the project began. The language was
significantly improved hereafter and other shortcomings were corrected leading to the
release of VHDL 6.0. In 1985 this significant developments led to the release of VHDL
6.0. In 1985 these significant development led to the release of VHDL 7.2 language
reference manual. This was later on developed as IEEE 1076/A VHDL language reference
manual. Efforts for defining the new version of VHDL stated in 1990 by a dream of
volunteers working under the IEEE DASC (Design Automation Standards committee). In
October of 1992, a new VHDL’93 was completed and was released for review. After minor

MRIET 24 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

modifications, this new version was approved by the VHDL balloting group members and
became the new VHDL language standard. The present VHDL standard is formally
referred as VHDL 1076-1993.

6.1.2 Levels of Abstraction (Styles)

VHDL supports many possible styles of design description. These styles differ
primarily in how closely they relate to the underlying hardware. When we speak of the
different styles of VHDL, then, we are really talking about the differing levels of
abstraction possible using the language. To give an example, it is possible to describe a
counter circuit in a number of ways. At the lowest level of abstraction, you could use
VHDL's hierarchy features to connect a sequence of predefined logic gates and flip-flips
to form a counter circuit.

Figure 9 : Levels of Abstraction

In a behavioral description, the concept of time may be expressed precisely, with

actual delays between related events, or may simply be an ordering of operations that are
expressed sequentially. When you are writing VHDL for input to synthesis tools, you may
use behavioral statements in VHDL to imply that there are registers in your circuit. It is
unlikely, however, that your synthesis tool will be capable of creating precisely the same
behavior in actual circuitry as you have defined in the language.
The highest level of abstraction supported in VHDL is called the behavioral level
of abstraction. When creating a behavioral description of a circuit, you will describe your
circuit in terms of its operation over time. The concept of time is the critical distinction
between behavioral descriptions of circuits and lower-level descriptions. If you are familiar
with event-driven software programming languages then writing behavior level VHDL will
not seem like anything new. Just like a programming language, you will be writing one or

MRIET 25 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

more small programs that operate sequentially and communicate with one another through
their interfaces. The only difference between behavior-level VHDL and a software
programming language such as Visual Basic is the underlying execution platform: in the
case of Visual Basic, it is the Windows operating system in the case of VHDL, it is a
simulator. An alternate design method, in which a circuit design problem is segmented into
registers and combinational input logic, is what is often called the dataflow level of
abstraction.
Dataflow is an intermediate level of abstraction that allows the drudgery of
combinational logic to be hidden while the more important parts of the circuit, the registers,
are more completely specified. There are some drawbacks to using a purely dataflow
method of design in VHDL. First, there are no built-in registers in VHDL the language was
designed to be general-purpose, and VHDL’s designers on its behavioral aspects placed
the emphasis. If you are going to write VHDL at the dataflow level of abstraction, then you
must first create behavioral descriptions of the register elements that you will be using in
your design. These elements must be provided in the form of components or in the form of
subprograms.
But for hardware designers, for whom it can be difficult to relate the sequential
descriptions and operation of behavioral VHDL with the hardware that is being described,
using the dataflow level of abstraction can make quite a lot of sense. Using dataflow, it can
be easier to relate a design description to actual hardware devices. The dataflow and
behavior levels of abstraction are used to describe circuits in terms of their logical function.
There is a third style of VHDL that is used to combine such descriptions together into a
larger, hierarchical circuit description. Structural VHDL allows you to encapsulate one part
of a design description as a re-usable component. Structural VHDL can be thought of as
being analogous to a textual schematic, or as a textual block diagram for higher-level
design.

6.1.3 Need for VHDL

The complex and laborious manual procedures for the design of the hardware have
paved the way for the development of languages for high level description of the digital
system. This high-level description can serve as documentation for the part as well as an
entry point into the design process. The high level description can be processed through

MRIET 26 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

various boards, or gate array using the synthesis tools of Hardware Description language
us such a language. VHDL was designed as a solution to provide an integrated design and
documentation to communicate design data between various levels of abstractions.

6.1.4 Advantages of VHDL

VHDL allows quick description and synthesis of circuits of 5, 10, 20 thousand gates. It
also provides the following capabilities. The following are the major advantages of VHDL
over other hardware description languages:
• Power and flexibility VHDL has powerful language constructs which allows code
description of complex control logic.
• Device independent design VHDL creates design that fits into many device architecture
and it also permits multiple styles of design description.
• Portability VHDL’s portability permits the design description to be used on different
simulators and synthesis tools. Thus VHDL design descriptions can be used in multiple
projects.
• ASIC migration The efficiency of VHDL allows design to be synthesized on a CPLD
or an FPGA. Sometimes the code can be used with the ASIC.
• Quick time to market and low cost VHDL and programmable logic pair together
facilitate speedy design process. VHDL permits designs to be described quickly.
Programmable logic eliminates expenses and facilitates quick design iterations
1. The language can be used as a communication medium between different Computer
Aided Design (CAD) and Computer Aided Engineering (CAE) tools.
2. The language supports hierarchy, i.e., a digital system can be modeled as a set of
interconnected components; each component, in turn, can be modeled as a set of
interconnected subcomponents.
3. The language supports flexible design methodologies: Top-Down, Bottom- Up, or
Mixed.
4. The language is technology independent and hence the same behavior model can be
synthesized into different vendor libraries.
5. Various digital modeling techniques such as finite-state machine descriptions,
algorithmic descriptions and Boolean equations can be modeled using the language.
6. It supports both synchronous and asynchronous timing models.

MRIET 27 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

7. It is an IEEE and ANSI standard, and therefore, models described using these
languages are portable.
8. There are no limitations that are imposed by the language on the size of the design.
9. The language has elements that make large-scale design modeling easier, for e.g.
Components, functions, procedures and packages.
10. Test benches can be written using the same language to test other VHDL models.
11. Nominal propagation delays, min-max delays, setup and holding timing, timing
constraints, and spike detection can all be described very naturally in this language.
12. Behavioral models that conform to a certain synthesis description style are capable of
being synthesized to gate-level description.
13. The capability of defining new data types provides the power to describe and simulate
a new design technique at a very high level of abstraction without any concern about
implementation details.

6.1.5 Design Methodology using VHDL

There are three design methodologies namely: bottom-up, top-down and flat

1. The bottom-up approach involves the defining and designing the individual
components, then bringing the individual components together to form the overall
design.
2. In a flat design the functional components are defined at the same level as the
interconnection of those functional components.
3. A top-down design process involves a divide-and-conquer approach to implement the
design a large system. Top-down design is referred to as recursive partitioning of a
system into its sub-components until all sub-components become manageable design
parts.

6.1.6 Elements of VHDL

Constructs of the VHDL language are designed for describing hardware
components, packaging parts and utilities use of libraries and for specifying design libraries
and parameters. In its simplest form, the description of a component in VHDL consists of
an interface specification and an architectural specification. The interface description

MRIET 28 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

begins with Entity keyword and contains the input-output ports of the component. An
architectural specification begins with the Architectural keyword, which describes the
functionality of a component.
This functionality depends on input-output signals and other parameters that are
specified in the interface description. Several architectural specifications with different
identifiers can exist for one component with a given interface description. VHDL allows
architecture to be configured for a specific technology environment.
In a hardware design environment it becomes necessary to group components or
utilities used for description of components. Components and such utilities can be grouped
by use of packages. A package declaration contains components and utilities to become
visible by Entities and Architectures. VHDL allows the use of Libraries and binding of
sub-components of a design to elements of various libraries. Constructs for such
applications include a library statement and configurations.

6.1.7 VHDL language features

The various building blocks and constructs in VHDL which have been used are:
1. Entity
Every VHDL design description consists of at least one entity. In VHDL, an entity
declaration describes the circuit as it appears from the "outside", from the perspective of
its input and output interfaces.An entity declaration in VHDL provides the complete
interface for a circuit. Using the information provided in an entity declaration (the port
names and the data type and direction of each port), you have all the information you need
to connect that portion of a circuit into other, higher-level circuits.The entity declaration
includes a name, compare, and a port statement defining all the inputs and outputs of the
entity. Each of the ports is given a direction (either in, out or inout).
• Formal Definition : It is the hardware abstraction of a digital system. Entity
declaration describes the external view of the entity to the outside world.
• Simplified syntax:
Entity entity-name is
Port (port-list);
[generic(generic-list);]
end entity-name;

MRIET 29 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

• Description : All designs are expressed in terms of entities. Entity is the most basic
building block in a design. The uppermost level of the design is the top-level entity. If
the design is hierarchical, then the top-level description will have lower-level
descriptions contained in it. These lower-level descriptions will be lower-level entities
contained in the top-level entity description.

2. Architecture
Every entity in a VHDL design description must be bound with a corresponding
architecture. The architecture describes the actual function of the entity to which it is
bound. Using the schematic as a metaphor, you can think of the architecture as being
roughly analogous to a lower-level schematic pointed to by the higher-level functional
block symbol. The second part of a minimal VHDL source file is the architecture
declaration. Every entity declaration you write must be accompanied by at least one
corresponding architecture. The architecture declaration begins with a unique name,
followed by the name of the entity to which the architecture is bound. Within the
architecture declaration is found the actual functional description of our comparator. There
are many ways to describe combinational logic functions in VHDL.
• Formal Definition : A body associated with an entity declaration to describe the
internal organization or operation of a design entity. An architecture body is used to
describe the behavior, data flow or structure of a design entity:
• Simplified syntax
Architecture architecture-name of entity-name is
Architecture-declarations
Begin
Concurrent-statements
End [architecture] [architecture-name];

• Description : Architecture assigned to an entity describes internal relationship between

input and output ports of the entity. It contains of two parts: declarations and concurrent
statements. First part of architecture may contain declarations of types, signals,
constants, subprograms components and groups. Concurrent statements in the
architecture body define the relationship between inputs and outputs. This relationship
can be specified using different types of statements: Concurrent signal assignment,

MRIET 30 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

process statement, component instantiation, and concurrent procedure call, generate

statement, concurrent assertion statement, and block statement. It can be writing in
different styles: structural, dataflow, behavioral (functional) or mixed. The description
of a structural body is based on component instantiation and generates statements. It
allows creating hierarchical projects, from simple gates to very complex components,
describing entire subsystems. The Connections among components are realized
through ports.

The Dataflow description is built with concurrent signal assignment statements.

Each of the statements can be activated when any of its input signals changes its value. The
architecture body describes only the expected functionality (behavior) of the circuit,
without any direct indication as to the hard ware implementation. Such description consists
only of one or more processes, each of which contains sequential statements. The
Architecture body may contain statements that define both behavior and structure of the
circuit at the same time. Such architecture description is called mixed.

3. Component Declaration
• Formal Definition : A component declaration declares a virtual design entity interface
that may be used in component instantiation statement.
• Simplified syntax:
Component component-name
[generic(generic-list)];
port(port-list);
end component [component-name];
4. Component Instantiation
• Formal Definition : A component instantiation statement defines a subcomponent of
the design entity in which it appears, associate signals or values with the ports of that
subcomponent, and associates values with generics of that subcomponent.
• Simplified syntax
Label: [component] component-name
Generic map (generic-association-list);
Port map (port-association-list);

MRIET 31 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

5. Configuration Declaration
• Formal Definition : A configuration is a construct that defines how component
instances in a given block are bound to design entities in order to describe how design
entities are put together to form a complete design.
• Simplified syntax
Configuration configuration-name of entity-name is
Configuration declarations.
For architecture-name
For instance-label: component-name
Use entity library-name. Entity-name (arch-name);
End for;
end for;
end configuration-name;
6. Configuration Instantiation
• Formal Definition : A component instantiation statement defines a subcomponent of
the design entity in which it appears, associates signals or value with the ports of that
subcomponent
• Simplified syntax
Label: Configuration configuration-name
Generic map (generic-association-list);
Port map (port-association-List);
7. Package
• Formal Definition : A package declaration defines the interface to a package.
• Simplified syntax
Package package-name is
Package –declarations
End [package] package-name;

MRIET 32 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

8. Package body
• Formal Definition : A package body defines the bodies of subprograms and the values
of deferred constants declared in the interface to the package.
• Simplified syntax:
Package body package-name is
Package-body-declarations
Subprogram bodies declarations
End [package body] package-name;
9. Attributes
Attributes are of two types: user defined and predefined.
a. User defined
• Formal Definition : A value, function, type, range, signals, or constant that may be
associated with one or more named entities in a description.
• Simplified syntax
Attribute attribute-name: type;
Attribute attribute-name of item: item-class is expression
• Description : Attributes allow retrieving information about named entities: types,
objects, subprograms etc. Users can define mew attributes and then assign them to named
entities by specifying the entity and the attribute values for it.
b. Predefined
• Formal Definition : A value, function, type, range, signals, or constant that may be
associated with one or more named entities in a description.
• Simplified syntax:
object’s attribute-name

10. Process Statement

• Formal Definition : A process statement defines an independent sequential process
representing the behavior of some portion of the design

MRIET 33 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

• Simplified syntax:
[process-label:] process [(sensitivity-list)];
Process-declarations
begin
Sequential-statements
end process [process-label];
11. Function
• Formal Definition : A function call is a subprogram of the form of an expression that
returns a value.
• Simplified syntax
Function functionname(parameters) return type
Function function-name(parameters) return type is
Begin
Sequential statements
End [function] function-name;
12. Port
• Formal Definition : A channel for dynamic communication between a block and its
environment.
• Simplified Syntax:
Port (port-declaration, port-declaration,);
port declarations:
Port-signal-name: in port-signal-type: =initial-value
Port-signal-name: out port-signal-type: =initial-value
Port-signal-name: in out port-signal-type: =initial-value
Port-signal-name: buffer port-signal-type: =initial-value
Port-signal-name: linkage port-signal-type: =initial-value
13. Sensitivity List
• Formel Définition : A list of signals a process is sensitive to.
• Simplified syntax:
(Signal-name, signal-name, ---)
Formal Definition

MRIET 34 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

14. Standard Logic

• Formal Definition :A nine-value resolved logic type. Std-logic is not a part of the
VHDL standard. It is defined in IEEE Std 1164.
• Simplified syntax:
Type std-ulogic is (‘U’, -- Uninitialized
‘X’, -- Forcing Unknown
‘0’, -- Forcing 0
‘1’, -- Forcing 1
‘Z’ -- High Impedance
‘W’--Weak Unknown
‘L’--Weak 1
‘-‘--Don’t Care);
Type std-ulogic-vector is array (natural range <>) of std-ulogic Function resolved (s: std-
ulogic-vector) return std-ulogic;

6.1.8 Data Types

There are many data types available in VHDL. VHDL allows data to be
represented in terms of high-level data types. These data types can represent individual
wires in a circuit, or can represent collections of wires using a concept called an array. The
preceding description of the comparator circuit used the data types bit and bit vector for its
inputs and outputs. The bit data type (bit vector is simply an array of bits) values of '1' and
'0' are the only possible values for the bit data type. Every data type in VHDL has a defined
set of values, and a defined set of valid operations. Type checking is strict, so it is not
possible, for example, to directly assign the value of an integer data type to a bit vector
data type. (There are ways to get around this restriction, using what are called type
conversion functions.) VHDL is rich language with many different data types.
The most common data types are listed below:

Bit: a 1-bit value representing a wire. (Note: IEEE standard 1164 defines a 9-valued
replacement for bit called std_logic.)

Bit vector: an array of bits. (Replaced by std_logic_vector in IEEE 1164.)

Boolean: a True/False value.

Integer: a signed integer value, typically implemented as a 32-bit data type.

MRIET 35 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

Real: a floating-point value.

Enumerated: used to create custom data types.

Record: used to append multiple data types as a collection.

Array: can be used to create single or multiple dimension arrays.

Access: similar to pointers in C or Pascal.

file: used to read and write disk files. Useful for simulation.

Physical: used to represent values such as time, voltage, etc. using symbolic units of
measure (such as 'ns' or 'ma').

6.1.9 Packages and Package Bodies

A VHDL package declaration is identified by the package keyword, and is used to
collect commonly used declarations for use globally among different design units. You can
think of a package as being a common storage area, one used to store such things as type
declarations, constants, and global subprograms.

A package can consist of two basic parts: a package declaration and an optional
package body. Package declarations can contain the following types of statements:

1. Type and subtype declarations

2. Constant declarations

3. Global signal declarations

4. Function and procedure declarations

5. Attribute specifications

6. File declarations

7. Component declarations

8. Alias declarations

9. Disconnect specifications

10. Use clauses

MRIET 36 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

CHAPTER 7 - SOFTWARE REQUIREMENTS

7.1 XILINX
It requires Xilinx ISE 13.1 version of software where Verilog source code can be
used for design implementation.

7.1.1 Introduction to XILINX ISE:

This instrument can be utilized to make, execute, reenact, and integrate Verilog
outlines for usage on FPGA chips.
ISE: Integrated Software Environment
• Environment for the improvement and trial of computerized systems configuration
focused to FPGA or CPLD
• Integrated gathering of apparatuses available through a GUI
• Based on an intelligent combination motor (XST: Xilinx Synthesis Technology)
XST underpins diverse dialects:
➢ Verilog
➢ VHDL
• XST create a net rundown incorporated with requirements
• Supports every one of the means required to finish the plan:
• Translate, guide, place and course
• Bit stream era
For this situation, it is conceivable to utilize Verilog to compose a test seat to confirm
the usefulness of the outline utilizing documents on the host PC to characterize jolts, to
interface with the client, and to contrast comes about and those normal.
A Verilog show is converted into the "doors and wires" that are mapped onto a
programmable rationale gadget, for example, a CPLD or FPGA, and after that it is the real
equipment being designed, instead of the Verilog code being "executed" as though on some
type of a processor chip.
7.1.2 Implementation:
➢ Synthesis (XST)
- Produce a netlist file starting from an HDL description
➢ Translate (NGDBuild)

MRIET 37 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

– Converts all input design netlists and then writes the results into a single merged
file, that describes logic and constraints.
➢ Mapping (MAP)
– Maps the logic on device components.
– Takes a netlist and groups the logical elements into CLBs and IOBs (components of
FPGA).
➢ Place And Route (PAR)
– Place FPGA cells and connects cells.
➢ Bit stream generation

7.1.3 XILINX Design Process:

Step 1: Design entry
– HDL (Verilog or VHDL, ABEL x CPLD), Schematic Drawings, Bubble
Diagram
Step 2: Synthesis
– Translates .v, .vhd, .sch files into a netilist file (.ngc)
Step 3: Implementation
– FPGA: Translate/Map/Place & Route, CPLD: Fitter
Step 4: Configuration/Programming
– Download a BIT file into the FPGA
– Program JEDEC file into CPLD
– Program MCS file into Flash PROM
Simulation can occur after steps 1, 2, 3
The tools used in this thesis are XILINX ISE 13.1 for simulation and Synthesis. The
programs are written in verilog language.
Xilinx Tools is a suite of software tools used for the design of digital circuits
implemented using Xilinx Field Programmable Gate Array (FPGA) or Complex
Programmable Logic Device (CPLD). The design procedure consists of (a) design entry,
(b) synthesis and implementation of the design, (c) functional simulation and (d) testing
and verification. Digital designs can be entered in various ways using the above CAD tools:
using a schematic entry tool, using a hardware description language (HDL) – Verilog or

MRIET 38 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

VHDL or a combination of both. In this thesis we will only use the design flow that
involves the use of Verilog HDL.

7.1.4 Creating a New Project

Xilinx Tools can be started by clicking on the Project Navigator Icon on the
Windows desktop. This should open up the Project Navigator window on your screen. This
window shows (see Figure 1) the last accessed project.

Figure 10 : Creating a project

7.1.5 Opening a project

Select File->New Project to create a new project. This will bring up a new project window
(Figure 2) on the desktop. Fill up the necessary entries as follows:

Figure 11 : Opening a Project

Project Name: Write the name of your new project

MRIET 39 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

Project Location: The directory where you want to store the new project (Note: DO NOT
specify the project location as a folder on Desktop or a folder in the Xilinx\bin directory.
Your H: drive is the best place to put it. The project location path is NOT to have any
spaces in it eg: H:\Full Adder\F A is NOT to be used).Leave the top level module type as
HDL.
Clicking on NEXT should bring up the following window:

For each of the properties given below, click on the ‘value’ area and select from the list of
values that appear.
Device Family: Family of the FPGA/CPLD used. In this thesis we will be using the
Spartan3E FPGA’s.
Device: The number of the actual device. For this lab you may enter XC3S100E (this can
be found on the attached prototyping board)
Package: The type of package with the number of pins. The Spartan FPGA used in this lab
is packaged in VQ100 package.
Speed Grade: The Speed grade is “-5”.
Synthesis Tool: XST [VHDL/Verilog]

MRIET 40 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

Simulator: The tool used to simulate and verify the functionality of the design. Modelsim
simulator is integrated in the Xilinx ISE. Hence choose “Modelsim-XE Verilog” as the
simulator or even Xilinx ISE Simulator can be used.
Then click on NEXT to save the entries.

A project summary window is opened click on finish.

In order to open an existing project in Xilinx Tools, select File->Open Project to show the
list of projects on the machine. Choose the project you want and click OK.

Clicking on NEXT on the above window brings up the following window:

MRIET 41 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

If creating a new source file, Click on the NEW SOURCE.

A window pop up is opened.

Select Verilog Module and in the “File Name:” Enter the name of the Project. Then click
on Next to accept the entries. This pops up the following window.

MRIET 42 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

In the Port Name column, enter the names of all input and output pins and specify the
Direction accordingly. A Vector/Bus can be defined by entering appropriate bit numbers
in the MSB/LSB columns. Then click on Next>to get a window showing all the new source
information.

click on Finish to continue.

The source file will now be displayed in the Project Navigator window.

The source file window can be used as a text editor to make any necessary changes to the
source file. All the input/output pins will be displayed. Save your Verilog program
periodically by selecting the File->Save from the menu. You can also edit Verilog
programs in any text editor and add them to the project directory using “Add Copy Source”.

MRIET 43 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

7.1.6 Simulating and Viewing the Output Waveforms:

Click on simulation select the existing file and expand ISim Simulator and click on
Behavioral check syntax to check the Errors.

Figure 12 : Simulating and Viewing the Output Waveforms

MRIET 44 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

If there are no errors click on simulate behavioral model. A window pop up is opened.

Here we can give the inputs. Right click on the selected input click on force constant and
enter the input value click on Ok.
Click on Run option in the tool bar to check input and output waveforms.

MRIET 45 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

7.1.7. Synthesis and Implementation of the Design:

Click on Implementation select the existing file and double click on Synthesize-
XST. If there are errors correct it. If there are no errors click on design summary and
reports.

Figure 13 : Synthesis and Implementation of the Design

Open the Synthesis Report in the Detailed Reports to see the Device utilization Summary
and Timing Report of the current project.

MRIET 46 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

7.1.8 View RTL Schematic:

Expand Synthesize-XST and click on view RTL Schematic and click ok.

Figure 14 : View RTL Schematic

The window with Top module is opened to view the internal modules click on the top
module.

MRIET 47 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

CHAPTER 8 - SIMULATION RESULTS

8.1 Simulation Result

Figure 15 : Simulation result of Encryption

In fig 8.1 shows the output of encryption. Here the input is given as plain text of
128 bits and key length as 256 bits it generates output chiper text as 128 bits

Figure 16 : Simulation result of Decryption

In fig 8.2 shows the output of encryption. Here the input is given as chiper text of
128 bits and key length as 256 bits it generates output plain text as 128 bits

MRIET 48 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

8.2 Block Diagram

Figure 17 : Block diagram of Encryption

Figure 18 : Block diagram of Decryption

8.3 RTL

Figure 19 : RTL of Encryption

MRIET 49 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

Figure 20 RTL of Decryption

8.4 Technology

Figure 21 : Technology of Encryption

Figure 22 : Technology of Decryption

MRIET 50 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

CHAPTER 9 – FUTURE SCOPE AND CONCLUSION

Future Scope
In this project, the widely recognized Advanced Encryption Standard (AES) algorithm was
successfully analyzed, designed, and simulated using VHDL, demonstrating its
effectiveness for secure data encryption. A key innovation in the proposed architecture is
the use of digital biometric input as the encryption key, which significantly improves key
security and management by eliminating manual key input—a common source of
vulnerability in conventional systems. This enhancement not only reduces the risk of
unauthorized key access and leakage, but also aligns with modern biometric security
trends.
Moreover, the design introduces an optimized S-box structure, which minimizes
hardware resource consumption by avoiding traditional block RAM usage. This makes the
architecture more suitable for lightweight cryptographic applications, especially in
resource-constrained environments such as IoT devices and embedded systems. The
simulation results validate the functionality and efficiency of the design, marking a step
forward in creating secure and resource-efficient cryptosystems.

Conclusion
In this project, the most popular encryption algorithm, which is advanced
encryption standard algorithm, has been discussed and successfully designed and simulated
using VHDL. In the proposed architecture, we are providing key as a digital biometric
form, whereas in the conventional design, the key was provided manually so that key
management and key leakage was the major issue. Hence, the proposed design gives a
higher degree of security than the conventional design. Further, in the proposed
architecture, we have optimised the s-box, which requires less hardware, instead of using
hardcore block RAM. The implementation of the Field-Programmable Gate Array (FPGA)
could be the future scope of this work.

MRIET 51 ECE
 ADVANCED ENCRYPTION STANDARD ALGORITHM WITH OPTIMAL S BOX AND AUTOMATED KEY GENERATION

REFERENCES
[1] Daemen J., and Rijmen V, "The Design of Rijndael: AES-the Advanced Encryption
Standard", Springer-Verlag, 2002
[2] FIPS 197, “Advanced Encryption Standard (AES)”, November 26, 2001.
[3] Tessier, R., and Burleson, W., “Reconfigurable computing for digital signal processing:
a survey”, J.VLSI Signal Process., 2001, 28, (1-2), pp.7-27.
[4] Ahmad, N.; Hasan, R.; Jubadi, W.M; “Design of AES S-Box using combinational logic
optimization”, IEEE Symposium on Industrial Electronics & Applications (ISIEA), pp.
696-699, 2010.
[5] Alex Panato, Marcelo Barcelos, Ricardo Reis, “An IP of an Advanced Encryption
Standard for Altera Devices”, SBCCI 2002, pp. 197-202, Porto Alegre, Brazil, 9 and 14
September 2002.
[6] Mr. Atul M. Borkar, Dr. R. V. Kshirsagar and Mrs. M. V. Vyawahare, “FPGA
Implementation of AES Algorithm”, International Conference on Electronics Computer
Technology (ICECT), pp. 401-405, 2011 3rd.

MRIET 52 ECE