180 likes | 379 Views
Encryption / Decryption on FPGA Midterm Presentation. Written by: Daniel Farcovich ID. 303710388 Saar Vigodskey ID. 039608153 Advisor: Mony Orbach. Summer Semester 2011 (August – October). Project Goal.
E N D
Encryption / Decryption on FPGA Midterm Presentation Written by: Daniel Farcovich ID. 303710388 Saar Vigodskey ID. 039608153 Advisor: MonyOrbach Summer Semester 2011 (August – October)
Project Goal • Creation of data cryptography system using hardware components of type FPGA DE2-110 with cyclone II EP2C35 device, designated to external memory devices such as Disk-On-Key • The system will encrypt the data efficiently according to standard encryption algorithms, which are being used by the private sector. • The encryption will be symmetric or asymmetric and made by keys.
AES • Advanced Encryption Standard, also known as “Rijndael”, is a block cipher, which has been adopted at November 2001 by NIST (National Institute of Standard and Technology), as standard FIPS PUB 197, after a five year process. • The algorithm was developed by two Belgian cryptography experts Joan Daemen and Vincent Rijmen.The cipher is iterative , quick and comfortable to implement both by software and hardware, and it hasn’t high memory requirements. The block size is determined to 128 bit, and 128 bit key length.
Algorithm Description • Most of the AES calculations are made through 10 rounds. Each round consists 4 steps, state transformation. The state describes the current data block as a 2D, 4X4 array of bytes. In each round a “Round Key” is created by the key-expansion process. • AES encryption includes 4 steps: • SubBytes • ShiftRows • MixColumns • AddRoundKey
x9 • Cipher • data AddRoundKey SubBytes ShiftRows MixColumns AddRoundKey • encrypted • data SubBytes ShiftRows AddRoundKey Key Expansion • key Inv ShiftRows Inv SubBytes AddRoundKey • data • encrypted • data AddRoundKey Inv ShiftRows Inv SubBytes AddRoundKey Inv MixColumns • Inverse Cipher • x9
Possible Implementations As far as speed and space are concerned, full piped architecture will provide the best timing parameters, with the space limitations of cyclone II device.
Full Piped ArchitectureTop Level INPUT data [0..127] – raw data ed – ‘0’ for encryption, ‘1’ for decryption clk – system clock rst – high active key[0..127] – 128 bit cryptography key OUTPUT data_out [0..127] – processed data valid_out – ‘1’ when key expansion is ready
Round Module Cryptography direction determined using ‘e_d’ signal. When encryption (decryption) is needed, the decryption (encryption) components are not active.
Subytes Module Sbox is M4k RAM Block 8*256*2= 4608 bytes Each Sbox translates 2 cells, 8 Sboxes. Total RAM for Subytes module is 32,768 bytes.
Timing Analysis Despite this result, we will use the DE2 PIN_N2 internal clock (50MHz). Encryption or decryption of 1MByte of data will take about 1.3[msec]
Post Synthesis Simulation Expanded key is ready Data input Set key. Reset Key expansion process (40 cycles) System is ready to receive data, set data. Each cycle set 128 input data. First output is given after 10 cycles from step 4.
Testing and verification start Vhdl editor synthesis program no Modelsim simulation Post synthesis simulation Testing using Signaltap and memory sampling ok ok ok yes yes yes no no end • The verification is done using Example Vectors taken from the AES standard. • The final test is to encrypt data using the encryption block and to decrypt the output using the decryption block and compare the result with the original data.
Testing Environment PC DE2 AES Out Memory In Memory UART