Universitatea POLITEHNICA din Bucuresti Facultatea de Automatica si Calculatoare Catedra de Calculatoare http://www.csit- sun.pub.

ro

CALCULATOARE NUMERICE
Proiect de semestru anul III

Prof. Indrum?tor: Dragos Popescu

Studenti: tudenti: Monica Sarbu Tudor Golubenco CA333

smonicas@mymail.ro tudorik@mymail.ro

The subject of the project: IDEA (International Data Encryption

Algorithm) on a Xilinx FPGA board

Proiectul descrie implementarea hardware a algoritmului de criptare / decriptare cu cheie secrete IDEA folosind limbajul Verilog si o placuta FPGA. Pentru testarea implementarii am adaugat modulului o interfata de afisare a caracterelor ASCII pe un dispozitiv LCD Seiko L1682 si un driver de comunicatie cu o tastatura PS2. Lucrarea de fata prezinta atat aspectele teoretice al algoritmului de criptare cat si problemele practice intalnite la implementarea FPGA.

The project presents the IDEA encryption implementation on a Xilinx FPGA board. For testing purposes we attached to our project an interface for displaying ASCII characters on a Seiko LCD L1682 and a PS2 driver for keyboard. This paper presents both the theoretical view of the IDEA and the practical issues we have encountered implementing the algorithm on FPGA.

TABLE OF CONTENTS

Chapter I :
The encryption The encryption keys The encryption algorithm The decryption The decryption keys The decryption algorithm 1 1 2 2 2 3

Chapter II :
How to generate the encryption keys How to generate the decryption keys Extended Euclid's Algorithm 4 6 8

1
Chapter I: The description of IDEA algorithm
IDEA, unlike the other cipher algorithms, is patented by the Swiss firm of Ascom. They have, however, been generous in allowing, with permission, free noncom mercial use of their algorithm, with the result that IDEA is best known as the block cipher algorithm used within the popular encryption program PGP. It is a block cipher which uses a 128- bit length key to encrypt successive 64-bit blocks of plaintext. The procedure is quite complicated using subkeys generated from the key to carry out a series of modular arithmetic and XOR operations on segments of the 64-bit plaintext block.

I.1The encryption
I.1.1 Encryption keys
The encryption scheme uses a total of fifty-two 16-bit subkeys. These are generated from the 128- bit subkey as follows: The 128-bit key is split into eight 16-bit keys which are the first eight subkeys. The digits of the 128-bit key are circular shifted with 25 bits to the left to make a new key which is split into the next eight 16-bit subkeys. The second step is repeated until the fifty two subkeys have been generated.

I.1.2The encryption algorithm

The encryption involves modular multiplication with a modulus 216 + 1 and

addition with a modulus 216 . The 64-bit plaintext block is split into four 16-bit segments. This algorithm uses all the 52 encryption keys. The encryption consists of eight rounds witch uses six encryption keys. Each round has the following steps: Step1: Multiply the first segment of plain text with the key1. Step2: Add the second segment of plaintext with the key2. Step3: Add the third segment of plaintext with the key3. Step4: Multiply the fourth segment of plaintext with the key4. Step5: Calculate step1 xor step3 . Step6: Calculate step2 xor step4 . Step7: Multiply step5 with the key5. Step8: Add step6 with step7. Step9: Multiply step8 with the key6. Step10: Add step7 with the key6. Step11: Calculate step1 xor step9. (its called X0) Step12: Calculate step2 xor step10. (its called X1) Step13: Calculate step3 xor step9. (its called X2) Step14: Calculate step4 xor step10. (its called X3) After eight rounds the encrypted plaintext is given by the last four steps: Step1: Multiply Step2: Multiply Step3: Multiply Step4: Multiply X0 with the 49Th encrypted key. X1 with the 50Th encrypted key. X2with the 51Th encrypted key. X3with the 52Th encrypted key.

I.2The decryption
Decryption uses exactly the same sequence of operations of successive 64bit blocks of the cipher text, but with a different set of subkeys.

I.2.1Decryption keys
The decryption subkeys are worked out from the encryption subkeys being either multiplicative or additive inverses of them. The decryption subkeys for each round (relative to the encryption subkeys s1 to s52) are shown in the table below: 1st round key49 -1 -key50 -key51 key52 -1 key47 key48 2nd round key43 -1 -key45 -key44 key46 -1 key41 key42 3rd round key37 -1 -key39 -key38 key39 -1 key35 key36 4th round key31 -1 -key33 -key32 key34 -1 key29 key30 5th round key25 -1 -key27 -key26 key28 -1 key23 key24 6th round key19 -1 -key21 -key20 key22 -1 key17 key18 7th round key13 -1 -key15 -key14 key16 -1 key11 key12 8th round key7 -1 -key9 -key8 key10 -1 key5 key6 Final transformation.....key1 -1 -key2 -key3 key4 -1 Table1. The decryption keys

Where key1, key2, key3.key52 are the encrypted keys. The decryption involves modular multiplication with a modulus 216 + 1 . Because of this, the inverse of an encrypted key is calculated with Euclid algorithm. This algorithm is presented in the chapter Implementation of this presentation.

I.2.2The decryption algorithm

This decryption algorithm is the same with the encryption algorithm, but it uses other keys.

2
Chapter II: The implementation of algorithm in Verilog II.1.1How to generate the encryption keys
At the beginning of the IDEA algorithm , I generate the encryption keys and I save them in an array of 52 elements of 16 bits. So, in the encryption of IDEA algorithm , I use an integer i in order to memorize the current position of the array. The difficult of generating the encryption keys is when we shifted circular a 128 bits key. We use an auxiliary register, which can memorize the first 25 bits of the key. After that the key is shifted 25 bits to the left and in the end of it is copied the auxiliary register. The code in Verilog which simulate the rotate left is: {aux25,key1} = key1 << 25; key1[24:0] = aux25; Where : aux25 is the auxiliary register , key1 is current 128 bits key.

The IDEA algorithm in Verilog: Initial, we divide the plain text ( data ) in four 16 bits segments : X0,X1,X2,and X3. These four registers are use for the intermediate result s of the algorithm . X0 = data X1 = data X2 = data X3 = data [63:48]; [47:32]; [31:16]; [15:0];

Because we need to do arithmetic operations on double size (32 bits), we use 32 bits registers, instead of 16 bits registers. So, X0, X1, X2, X3, c1, c2, c3, c4, c5, c6 are 32 bits registers, where c1,c2, c3, c4, c5, c6 are those keys that are used at a round of encryption. p2 = (X1 + c2) % 65536; p3 = (X2 + c3) % 65536; Because p1 and p2 must contain a 16 bits data, we extract the module of the addition. We want to calculate p1 = (X0[15:0] * c1[15:0]) % 65537. Because doesn't support a division by a number that isnt power of 2, we must simulate the process of division. We use Multiply and then division algorithm.

Fig.1 Multiply and then division algorithm. There are many algorithms for modular multiplication operation. The basic one is multiply and then divides operand. The multiply- and- divide method first multiply two operands A and B. Then the result P=AB is 2k-bits number. After that, P is divided by n and it reduced to k-bits number P=P%n . In this project, for division, restoring division algorithm is used. As we do not need quotient, we ignore the bits of the quotient. First, n is shifted to left by k-bits, as in the Fig.1. Subtract shifted n from t and if remainder >0 move on to next iteration or if remainder<0, pass to next step

without substruction. Input: t, n Output : R=t mod n So, the algorithm is described in the table below. 1.R0 = t 2.n := 2k * n 3.for i = 1 to k 4. Ri := Ri-1 n 5. if Ri < 0 then Ri = Ri-1 6. n := n / 2 7.return Rk

Our Verilog implementation of this algorithm is organized in a state machine. And has the follow aspect.
module multiply(CLK, RESET, A, B, RES, FINISH); input CLK, RESET; input [15:0] A, B ; output [15:0] RES ; output FINISH; reg reg reg reg reg reg [15:0] [16:0] [31:0] [31:0] [31:0] RES ; FINISH, buf_FINISH; fact1, fact2; p, next_p; div, next_div; pant, next_pant; state, next_state; i;

reg [2:0] reg [4:0]

always @(posedge CLK or posedge RESET) begin if (RESET) begin if (A == 0) fact1 = 65536; else fact1 = A; if (B == 0) fact2 = 65536; else fact2 = B; div = 65537 << 15; state = 1; end else begin state = next_state; p = next_p; div = next_div; pant = next_pant; end end always @(state or A or B or p or div or pant or fact1 or fact2 or i)

begin next_state = state; next_p = p; next_div = div; next_pant = pant; case(state) 0 : next_state = 0; // IDLE state

1 : begin buf_FINISH = 0; next_p = fact1 * fact2 ; i = 0; next_state = 2; end 2: begin if (i == 16) next_state = 4; else begin next_pant = p; next_p = p - div; next_state = 3; end end 3 : begin if (p[31] == 1'b1) next_p = pant; i = i + 1; next_div = div >> 1; next_state = 2; end 4: begin buf_FINISH = 1; RES = p; next_state = 0; end endcase end always @(buf_FINISH) FINISH = buf_FINISH; endmodule

II.1.2 How to generate the decryption keys

We use the array of encryption keys in order to generate an array of decryption keys. The correspondences between these types of keys are presented in table 1. The first line and the last two lines from the table use the same order of the keys. The other lines seemed to be the same, but they are different from the first one. Because of this, we treated differently each group of identical lines.

II.1.2.1 Extended Euclid's Algorithm

The multiplicative inverse can be found by using the extended Euclid's algorithm, which is essentially when the GCD(X, Y) = 1 then X has a multiplicative inverse modulo Y, where X < Y and X-1 < Y, such that X * X-1 ? 1 mod Y. For this algorithm we need the follow variables: Q, R, Rant, Rnext, U, Uant, Unext, V, Vant, Vnext. The C version of the algorithm: int euclid(int x,int y) { int q ,r = x,rant = y, rnext , u = 1, uant = 0, unext, v = 0, vant = 1, vnext; while(r!=1) { q = rant / r; rnext = rant % r; unext = uant (q*u); vnext = vant (q*v); rant = r; r =rnext; uant = u; u = unext; vant = v; v =vnext; } if(u>=0) return u; else return 65537 + u; } Once you get a 1 under R then you have found the multiplicative inverse under U. In this case the multiplicative inverse for CD0D * CD0D-1 mod 65537, is EA33. The C code is translated in Verilog and we obtain the follow state machine.
case( state ) 0: begin Rant = (1 << width)+1 ; R = in; Uant = 0; U = 1; Vant = 1; V = 0; next_state = 1; end 1 : begin if (R == 1) begin if (U[width] === 1'b1) out = ((1 << width) + 1) + U; else

out = U; next_state = 5; end else begin Q = Rant / R; Rnext = Rant % R; next_state = 2; end end 2 : begin Unext = Uant - (Q * U); Vnext = Vant - (Q * V); Rant = R; next_state = 3; end 3 : begin R = Rnext; Uant = U; Vant = V; next_state = 4; end 4 : begin U = Unext; V = Vnext; next_state = 1; end 5: next_state = 5; endcase