54522002 triple-des-vhdl-project

1

CHAPTER - 1

1.1 INTRODUCTION

Power analysis attacks have attracted significant attention within the

cryptographic community. So far, they have been successfully applied to different kinds

of (unprotected) implementations of symmetric and public-key encryption schemes.

Although less general than classical cryptanalysis (because they target one specific

implementation), power analysis attacks usually present a very serious threat for practical

cryptosystems implemented on various platforms. Among the different countermeasures

proposed to protect an implementation from such attacks, one of the most popular is the

Boolean masking method. In this proposal, the cryptographic algorithm is modified in

such a way that the intermediate data never appears as such, but is always “masked” with

random Boolean vectors. The masking has been successfully applied to smart card

implementations of the DES and the AES Rijndael. However, recent works have shown

that power analysis attacks are also practical against ASIC and FPGA implementations of

cryptographic algorithms. A practical problem is therefore to protect these devices.

In this context, one important concern is the implementation cost of the

countermeasure. In particular, the protected algorithms usually have much higher memory

requirements than the unmasked ones. For this reason, it is often assumed that masking is

not a practical solution for the protection of hardware implementations. On the opposite,

it is demonstrated in this project that FPGA implementations of the DES offer very

simple and interesting opportunities to implement the Boolean masking method. In

practice a secure cryptographic design based on the use of large embedded memories

available inside certain recent FPGAs. As the efficiency of the proposal highly depends on

the size of the substitution tables used in the encryption algorithm, it was particularly

well-fitted to the DES (and, for example, could not be applied as such to the AES

Rijndael). Therefore, resulting protected DES implementation only requires a moderate

additional hardware cost. It is observed that, most of the present counter measures against

side-channel attacks; the masking does not provide any perfect security and only makes

the attack more difficult.

2

1.2 POWER ANALYSIS

In Cryptography, power analysis is a form of side channel attack in which the

attacker studies the power consumption of cryptographic hardware device (such as a

smart card, tamperproof,”blackbox”, microchip, etc.).It can yield information about what

the device is doing, and including key and other secrets.

Since increasingly confidential data are being exchanged on electronic way an

ever greater importance is attached to the protection of the data. Where cryptosystems

are being used in real applications attacks have to be taken into account. Hard and

software implementations themselves present a vast field of attacks. Side-channel-

Attacks exploit information that leaks from a cryptographic device. Especially one of

these new attacks has attracted much attention since it has been announced. This method

is called Differential Power Analysis (DPA) and was presented in 1998 by Cryptography

Research. DPA uses the information that naturally leaks from a cryptographic hardware

device, namely the power consumption. A less powerful variant, the Simple Power

Analysis (SPA) was also announced by Cryptography Research. What does a DPA

attack require? First, an attacker must be able to precisely measure the power

consumption. Second, the attacker needs to know what algorithm is computed, and third

an attacker needs the plain or ciphertext. The strategy of the attacker is to make a lot of

measurements, and then divide them with the aid of some oracle into two or more

different sets. Then, statistical methods are used to verify the oracle. If and only if the

oracle was right, one can see noticeable peaks in the statistics.

1.2.1 Differential Power Analysis: is an extension of power analysis that can allow an

attacker to compute the intermediate values of data blocks and key blocks by statistically

analyzing data collected from multiple cryptographic operations.

1.2.2 Basics (Simple power Analysis)

Examining graphs of time against current used by a device can often show exactly

what the device is doing at a given point. For example, on a graph of smartcard

performing a DES encryption, the sixteen rounds can be seen clearly.

3

The currents passing through a device are usually small, but standard digital

oscilloscopes equipment is precious and accurate enough to measure data –induced

variations. It is reasonable for a cryptosystem designer to assume that an adversary will

have access to such equipment.

Power analysis does not seek to find weaknesses in algorithm or protocols so

much as in their implementations. It provides a way to “see inside” otherwise

„tamperproof‟ hardware. For example, DES‟s key schedule involves rotating 28 – bit key

register. In order to save time, most implementations simply check the least significant

bit to see if it is a 1 . If so, divides the register by two and prepends the 1 at the left end.

Power analysis can show the difference between a register with a 1 and a register with a 0

at the end when this happens. This can leak information about key material. DES‟s

permutations, usually clumsily implemented in software, reveal even more information

through conditional branches.

1.3 Differential Power analysis

Differential Power analysis (DPA) is a side – channel attack which involves

statistically analyzing power consumption measurements from a cryptosystem. The

attacks exploits biases varying power consumptions of microprocessors or other hardware

while performing operations using secrete keys. DPA attacks have signal processing and

error correction properties which can extract secrets from measurements which contain

too much noise to be analyzed using simple power analysis. Using DPA, an adversary

can obtain secret keys by analyzing power consumption measurements from multiple

cryptographic operations performed by vulnerable smart card or other device.

1.4 Preventing simple and differential power analysis attacks

Simple power analysis can most easily distinguish conditional branches in the

execution of the cryptographic program since a device does different things (requiring

different power) depending on which conditional branch is executed. For this reason, care

should be taken to ensure there should no differences (from a power perspective) in the

conditionals branches within cryptographic software implementations. All rotations,

4

permutations and logic operations (such as XOR) should take the same time and draw

equivalent power, no matter what the input.

There are, however, some algorithms with inherently significant branching to

eliminate information leakage from these, software engineers may have to be very

creative. This Creative engineering may cause of performance reduction (in speed

typically), and will almost always required greater development, which must be weighed

against possibility of power analysis. An alternative, some cases is to use hardwired

hardware cryptographic device. Their power consumption can vary very little, due to

their construction. However, in the case of smart cards for example, it is not always

possible to place software implementations with hardware implementations.

Differential power analysis is more difficult to prevent, since even small biases in

the power consumption can lead to exploitable weaknesses. Some countermeasure

strategies involve algorithmic modifications such that the cryptographic operations occur

on data that is related to the actual value by some mathematical relationship that survives

the cryptographic operation. This is called blinding, and usually implies an algorithm

that is based on number theory, such as factoring or discrete algorithms.

1.5 Power Analysis Foundations

Almost every digital circuit built today is based on Complementary Metal Oxide

Semiconductor (CMOS) technology. Therefore it is necessary to understand the power

consumption characteristics of this technology. If a CMOS gate changes its state, this

change can be measured at the Vdd (Vss) pin. The more circuits change their state, the

more power is dissipated. In a synchronous design, gates are clocked which means that

all gates change their state at the same time. Power dissipated by the circuit can be

monitored by using a small resistor Rm in series between Vdd (or Vss) and the true source

(or ground). The two most essential parts of the power consumption during a change of a

state are the dynamic charge respective discharge (appr. 85%) and the dynamic short

circuit current (appr. 15%). This is sketched on the example of an inverter shown in

figure 1.1. The output of each gate has a capacitive load, consisting of the parasitic

capacity of the connected wires and gates of the following stages. An input transition

5

results in an output transition, which discharges or charges this parasitic capacity, causing

a current flow to Vdd (or Vss). This current is the dynamic charge is the dynamic charge

resp. discharge current. By measuring current Flow on Vdd we can detect whether the

output changed from 0 to 1 or not.

Figure 1.1Inverter

1.6 Differential Power Analysis of DES

In the DES the subkey splits up in eight blocks, one for every sbox. Therefore we

specify one target sbox for which we list all possible (=26) input values. We will refer to

such an input value as subkey block. As assumed above we know the ciphertext, and so

we can calculate the value of some of the bits in L15 for every possible subkey block. We

select one of these bits as our target bit. The value of the target bit is our selection

function D. If D=1 the corresponding power measurement will be put in sample set S1, if

D-0 it is classified to S0. This procedure is repeated for a lot of measurement, so at the

end we have, for every ciphertext and all subkey blocks, a classification of the

corresponding measurement. Let n denote the amount of ciphertext, respective

measurements. Then we can write all our classifications in a 26 x n matrix. So every line

represents a possible key for the target sbox, and every column represents the

classification of one ciphertext resp. measurement.

For the DPA attack go through all lines and build the two sample sets S0 and S1.

Then compute the mean (point wise) of the samples in the sets, M0 and M1, and compute

the difference. For the correct subkey block there must be a peak in the trace of the

difference.

6

1.7 ROM DESIGN AND EVALUATION AGAINST POWER ANALYSIS ATTACK

1.7.1 Power Simulation on an 8 x 8 ROM

The ROM of 3-bit input, 8-bit output is as shown in figure 2.2. It consists of two

main components: a 3 to 8 decoder and a memory array. The decoder is made up of

eight 3-input AND gates each driven by a min-term of the 3 input signals. The memory

array is an array of pull-down N-type transistors, on each intersection of a horizontal

address line and a vertical data line. Increase the Hamming weight (the number of “1”s)

of the ROM content one by one.

Figure 1.2 8 x 8 ROM

For each Hamming weight, randomly distribute the locations of “1”s (N-type

transistors) and run power simulations around 10 times. The power consumption versus

Hamming weight information is leaked, as average power increases linearly with it.

1.7.2 Inserting randomness in to ROM

These are two dimensions of freedom which cause power consumption variation

given a certain Hamming weight:

7

i. Duty cycle of address lines

ii. N-type transistors distribution

The duty cycle of address lines are not identical to each other, due to inverter

delay in the address decoder. When one address line is selected and the N-type

transistors on it are turned on, the power dissipation caused by short-circuit current is

approximately proportional to the duty cycle of selected address line. As a result, the

power consumption differs when locations of N-type transistors change between different

address lines.

The power consumption variation caused by duty cycle nuance can be exploited

to mask the linearity between the power and the Hamming weight. One may consider

increasing the duty cycle nuances in address lines. But the influence would be slight

since differences of some duty cycles are very small. Moreover, it increases the risk of

timing analysis attack which in turn cancels the improvement on power information

leakage.

An alternative is to modify the N-type transistor distribution by using extra

dummy bit line, i.e. to increase the scope of N-type transistor distribution over a larger

ROM whose circuit is shown in Figure 1.3.

Figure 1.3 8 x 8 ROM with extra bit lines, for random insertion

8

1.7.3 Dual-rail ROM design

It is observed that a dual-rail ROM design may be a better countermeasure. Dual-

rail refers to an encoding system where two-bit value “01” stands for Logic-0,”10” for

logic-1. The dual rail ROM has a double numbers of bit lines, which in pairs represent

logic words. With this encoding technique, a constant number (half the number of

bilieness) of N-type transistors will be turned on no matter which address line is selected.

Figure 1.4 shows a dual-rail 8 x 8 ROM example which has 16 bit lines to output

8-bit words. Run power simulation on it similar to its bundle-data version, but

increasing the number of logic-1 instead of increasing the number of “1”s, which is

consistently equal to half of the total intersections of address lines and bit lines.

Figure 1.4 Dual-rail 8 x 8 ROM, 16 bit lines representing 80bit word

9

1.8 RANDOM NUMBER GENERATOR

1.8.1 INTRODUCTION

The need for random numbers in cryptographic processes is ubiquitous.

Initialization vectors block padding, challenges, nonce‟s, and, of course, keys are some of

the cryptographic objects where a string of unpredictable bits is required. Often the same

Random Number Generator (RNG) supplies bits for all of the above uses in a

cryptographic system. Many of the bits generated by the RNG are transmitted in the clear

and thus a passive attacker has ample opportunity to analyze the output of the RNG and

can leverage any weaknesses found there.

The random number generator (RNG) is an important cryptographic primitive

widely used for one time pads, key generation and authentication protocols. The securities

of such systems rely on the assumption that future values in the random number sequence

cannot be predicted from the observed sequence. There are two types of random number

generators commonly used for cryptographic applications. The true random number

generator (TRNG) derives its output from a physical noise source whereas a

pseudorandom number generator (PRNG) expands a relatively short key (possibly from a

TRNG) into a long sequence of seemingly random bits based on a deterministic algorithm.

A cryptographically secure random bit generator (CSRBG) is one which produces

sequences for which there is no polynomial time algorithm which, on input of the first l

bits of the output sequence s, can predict the (l + 1 )st bit of s with a probability

significantly greater than I.

Field programmable gate array (FPGA) devices have been successfully used for

the implementation of cryptographic hardware, some examples being the data encryption

standard (DES), advanced encryption standard (AES) candidate finalists, IDEA and RSA

cryptography. In these and other implementations, FPGAs had ad-vantages in

performance, design time, power consumption, flexibility, cost or area over comparable

microprocessor and very large scale integration (VLSI) based systems.

These designs are intended for integration with other FPGA based cryptographic

hardware to produce embedded cryptosystems on a single FPGA. Apart from achieving a

higher level of integration, keeping the critical random number generation operations

10

internal to the device achieves better security since these data do not need to be passed to

the FPGA via the pins.

In many applications, highly secure random numbers are required only at very low

bit rates, perhaps to generate a single key for the lifetime of the application. An example

is public key cryptography where, once a key pair is generated, the same key is used for

subsequent applications. The TRNG and PRNG reported in this paper are designed for

low bit rate applications and both are able to generate highly secure random numbers

while occupying minimal resources. They are particularly suitable for applications where

integration of the RNG and other cryptographic algorithms on the same FPGA is

required.

Given the importance of random number generation, surprisingly few hardware

implementations of TRNGs have been reported. There are three commonly used

techniques namely oscillator sampling, direct amplification and discrete time chaos. In

the oscillator sampling approach, period variation (i.e. oscillator jitter) in a low frequency

clock of low quality factor (Q) is exploited by using it to sample a high frequency clock.

The direct amplification technique digitizes thermal or shot noise, using a amplifier and

comparator. Finally, chaotic systems can be used to produce TRNGs.

1.9 Kinds of Random Number Generators

RNGs can be separated into two general categories:

1.9.1 Pseudo Random Number Generators (PRNGs):

These generators are algorithms, which are initialized with an externally

generated sequence and produce a much longer sequence that appears to be random.

After being initialized with a seed value the internal state of the generator completely

determines the next bit to be generated. Given the same seed value a PRNG will always

produce the same sequence.

11

1.9.2 True Random Number Generators (TRNGs):

These generators base their output entirely on an underlying random physical

process. Unlike their deterministic cousins there is no internal state kept in the generator

and the output is based only on the physical process and not any previously produced bits.

Often the raw bits generated by the physical source are biased (the probability of a '1' is

not 0.5), and thus some bias reduction is necessary.

12

CHAPTER – 2

CRYPTOGRAPHY

Cryptography is the study of mathematical techniques related to aspects of information

security such as confidentiality, data integrity, entity authentication, and origin authentication.

2.1 Basic terminology and concepts

Cryptanalysis is the study of mathematical techniques for attempting to defeat

cryptographic techniques, and, more generally, information security services.

A cryptanalysts is someone who engages in cryptanalysis.

Cryptology is the study of cryptography and cryptanalysis.

Cryptosystem is a general term referring to a set of cryptography primitives used to

provide information security services. Most often the term is used in conjunction with

primitives providing confidentiality, i.e. Encryption.

It is an art of science that conveys message from source to destination in a secured

basis. There are two kinds of cryptosystems: symmetric and asymmetric. Symmetric

cryptosystems use the same key (the secret key) to encrypt and decrypt a message, and

asymmetric cryptosystems use one key (the public key) to encrypt a message and a

different key (the private key) to decrypt it. Asymmetric cryptosystems are also called

public key cryptosystems.

2.2 Need for security

Steps involved in secured communication:

1. Design an algorithm for performing the security related transformation such that the

opponent cannot defeat its purpose.

2. Generate the secret information to be used with the algorithm.

3. Specify the protocol to be used by the two principles that make use of the security

algorithm.

13

2.3 Threats in communication

2.3.1 Information access threat:

Modification of the data without the knowledge of sender and then transmit the data.

2.3.2 Service threat:

Exploit these flaws in the services available in computer to inhibit the use by legitimate

users.

2.3.3 Types of intruders

Masquerader: An individual who isn‟t authorized to use the computer and who

penetrates a system occurs controls to exploit legitimate users account.

Misfeasor: A legitimate user who access data, programs or resources for which access

isn‟t authorized for such access.

2.4 SYMMETRIC CIPHER MODEL

Symmetric encryption also referred to as conventional encryption or single-key

encryption was the only type of encryption in use prior to the development of public-key

encryption. The most widely used symmetric cipher is TDES.

Plaintext: This is the original intelligible message or data that is fed into the algorithm as

input.

Encryption algorithm: The encryption algorithm performs various substitutions and

transformations on the plaintext.

Secret key: The secret key is also input to the encryption algorithm. The key is a value

independent of the plaintext. The algorithm will produce a different output depending on

the specific key being used at the time. The exact substitutions and transformations

performed by the algorithm depend on the key.

14

Secret key shared by Secret key shared by

Sender and recipient sender and recipient

Transmitted

Cipher text

Plaintext Encryption Algorithm Decryption Algorithm Plaintext

Input (e.g., TDES) (reverse of Encryption output

Algorithm)

Figure-2.1. Simplified Model of Conventional Encryption

Ciphertext: This is the scrambled message produced as output. It depends on the

plaintext and the secret key. For a given message, two different keys will produce two

different ciphertext. The ciphertext is an apparently random stream of data and, as it

stands, is unintelligible.

Decryption algorithm: This is essentially the encryption algorithm run is reverse. It

takes the ciphertext and the secret keys and produces the original plaintext.

2.5 MODEL OF CONVENTIONAL CRYPTOSYSTEM

Figure 2.2 X

K

X Y X

Encryption

Process

Decryption

Process

Message

source

Key

Source

Destination Encryption

Algorithm

Decryption

Algorithm

Cryptanalyst

15

A source produces a message in plaintext, X=[X1, X2, X3. . . , XM].The M

elements of X are letters in some finite alphabet. Traditionally, the alphabet usually

consisted of the 26 capital letters. Nowadays, the binary alphabet {0, 1} is typically used.

For encryption, a key of the form K= [K1, K2, K3……., KJ] IS GENERATED. If the

key is generated at the message source, then it must also be provided to the destination by

means of some secure channel. Alternatively, a third party could generate the key and

securely deliver it to both source and destination.

With the message X and the encryption key K as input, the encryption algorithm

forms the ciphertext Y=[Y1, Y2, Y3, . . . . . . . ., YN]. We can write this as

Y=EK(X)

This notation indicates that Y is produced by using encryption

algorithm E as a function of the plaintext X, with the specific function determined by the

value of the key K.

The intended receiver, in possession of the key, is able to invert the transformation:

X=DK(Y)

An opponent, observing Y but not having access to K or X, may attempt to

recover X or K or both X and K. It is assumed that the opponent knows the encryption

(E) and decryption (D) algorithms. If the opponent is interested in only this particular

message, then focus of the effort is to recover X by generating a plaintext estimate X.

Often, however, the opponent is interested in being able to read future messages as well,

in which case an attempt is made to recover K by generating an estimate K.

16

CHAPTER – 3

DATA ENCRYPTION STANDARD

3.1 DESCRIPTION OF DES

DES (the Data Encryption Standard) is a symmetric block cipher developed by

IBM. The algorithm uses a 56-bit key to encipher/decipher a 64-bit block of data. The

key is always presented as a 64-bit block, every 8th bit of which is ignored. However, it

is usual to set each 8th bit so that each group of 8 bits has an odd number of bits set to 1.

The algorithm is best suited to implementation in hardware, probably to

discourage implementations in software, which tend to be slow by comparison. However,

modern computers are so fast that satisfactory software implementations are readily

available.

DES is the most widely used symmetric algorithm in the world, despite claims

that the key length is too short. Ever since DES was first announced, controversy has

raged about whether 56 bits is long enough to guarantee security.

The key length argument goes like this. Assuming that the only feasible attack on

DES is to try each key in turn until the right one is found, then 1,000,000 machines each

capable of testing 1,000,000 keys per second would find (on average) one key every 12

hours. Most reasonable people might find this rather comforting and a good measure of

the strength of the algorithm.

Those who consider the exhaustive key-search attack to be a real possibility (and

to be fair the technology to do such a search is becoming a reality) can overcome the

problem by using double or triple length keys. In fact, double length keys have been

recommended for the financial industry for many years.

3.1.1 Encryption

Many people are not aware that the information they send or the files stored on

their computers needs to be protected, however when you consider what you have on

your computer and the many ways it can fall into the wrong hands, it does start to make

sense to protect your privacy in some way.

17

Key technology: encryption. Store and transmit information in an encoded form that does

not make any sense. The basic mechanism:

* Start with text to be protected. Initial readable text is called clear text.

* Encrypt the clear text so that it does not make any sense at all. The nonsense

text is called cipher text. The encryption is controlled by a secret password or number;

this is called the encryption key.

The encrypted text can be stored in a readable file, or transmitted over unprotected

channels.

3.1.2 Decryption

To make sense of the cipher text, it must be decrypted back into clear text. This is

done with some other algorithm that uses another secret password or number, called the

decryption key.

All of this only works under three conditions:

18

* The encryption function cannot easily be inverted (cannot get back to clear text unless

you know the decryption key).

* The encryption and decryption must be done in some safe place so the clear text cannot

be stolen.

* The keys must be protected. In most systems, can compute one key from the other

(sometimes the encryption and decryption keys are identical), so cannot afford to let

either key leak out.

Figure-3.1 DES encryption

19

Figure-3.2 DES algorithm

Why DES?

i) High level of security.

ii) Same algorithm with the same key is used for encryption and decryption.

iii) The algorithm and the key could be shared by the sender and receiver.

iv) RSA and Substitution algorithm have some drawbacks, where the DES can

20

Over comes.

v) In the RSA algorithm we use two keys whereas in DES we use only one key for

both encryption and decryption.

vi) There is only one round process in RSA whereas there are 16 rounds of process

in DES.

vii) In substitution algorithm we replace a character by some other character code

whereas in DES we encryption the text and process it for 16 rounds.

3.2 Limitations of DES

Generating the per-round keys that the key is subjected to and a initial

permutation to generate two 28 – bit quantities, C0 and D0. The sixteen suspect keys are

ones for which, C0 and D0 are one of the four values: all ones, all zeroes, alternating ones

and zeroes, alternating zeroes and ones. Since there are four possible values for each

half, there are sixteen possibilities in all. The four weak keys are the ones for which each

of, C0 and D0 are all ones or all zeroes. Weak keys are their own inverses. The

remaining twelve keys are the semi- weak keys. Each is the inverse of one of the others.

3.2.1 Applications

The DES core can be utilized for a variety of encryption applications including:

Secure File/Data transfer

Electronic Funds Transfer

Encrypted Storage Data

Secure communications

3.2.2 Features

FIPS 46-3 Standard Compliant

Encryption/Decryption performed in 16 cycles

(ECB mode)

21

56 bits of security

For use in FPGA or ASIC designs

Verilog IP Core

Non Pipelined version

Small gate count

Pipelined version

Pipelined for maximum performance

Encryption/Decryption performed in 1 cycle

(ECB mode) after an initial latency of 16 cycles

3.3 Triple-DES:

Use of multiple length keys leads us to the Triple-DES algorithm, in which DES

is applied three times. Triple DES is simply another mode of DES operation. It takes

three 64-bit keys, for an overall key length of 192 bits. In Private Encryption, you simply

type in the entire 192-bit (24 character) key rather than entering each of the three keys

individually. The Triple DES DLL then breaks the user provided key into three sub keys,

padding the keys if necessary so they are each 64 bits long. The procedure for encryption

is exactly the same as regular DES, but it is repeated three times. Hence the name Triple

DES, The data is encrypted with the first key, decrypted with the second key, and finally

encrypted again with the third key. Triple DES, also known as 3DES.

Consequently, Triple DES runs three times slower than standard DES, but is

much more secure if used properly. The procedure for decrypting something is the same

as the procedure for encryption, except it is executed in reverse. Like DES, data is

encrypted and decrypted in 64-bit chunks. Unfortunately, there are some weak keys that

one should be aware of: if all three keys, the first and second keys, or the second and

third keys are the same, then the encryption procedure is essentially the same as standard

DES. This situation is to be avoided because it is the same as using a really slow version

of regular DES.

22

Note that although the input key for DES is 64 bits long, the actual key used by

DES is only 56 bits in length. The least significant (right-most) bit in each byte is a parity

bit, and should be set so that there are always an odd number of 1s in every byte. These

parity bits are ignored, so only the seven most significant bits of each byte are used,

resulting in a key length of 56 bits. This means that the effective key strength for Triple

DES is actually 168 bits because each of the three keys contains 8 parity bits that are not

used during the encryption process.

If we consider a triple length key to consist of three 56-bit keys K1, K2, K3 then

encryption is as follows:

•EncryptwithK1

•DecryptwithK2

•Encrypt with K

Decryption is the reverse process:

•Decrypt with K3

•Encrypt with K2

•Decrypt with K1

Setting K3 equal to K1 in these processes gives us a double length key K1, K2.

23

Setting K1, K2 and K3 all equal to K has the same effect as using a single-length (56-bit

key). Thus it is possible for a system using triple-DES to be compatible with a system

using single-DES.

Figure-3.4 Enciphering computation

DES operates on a 64 – bit block of plaintext. After an initial permutation the

block is broken into a right half and left half, each 32 – bits long. Then there are 16

rounds of identical operations, called Function f, in which the data are combined with the

key. After the sixteenth round, the right and left halves are joined, and a final permutation

(the inverse of the initial permutation) finishes off the algorithm.

24

In each round the key bits are shifted, and then 48 – bits are selected from the 56

–bits of the key. The right half of the data is expanded to 48 – bits via an expansion

permutation, combined with 48 –bits of a shifted and permuted key via an XOR, sent

through 8 S- boxes producing 32- new bits, and permuted again. These four operations

make up Function f. The output of Function f is then combined with the left half via

another XOR. The results of these operations become the new right half; the old right half

becomes the new left half. These operations are repeated sixteen times, making 16 rounds

of DES.

Figure 3.5 TDES Algorithm

25

Figure 3.6 Single Round of DES

26

3.4 Initial permutation (IP)

Figure-3.7 Initial permutation

Table-3.1 Initial permutation

IP

58 50 42 34 26 18 10 2

60 52 44 36 28 20 12 4

62 54 46 38 30 22 14 6

64 56 48 40 32 24 16 8

57 49 41 33 25 17 9 1

59 51 43 35 27 19 11 3

61 53 45 37 29 21 13 5

63 55 47 39 31 23 15 7

Table 3.1 specifies the input permutation on a 64-bit block. The meaning is as

follows: the first bit of the output is taken from the 58th bit of the input; the second bit

from the 50th bit, and so on, with the last bit of the output taken from the 7th bit of the

input.

The initial permutation occurs before round one; it transposes the input block as

described in table 3.1 this table, like all the other tables in this chapter , should be read

left to right, top to bottom. For example, the initial permutation moves bit 58 of the

plaintext to bit position 1, bit 50 to bit position 2, and so forth. The initial permutation

and the corresponding final permutation do not affect DES„s security.

27

3.5 Final permutation (IP-1

)

Figure-3.8. Final permutation

Table-3.2 Final permutation

The final permutation is the inverse of the initial permutation; the table is

interpreted similarly. This is shown in table 3.2.

IP-1

40 8 48 16 56 24 64 32

39 7 47 15 55 23 63 31

38 6 46 14 54 22 62 30

37 5 45 13 53 21 61 29

36 4 44 12 52 20 60 28

35 3 43 11 51 19 59 27

34 2 42 10 50 18 58 26

33 1 41 9 49 17 57 25

28

3.6 Expansion permutation (E)

Figure-3.9 Expansion permutation

Table-3.3 Expansion permutation

E

32 1 2 3 4 5

4 5 6 7 8 9

8 9 10 11 12 13

12 13 14 15 16 17

16 17 18 19 20 21

20 21 22 23 24 25

24 25 26 27 28 29

28 29 30 31 32 1

The expansion permutation is interpreted as for the initial and final permutations.

Note that some bits from the input are duplicated at the output; e.g. the fifth bit of the

input is duplicated in both the sixth and eighth bit of the output. Thus, the 32-bit half-

block is expanded to 48 bits.

This operation expands the right half of the data, RI, from 32-bits to 48 bits.

Because this operation changes the order of the bits as well as repeating certain bits, it is

known as an expansion permutation. This operation has two purposes: it makes the right

half the same size as the key for the XOR operation and it provides a longer result that

can be compressed during the substitution operation. However, neither of those is its

main cryptographic purpose. By allowing one bit to affect two substitutions, the

dependency of the output bits on the input bits spreads faster. This is called an avalanche

effect. This is shown in table 3.3.

29

3.7 Permutation (P)

Figure-3.10 Permutation

Table-3.4 Permutation

P

16 7 20 21

29 12 28 17

1 15 23 26

5 18 31 10

2 8 24 14

32 27 3 9

19 13 30 6

22 11 4 25

The 32 – bit output of the S –box substitution is permuted according to a P –box. This

permutation maps each input bit to an output position; no bits are used twice and no bits

are ignored. This is called a straight permutation or just a permutation. This is shown in

table 3.4.

30

3.8 Permuted choice 1 (PC-1)

Figure-3.11 Permuted choice 1

Table-3.5 Permuted choice 1

PC-1

Left

57 49 41 33 25 17 9

1 58 50 42 34 26 18

10 2 59 51 43 35 27

19 11 3 60 52 44 36

Right

63 55 47 39 31 23 15

7 62 54 46 38 30 22

14 6 61 53 45 37 29

21 13 5 28 20 12 4

The "Left" and "Right" halves of the table show which bits from the input key

form the left and right sections of the key schedule state. Note that only 56 bits of the 64

bits of the input are selected; the remaining eight were specified for use as parity bits.

The DES performs a function, on 64 – bits key to generate sixteen 48 bit keys.

Which are k1, K2, k3, .k16.First it does an initial permutation on the 56 useful bits of the

key, to generate a 56 –bit output, which it divides into two 28 bit values, called Co and

Do. The permutation is specified as in Table 4.5.

31

3.9 Permuted choice 2 (PC-2)

Figure-3.12 Permuted choice 2

Table-3.6 Permuted choice 2

Permutation to obtain the left half of Ki

PC-2

14 17 11 24 1 5

3 28 15 6 21 10

23 19 12 4 26 8

16 7 27 20 13 2

Permutation to obtain the right half of Ki

41 52 31 37 47 55

30 40 51 45 33 48

44 49 39 56 34 53

46 42 50 36 29 32

The permutations in this case are likely to be of some security value. The

permutation of Ci that produces the left half of Ki is shown in Table 3.6.Note that bits 9,

18, 22 and 25 are discarded.

The permutations of the rotated Di – 1 that produces right half of Ki is shown in

Table 3.6.Bits 35, 38, 43, and 54 are discarded. Each of the halves of the Ki is 24 –bits,

so Ki is 48- bits long.

32

3.9 Substitution boxes (S-boxes)

Figure-3.13 Calculation of f(R, k)

After the compressed key is XORed with expanded block, the 48 – bit result

moves to a substitution operation. The substitutions are performed by eight substitution

boxes, or S-boxes. Each S – box has a 6-bit input and a 4-bit output, and there are eight

different S-boxes. The total memory requirements for the eight DES S-boxes are 256

bytes. The 48 bits are divided into eight 6-bit sub-blocks. Each separate block is operated

on by a separate S-box: The first block is operated on by S-box 1; the second block is

operated on by S-box 2, and so on.

Table-3.7 Substitution boxes (S-boxes)

S-boxes

S1

14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7

0 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8

4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0

15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13

33

S2

15 1 8 14 6 11 3 4 9 7 2 13 12 0 5 10

3 13 4 7 15 2 8 14 12 0 1 10 6 9 11 5

0 14 7 11 10 4 13 1 5 8 12 6 9 3 2 15

13 8 10 1 3 15 4 2 11 6 7 12 0 5 14 9

S3

10 0 9 14 6 3 15 5 1 13 12 7 11 4 2 8

13 7 0 9 3 4 6 10 2 8 5 14 12 11 15 1

13 6 4 9 8 15 3 0 11 1 2 12 5 10 14 7

1 10 13 0 6 9 8 7 4 15 14 3 11 5 2 12

S4

7 13 14 3 0 6 9 10 1 2 8 5 11 12 4 15

13 8 11 5 6 15 0 3 4 7 2 12 1 10 14 9

10 6 9 0 12 11 7 13 15 1 3 14 5 2 8 4

3 15 0 6 10 1 13 8 9 4 5 11 12 7 2 14

S5

2 12 4 1 7 10 11 6 8 5 3 15 13 0 14 9

14 11 2 12 4 7 13 1 5 0 15 10 3 9 8 6

4 2 1 11 10 13 7 8 15 9 12 5 6 3 0 14

11 8 12 7 1 14 2 13 6 15 0 9 10 4 5 3

S6

12 1 10 15 9 2 6 8 0 13 3 4 14 7 5 11

10 15 4 2 7 12 9 5 6 1 13 14 0 11 3 8

9 14 15 5 2 8 12 3 7 0 4 10 1 13 11 6

4 3 2 12 9 5 15 10 11 14 1 7 6 0 8 13

S7

4 11 2 14 15 0 8 13 3 12 9 7 5 10 6 1

13 0 11 7 4 9 1 10 14 3 5 12 2 15 8 6

1 4 11 13 12 3 7 14 10 15 6 8 0 5 9 2

6 11 13 8 1 4 10 7 9 5 0 15 14 2 3 12

S8

13 2 8 4 6 15 11 1 10 9 3 14 5 0 12 7

1 15 13 8 10 3 7 4 12 5 6 11 0 14 9 2

7 11 4 1 9 12 14 2 0 6 10 13 15 3 5 8

2 1 14 7 4 10 8 13 15 12 9 0 3 5 6 11

Table 3.7 lists the eight S-boxes used in DES. Each S-box replaces a 6-bit input

with a 4-bit output. Given a 6-bit input, the 4-bit output is found by selecting the row

using the outer two bits, and the column using the inner four bits. For example, an input

"011011" has outer bits "01" and inner bits "1101"; the corresponding output would be

"1001". . .

34

Figure 3.7.1 E table

Figure 3.7.2 Input Key

Figure 3.7.3 Permuted choice one (PC-1)

35

Figure 3.7.4 Permuted choice one (PC-2)

Figure 3.7.5 Rotation in the key schedule

3.11 Rotations in the key-schedule

Before the round subkey is selected, each half of the key schedule state is rotated

left by a number of places. This table specifies the number of places rotated.

Triple DES has two attractions that assure its widespread use over the next few

years. First, with its 168-bit key length, it overcomes the vulnerability to brute-force

attack of DES. Second, the underlying encryption algorithm in Triple DES is the same as

in DES. This algorithm has been subjected to more scrutiny than any other encryption

algorithm over a longer period of time, and no effective cryptanalytic attack based on the

algorithm rather than brute-force has been found. Accordingly, there is a high level of

confidence that 3DES is very resistant to cryptanalysis. If security were the only

consideration, then 3DES would be an appropriate choice for a standardized encryption

algorithm for decades to come.

36

Figure-3.14 Key schedule calculation

37

Figure-3.15 Feistel Decryption Algorithm

38

3.12 DES Decryption

i) Use same function

ii) Key is the key…

Used in reverse order (K1,…, K16 becomes K16,…, K1)

Right circular shift of 0-2 bits

0 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

(1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1)

With DES it is possible to use the same function to encrypt or decrypt a block.

The only difference is that the keys must be used in the reversed order. That is , if the

encryption keys for each round are K1,K2,K3,…K16, then the decryption keys are K16,

K15, K14, …,K1.The algorithm that generates the key used for each round is circular as

well. The key shift is shown above.

3.13 Applications

The DES3 core can be utilized for a variety of encryption applications including:

Secure File/Data transfer

Electronic Funds Transfer

Encrypted Storage Data

Secure communications

3.13.1 Features

FIPS 46-3 Standard Compliant

Encryption/Decryption performed in 48 cycles(ECB mode)

Up to 168 bits of security

For use in FPGA or ASIC designs

Verilog IP Core

39

Non Pipelined version

Small gate count shared DES

Pipelined version

Pipelined for maximum performance

Encryption/Decryption performed in 1 cycle (ECB mode) after an initial latency of 48

cycles

40

ALGORITHM FOR TDES

ENCRYPTION Step1:k1, K2, k3 are the keys in key expander with the selection function.

Step2: If selection function is active i.e. „1‟ then encryption process is activated with key k1.And

this encryption output is given to input of the decryption i.e. selection function is „0‟ with key

K2.

Step3: Decryption output is given to input of encryption i.e. if selection function is „1‟ with k3.

DECRYPTION step4: It is the reverse process of encryption.

ALGORITHM FOR DES

ENCRYPTION Step 1: Initial input data applied is 64 bits.

Step2: The initial permuted data 64 bits is divided into right (32bits) i.e. r0 and left (32bits) i.e.

l0.

58 50 42 34 26 18 10 2

60 52 44 36 28 20 12 4

62 54 46 38 30 22 14 6 left (32 bits) even

64 56 48 40 32 24 16 8

57 49 41 33 25 17 19 1

59 51 43 35 27 19 11 3

61 53 45 37 29 21 13 5 Right (32 bits) odd

63 55 47 39 31 23 15 7

Here each row difference is 8 and column difference is2.

Step3: The right 32bits is given to expansion box where a block gets 48 bits as output written as

8 block.

32 1 2 3 4 5

4 5 6 7 8 9

8 9 10 11 12 13

12 13 14 15 16 17

16 17 18 19 20 21

20 21 22 23 24 25

24 25 26 27 28 29

28 29 30 31 32 33

32 33 34 35 36 37

36 37 38 39 40 41

40 41 42 43 44 45

44 45 46 47 48

41

Step4: 56 bits of key length is compressed to 48 bits.

60 52 44 36 28 20 12 4

62 54 46 38 30 22 14 6

64 56 48 40 32 24 16 8

57 49 41 33 25 17 19 1

59 51 43 35 27 19 11 3

61 53 45 37 29 21 13 5

63 55 47 39 31 23 15 7

Step5:48bits of key length and expansion of 48 bits as XORed and get 48 bits as output.

Key-110000

Expansion-110000

Step6:48 bits of data is given to substitution box s1 to s8 and each block has 64 bits as input and

yields 48 bits block as output i.e. 32 bits.

Step7: pbox yields a 32 bits output and 32bits input by shifting the right and left the bits of the

input blocks.

Step8:32bits are XORed with left 32 bits. so, that total output is 64 bits.

step9: The total procedure repeats till it completes 16 rounds.

DECRYPTION: It is the reverse process of encryption.

ENCRYPTION: It is the reverse process of decryption.

42

SCOPE AND FUTURE DEVELOPMENT

For the foreseeable future Triple DES is an excellent and reliable choice for the

security needs of highly sensitive information. The AES will be at least as strong as

Triple DES and probably much faster.

It's the industry mandate from Visa and MasterCard that's requiring ATM

deployers to upgrade and/or replace their legacy terminals. In a nutshell, it's all about

three waves of encryption, and it's designed to make ATM transactions more secure.

43

VHDL

1. Introduction

VHDL stands for VHSIC (Very High Speed Integrated Circuits) Hardware Description

Language. In the mid-1980‟s the U.S. Department of Defense and the IEEE sponsored

the development of this hardware description language with the goal to develop very

high-speed integrated circuit. It has become now one of industry‟s standard languages

used to describe digital systems. The other widely used hardware description language is

Verilog. Both are powerful languages that allow you to describe and simulate complex

digital systems. A third HDL language is ABEL (Advanced Boolean Equation

Language) which was specifically designed for Programmable Logic Devices (PLD).

ABEL is less powerful than the other two languages and is less popular in industry. This

tutorial deals with VHDL, as described by the IEEE standard 1076-1993.

Although these languages look similar as conventional programming languages, there are

some important differences. A hardware description language is inherently parallel, i.e.

commands, which correspond to logic gates, are executed (computed) in parallel, as soon

as a new input arrives. A HDL program mimics the behavior of a physical, usually

digital, system. It also allows incorporation of timing specifications (gate delays) as well

as to describe a system as an interconnection of different components.

2. Levels of representation and abstraction

A digital system can be represented at different levels of abstraction [1]. This keeps the

description and design of complex systems manageable. Figure 1 shows different levels

of abstraction.

44

Figure 1: Levels of abstraction: Behavioral, Structural and Physical

The highest level of abstraction is the behavioral level that describes a system in

terms of what it does (or how it behaves) rather than in terms of its components and

interconnection between them. A behavioral description specifies the relationship

between the input and output signals. This could be a Boolean expression or a more

abstract description such as the Register Transfer or Algorithmic level. As an example,

let us consider a simple circuit that warns car passengers when the door is open or the

seatbelt is not used whenever the car key is inserted in the ignition lock At the behavioral

level this could be expressed as,

Warning = Igniti_on on AND ( Door _open OR Seatbelt_ off)

The structural level, on the other hand, describes a system as a collection of

gates and components that are interconnected to perform a desired function. A structural

description could be compared to a schematic of interconnected logic gates. It is a

representation that is usually closer to the physical realization of a system. For the

example above, the structural representation is shown in Figure 2 below.

Figure 2: Structural representation of a “buzzer” circuit.

VHDL allows one to describe a digital system at the structural or the behavioral

level. The behavioral level can be further divided into two kinds of styles: Data flow and

45

Algorithmic. The dataflow representation describes how data moves through the system.

This is typically done in terms of data flow between registers (Register Transfer level).

The data flow model makes use of concurrent statements that are executed in parallel as

soon as data arrives at the input. On the other hand, sequential statements are executed in

the sequence that they are specified. VHDL allows both concurrent and sequential signal

assignments that will determine the manner in which they are executed. Examples of both

representations will be given later.

3. Basic Structure of a VHDL file

A digital system in VHDL consists of a design entity that can contain other

entities that are then considered components of the top-level entity. Each entity is

modeled by an entity declaration and an architecture body. One can consider the entity

declaration as the interface to the outside world that defines the input and output signals,

while the architecture body contains the description of the entity and is composed of

interconnected entities, processes and components, all operating concurrently, as

schematically shown in Figure 3 below. In a typical design there will be many such

entities connected together to perform the desired function.

Figure 3: A VHDL entity consisting of an interface (entity declaration) and a body

(architectural description).

VHDL uses reserved keywords that cannot be used as signal names or

identifiers. Keywords and user-defined identifiers are case insensitive. Lines with

46

comments start with two adjacent hyphens (--) and will be ignored by the compiler.

VHDL also ignores line breaks and extra spaces. VHDL is a strongly typed language

which implies that one has always to declare the type of every object that can have a

value, such as signals, constants and variables.

a. Entity Declaration

The entity declaration defines the NAME of the entity and lists the input and output ports.

The general form is as follows,

Entity NAME_OF_ENTITY is [generic generic_declarations);]

Port (signal_names: mode type;

signal_names: mode type;

:

signal_names: mode type);

End [NAME_OF_ENTITY];

An entity always starts with the keyword entity, followed by its name and the

keyword is. Next are the port declarations using the keyword port. An entity declaration

always ends with the keyword end, optionally [] followed by the name of the entity.

The NAME_OF_ENTITY is a user-selected identifier

signal_names consists of a comma separated list of one or more user-selected

identifiers that specify external interface signals.

mode: is one of the reserved words to indicate the signal direction:

in – indicates that the signal is an input

47

out – indicates that the signal is an output of the entity whose value can

only be read by other entities that use it.

buffer – indicates that the signal is an output of the entity whose value can

be read inside the entity‟s architecture

inout – the signal can be an input or an output.

type: a built-in or user-defined signal type. Examples of types are bit, bit_vector,

Boolean, character, std_logic, and std_ulogic.

bit – can have the value 0 and 1

bit_vector – is a vector of bit values (e.g. bit_vector (0 to 7)

std_logic, std_ulogic, std_logic_vector, std_ulogic_vector: can have 9

values to indicate the value and strength of a signal. Std_ulogic and

std_logic are preferred over the bit or bit_vector types.

boolean – can have the value TRUE and FALSE

integer – can have a range of integer values

real – can have a range of real values

character – any printing character

time – to indicate time

generic: generic declarations are optional and determine the local constants used

for timing and sizing (e.g. bus widths) the entity. A generic can have a default value.

The syntax for a generic follows,

Generic (

constant_name: type [:=value];

constant_name: type [:=value] ;

:

constant_name: type [:=value] );

48

The entity is called BUZZER and has three input ports, DOOR, IGNITION and

SBELT and one output port, WARNING. Notice the use and placement of

semicolons! The name BUZZER is an identifier. Inputs are denoted by the keyword

in, and outputs by the keyword out. Since VHDL is a strongly typed language, each

port has a defined type. In this case, we specified the std_logic type. This is the

preferred type of digital signals. In contrast to the bit type that can only have the

values „1‟ and „0‟, the std_logic and std_ulogic types can have nine values. This is

important to describe a digital system accurately including the binary values 0 and 1,

as well as the unknown value X, the uninitialized value U, “-” for don‟t care, Z for

high impedance, and several symbols to indicate the signal strength (e.g. L for weak

0, H for weak 1, W for weak unknown - see section on Enumerated Types). The

std_logic type is defined in the std_logic_1164 package of the IEEE library. The type

defines the set of values an object can have. This has the advantage that it helps with

the creation of models and helps reduce errors. For instance, if one tries to assign an

illegal value to an object, the compiler will flag the error.

b. Architecture body

The architecture body specifies how the circuit operates and how it is

implemented. As discussed earlier, an entity or circuit can be specified in a variety of

ways, such as behavioral, structural (interconnected components), or a combination of the

above.

The architecture body looks as follows,

Architecture architecture_name of NAME_OF_ENTITY is

-- Declarations

-- Components declarations

-- signal declarations

-- Constant declarations

49

-- Function declarations

-- Procedure declarations

-- Type declarations

:

Begin

-- Statements

:

End architecture_name;

Behavioral model

The header line of the architecture body defines the architecture name, e.g.

behavioral, and associates it with the entity, BUZZER. The architecture name can be any

legal identifier. The main bodies of the architecture starts with the keyword begin and

give the Boolean expression of the function. We will see later that a behavioral model can

be described in several other ways. The “<=” symbol represents an assignment operator

and assigns the value of the expression on the right to the signal on the left. The

architecture body ends with an end keyword followed by the architecture name.

The statements in the body of the architecture make use of logic operators. Logic

operators that are allowed are: and, or, nand, nor, xor, xnor and not. In addition, other

types of operators including relational, shift, arithmetic are allowed as well (see section

on Operators). For more information on behavioral modeling see section on Behavioral

Modeling.

50

Concurrency

It is worth pointing out that the signal assignments in the above examples are

concurrent statements. This implies that the statements are executed when one or more of

the signals on the right hand side change their value (i.e. an event occurs on one of the

signals). For instance, when the input A changes, the internal signals X and Y change

values that in turn causes the last statement to update the output Z. There may be a

propagation delay associated with this change. Digital systems are basically data-driven

and an event which occurs on one signal will lead to an event on another signal, etc. The

execution of the statements is determined by the flow of signal values. As a result, the

order in which these statements are given does not matter (i.e., moving the statement for

the output Z ahead of that for X and Y does not change the outcome). This is in contrast

to conventional, software programs that execute the statements in a sequential or

procedural manner.

Structural description

The circuit of Figure 2 can also be described using a structural model that specifies what

gates are used and how they are interconnected. The following example illustrates it.

Architecture structural of BUZZER is

-- Declarations

Component AND2

Port (in1, in2: in std_logic;

out1: out std_logic);

End component;

Component OR2

Port (in1, in2: in std_logic;

51

out1: out std_logic);

End component;

Component NOT1

Port (in1: in std_logic;

out1: out std_logic);

End component;

-- Declaration of signals used to interconnect gates

Signal DOOR_NOT, SBELT_NOT, B1, B2: std_logic;

Begin

-- Component instantiations statements

U0: NOT1 port map (DOOR, DOOR_NOT);

U1: NOT1 port map (SBELT, SBELT_NOT);

U2: AND2 port map (IGNITION, DOOR_NOT, B1);

U3: AND2 port map (IGNITION, SBELT_NOT, B2);

U4: OR2 port map (B1, B2, WARNING);

End structural;

Following the header is the declarative part that gives the components (gates)

that are going to be used in the description of the circuits. In our example, we use a two-

input AND gate, two-input OR gate and an inverter. These gates have to be defined first,

i.e. they will need an entity declaration and architecture body (as shown in the previous

52

example). These can be stored in one of the packages one refers to in the header of the

file (see Library and Packages below). The declarations for the components give the

inputs (e.g. in1, in2) and the output (e.g. out1). Next, one has to define internal nets

(signal names). In our example these signals are called DOOR_NOT, SBELT_NOT, B1,

B2 (see Figure 2). Notice that one always has to declare the type of the signal.

The statements after the begin keyword gives the instantiations of the components

and describes how these are interconnected. A component instantiation statement creates

a new level of hierarchy. Each line starts with an instance name (e.g. U0) followed by a

colon and a component name and the keyword port map. This keyword defines how the

components are connected. In the example above, this is done through positional

association: DOOR corresponds to the input, in1 of the NOT1 gate and DOOR_NOT to

the output. Similarly, for the AND2 gate where the first two signals (IGNITION and

DOOR_NOT) correspond to the inputs in1 and in2, respectively, and the signal B1 to the

output out1. An alternative way is to use explicit association between the ports, as shown

below.

Label: component-name port map (port1=>signal1, port2=> signal2,…

port3=>signaln);

U0: NOT1 port map (in1 => DOOR, out1 => DOOR_NOT);

U1: NOT1 port map (in1 => SBELT, out1 => SBELT_NOT);

U2: AND2 port map (in1 => IGNITION, in2 => DOOR_NOT, out1 => B1);

U3: AND2 port map (in1 => IGNITION, in2 => SBELT_NOT, B2);

U4: OR2 port map (in1 => B1, in2 => B2, out1 => WARNING);

Notice that the order in which these statements are written has no bearing on the

execution since these statements are concurrent and therefore executed in parallel.

Indeed, the schematic that is described by these statements is the same independent of the

order of the statements.

53

Structural modeling of design lends itself to hierarchical design, in which one can define

components of units that are used over and over again. Once these components are

defined they can be used as blocks, cells or macros in a higher level entity. This can

significantly reduce the complexity of large designs. Hierarchical design approaches are

always preferred over flat designs.

c. Library and Packages: library and use keywords

A library can be considered as a place where the compiler stores information

about a design project. A VHDL package is a file or module that contains declarations of

commonly used objects, data type, component declarations, signal, procedures and

functions that can be shared among different VHDL models.

We mentioned earlier that std_logic is defined in the package ieee.std_logic_1164

in the ieee library. In order to use the std_logic one needs to specify the library and

package. This is done at the beginning of the VHDL file using the library and the use

keywords as follows:

Library ieee ;

use ieee.std_logic_1164.all;

The .all extension indicates to use all ieee.std_logic_1164 packages.

The Xilinx Foundation Express comes with several packages.

ieee Library:

std_logic_1164 package: defines the standard datatypes.

std_logic_arith package: provides arithmetic, conversion and comparison functions

for the signed, unsigned, integer, std_ulogic, std_logic and std_logic_vector types

std_logic_unsigned

std_logic_misc package: defines supplemental types, subtypes, constants and

functions for the std_logic_1164 package.

54

To use any of these one must include the library and use clause:

library ieee;

use ieee.std_logic_1164.all;

use ieee.std_logic_arith.all;

use ieee.std_logic_unsigned.all;

In addition, the synopsis library has the attributes package:

library SYNOPSYS;

use SYNOPSYS.attributes.all;

One can add other libraries and packages. The syntax to declare a package is as follows:

-- Package declaration

Package name_of_package is

Package declarations

End package name_of_package;

-- Package body declarations

package body name_of_package is

Package body declarations

End package body name_of_package;

For instance, the basic functions of the AND2, OR2, NAND2, NOR2, XOR2, etc.

components need to be defined before one can use them.

55

4. Lexical Elements of VHDL

a. Identifiers

Identifiers are user-defined words used to name objects in VHDL models. We have seen

examples of identifiers for input and output signals as well as the name of a design entity

and architecture body. When choosing an identifier one needs to follow these basic rules:

May contain only alpha-numeric characters (A to Z, a to z, 0-9) and the underscore (_)

character

The first character must be a letter and the last one cannot be an underscore.

An identifier cannot include two consecutive underscores.

An identifier is case insensitive (ex. And2 and AND2 or and2 refer to the same object)

An identifier can be of any length.

Examples of valid identifiers are: X10, x_10, My_gate1.

Some invalid identifiers are: _X10, my_gate@input, gate-input.

The above identifiers are called basic identifiers. The rules for these basic

identifiers are often too restrictive to indicate signals. For example, if one wants to

indicate an active low signal such as an active low RESET, one cannot call it /RESET. In

order to overcome these limitations, there are a set of extended identifier rules which

allow identifiers with any sequence of characters.

An extended identifier is enclosed by the backslash, “\”, character.

An extended identifier is case sensitive. An extended identifier is different from

reserved words (keywords) or any basic identifier (e.g. the identifier \identity\ is

allowed)

56

Inside the two backslashes one can use any character in any order, except that a

backslash as part of an extended identifier must be indicated by an additional backslash.

As an example, to use the identifier BUS:\data, one writes: \BUS:\data\

Extended identifiers are allowed in the VHDL-93 version but not in VHDL-87

Some examples of legal identifiers are:

Input, \Input\, \input#1\, \Rst\\as\

b. Keywords (Reserved words)

Certain identifiers are used by the system as keywords for special use such as

specific constructs. These keywords cannot be used as identifiers for signals or objects

we define. We have seen several of these reserved words already such as in, out, or, and,

port, map, end, etc. Keywords are often printed in boldface, as is done in this tutorial. For

a list of all the keywords click on complete keyword list. Extended identifiers can make

use of keywords since these are considered different words (e.g. the extended identifier

\end\ is allowed.

c. Numbers

The default number representation is the decimal system. VHDL allows integer

literals and real literals. Integer literals consist of whole numbers without a decimal point,

while real literals always include a decimal point. Exponential notation is allowed using

the letter “E” or “e”. For integer literals the exponent must always be positive. Examples

are:

Integer literals: 12 10 256E3 12e+6

Real literals: 1.2 256.24 3.14E-2

The number –12 is a combination of a negation operator and an integer literal.

57

CONCLUSION

As DES will run through 16 iterations to achieve its desired cipher text (final

output).With Triple DES, it will Encrypt-Decrypt-Encrypt the block and a completely

different output is generated with a final combination. It‟s said that the security is 192 bit

encryption, but also argued that regardless of the keys, the security is only 168 bit. This

debate is clearly beyond the scope of this article/writer. If you wish to participate with the

scientists in their discussions, it‟s your humility at stake. It's a safe but that Triple DES is

exponentially stronger than the previous DES.

After that, AES may supplant Triple DES as the default algorithm on most

systems if it lives up to its expectations. But Triple DES will be kept around for

compatibility reasons for many years after that. So the useful lifetime of Triple DES is far

from over, even with the AES near completion.