1.
CHAPTER - 1 1.1 INTRODUCTION Power analysis attacks have attracted significant attention within thecryptographic community. So far, they have been successfully applied to different kindsof (unprotected) implementations of symmetric and public-key encryption schemes.Although less general than classical cryptanalysis (because they target one specificimplementation), power analysis attacks usually present a very serious threat for practicalcryptosystems implemented on various platforms. Among the different countermeasuresproposed to protect an implementation from such attacks, one of the most popular is theBoolean masking method. In this proposal, the cryptographic algorithm is modified insuch a way that the intermediate data never appears as such, but is always “masked” withrandom Boolean vectors. The masking has been successfully applied to smart cardimplementations of the DES and the AES Rijndael. However, recent works have shownthat power analysis attacks are also practical against ASIC and FPGA implementations ofcryptographic algorithms. A practical problem is therefore to protect these devices. In this context, one important concern is the implementation cost of thecountermeasure. In particular, the protected algorithms usually have much higher memoryrequirements than the unmasked ones. For this reason, it is often assumed that masking isnot a practical solution for the protection of hardware implementations. On the opposite,it is demonstrated in this project that FPGA implementations of the DES offer verysimple and interesting opportunities to implement the Boolean masking method. Inpractice a secure cryptographic design based on the use of large embedded memoriesavailable inside certain recent FPGAs. As the efficiency of the proposal highly depends onthe size of the substitution tables used in the encryption algorithm, it was particularlywell-fitted to the DES (and, for example, could not be applied as such to the AESRijndael). Therefore, resulting protected DES implementation only requires a moderateadditional hardware cost. It is observed that, most of the present counter measures againstside-channel attacks; the masking does not provide any perfect security and only makesthe attack more difficult. 1
2.
1.2 POWER ANALYSIS In Cryptography, power analysis is a form of side channel attack in which the attacker studies the power consumption of cryptographic hardware device (such as a smart card, tamperproof,”blackbox”, microchip, etc.).It can yield information about what the device is doing, and including key and other secrets. Since increasingly confidential data are being exchanged on electronic way an ever greater importance is attached to the protection of the data. Where cryptosystems are being used in real applications attacks have to be taken into account. Hard and software implementations themselves present a vast field of attacks. Side-channel- Attacks exploit information that leaks from a cryptographic device. Especially one of these new attacks has attracted much attention since it has been announced. This method is called Differential Power Analysis (DPA) and was presented in 1998 by Cryptography Research. DPA uses the information that naturally leaks from a cryptographic hardware device, namely the power consumption. A less powerful variant, the Simple Power Analysis (SPA) was also announced by Cryptography Research. What does a DPA attack require? First, an attacker must be able to precisely measure the power consumption. Second, the attacker needs to know what algorithm is computed, and third an attacker needs the plain or ciphertext. The strategy of the attacker is to make a lot of measurements, and then divide them with the aid of some oracle into two or more different sets. Then, statistical methods are used to verify the oracle. If and only if the oracle was right, one can see noticeable peaks in the statistics.1.2.1 Differential Power Analysis: is an extension of power analysis that can allow an attacker to compute the intermediate values of data blocks and key blocks by statistically analyzing data collected from multiple cryptographic operations.1.2.2 Basics (Simple power Analysis) Examining graphs of time against current used by a device can often show exactly what the device is doing at a given point. For example, on a graph of smartcard performing a DES encryption, the sixteen rounds can be seen clearly. 2
3.
The currents passing through a device are usually small, but standard digital oscilloscopes equipment is precious and accurate enough to measure data –induced variations. It is reasonable for a cryptosystem designer to assume that an adversary will have access to such equipment. Power analysis does not seek to find weaknesses in algorithm or protocols so much as in their implementations. It provides a way to “see inside” otherwise „tamperproof‟ hardware. For example, DES‟s key schedule involves rotating 28 – bit key register. In order to save time, most implementations simply check the least significant bit to see if it is a 1 . If so, divides the register by two and prepends the 1 at the left end. Power analysis can show the difference between a register with a 1 and a register with a 0 at the end when this happens. This can leak information about key material. DES‟s permutations, usually clumsily implemented in software, reveal even more information through conditional branches.1.3 Differential Power analysis Differential Power analysis (DPA) is a side – channel attack which involves statistically analyzing power consumption measurements from a cryptosystem. The attacks exploits biases varying power consumptions of microprocessors or other hardware while performing operations using secrete keys. DPA attacks have signal processing and error correction properties which can extract secrets from measurements which contain too much noise to be analyzed using simple power analysis. Using DPA, an adversary can obtain secret keys by analyzing power consumption measurements from multiple cryptographic operations performed by vulnerable smart card or other device.1.4 Preventing simple and differential power analysis attacks Simple power analysis can most easily distinguish conditional branches in the execution of the cryptographic program since a device does different things (requiring different power) depending on which conditional branch is executed. For this reason, care should be taken to ensure there should no differences (from a power perspective) in the conditionals branches within cryptographic software implementations. All rotations, 3
4.
permutations and logic operations (such as XOR) should take the same time and draw equivalent power, no matter what the input. There are, however, some algorithms with inherently significant branching to eliminate information leakage from these, software engineers may have to be very creative. This Creative engineering may cause of performance reduction (in speed typically), and will almost always required greater development, which must be weighed against possibility of power analysis. An alternative, some cases is to use hardwired hardware cryptographic device. Their power consumption can vary very little, due to their construction. However, in the case of smart cards for example, it is not always possible to place software implementations with hardware implementations. Differential power analysis is more difficult to prevent, since even small biases in the power consumption can lead to exploitable weaknesses. Some countermeasure strategies involve algorithmic modifications such that the cryptographic operations occur on data that is related to the actual value by some mathematical relationship that survives the cryptographic operation. This is called blinding, and usually implies an algorithm that is based on number theory, such as factoring or discrete algorithms.1.5 Power Analysis Foundations Almost every digital circuit built today is based on Complementary Metal Oxide Semiconductor (CMOS) technology. Therefore it is necessary to understand the power consumption characteristics of this technology. If a CMOS gate changes its state, this change can be measured at the Vdd (Vss) pin. The more circuits change their state, the more power is dissipated. In a synchronous design, gates are clocked which means that all gates change their state at the same time. Power dissipated by the circuit can be monitored by using a small resistor Rm in series between Vdd (or Vss) and the true source (or ground). The two most essential parts of the power consumption during a change of a state are the dynamic charge respective discharge (appr. 85%) and the dynamic short circuit current (appr. 15%). This is sketched on the example of an inverter shown in figure 1.1. The output of each gate has a capacitive load, consisting of the parasitic capacity of the connected wires and gates of the following stages. An input transition 4
5.
results in an output transition, which discharges or charges this parasitic capacity, causing a current flow to Vdd (or Vss). This current is the dynamic charge is the dynamic charge resp. discharge current. By measuring current Flow on Vdd we can detect whether the output changed from 0 to 1 or not.Figure 1.1Inverter1.6 Differential Power Analysis of DES In the DES the subkey splits up in eight blocks, one for every sbox. Therefore we specify one target sbox for which we list all possible (=26) input values. We will refer to such an input value as subkey block. As assumed above we know the ciphertext, and so we can calculate the value of some of the bits in L15 for every possible subkey block. We select one of these bits as our target bit. The value of the target bit is our selection function D. If D=1 the corresponding power measurement will be put in sample set S1, if D-0 it is classified to S0. This procedure is repeated for a lot of measurement, so at the end we have, for every ciphertext and all subkey blocks, a classification of the corresponding measurement. Let n denote the amount of ciphertext, respective measurements. Then we can write all our classifications in a 26 x n matrix. So every line represents a possible key for the target sbox, and every column represents the classification of one ciphertext resp. measurement. For the DPA attack go through all lines and build the two sample sets S0 and S1. Then compute the mean (point wise) of the samples in the sets, M0 and M1, and compute the difference. For the correct subkey block there must be a peak in the trace of the difference. 5
6.
1.7 ROM DESIGN AND EVALUATION AGAINST POWER ANALYSIS ATTACK1.7.1 Power Simulation on an 8 x 8 ROM The ROM of 3-bit input, 8-bit output is as shown in figure 2.2. It consists of two main components: a 3 to 8 decoder and a memory array. The decoder is made up of eight 3-input AND gates each driven by a min-term of the 3 input signals. The memory array is an array of pull-down N-type transistors, on each intersection of a horizontal address line and a vertical data line. Increase the Hamming weight (the number of “1”s) of the ROM content one by one. Figure 1.2 8 x 8 ROM For each Hamming weight, randomly distribute the locations of “1”s (N-type transistors) and run power simulations around 10 times. The power consumption versus Hamming weight information is leaked, as average power increases linearly with it.1.7.2 Inserting randomness in to ROM These are two dimensions of freedom which cause power consumption variation given a certain Hamming weight: 6
7.
i. Duty cycle of address linesii. N-type transistors distribution The duty cycle of address lines are not identical to each other, due to inverterdelay in the address decoder. When one address line is selected and the N-typetransistors on it are turned on, the power dissipation caused by short-circuit current isapproximately proportional to the duty cycle of selected address line. As a result, thepower consumption differs when locations of N-type transistors change between differentaddress lines. The power consumption variation caused by duty cycle nuance can be exploitedto mask the linearity between the power and the Hamming weight. One may considerincreasing the duty cycle nuances in address lines. But the influence would be slightsince differences of some duty cycles are very small. Moreover, it increases the risk oftiming analysis attack which in turn cancels the improvement on power informationleakage. An alternative is to modify the N-type transistor distribution by using extradummy bit line, i.e. to increase the scope of N-type transistor distribution over a largerROM whose circuit is shown in Figure 1.3.Figure 1.3 8 x 8 ROM with extra bit lines, for random insertion 7
8.
1.7.3 Dual-rail ROM design It is observed that a dual-rail ROM design may be a better countermeasure. Dual- rail refers to an encoding system where two-bit value “01” stands for Logic-0,”10” for logic-1. The dual rail ROM has a double numbers of bit lines, which in pairs represent logic words. With this encoding technique, a constant number (half the number of bilieness) of N-type transistors will be turned on no matter which address line is selected. Figure 1.4 shows a dual-rail 8 x 8 ROM example which has 16 bit lines to output 8-bit words. Run power simulation on it similar to its bundle-data version, but increasing the number of logic-1 instead of increasing the number of “1”s, which is consistently equal to half of the total intersections of address lines and bit lines. Figure 1.4 Dual-rail 8 x 8 ROM, 16 bit lines representing 80bit word 8
9.
1.8 RANDOM NUMBER GENERATOR1.8.1 INTRODUCTION The need for random numbers in cryptographic processes is ubiquitous. Initialization vectors block padding, challenges, nonce‟s, and, of course, keys are some of the cryptographic objects where a string of unpredictable bits is required. Often the same Random Number Generator (RNG) supplies bits for all of the above uses in a cryptographic system. Many of the bits generated by the RNG are transmitted in the clear and thus a passive attacker has ample opportunity to analyze the output of the RNG and can leverage any weaknesses found there. The random number generator (RNG) is an important cryptographic primitive widely used for one time pads, key generation and authentication protocols. The securities of such systems rely on the assumption that future values in the random number sequence cannot be predicted from the observed sequence. There are two types of random number generators commonly used for cryptographic applications. The true random number generator (TRNG) derives its output from a physical noise source whereas a pseudorandom number generator (PRNG) expands a relatively short key (possibly from a TRNG) into a long sequence of seemingly random bits based on a deterministic algorithm. A cryptographically secure random bit generator (CSRBG) is one which produces sequences for which there is no polynomial time algorithm which, on input of the first l bits of the output sequence s, can predict the (l + 1 )st bit of s with a probability significantly greater than I. Field programmable gate array (FPGA) devices have been successfully used for the implementation of cryptographic hardware, some examples being the data encryption standard (DES), advanced encryption standard (AES) candidate finalists, IDEA and RSA cryptography. In these and other implementations, FPGAs had ad-vantages in performance, design time, power consumption, flexibility, cost or area over comparable microprocessor and very large scale integration (VLSI) based systems. These designs are intended for integration with other FPGA based cryptographic hardware to produce embedded cryptosystems on a single FPGA. Apart from achieving a higher level of integration, keeping the critical random number generation operations 9
10.
internal to the device achieves better security since these data do not need to be passed to the FPGA via the pins. In many applications, highly secure random numbers are required only at very low bit rates, perhaps to generate a single key for the lifetime of the application. An example is public key cryptography where, once a key pair is generated, the same key is used for subsequent applications. The TRNG and PRNG reported in this paper are designed for low bit rate applications and both are able to generate highly secure random numbers while occupying minimal resources. They are particularly suitable for applications where integration of the RNG and other cryptographic algorithms on the same FPGA is required. Given the importance of random number generation, surprisingly few hardware implementations of TRNGs have been reported. There are three commonly used techniques namely oscillator sampling, direct amplification and discrete time chaos. In the oscillator sampling approach, period variation (i.e. oscillator jitter) in a low frequency clock of low quality factor (Q) is exploited by using it to sample a high frequency clock. The direct amplification technique digitizes thermal or shot noise, using a amplifier and comparator. Finally, chaotic systems can be used to produce TRNGs.1.9 Kinds of Random Number Generators RNGs can be separated into two general categories:1.9.1 Pseudo Random Number Generators (PRNGs): These generators are algorithms, which are initialized with an externally generated sequence and produce a much longer sequence that appears to be random. After being initialized with a seed value the internal state of the generator completely determines the next bit to be generated. Given the same seed value a PRNG will always produce the same sequence. 10
11.
1.9.2 True Random Number Generators (TRNGs): These generators base their output entirely on an underlying random physical process. Unlike their deterministic cousins there is no internal state kept in the generator and the output is based only on the physical process and not any previously produced bits. Often the raw bits generated by the physical source are biased (the probability of a 1 is not 0.5), and thus some bias reduction is necessary. 11
12.
CHAPTER – 2 CRYPTOGRAPHY Cryptography is the study of mathematical techniques related to aspects of informationsecurity such as confidentiality, data integrity, entity authentication, and origin authentication.2.1 Basic terminology and concepts Cryptanalysis is the study of mathematical techniques for attempting to defeat cryptographic techniques, and, more generally, information security services. A cryptanalysts is someone who engages in cryptanalysis. Cryptology is the study of cryptography and cryptanalysis. Cryptosystem is a general term referring to a set of cryptography primitives used to provide information security services. Most often the term is used in conjunction with primitives providing confidentiality, i.e. Encryption. It is an art of science that conveys message from source to destination in a secured basis. There are two kinds of cryptosystems: symmetric and asymmetric. Symmetric cryptosystems use the same key (the secret key) to encrypt and decrypt a message, and asymmetric cryptosystems use one key (the public key) to encrypt a message and a different key (the private key) to decrypt it. Asymmetric cryptosystems are also called public key cryptosystems.2.2 Need for security Steps involved in secured communication: 1. Design an algorithm for performing the security related transformation such that the opponent cannot defeat its purpose. 2. Generate the secret information to be used with the algorithm. 3. Specify the protocol to be used by the two principles that make use of the security algorithm. 12
13.
2.3 Threats in communication2.3.1 Information access threat: Modification of the data without the knowledge of sender and then transmit the data.2.3.2 Service threat: Exploit these flaws in the services available in computer to inhibit the use by legitimate users.2.3.3 Types of intruders Masquerader: An individual who isn‟t authorized to use the computer and who penetrates a system occurs controls to exploit legitimate users account. Misfeasor: A legitimate user who access data, programs or resources for which access isn‟t authorized for such access.2.4 SYMMETRIC CIPHER MODEL Symmetric encryption also referred to as conventional encryption or single-key encryption was the only type of encryption in use prior to the development of public-key encryption. The most widely used symmetric cipher is TDES. Plaintext: This is the original intelligible message or data that is fed into the algorithm as input. Encryption algorithm: The encryption algorithm performs various substitutions and transformations on the plaintext. Secret key: The secret key is also input to the encryption algorithm. The key is a value independent of the plaintext. The algorithm will produce a different output depending on the specific key being used at the time. The exact substitutions and transformations performed by the algorithm depend on the key. 13
14.
Secret key shared by Secret key shared by Sender and recipient sender and recipient Transmitted Decryption Encryption Process Process Cipher text Plaintext Encryption Algorithm Decryption Algorithm Plaintext Input (e.g., TDES) (reverse of Encryption output Algorithm) Figure-2.1. Simplified Model of Conventional Encryption Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and the secret key. For a given message, two different keys will produce two different ciphertext. The ciphertext is an apparently random stream of data and, as it stands, is unintelligible. Decryption algorithm: This is essentially the encryption algorithm run is reverse. It takes the ciphertext and the secret keys and produces the original plaintext. 2.5 MODEL OF CONVENTIONAL CRYPTOSYSTEM Cryptanalyst Figure 2.2 X KMessage X Y X Encryption Decryption Destinationsource Algorithm Algorithm Key Source 14
15.
A source produces a message in plaintext, X=[X1, X2, X3. . . , XM].The Melements of X are letters in some finite alphabet. Traditionally, the alphabet usuallyconsisted of the 26 capital letters. Nowadays, the binary alphabet {0, 1} is typically used.For encryption, a key of the form K= [K1, K2, K3……., KJ] IS GENERATED. If thekey is generated at the message source, then it must also be provided to the destination bymeans of some secure channel. Alternatively, a third party could generate the key andsecurely deliver it to both source and destination. With the message X and the encryption key K as input, the encryption algorithmforms the ciphertext Y=[Y1, Y2, Y3, . . . . . . . ., YN]. We can write this as Y=EK(X) This notation indicates that Y is produced by using encryptionalgorithm E as a function of the plaintext X, with the specific function determined by thevalue of the key K.The intended receiver, in possession of the key, is able to invert the transformation: X=DK(Y) An opponent, observing Y but not having access to K or X, may attempt torecover X or K or both X and K. It is assumed that the opponent knows the encryption(E) and decryption (D) algorithms. If the opponent is interested in only this particularmessage, then focus of the effort is to recover X by generating a plaintext estimate X.Often, however, the opponent is interested in being able to read future messages as well,in which case an attempt is made to recover K by generating an estimate K. 15
16.
CHAPTER – 3 DATA ENCRYPTION STANDARD3.1 DESCRIPTION OF DES DES (the Data Encryption Standard) is a symmetric block cipher developed by IBM. The algorithm uses a 56-bit key to encipher/decipher a 64-bit block of data. The key is always presented as a 64-bit block, every 8th bit of which is ignored. However, it is usual to set each 8th bit so that each group of 8 bits has an odd number of bits set to 1. The algorithm is best suited to implementation in hardware, probably to discourage implementations in software, which tend to be slow by comparison. However, modern computers are so fast that satisfactory software implementations are readily available. DES is the most widely used symmetric algorithm in the world, despite claims that the key length is too short. Ever since DES was first announced, controversy has raged about whether 56 bits is long enough to guarantee security. The key length argument goes like this. Assuming that the only feasible attack on DES is to try each key in turn until the right one is found, then 1,000,000 machines each capable of testing 1,000,000 keys per second would find (on average) one key every 12 hours. Most reasonable people might find this rather comforting and a good measure of the strength of the algorithm. Those who consider the exhaustive key-search attack to be a real possibility (and to be fair the technology to do such a search is becoming a reality) can overcome the problem by using double or triple length keys. In fact, double length keys have been recommended for the financial industry for many years.3.1.1 Encryption Many people are not aware that the information they send or the files stored on their computers needs to be protected, however when you consider what you have on your computer and the many ways it can fall into the wrong hands, it does start to make sense to protect your privacy in some way. 16
17.
Key technology: encryption. Store and transmit information in an encoded form that does not make any sense. The basic mechanism: * Start with text to be protected. Initial readable text is called clear text. * Encrypt the clear text so that it does not make any sense at all. The nonsense text is called cipher text. The encryption is controlled by a secret password or number; this is called the encryption key. The encrypted text can be stored in a readable file, or transmitted over unprotected channels.3.1.2 Decryption To make sense of the cipher text, it must be decrypted back into clear text. This is done with some other algorithm that uses another secret password or number, called the decryption key. All of this only works under three conditions: 17
18.
* The encryption function cannot easily be inverted (cannot get back to clear text unlessyou know the decryption key).* The encryption and decryption must be done in some safe place so the clear text cannotbe stolen.* The keys must be protected. In most systems, can compute one key from the other(sometimes the encryption and decryption keys are identical), so cannot afford to leteither key leak out. Figure-3.1 DES encryption 18
19.
Figure-3.2 DES algorithmWhy DES?i) High level of security.ii) Same algorithm with the same key is used for encryption and decryption.iii) The algorithm and the key could be shared by the sender and receiver.iv) RSA and Substitution algorithm have some drawbacks, where the DES can 19
20.
Over comes. v) In the RSA algorithm we use two keys whereas in DES we use only one key for both encryption and decryption. vi) There is only one round process in RSA whereas there are 16 rounds of process in DES. vii) In substitution algorithm we replace a character by some other character code whereas in DES we encryption the text and process it for 16 rounds.3.2 Limitations of DES Generating the per-round keys that the key is subjected to and a initial permutation to generate two 28 – bit quantities, C0 and D0. The sixteen suspect keys are ones for which, C0 and D0 are one of the four values: all ones, all zeroes, alternating ones and zeroes, alternating zeroes and ones. Since there are four possible values for each half, there are sixteen possibilities in all. The four weak keys are the ones for which each of, C0 and D0 are all ones or all zeroes. Weak keys are their own inverses. The remaining twelve keys are the semi- weak keys. Each is the inverse of one of the others.3.2.1 Applications The DES core can be utilized for a variety of encryption applications including: Secure File/Data transfer Electronic Funds Transfer Encrypted Storage Data Secure communications3.2.2 Features FIPS 46-3 Standard Compliant Encryption/Decryption performed in 16 cycles (ECB mode) 20
21.
56 bits of security For use in FPGA or ASIC designs Verilog IP Core Non Pipelined version Small gate count Pipelined version Pipelined for maximum performance Encryption/Decryption performed in 1 cycle (ECB mode) after an initial latency of 16 cycles3.3 Triple-DES: Use of multiple length keys leads us to the Triple-DES algorithm, in which DES is applied three times. Triple DES is simply another mode of DES operation. It takes three 64-bit keys, for an overall key length of 192 bits. In Private Encryption, you simply type in the entire 192-bit (24 character) key rather than entering each of the three keys individually. The Triple DES DLL then breaks the user provided key into three sub keys, padding the keys if necessary so they are each 64 bits long. The procedure for encryption is exactly the same as regular DES, but it is repeated three times. Hence the name Triple DES, The data is encrypted with the first key, decrypted with the second key, and finally encrypted again with the third key. Triple DES, also known as 3DES. Consequently, Triple DES runs three times slower than standard DES, but is much more secure if used properly. The procedure for decrypting something is the same as the procedure for encryption, except it is executed in reverse. Like DES, data is encrypted and decrypted in 64-bit chunks. Unfortunately, there are some weak keys that one should be aware of: if all three keys, the first and second keys, or the second and third keys are the same, then the encryption procedure is essentially the same as standard DES. This situation is to be avoided because it is the same as using a really slow version of regular DES. 21
22.
Note that although the input key for DES is 64 bits long, the actual key used byDES is only 56 bits in length. The least significant (right-most) bit in each byte is a paritybit, and should be set so that there are always an odd number of 1s in every byte. Theseparity bits are ignored, so only the seven most significant bits of each byte are used,resulting in a key length of 56 bits. This means that the effective key strength for TripleDES is actually 168 bits because each of the three keys contains 8 parity bits that are notused during the encryption process. If we consider a triple length key to consist of three 56-bit keys K1, K2, K3 then encryption is as follows: •EncryptwithK1 •DecryptwithK2 •Encrypt with K Decryption is the reverse process: •Decrypt with K3 •Encrypt with K2 •Decrypt with K1 Setting K3 equal to K1 in these processes gives us a double length key K1, K2. 22
23.
Setting K1, K2 and K3 all equal to K has the same effect as using a single-length (56-bit key). Thus it is possible for a system using triple-DES to be compatible with a system using single-DES.Figure-3.4 Enciphering computation DES operates on a 64 – bit block of plaintext. After an initial permutation the block is broken into a right half and left half, each 32 – bits long. Then there are 16 rounds of identical operations, called Function f, in which the data are combined with the key. After the sixteenth round, the right and left halves are joined, and a final permutation (the inverse of the initial permutation) finishes off the algorithm. 23
24.
In each round the key bits are shifted, and then 48 – bits are selected from the 56–bits of the key. The right half of the data is expanded to 48 – bits via an expansionpermutation, combined with 48 –bits of a shifted and permuted key via an XOR, sentthrough 8 S- boxes producing 32- new bits, and permuted again. These four operationsmake up Function f. The output of Function f is then combined with the left half viaanother XOR. The results of these operations become the new right half; the old right halfbecomes the new left half. These operations are repeated sixteen times, making 16 roundsof DES. Figure 3.5 TDES Algorithm 24
26.
3.4 Initial permutation (IP)Figure-3.7 Initial permutationTable-3.1 Initial permutation IP 58 50 42 34 26 18 10 2 60 52 44 36 28 20 12 4 62 54 46 38 30 22 14 6 64 56 48 40 32 24 16 8 57 49 41 33 25 17 9 1 59 51 43 35 27 19 11 3 61 53 45 37 29 21 13 5 63 55 47 39 31 23 15 7 Table 3.1 specifies the input permutation on a 64-bit block. The meaning is as follows: the first bit of the output is taken from the 58th bit of the input; the second bit from the 50th bit, and so on, with the last bit of the output taken from the 7th bit of the input. The initial permutation occurs before round one; it transposes the input block as described in table 3.1 this table, like all the other tables in this chapter , should be read left to right, top to bottom. For example, the initial permutation moves bit 58 of the plaintext to bit position 1, bit 50 to bit position 2, and so forth. The initial permutation and the corresponding final permutation do not affect DES„s security. 26
27.
3.5 Final permutation (IP-1)Figure-3.8. Final permutationTable-3.2 Final permutation IP-1 40 8 48 16 56 24 64 32 39 7 47 15 55 23 63 31 38 6 46 14 54 22 62 30 37 5 45 13 53 21 61 29 36 4 44 12 52 20 60 28 35 3 43 11 51 19 59 27 34 2 42 10 50 18 58 26 33 1 41 9 49 17 57 25 The final permutation is the inverse of the initial permutation; the table is interpreted similarly. This is shown in table 3.2. 27
28.
3.6 Expansion permutation (E)Figure-3.9 Expansion permutationTable-3.3 Expansion permutation E 32 1 2 3 4 5 4 5 6 7 8 9 8 9 10 11 12 13 12 13 14 15 16 17 16 17 18 19 20 21 20 21 22 23 24 25 24 25 26 27 28 29 28 29 30 31 32 1 The expansion permutation is interpreted as for the initial and final permutations. Note that some bits from the input are duplicated at the output; e.g. the fifth bit of the input is duplicated in both the sixth and eighth bit of the output. Thus, the 32-bit half- block is expanded to 48 bits. This operation expands the right half of the data, RI, from 32-bits to 48 bits. Because this operation changes the order of the bits as well as repeating certain bits, it is known as an expansion permutation. This operation has two purposes: it makes the right half the same size as the key for the XOR operation and it provides a longer result that can be compressed during the substitution operation. However, neither of those is its main cryptographic purpose. By allowing one bit to affect two substitutions, the dependency of the output bits on the input bits spreads faster. This is called an avalanche effect. This is shown in table 3.3. 28
29.
3.7 Permutation (P)Figure-3.10 Permutation Table-3.4 Permutation P 16 7 20 21 29 12 28 17 1 15 23 26 5 18 31 10 2 8 24 14 32 27 3 9 19 13 30 6 22 11 4 25 The 32 – bit output of the S –box substitution is permuted according to a P –box. This permutation maps each input bit to an output position; no bits are used twice and no bits are ignored. This is called a straight permutation or just a permutation. This is shown in table 3.4. 29
30.
3.8 Permuted choice 1 (PC-1)Figure-3.11 Permuted choice 1Table-3.5 Permuted choice 1 PC-1 Left 57 49 41 33 25 17 9 1 58 50 42 34 26 18 10 2 59 51 43 35 27 19 11 3 60 52 44 36 Right 63 55 47 39 31 23 15 7 62 54 46 38 30 22 14 6 61 53 45 37 29 21 13 5 28 20 12 4 The "Left" and "Right" halves of the table show which bits from the input key form the left and right sections of the key schedule state. Note that only 56 bits of the 64 bits of the input are selected; the remaining eight were specified for use as parity bits. The DES performs a function, on 64 – bits key to generate sixteen 48 bit keys. Which are k1, K2, k3, .k16.First it does an initial permutation on the 56 useful bits of the key, to generate a 56 –bit output, which it divides into two 28 bit values, called Co and Do. The permutation is specified as in Table 4.5. 30
31.
3.9 Permuted choice 2 (PC-2)Figure-3.12 Permuted choice 2Table-3.6 Permuted choice 2Permutation to obtain the left half of Ki PC-2 14 17 11 24 1 5 3 28 15 6 21 10 23 19 12 4 26 8 16 7 27 20 13 2Permutation to obtain the right half of Ki 41 52 31 37 47 55 30 40 51 45 33 48 44 49 39 56 34 53 46 42 50 36 29 32 The permutations in this case are likely to be of some security value. The permutation of Ci that produces the left half of Ki is shown in Table 3.6.Note that bits 9, 18, 22 and 25 are discarded. The permutations of the rotated Di – 1 that produces right half of Ki is shown in Table 3.6.Bits 35, 38, 43, and 54 are discarded. Each of the halves of the Ki is 24 –bits, so Ki is 48- bits long. 31
32.
3.9 Substitution boxes (S-boxes) Figure-3.13 Calculation of f(R, k) After the compressed key is XORed with expanded block, the 48 – bit result moves to a substitution operation. The substitutions are performed by eight substitution boxes, or S-boxes. Each S – box has a 6-bit input and a 4-bit output, and there are eight different S-boxes. The total memory requirements for the eight DES S-boxes are 256 bytes. The 48 bits are divided into eight 6-bit sub-blocks. Each separate block is operated on by a separate S-box: The first block is operated on by S-box 1; the second block is operated on by S-box 2, and so on. Table-3.7 Substitution boxes (S-boxes) S-boxes S1 14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7 0 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8 4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0 15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13 32
34.
Figure 3.7.1 E tableFigure 3.7.2 Input KeyFigure 3.7.3 Permuted choice one (PC-1) 34
35.
Figure 3.7.4 Permuted choice one (PC-2)Figure 3.7.5 Rotation in the key schedule3.11 Rotations in the key-schedule Before the round subkey is selected, each half of the key schedule state is rotated left by a number of places. This table specifies the number of places rotated. Triple DES has two attractions that assure its widespread use over the next few years. First, with its 168-bit key length, it overcomes the vulnerability to brute-force attack of DES. Second, the underlying encryption algorithm in Triple DES is the same as in DES. This algorithm has been subjected to more scrutiny than any other encryption algorithm over a longer period of time, and no effective cryptanalytic attack based on the algorithm rather than brute-force has been found. Accordingly, there is a high level of confidence that 3DES is very resistant to cryptanalysis. If security were the only consideration, then 3DES would be an appropriate choice for a standardized encryption algorithm for decades to come. 35
38.
3.12 DES Decryption i) Use same function ii) Key is the key… Used in reverse order (K1,…, K16 becomes K16,…, K1) Right circular shift of 0-2 bits 0 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 (1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1) With DES it is possible to use the same function to encrypt or decrypt a block. The only difference is that the keys must be used in the reversed order. That is , if the encryption keys for each round are K1,K2,K3,…K16, then the decryption keys are K16, K15, K14, …,K1.The algorithm that generates the key used for each round is circular as well. The key shift is shown above.3.13 Applications The DES3 core can be utilized for a variety of encryption applications including: Secure File/Data transfer Electronic Funds Transfer Encrypted Storage Data Secure communications3.13.1 Features FIPS 46-3 Standard Compliant Encryption/Decryption performed in 48 cycles(ECB mode) Up to 168 bits of security For use in FPGA or ASIC designs Verilog IP Core 38
39.
Non Pipelined version Small gate count shared DESPipelined version Pipelined for maximum performance Encryption/Decryption performed in 1 cycle (ECB mode) after an initial latency of 48 cycles 39
40.
ALGORITHM FOR TDESENCRYPTIONStep1:k1, K2, k3 are the keys in key expander with the selection function.Step2: If selection function is active i.e. „1‟ then encryption process is activated with key k1.Andthis encryption output is given to input of the decryption i.e. selection function is „0‟ with keyK2.Step3: Decryption output is given to input of encryption i.e. if selection function is „1‟ with k3.DECRYPTIONstep4: It is the reverse process of encryption.ALGORITHM FOR DESENCRYPTIONStep 1: Initial input data applied is 64 bits.Step2: The initial permuted data 64 bits is divided into right (32bits) i.e. r0 and left (32bits) i.e.l0.58 50 42 34 26 18 10 260 52 44 36 28 20 12 462 54 46 38 30 22 14 6 left (32 bits) even64 56 48 40 32 24 16 857 49 41 33 25 17 19 159 51 43 35 27 19 11 361 53 45 37 29 21 13 5 Right (32 bits) odd63 55 47 39 31 23 15 7Here each row difference is 8 and column difference is2.Step3: The right 32bits is given to expansion box where a block gets 48 bits as output written as8 block.32 1 2 3 4 54 5 6 7 8 98 9 10 11 12 1312 13 14 15 16 1716 17 18 19 20 2120 21 22 23 24 2524 25 26 27 28 2928 29 30 31 32 3332 33 34 35 36 3736 37 38 39 40 4140 41 42 43 44 4544 45 46 47 48 40
41.
Step4: 56 bits of key length is compressed to 48 bits.60 52 44 36 28 20 12 462 54 46 38 30 22 14 664 56 48 40 32 24 16 857 49 41 33 25 17 19 159 51 43 35 27 19 11 361 53 45 37 29 21 13 563 55 47 39 31 23 15 7Step5:48bits of key length and expansion of 48 bits as XORed and get 48 bits as output. Key-110000Expansion-110000Step6:48 bits of data is given to substitution box s1 to s8 and each block has 64 bits as input andyields 48 bits block as output i.e. 32 bits.Step7: pbox yields a 32 bits output and 32bits input by shifting the right and left the bits of theinput blocks.Step8:32bits are XORed with left 32 bits. so, that total output is 64 bits.step9: The total procedure repeats till it completes 16 rounds.DECRYPTION: It is the reverse process of encryption.ENCRYPTION: It is the reverse process of decryption. 41
42.
SCOPE AND FUTURE DEVELOPMENT For the foreseeable future Triple DES is an excellent and reliable choice for the security needs of highly sensitive information. The AES will be at least as strong as Triple DES and probably much faster. Its the industry mandate from Visa and MasterCard thats requiring ATM deployers to upgrade and/or replace their legacy terminals. In a nutshell, its all about three waves of encryption, and its designed to make ATM transactions more secure. 42
43.
VHDL1. Introduction VHDL stands for VHSIC (Very High Speed Integrated Circuits) Hardware Description Language. In the mid-1980‟s the U.S. Department of Defense and the IEEE sponsored the development of this hardware description language with the goal to develop very high-speed integrated circuit. It has become now one of industry‟s standard languages used to describe digital systems. The other widely used hardware description language is Verilog. Both are powerful languages that allow you to describe and simulate complex digital systems. A third HDL language is ABEL (Advanced Boolean Equation Language) which was specifically designed for Programmable Logic Devices (PLD). ABEL is less powerful than the other two languages and is less popular in industry. This tutorial deals with VHDL, as described by the IEEE standard 1076-1993. Although these languages look similar as conventional programming languages, there are some important differences. A hardware description language is inherently parallel, i.e. commands, which correspond to logic gates, are executed (computed) in parallel, as soon as a new input arrives. A HDL program mimics the behavior of a physical, usually digital, system. It also allows incorporation of timing specifications (gate delays) as well as to describe a system as an interconnection of different components.2. Levels of representation and abstraction A digital system can be represented at different levels of abstraction [1]. This keeps the description and design of complex systems manageable. Figure 1 shows different levels of abstraction. 43
44.
Figure 1: Levels of abstraction: Behavioral, Structural and Physical The highest level of abstraction is the behavioral level that describes a system interms of what it does (or how it behaves) rather than in terms of its components andinterconnection between them. A behavioral description specifies the relationshipbetween the input and output signals. This could be a Boolean expression or a moreabstract description such as the Register Transfer or Algorithmic level. As an example,let us consider a simple circuit that warns car passengers when the door is open or theseatbelt is not used whenever the car key is inserted in the ignition lock At the behaviorallevel this could be expressed as, Warning = Igniti_on on AND ( Door _open OR Seatbelt_ off) The structural level, on the other hand, describes a system as a collection ofgates and components that are interconnected to perform a desired function. A structuraldescription could be compared to a schematic of interconnected logic gates. It is arepresentation that is usually closer to the physical realization of a system. For theexample above, the structural representation is shown in Figure 2 below.Figure 2: Structural representation of a “buzzer” circuit. VHDL allows one to describe a digital system at the structural or the behaviorallevel. The behavioral level can be further divided into two kinds of styles: Data flow and 44
45.
Algorithmic. The dataflow representation describes how data moves through the system. This is typically done in terms of data flow between registers (Register Transfer level). The data flow model makes use of concurrent statements that are executed in parallel as soon as data arrives at the input. On the other hand, sequential statements are executed in the sequence that they are specified. VHDL allows both concurrent and sequential signal assignments that will determine the manner in which they are executed. Examples of both representations will be given later.3. Basic Structure of a VHDL file A digital system in VHDL consists of a design entity that can contain other entities that are then considered components of the top-level entity. Each entity is modeled by an entity declaration and an architecture body. One can consider the entity declaration as the interface to the outside world that defines the input and output signals, while the architecture body contains the description of the entity and is composed of interconnected entities, processes and components, all operating concurrently, as schematically shown in Figure 3 below. In a typical design there will be many such entities connected together to perform the desired function. Figure 3: A VHDL entity consisting of an interface (entity declaration) and a body (architectural description). VHDL uses reserved keywords that cannot be used as signal names or identifiers. Keywords and user-defined identifiers are case insensitive. Lines with 45
46.
comments start with two adjacent hyphens (--) and will be ignored by the compiler.VHDL also ignores line breaks and extra spaces. VHDL is a strongly typed languagewhich implies that one has always to declare the type of every object that can have avalue, such as signals, constants and variables.a. Entity DeclarationThe entity declaration defines the NAME of the entity and lists the input and output ports.The general form is as follows,Entity NAME_OF_ENTITY is [generic generic_declarations);] Port (signal_names: mode type; signal_names: mode type; : signal_names: mode type);End [NAME_OF_ENTITY]; An entity always starts with the keyword entity, followed by its name and thekeyword is. Next are the port declarations using the keyword port. An entity declarationalways ends with the keyword end, optionally [] followed by the name of the entity.The NAME_OF_ENTITY is a user -selected identifiersignal_names consists of a comma separated list of one or more user-selected identifiers that specify external interface signals.mode: is one of the reserved words to indicate the signal direction: in – indicates that the signal is an input 46
47.
out – indicates that the signal is an output of the entity whose value can only be read by other entities that use it. buffer – indicates that the signal is an output of the entity whose value can be read inside the entity‟s architecture inout – the signal can be an input or an output.type: a built-in or user-defined signal type. Examples of types are bit, bit_vector, Boolean, character, std_logic, and std_ulogic. bit – can have the value 0 and 1 bit_vector – is a vector of bit values (e.g. bit_vector (0 to 7) std_logic, std_ulogic, std_logic_vector, std_ulogic_vector: can have 9 values to indicate the value and strength of a signal. Std_ulogic and std_logic are preferred over the bit or bit_vector types. boolean – can have the value TRUE and FALSE integer – can have a range of integer values real – can have a range of real values character – any printing character time – to indicate time generic: generic declarations are optional and determine the local constants used for timing and sizing (e.g. bus widths) the entity. A generic can have a default value. The syntax for a generic follows, Generic ( constant_name: type [:=value]; constant_name: type [:=value] ; : constant_name: type [:=value] ); 47
48.
The entity is called BUZZER and has three input ports, DOOR, IGNITION and SBELT and one output port, WARNING. Notice the use and placement of semicolons! The name BUZZER is an identifier. Inputs are denoted by the keyword in, and outputs by the keyword out. Since VHDL is a strongly typed language, each port has a defined type. In this case, we specified the std_logic type. This is the preferred type of digital signals. In contrast to the bit type that can only have the values „1‟ and „0‟, the std_logic and std_ulogic types can have nine values. This is important to describe a digital system accurately including the binary values 0 and 1, as well as the unknown value X, the uninitialized value U, “-” for don‟t care, Z for high impedance, and several symbols to indicate the signal strength (e.g. L for weak 0, H for weak 1, W for weak unknown - see section on Enumerated Types). The std_logic type is defined in the std_logic_1164 package of the IEEE library. The type defines the set of values an object can have. This has the advantage that it helps with the creation of models and helps reduce errors. For instance, if one tries to assign an illegal value to an object, the compiler will flag the error.b. Architecture body The architecture body specifies how the circuit operates and how it is implemented. As discussed earlier, an entity or circuit can be specified in a variety of ways, such as behavioral, structural (interconnected components), or a combination of the above. The architecture body looks as follows, Architecture architecture_name of NAME_OF_ENTITY is -- Declarations -- Components declarations -- signal declarations -- Constant declarations 48
49.
-- Function declarations-- Procedure declarations-- Type declarations : Begin-- Statements : End architecture_name;Behavioral model The header line of the architecture body defines the architecture name, e.g.behavioral, and associates it with the entity, BUZZER. The architecture name can be anylegal identifier. The main bodies of the architecture starts with the keyword begin andgive the Boolean expression of the function. We will see later that a behavioral model canbe described in several other ways. The “<=” symbol represents an assignment operatorand assigns the value of the expression on the right to the signal on the left. Thearchitecture body ends with an end keyword followed by the architecture name. The statements in the body of the architecture make use of logic operators. Logicoperators that are allowed are: and, or, nand, nor, xor, xnor and not. In addition, othertypes of operators including relational, shift, arithmetic are allowed as well (see sectionon Operators). For more information on behavioral modeling see section on BehavioralModeling. 49
50.
Concurrency It is worth pointing out that the signal assignments in the above examples areconcurrent statements. This implies that the statements are executed when one or more ofthe signals on the right hand side change their value (i.e. an event occurs on one of thesignals). For instance, when the input A changes, the internal signals X and Y changevalues that in turn causes the last statement to update the output Z. There may be apropagation delay associated with this change. Digital systems are basically data-drivenand an event which occurs on one signal will lead to an event on another signal, etc. Theexecution of the statements is determined by the flow of signal values. As a result, theorder in which these statements are given does not matter (i.e., moving the statement forthe output Z ahead of that for X and Y does not change the outcome). This is in contrastto conventional, software programs that execute the statements in a sequential orprocedural manner.Structural descriptionThe circuit of Figure 2 can also be described using a structural model that specifies whatgates are used and how they are interconnected. The following example illustrates it. Architecture structural of BUZZER is-- Declarations Component AND2 Port (in1, in2: in std_logic; out1: out std_logic); End component; Component OR2 Port (in1, in2: in std_logic; 50
51.
out1: out std_logic); End component; Component NOT1 Port (in1: in std_logic; out1: out std_logic); End component; -- Declaration of signals used to interconnect gates Signal DOOR_NOT, SBELT_NOT, B1, B2: std_logic; Begin -- Component instantiations statements U0: NOT1 port map (DOOR, DOOR_NOT); U1: NOT1 port map (SBELT, SBELT_NOT); U2: AND2 port map (IGNITION, DOOR_NOT, B1); U3: AND2 port map (IGNITION, SBELT_NOT, B2); U4: OR2 port map (B1, B2, WARNING);End structural; Following the header is the declarative part that gives the components (gates)that are going to be used in the description of the circuits. In our example, we use a two-input AND gate, two-input OR gate and an inverter. These gates have to be defined first,i.e. they will need an entity declaration and architecture body (as shown in the previous 51
52.
example). These can be stored in one of the packages one refers to in the header of thefile (see Library and Packages below). The declarations for the components give theinputs (e.g. in1, in2) and the output (e.g. out1). Next, one has to define internal nets(signal names). In our example these signals are called DOOR_NOT, SBELT_NOT, B1,B2 (see Figure 2). Notice that one always has to declare the type of the signal. The statements after the begin keyword gives the instantiations of the componentsand describes how these are interconnected. A component instantiation statement createsa new level of hierarchy. Each line starts with an instance name (e.g. U0) followed by acolon and a component name and the keyword port map. This keyword defines how thecomponents are connected. In the example above, this is done through positionalassociation: DOOR corresponds to the input, in1 of the NOT1 gate and DOOR_NOT tothe output. Similarly, for the AND2 gate where the first two signals (IGNITION andDOOR_NOT) correspond to the inputs in1 and in2, respectively, and the signal B1 to theoutput out1. An alternative way is to use explicit association between the ports, as shownbelow.Label: component-name port map (port1=>signal1, port2=> signal2,…port3=>signaln);U0: NOT1 port map (in1 => DOOR, out1 => DOOR_NOT);U1: NOT1 port map (in1 => SBELT, out1 => SBELT_NOT);U2: AND2 port map (in1 => IGNITION, in2 => DOOR_NOT, out1 => B1);U3: AND2 port map (in1 => IGNITION, in2 => SBELT_NOT, B2);U4: OR2 port map (in1 => B1, in2 => B2, out1 => WARNING);Notice that the order in which these statements are written has no bearing on theexecution since these statements are concurrent and therefore executed in parallel.Indeed, the schematic that is described by these statements is the same independent of theorder of the statements. 52
53.
Structural modeling of design lends itself to hierarchical design, in which one can definecomponents of units that are used over and over again. Once these components aredefined they can be used as blocks, cells or macros in a higher level entity. This cansignificantly reduce the complexity of large designs. Hierarchical design approaches arealways preferred over flat designs.c. Library and Packages: library and use keywords A library can be considered as a place where the compiler stores informationabout a design project. A VHDL package is a file or module that contains declarations ofcommonly used objects, data type, component declarations, signal, procedures andfunctions that can be shared among different VHDL models. We mentioned earlier that std_logic is defined in the package ieee.std_logic_1164in the ieee library. In order to use the std_logic one needs to specify the library andpackage. This is done at the beginning of the VHDL file using the library and the usekeywords as follows: Library ieee ; use ieee.std_logic_1164.all;The .all extension indicates to use all ieee.std_logic_1164 packages.The Xilinx Foundation Express comes with several packages.ieee Library: std_logic_1164 package: defines the standard datatypes. std_logic_arith package: provides arithmetic, conversion and comparison functions for the signed, unsigned, integer, std_ulogic, std_logic and std_logic_vector types std_logic_unsigned std_logic_misc package: defines supplemental types, subtypes, constants and functions for the std_logic_1164 package. 53
54.
To use any of these one must include the library and use clause:library ieee;use ieee.std_logic_1164.all;use ieee.std_logic_arith.all;use ieee.std_logic_unsigned.all;In addition, the synopsis library has the attributes package:library SYNOPSYS;use SYNOPSYS.attributes.all;One can add other libraries and packages. The syntax to declare a package is as follows:-- Package declarationPackage name_of_package isPackage declarationsEnd package name_of_package;-- Package body declarations package body name_of_package isPackage body declarations End package body name_of_package; For instance, the basic functions of the AND2, OR2, NAND2, NOR2, XOR2, etc.components need to be defined before one can use them. 54
55.
4. Lexical Elements of VHDLa. Identifiers Identifiers are user-defined words used to name objects in VHDL models. We have seen examples of identifiers for input and output signals as well as the name of a design entity and architecture body. When choosing an identifier one needs to follow these basic rules: May contain only alpha-numeric characters (A to Z, a to z, 0-9) and the underscore (_) character The first character must be a letter and the last one cannot be an underscore. An identifier cannot include two consecutive underscores. An identifier is c insensitive (ex. And2 and AND2 or and2 refer to the same object) ase An identifier can be of any length. Examples of valid identifiers are: X10, x_10, My_gate1. Some invalid identifiers are: _X10, my_gate@input, gate-input. The above identifiers are called basic identifiers. The rules for these basic identifiers are often too restrictive to indicate signals. For example, if one wants to indicate an active low signal such as an active low RESET, one cannot call it /RESET. In order to overcome these limitations, there are a set of extended identifier rules which allow identifiers with any sequence of characters. An extended identifier is enclosed by the backslash, “ character. ”, An extended identifier is case sensitive. An extended identifier is different from reserved words (keywords) or any basic identifier (e.g. the identifier identity is allowed) 55
56.
Insi e the two backslashes one can use any character in any order, except that a d backslash as part of an extended identifier must be indicated by an additional backslash. As an example, to use the identifier BUS:data, one writes: BUS:data Extended identif are allowed in the VHDL-93 version but not in VHDL-87 iers Some examples of legal identifiers are: Input, Input, input#1, Rstasb. Keywords (Reserved words) Certain identifiers are used by the system as keywords for special use such as specific constructs. These keywords cannot be used as identifiers for signals or objects we define. We have seen several of these reserved words already such as in, out, or, and, port, map, end, etc. Keywords are often printed in boldface, as is done in this tutorial. For a list of all the keywords click on complete keyword list. Extended identifiers can make use of keywords since these are considered different words (e.g. the extended identifier end is allowed.c. Numbers The default number representation is the decimal system. VHDL allows integer literals and real literals. Integer literals consist of whole numbers without a decimal point, while real literals always include a decimal point. Exponential notation is allowed using the letter “E” or “e”. For integer literals the exponent must always be positive. Examples are: Integer literals: 12 10 256E3 12e+6 Real literals: 1.2 256.24 3.14E-2 The number –12 is a combination of a negation operator and an integer literal. 56
57.
CONCLUSION As DES will run through 16 iterations to achieve its desired cipher text (finaloutput).With Triple DES, it will Encrypt-Decrypt-Encrypt the block and a completelydifferent output is generated with a final combination. It‟s said that the security is 192 bitencryption, but also argued that regardless of the keys, the security is only 168 bit. Thisdebate is clearly beyond the scope of this article/writer. If you wish to participate with thescientists in their discussions, it‟s your humility at stake. Its a safe but that Triple DES isexponentially stronger than the previous DES. After that, AES may supplant Triple DES as the default algorithm on mostsystems if it lives up to its expectations. But Triple DES will be kept around forcompatibility reasons for many years after that. So the useful lifetime of Triple DES is farfrom over, even with the AES near completion. 57
Be the first to comment