SlideShare a Scribd company logo
1 of 57
Download to read offline
CHAPTER - 1

                         1.1 INTRODUCTION

       Power analysis attacks have attracted significant attention within the
cryptographic community. So far, they have been successfully applied to different kinds
of (unprotected) implementations of symmetric and public-key encryption schemes.
Although less general than classical cryptanalysis (because they target one specific
implementation), power analysis attacks usually present a very serious threat for practical
cryptosystems implemented on various platforms. Among the different countermeasures
proposed to protect an implementation from such attacks, one of the most popular is the
Boolean masking method. In this proposal, the cryptographic algorithm is modified in
such a way that the intermediate data never appears as such, but is always “masked” with
random Boolean vectors. The masking has been successfully applied to smart card
implementations of the DES and the AES Rijndael. However, recent works have shown
that power analysis attacks are also practical against ASIC and FPGA implementations of
cryptographic algorithms. A practical problem is therefore to protect these devices.

       In this context, one important concern is the implementation cost of the
countermeasure. In particular, the protected algorithms usually have much higher memory
requirements than the unmasked ones. For this reason, it is often assumed that masking is
not a practical solution for the protection of hardware implementations. On the opposite,
it is demonstrated in this project that FPGA implementations of the DES offer very
simple and interesting opportunities to implement the Boolean masking method. In
practice a secure cryptographic design based on the use of large embedded memories
available inside certain recent FPGAs. As the efficiency of the proposal highly depends on
the size of the substitution tables used in the encryption algorithm, it was particularly
well-fitted to the DES (and, for example, could not be applied as such to the AES
Rijndael). Therefore, resulting protected DES implementation only requires a moderate
additional hardware cost. It is observed that, most of the present counter measures against
side-channel attacks; the masking does not provide any perfect security and only makes
the attack more difficult.



                                         1
1.2   POWER ANALYSIS
             In Cryptography, power analysis is a form of side channel attack in which the
      attacker studies the power consumption of cryptographic hardware device (such as a
      smart card, tamperproof,”blackbox”, microchip, etc.).It can yield information about what
      the device is doing, and including key and other secrets.
             Since increasingly confidential data are being exchanged on electronic way an
      ever greater importance is attached to the protection of the data. Where cryptosystems
      are being used in real applications attacks have to be taken into account. Hard and
      software implementations themselves present a vast field of attacks. Side-channel-
      Attacks exploit information that leaks from a cryptographic device. Especially one of
      these new attacks has attracted much attention since it has been announced. This method
      is called Differential Power Analysis (DPA) and was presented in 1998 by Cryptography
      Research. DPA uses the information that naturally leaks from a cryptographic hardware
      device, namely the power consumption. A less powerful variant, the Simple Power
      Analysis (SPA) was also announced by Cryptography Research.            What does a DPA
      attack require?    First, an attacker must be able to precisely measure the power
      consumption. Second, the attacker needs to know what algorithm is computed, and third
      an attacker needs the plain or ciphertext. The strategy of the attacker is to make a lot of
      measurements, and then divide them with the aid of some oracle into two or more
      different sets. Then, statistical methods are used to verify the oracle. If and only if the
      oracle was right, one can see noticeable peaks in the statistics.


1.2.1 Differential Power Analysis: is an extension of power analysis that can allow an
      attacker to compute the intermediate values of data blocks and key blocks by statistically
      analyzing data collected from multiple cryptographic operations.


1.2.2 Basics (Simple power Analysis)
             Examining graphs of time against current used by a device can often show exactly
      what the device is doing at a given point. For example, on a graph of smartcard
      performing a DES encryption, the sixteen rounds can be seen clearly.



                                                2
The currents passing through a device are usually small, but standard digital
      oscilloscopes equipment is precious and accurate enough to measure data –induced
      variations. It is reasonable for a cryptosystem designer to assume that an adversary will
      have access to such equipment.
              Power analysis does not seek to find weaknesses in algorithm or protocols so
      much as in their implementations. It provides a way to “see inside” otherwise
      „tamperproof‟ hardware. For example, DES‟s key schedule involves rotating 28 – bit key
      register. In order to save time, most implementations simply check the least significant
      bit to see if it is a 1 . If so, divides the register by two and prepends the 1 at the left end.
      Power analysis can show the difference between a register with a 1 and a register with a 0
      at the end when this happens. This can leak information about key material. DES‟s
      permutations, usually clumsily implemented in software, reveal even more information
      through conditional branches.


1.3   Differential Power analysis
              Differential Power analysis (DPA) is a side – channel attack which involves
      statistically analyzing power consumption measurements from a cryptosystem. The
      attacks exploits biases varying power consumptions of microprocessors or other hardware
      while performing operations using secrete keys. DPA attacks have signal processing and
      error correction properties which can extract secrets from measurements which contain
      too much noise to be analyzed using simple power analysis. Using DPA, an adversary
      can obtain secret keys by analyzing power consumption measurements from multiple
      cryptographic operations performed by vulnerable smart card or other device.


1.4   Preventing simple and differential power analysis attacks

              Simple power analysis can most easily distinguish conditional branches in the
      execution of the cryptographic program since a device does different things (requiring
      different power) depending on which conditional branch is executed. For this reason, care
      should be taken to ensure there should no differences (from a power perspective) in the
      conditionals branches within cryptographic software implementations.             All rotations,




                                                 3
permutations and logic operations (such as XOR) should take the same time and draw
      equivalent power, no matter what the input.

             There are, however, some algorithms with inherently significant branching to
      eliminate information leakage from these, software engineers may have to be very
      creative.   This Creative engineering may cause of performance reduction (in speed
      typically), and will almost always required greater development, which must be weighed
      against possibility of power analysis. An alternative, some cases is to use hardwired
      hardware cryptographic device. Their power consumption can vary very little, due to
      their construction. However, in the case of smart cards for example, it is not always
      possible to place software implementations with hardware implementations.

             Differential power analysis is more difficult to prevent, since even small biases in
      the power consumption can lead to exploitable weaknesses.           Some countermeasure
      strategies involve algorithmic modifications such that the cryptographic operations occur
      on data that is related to the actual value by some mathematical relationship that survives
      the cryptographic operation. This is called blinding, and usually implies an algorithm
      that is based on number theory, such as factoring or discrete algorithms.



1.5 Power Analysis Foundations

             Almost every digital circuit built today is based on Complementary Metal Oxide
      Semiconductor (CMOS) technology. Therefore it is necessary to understand the power
      consumption characteristics of this technology. If a CMOS gate changes its state, this
      change can be measured at the Vdd (Vss) pin. The more circuits change their state, the
      more power is dissipated. In a synchronous design, gates are clocked which means that
      all gates change their state at the same time. Power dissipated by the circuit can be
      monitored by using a small resistor Rm in series between Vdd (or Vss) and the true source
      (or ground). The two most essential parts of the power consumption during a change of a
      state are the dynamic charge respective discharge (appr. 85%) and the dynamic short
      circuit current (appr. 15%). This is sketched on the example of an inverter shown in
      figure 1.1. The output of each gate has a capacitive load, consisting of the parasitic
      capacity of the connected wires and gates of the following stages. An input transition



                                               4
results in an output transition, which discharges or charges this parasitic capacity, causing
        a current flow to Vdd (or Vss). This current is the dynamic charge is the dynamic charge
        resp. discharge current. By measuring current Flow on Vdd we can detect whether the
        output changed from 0 to 1 or not.




Figure 1.1Inverter


1.6     Differential Power Analysis of DES

                In the DES the subkey splits up in eight blocks, one for every sbox. Therefore we
        specify one target sbox for which we list all possible (=26) input values. We will refer to
        such an input value as subkey block. As assumed above we know the ciphertext, and so
        we can calculate the value of some of the bits in L15 for every possible subkey block. We
        select one of these bits as our target bit. The value of the target bit is our selection
        function D. If D=1 the corresponding power measurement will be put in sample set S1, if
        D-0 it is classified to S0. This procedure is repeated for a lot of measurement, so at the
        end we have, for every ciphertext and all subkey blocks, a classification of the
        corresponding measurement.        Let n denote the amount of ciphertext, respective
        measurements. Then we can write all our classifications in a 26 x n matrix. So every line
        represents a possible key for the target sbox, and every column represents the
        classification of one ciphertext resp. measurement.

                For the DPA attack go through all lines and build the two sample sets S0 and S1.
        Then compute the mean (point wise) of the samples in the sets, M0 and M1, and compute
        the difference. For the correct subkey block there must be a peak in the trace of the
        difference.




                                                  5
1.7   ROM DESIGN AND EVALUATION AGAINST POWER ANALYSIS ATTACK

1.7.1 Power Simulation on an 8 x 8 ROM

             The ROM of 3-bit input, 8-bit output is as shown in figure 2.2. It consists of two
      main components: a 3 to 8 decoder and a memory array. The decoder is made up of
      eight 3-input AND gates each driven by a min-term of the 3 input signals. The memory
      array is an array of pull-down N-type transistors, on each intersection of a horizontal
      address line and a vertical data line. Increase the Hamming weight (the number of “1”s)
      of the ROM content one by one.




                              Figure 1.2   8 x 8 ROM
             For each Hamming weight, randomly distribute the locations of “1”s (N-type
      transistors) and run power simulations around 10 times. The power consumption versus
      Hamming weight information is leaked, as average power increases linearly with it.


1.7.2 Inserting randomness in to ROM

             These are two dimensions of freedom which cause power consumption variation
      given a certain Hamming weight:




                                              6
i.     Duty cycle of address lines
ii.    N-type transistors distribution
       The duty cycle of address lines are not identical to each other, due to inverter
delay in the address decoder.        When one address line is selected and the N-type
transistors on it are turned on, the power dissipation caused by short-circuit current is
approximately proportional to the duty cycle of selected address line. As a result, the
power consumption differs when locations of N-type transistors change between different
address lines.
       The power consumption variation caused by duty cycle nuance can be exploited
to mask the linearity between the power and the Hamming weight. One may consider
increasing the duty cycle nuances in address lines. But the influence would be slight
since differences of some duty cycles are very small. Moreover, it increases the risk of
timing analysis attack which in turn cancels the improvement on power information
leakage.
       An alternative is to modify the N-type transistor distribution by using extra
dummy bit line, i.e. to increase the scope of N-type transistor distribution over a larger
ROM whose circuit is shown in Figure 1.3.




Figure 1.3 8 x 8 ROM with extra bit lines, for random insertion



                                           7
1.7.3 Dual-rail ROM design

              It is observed that a dual-rail ROM design may be a better countermeasure. Dual-
      rail refers to an encoding system where two-bit value “01” stands for Logic-0,”10” for
      logic-1. The dual rail ROM has a double numbers of bit lines, which in pairs represent
      logic words. With this encoding technique, a constant number (half the number of
      bilieness) of N-type transistors will be turned on no matter which address line is selected.
              Figure 1.4 shows a dual-rail 8 x 8 ROM example which has 16 bit lines to output
      8-bit words.      Run power simulation on it similar to its bundle-data version, but
      increasing the number of logic-1 instead of increasing the number of “1”s, which is
      consistently equal to half of the total intersections of address lines and bit lines.




    Figure 1.4 Dual-rail 8 x 8 ROM, 16 bit lines representing 80bit word




                                                 8
1.8   RANDOM NUMBER GENERATOR

1.8.1 INTRODUCTION

              The need for random numbers in cryptographic processes is ubiquitous.
      Initialization vectors block padding, challenges, nonce‟s, and, of course, keys are some of
      the cryptographic objects where a string of unpredictable bits is required. Often the same
      Random Number Generator (RNG) supplies bits for all of the above uses in a
      cryptographic system. Many of the bits generated by the RNG are transmitted in the clear
      and thus a passive attacker has ample opportunity to analyze the output of the RNG and
      can leverage any weaknesses found there.
              The random number generator (RNG) is an important cryptographic primitive
      widely used for one time pads, key generation and authentication protocols. The securities
      of such systems rely on the assumption that future values in the random number sequence
      cannot be predicted from the observed sequence. There are two types of random number
      generators commonly used for cryptographic applications. The true random number
      generator (TRNG) derives its output from a physical noise source whereas a
      pseudorandom number generator (PRNG) expands a relatively short key (possibly from a
      TRNG) into a long sequence of seemingly random bits based on a deterministic algorithm.
      A cryptographically secure random bit generator (CSRBG) is one which produces
      sequences for which there is no polynomial time algorithm which, on input of the first l
      bits of the output sequence s, can predict the (l + 1 )st bit of s with a probability
      significantly greater than I.
              Field programmable gate array (FPGA) devices have been successfully used for
      the implementation of cryptographic hardware, some examples being the data encryption
      standard (DES), advanced encryption standard (AES) candidate finalists, IDEA and RSA
      cryptography. In these and other implementations, FPGAs had ad-vantages in
      performance, design time, power consumption, flexibility, cost or area over comparable
      microprocessor and very large scale integration (VLSI) based systems.
              These designs are intended for integration with other FPGA based cryptographic
      hardware to produce embedded cryptosystems on a single FPGA. Apart from achieving a
      higher level of integration, keeping the critical random number generation operations




                                               9
internal to the device achieves better security since these data do not need to be passed to
      the FPGA via the pins.
             In many applications, highly secure random numbers are required only at very low
      bit rates, perhaps to generate a single key for the lifetime of the application. An example
      is public key cryptography where, once a key pair is generated, the same key is used for
      subsequent applications. The TRNG and PRNG reported in this paper are designed for
      low bit rate applications and both are able to generate highly secure random numbers
      while occupying minimal resources. They are particularly suitable for applications where
      integration of the RNG and other cryptographic algorithms on the same FPGA is
      required.
             Given the importance of random number generation, surprisingly few hardware
      implementations of TRNGs have been reported. There are three commonly used
      techniques namely oscillator sampling, direct amplification and discrete time chaos. In
      the oscillator sampling approach, period variation (i.e. oscillator jitter) in a low frequency
      clock of low quality factor (Q) is exploited by using it to sample a high frequency clock.
      The direct amplification technique digitizes thermal or shot noise, using a amplifier and
      comparator. Finally, chaotic systems can be used to produce TRNGs.


1.9   Kinds of Random Number Generators

      RNGs can be separated into two general categories:

1.9.1 Pseudo Random Number Generators (PRNGs):

             These generators are algorithms, which are initialized with an externally
      generated sequence and produce a much longer sequence that appears to be random.
      After being initialized with a seed value the internal state of the generator completely
      determines the next bit to be generated. Given the same seed value a PRNG will always
      produce the same sequence.




                                                10
1.9.2 True Random Number Generators (TRNGs):

            These generators base their output entirely on an underlying random physical
     process. Unlike their deterministic cousins there is no internal state kept in the generator
     and the output is based only on the physical process and not any previously produced bits.
     Often the raw bits generated by the physical source are biased (the probability of a '1' is
     not 0.5), and thus some bias reduction is necessary.




                                              11
CHAPTER – 2

                                 CRYPTOGRAPHY


       Cryptography is the study of mathematical techniques related to aspects of information
security such as confidentiality, data integrity, entity authentication, and origin authentication.


2.1    Basic terminology and concepts
            Cryptanalysis is the study of mathematical techniques for attempting to defeat
            cryptographic techniques, and, more generally, information security services.

            A cryptanalysts is someone who engages in cryptanalysis.

            Cryptology is the study of cryptography and cryptanalysis.

            Cryptosystem is a general term referring to a set of cryptography primitives used to
            provide information security services. Most often the term is used in conjunction with
            primitives providing confidentiality, i.e. Encryption.

            It is an art of science that conveys message from source to destination in a secured
       basis. There are two kinds of cryptosystems: symmetric and asymmetric. Symmetric
       cryptosystems use the same key (the secret key) to encrypt and decrypt a message, and
       asymmetric cryptosystems use one key (the public key) to encrypt a message and a
       different key (the private key) to decrypt it. Asymmetric cryptosystems are also called
       public key cryptosystems.


2.2    Need for security

       Steps involved in secured communication:
       1.    Design an algorithm for performing the security related transformation such that the
             opponent cannot defeat its purpose.
       2.    Generate the secret information to be used with the algorithm.
       3.    Specify the protocol to be used by the two principles that make use of the security
             algorithm.


                                                 12
2.3   Threats in communication
2.3.1 Information access threat:
      Modification of the data without the knowledge of sender and then transmit the data.

2.3.2 Service threat:
      Exploit these flaws in the services available in computer to inhibit the use by legitimate
      users.
2.3.3 Types of intruders
      Masquerader: An individual who isn‟t authorized to use the computer and who
      penetrates a system occurs controls to exploit legitimate users account.
      Misfeasor: A legitimate user who access data, programs or resources for which access
      isn‟t authorized for such access.


2.4   SYMMETRIC CIPHER MODEL

        Symmetric encryption also referred to as conventional encryption or single-key
      encryption was the only type of encryption in use prior to the development of public-key
      encryption. The most widely used symmetric cipher is TDES.
      Plaintext: This is the original intelligible message or data that is fed into the algorithm as
      input.
      Encryption algorithm: The encryption algorithm performs various substitutions and
      transformations on the plaintext.

      Secret key: The secret key is also input to the encryption algorithm. The key is a value

      independent of the plaintext. The algorithm will produce a different output depending on
      the specific key being used at the time. The exact substitutions and transformations
      performed by the algorithm depend on the key.




                                                13
Secret key shared by                     Secret key shared by
                  Sender and recipient                      sender and recipient




                                          Transmitted       Decryption
                      Encryption
                      Process                               Process

                                          Cipher text
   Plaintext          Encryption Algorithm            Decryption Algorithm         Plaintext
   Input               (e.g., TDES)                   (reverse of Encryption        output
                                                              Algorithm)
  Figure-2.1.    Simplified Model of Conventional Encryption


           Ciphertext: This is the scrambled message produced as output. It depends on the
            plaintext and the secret key. For a given message, two different keys will produce two
            different ciphertext. The ciphertext is an apparently random stream of data and, as it
            stands, is unintelligible.
           Decryption algorithm: This is essentially the encryption algorithm run is reverse. It
            takes the ciphertext and the secret keys and produces the original plaintext.


  2.5       MODEL OF CONVENTIONAL CRYPTOSYSTEM

                                          Cryptanalyst
                  Figure 2.2                                                 X
                                                                  K




Message           X                               Y                        X
                             Encryption                    Decryption                 Destination
source
                             Algorithm                     Algorithm



                          Key
                         Source


                                                      14
A source produces a message in plaintext, X=[X1, X2, X3. . . , XM].The M
elements of X are letters in some finite alphabet. Traditionally, the alphabet usually
consisted of the 26 capital letters. Nowadays, the binary alphabet {0, 1} is typically used.
For encryption, a key of the form K= [K1, K2, K3……., KJ] IS GENERATED. If the
key is generated at the message source, then it must also be provided to the destination by
means of some secure channel. Alternatively, a third party could generate the key and
securely deliver it to both source and destination.
    With the message X and the encryption key K as input, the encryption algorithm
forms the ciphertext Y=[Y1, Y2, Y3, . . . . . . . ., YN]. We can write this as
                               Y=EK(X)
                        This notation indicates that Y is produced by using encryption
algorithm E as a function of the plaintext X, with the specific function determined by the
value of the key K.
The intended receiver, in possession of the key, is able to invert the transformation:
                               X=DK(Y)
       An opponent, observing Y but not having access to K or X, may attempt to
recover X or K or both X and K. It is assumed that the opponent knows the encryption
(E) and decryption (D) algorithms. If the opponent is interested in only this particular
message, then focus of the effort is to recover X by generating a plaintext estimate X.
Often, however, the opponent is interested in being able to read future messages as well,
in which case an attempt is made to recover K by generating an estimate K.




                                          15
CHAPTER – 3

                       DATA ENCRYPTION STANDARD


3.1     DESCRIPTION OF DES

               DES (the Data Encryption Standard) is a symmetric block cipher developed by
        IBM. The algorithm uses a 56-bit key to encipher/decipher a 64-bit block of data. The
        key is always presented as a 64-bit block, every 8th bit of which is ignored. However, it
        is usual to set each 8th bit so that each group of 8 bits has an odd number of bits set to 1.

               The algorithm is best suited to implementation in hardware, probably to
        discourage implementations in software, which tend to be slow by comparison. However,
        modern computers are so fast that satisfactory software implementations are readily
        available.
               DES is the most widely used symmetric algorithm in the world, despite claims
        that the key length is too short. Ever since DES was first announced, controversy has
        raged about whether 56 bits is long enough to guarantee security.
               The key length argument goes like this. Assuming that the only feasible attack on
        DES is to try each key in turn until the right one is found, then 1,000,000 machines each
        capable of testing 1,000,000 keys per second would find (on average) one key every 12
        hours. Most reasonable people might find this rather comforting and a good measure of
        the strength of the algorithm.
               Those who consider the exhaustive key-search attack to be a real possibility (and
        to be fair the technology to do such a search is becoming a reality) can overcome the
        problem by using double or triple length keys. In fact, double length keys have been
        recommended for the financial industry for many years.

3.1.1   Encryption

               Many people are not aware that the information they send or the files stored on
        their computers needs to be protected, however when you consider what you have on
        your computer and the many ways it can fall into the wrong hands, it does start to make
        sense to protect your privacy in some way.



                                                  16
Key technology: encryption. Store and transmit information in an encoded form that does
      not make any sense. The basic mechanism:

       * Start with text to be protected. Initial readable text is called clear text.

               * Encrypt the clear text so that it does not make any sense at all. The nonsense
      text is called cipher text. The encryption is controlled by a secret password or number;
      this is called the encryption key.




      The encrypted text can be stored in a readable file, or transmitted over unprotected
      channels.

3.1.2 Decryption

             To make sense of the cipher text, it must be decrypted back into clear text. This is
      done with some other algorithm that uses another secret password or number, called the
      decryption key.




      All of this only works under three conditions:




                                                 17
* The encryption function cannot easily be inverted (cannot get back to clear text unless
you know the decryption key).

* The encryption and decryption must be done in some safe place so the clear text cannot
be stolen.

* The keys must be protected. In most systems, can compute one key from the other
(sometimes the encryption and decryption keys are identical), so cannot afford to let
either key leak out.




                       Figure-3.1 DES encryption




                                       18
Figure-3.2   DES algorithm



Why DES?


i)       High level of security.
ii)      Same algorithm with the same key is used for encryption and decryption.
iii)     The algorithm and the key could be shared by the sender and receiver.
iv)       RSA and Substitution algorithm have some drawbacks, where the DES can



                                         19
Over comes.
          v)     In the RSA algorithm we use two keys whereas in DES we use only one key for
                 both encryption and decryption.


          vi)     There is only one round process in RSA whereas there are 16 rounds of process
                  in DES.


          vii)    In substitution algorithm we replace a character by some other character code
                  whereas in DES we encryption the text and process it for 16 rounds.


3.2        Limitations of DES
                 Generating the per-round keys that the key is subjected to and a initial
          permutation to generate two 28 – bit quantities, C0 and D0. The sixteen suspect keys are
          ones for which, C0 and D0 are one of the four values: all ones, all zeroes, alternating ones
          and zeroes, alternating zeroes and ones. Since there are four possible values for each
          half, there are sixteen possibilities in all. The four weak keys are the ones for which each
          of, C0 and D0     are all ones or all zeroes. Weak keys are their own inverses. The
          remaining twelve keys are the semi- weak keys. Each is the inverse of one of the others.


3.2.1     Applications

          The DES core can be utilized for a variety of encryption applications including:

         Secure File/Data transfer
         Electronic Funds Transfer
         Encrypted Storage Data
         Secure communications

3.2.2     Features

         FIPS 46-3 Standard Compliant
         Encryption/Decryption             performed              in            16            cycles
          (ECB mode)



                                                   20
   56 bits of security
         For use in FPGA or ASIC designs
         Verilog IP Core

          Non Pipelined version


         Small gate count

          Pipelined version


         Pipelined for maximum performance
         Encryption/Decryption              performed              in            1            cycle
          (ECB mode) after an initial latency of 16 cycles



3.3       Triple-DES:

                 Use of multiple length keys leads us to the Triple-DES algorithm, in which DES
          is applied three times. Triple DES is simply another mode of DES operation. It takes
          three 64-bit keys, for an overall key length of 192 bits. In Private Encryption, you simply
          type in the entire 192-bit (24 character) key rather than entering each of the three keys
          individually. The Triple DES DLL then breaks the user provided key into three sub keys,
          padding the keys if necessary so they are each 64 bits long. The procedure for encryption
          is exactly the same as regular DES, but it is repeated three times. Hence the name Triple
          DES, The data is encrypted with the first key, decrypted with the second key, and finally
          encrypted again with the third key. Triple DES, also known as 3DES.
                 Consequently, Triple DES runs three times slower than standard DES, but is
          much more secure if used properly. The procedure for decrypting something is the same
          as the procedure for encryption, except it is executed in reverse. Like DES, data is
          encrypted and decrypted in 64-bit chunks. Unfortunately, there are some weak keys that
          one should be aware of: if all three keys, the first and second keys, or the second and
          third keys are the same, then the encryption procedure is essentially the same as standard
          DES. This situation is to be avoided because it is the same as using a really slow version
          of regular DES.


                                                  21
Note that although the input key for DES is 64 bits long, the actual key used by
DES is only 56 bits in length. The least significant (right-most) bit in each byte is a parity
bit, and should be set so that there are always an odd number of 1s in every byte. These
parity bits are ignored, so only the seven most significant bits of each byte are used,
resulting in a key length of 56 bits. This means that the effective key strength for Triple
DES is actually 168 bits because each of the three keys contains 8 parity bits that are not
used during the encryption process.




       If we consider a triple length key to consist of three 56-bit keys K1, K2, K3 then
       encryption is as follows:
       •EncryptwithK1
       •DecryptwithK2
       •Encrypt with K
       Decryption is the reverse process:
       •Decrypt with K3

       •Encrypt with K2

       •Decrypt with K1

   Setting K3 equal to K1 in these processes gives us a double length key K1, K2.




                                          22
Setting K1, K2 and K3 all equal to K has the same effect as using a single-length (56-bit
       key). Thus it is possible for a system using triple-DES to be compatible with a system
       using single-DES.




Figure-3.4 Enciphering computation


               DES operates on a 64 – bit      block of plaintext. After an initial permutation the
       block is broken into a right half and left half, each 32 – bits long. Then there are 16
       rounds of identical operations, called Function f, in which the data are combined with the
       key. After the sixteenth round, the right and left halves are joined, and a final permutation
       (the inverse of the initial permutation) finishes off the algorithm.



                                                 23
In each round the key bits are shifted, and then 48 – bits are selected from the 56
–bits of the key. The right half of the data is expanded to 48 – bits via an expansion
permutation, combined with 48 –bits of a shifted and permuted key via an XOR, sent
through 8 S- boxes producing 32- new bits, and permuted again. These four operations
make      up Function f. The output of Function f is then combined with the left half via
another XOR. The results of these operations become the new right half; the old right half
becomes the new left half. These operations are repeated sixteen times, making 16 rounds
of DES.




  Figure 3.5 TDES Algorithm




                                         24
Figure 3.6 Single Round of DES




                                 25
3.4     Initial permutation (IP)




Figure-3.7 Initial permutation

Table-3.1 Initial permutation
                             IP
                                 58 50 42 34 26 18 10 2
                                 60 52 44 36 28 20 12 4
                                 62 54 46 38 30 22 14 6
                                 64 56 48 40 32 24 16 8
                                 57 49 41 33 25 17 9              1
                                 59 51 43 35 27 19 11 3
                                 61 53 45 37 29 21 13 5
                                 63 55 47 39 31 23 15 7


                 Table 3.1 specifies the input permutation on a 64-bit block. The meaning is as
        follows: the first bit of the output is taken from the 58th bit of the input; the second bit
        from the 50th bit, and so on, with the last bit of the output taken from the 7th bit of the
        input.
                 The initial permutation occurs before round one; it transposes the input block as
        described in table 3.1 this table, like all the other tables in this chapter , should be read
        left to right, top to bottom. For example, the initial permutation moves bit 58 of the
        plaintext to bit position 1, bit 50 to bit position 2, and so forth. The initial permutation
        and the corresponding final permutation do not affect DES„s security.



                                                 26
3.5     Final permutation (IP-1)




Figure-3.8. Final permutation



Table-3.2 Final permutation

                                IP-1
                                40 8 48 16 56 24 64 32

                                39 7 47 15 55 23 63 31

                                38 6 46 14 54 22 62 30
                                37 5 45 13 53 21 61 29

                                36 4 44 12 52 20 60 28

                                35 3 43 11 51 19 59 27
                                34 2 42 10 50 18 58 26
                                33 1 41 9        49 17 57 25



                The final permutation is the inverse of the initial permutation; the table is
        interpreted similarly. This is shown in table 3.2.




                                                 27
3.6    Expansion permutation (E)




Figure-3.9 Expansion permutation

Table-3.3 Expansion permutation
                              E
                              32       1     2     3    4     5
                              4        5     6     7    8     9
                              8        9     10    11   12    13
                              12       13    14    15   16    17
                              16       17    18    19   20    21
                              20       21    22    23   24    25
                              24       25    26    27   28    29
                              28       29    30    31   32    1


               The expansion permutation is interpreted as for the initial and final permutations.
       Note that some bits from the input are duplicated at the output; e.g. the fifth bit of the
       input is duplicated in both the sixth and eighth bit of the output. Thus, the 32-bit half-
       block is expanded to 48 bits.
               This operation expands the right half of the data, RI, from 32-bits to 48 bits.
       Because this operation changes the order of the bits as well as repeating certain bits, it is
       known as an expansion permutation. This operation has two purposes: it makes the right
       half the same size as the key for the XOR operation and it provides a longer result that
       can be compressed during the substitution operation. However, neither of those is its
       main cryptographic purpose. By allowing one bit to affect two substitutions, the
       dependency of the output bits on the input bits spreads faster. This is called an avalanche
       effect. This is shown in table 3.3.




                                                  28
3.7    Permutation (P)




Figure-3.10 Permutation


                                 Table-3.4 Permutation

                                     P
                                     16   7     20   21
                                     29   12    28   17
                                     1    15    23   26
                                     5    18    31   10
                                     2    8     24   14
                                     32   27    3    9
                                     19   13    30   6
                                     22   11    4    25


       The 32 – bit output of the S –box substitution is permuted according to a P –box. This
       permutation maps each input bit to an output position; no bits are used twice and no bits
       are ignored. This is called a straight permutation or just a permutation. This is shown in
       table 3.4.




                                               29
3.8    Permuted choice 1 (PC-1)




Figure-3.11 Permuted choice 1


Table-3.5 Permuted choice 1


                          PC-1
                          Left
                          57      49    41     33     25     17     9
                          1       58    50     42     34     26     18
                          10      2     59     51     43     35     27
                          19      11    3      60     52     44     36
                          Right
                          63      55    47     39     31     23     15
                          7       62    54     46     38     30     22
                          14      6     61     53     45     37     29
                          21      13    5      28     20     12     4

               The "Left" and "Right" halves of the table show which bits from the input key
       form the left and right sections of the key schedule state. Note that only 56 bits of the 64
       bits of the input are selected; the remaining eight were specified for use as parity bits.
               The DES performs a function, on 64 – bits key to generate sixteen 48 bit keys.
       Which are k1, K2, k3, .k16.First it does an initial permutation on the 56 useful bits of the
       key, to generate a 56 –bit output, which it divides into two 28 bit values, called Co and
       Do. The permutation is specified as in Table 4.5.



                                                 30
3.9    Permuted choice 2 (PC-2)




Figure-3.12 Permuted choice 2


Table-3.6 Permuted choice 2
Permutation to obtain the left half of Ki
                                 PC-2
                                 14     17   11    24   1    5
                                 3      28   15    6    21   10
                                 23     19   12    4    26   8
                                 16     7    27    20   13   2

Permutation to obtain the right half of Ki

                                 41     52   31    37   47   55
                                 30     40   51    45   33   48
                                 44     49   39    56   34   53
                                 46     42   50    36   29   32


               The permutations in this case are likely to be of some security value. The
       permutation of Ci that produces the left half of Ki is shown in Table 3.6.Note that bits 9,
       18, 22 and 25 are discarded.
               The permutations of the rotated Di – 1 that produces right half of Ki is shown in
       Table 3.6.Bits 35, 38, 43, and 54 are discarded. Each of the halves of the Ki is 24 –bits,
       so Ki is 48- bits long.




                                                  31
3.9   Substitution boxes (S-boxes)




                        Figure-3.13 Calculation of f(R, k)


             After the compressed key is XORed with expanded block, the 48 – bit result
      moves to a substitution operation. The substitutions are performed by eight substitution
      boxes, or S-boxes. Each S – box has a 6-bit input and a 4-bit output, and there are eight
      different S-boxes. The total memory requirements for the eight DES S-boxes are 256
      bytes. The 48 bits are divided into eight 6-bit sub-blocks. Each separate block is operated
      on by a separate S-box: The first block is operated on by S-box 1; the second block is
      operated on by S-box 2, and so on.


                       Table-3.7 Substitution boxes (S-boxes)
             S-boxes
             S1
             14 4       13   1   2    15   11   8    3    10   6    12   5    9    0   7
             0   15     7    4   14   2    13   1    10   6    12   11   9    5    3   8
             4   1      14   8   13   6    2    11   15   12   9    7    3    10   5   0
             15 12      8    2   4    9    1    7    5    11   3    14   10   0    6   13




                                                     32
S2
        15    1    8    14   6    11   3    4    9    7    2    13   12   0    5    10
        3     13   4    7    15   2    8    14   12   0    1    10   6    9    11   5
        0     14   7    11   10   4    13   1    5    8    12   6    9    3    2    15
        13    8    10   1    3    15   4    2    11   6    7    12   0    5    14   9
        S3
        10    0    9    14   6    3    15   5    1    13   12   7    11   4    2    8
        13    7    0    9    3    4    6    10   2    8    5    14   12   11   15   1
        13    6    4    9    8    15   3    0    11   1    2    12   5    10   14   7
        1     10   13   0    6    9    8    7    4    15   14   3    11   5    2    12
        S4
        7     13   14   3    0    6    9    10   1    2    8    5    11   12   4    15
        13    8    11   5    6    15   0    3    4    7    2    12   1    10   14   9
        10    6    9    0    12   11   7    13   15   1    3    14   5    2    8    4
        3     15   0    6    10   1    13   8    9    4    5    11   12   7    2    14
        S5
        2     12   4    1    7    10   11   6    8    5    3    15   13   0    14   9
        14    11   2    12   4    7    13   1    5    0    15   10   3    9    8    6
        4     2    1    11   10   13   7    8    15   9    12   5    6    3    0    14
        11    8    12   7    1    14   2    13   6    15   0    9    10   4    5    3
        S6
        12    1    10   15   9    2    6    8    0    13   3    4    14   7    5    11
        10    15   4    2    7    12   9    5    6    1    13   14   0    11   3    8
        9     14   15   5    2    8    12   3    7    0    4    10   1    13   11   6
        4     3    2    12   9    5    15   10   11   14   1    7    6    0    8    13
        S7
        4     11   2    14   15   0    8    13   3    12   9    7    5    10   6    1
        13    0    11   7    4    9    1    10   14   3    5    12   2    15   8    6
        1     4    11   13   12   3    7    14   10   15   6    8    0    5    9    2
        6     11   13   8    1    4    10   7    9    5    0    15   14   2    3    12
        S8
        13    2    8    4    6    15   11   1    10   9    3    14   5    0    12   7
        1     15   13   8    10   3    7    4    12   5    6    11   0    14   9    2
        7     11   4    1    9    12   14   2    0    6    10   13   15   3    5    8
        2     1    14   7    4    10   8    13   15   12   9    0    3    5    6    11


        Table 3.7 lists the eight S-boxes used in DES. Each S-box replaces a 6-bit input
with a 4-bit output. Given a 6-bit input, the 4-bit output is found by selecting the row
using the outer two bits, and the column using the inner four bits. For example, an input
"011011" has outer bits "01" and inner bits "1101"; the corresponding output would be
"1001". . .




                                                 33
Figure 3.7.1 E table




Figure 3.7.2 Input Key




Figure 3.7.3 Permuted choice one (PC-1)



                                          34
Figure 3.7.4 Permuted choice one (PC-2)




Figure 3.7.5 Rotation in the key schedule



3.11   Rotations in the key-schedule

              Before the round subkey is selected, each half of the key schedule state is rotated
       left by a number of places. This table specifies the number of places rotated.
              Triple DES has two attractions that assure its widespread use over the next few
       years. First, with its 168-bit key length, it overcomes the vulnerability to brute-force
       attack of DES. Second, the underlying encryption algorithm in Triple DES is the same as
       in DES. This algorithm has been subjected to more scrutiny than any other encryption
       algorithm over a longer period of time, and no effective cryptanalytic attack based on the
       algorithm rather than brute-force has been found. Accordingly, there is a high level of
       confidence that 3DES is very resistant to cryptanalysis. If security were the only
       consideration, then 3DES would be an appropriate choice for a standardized encryption
       algorithm for decades to come.




                                                35
Figure-3.14 Key schedule calculation




                                       36
Figure-3.15 Feistel Decryption Algorithm




                                           37
3.12   DES Decryption

           i) Use same function
           ii) Key is the key…
                  Used in reverse order (K1,…, K16 becomes K16,…, K1)
                  Right circular shift of 0-2 bits
              0 1 2 2 2 2 2 2 1              2       2       2       2       2       2 1
              1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
               (1 1 2 2 2 2 2 2 1                2       2       2       2       2   2     1)
              With DES it is possible to use the same function to encrypt or decrypt a block.
       The only difference is that the keys must be used in the reversed order. That is , if the
       encryption keys for each round are K1,K2,K3,…K16, then the decryption keys are K16,
       K15, K14, …,K1.The algorithm that generates the key used for each round is circular as
       well. The key shift is shown above.


3.13   Applications

       The DES3 core can be utilized for a variety of encryption applications including:

          Secure File/Data transfer
          Electronic Funds Transfer
          Encrypted Storage Data
          Secure communications

3.13.1 Features

          FIPS 46-3 Standard Compliant
          Encryption/Decryption performed in 48 cycles(ECB mode)
          Up to 168 bits of security
          For use in FPGA or ASIC designs
          Verilog IP Core




                                                     38
Non Pipelined version


   Small gate count shared DES

Pipelined version

   Pipelined for maximum performance
   Encryption/Decryption performed in 1 cycle (ECB mode) after an initial latency of 48
    cycles




                                       39
ALGORITHM FOR TDES
ENCRYPTION
Step1:k1, K2, k3 are the keys in key expander with the selection function.

Step2: If selection function is active i.e. „1‟ then encryption process is activated with key k1.And
this encryption output is given to input of the decryption i.e. selection function is „0‟ with key
K2.

Step3: Decryption output is given to input of encryption i.e. if selection function is „1‟ with k3.

DECRYPTION
step4: It is the reverse process of encryption.

ALGORITHM FOR DES

ENCRYPTION
Step 1: Initial input data applied is 64 bits.

Step2: The initial permuted data 64 bits is divided into right (32bits) i.e. r0 and left (32bits) i.e.
l0.
58     50     42      34      26     18      10      2
60     52     44      36      28     20      12      4
62     54     46      38      30     22      14      6           left (32 bits) even
64     56     48      40      32     24      16      8
57     49     41      33      25     17      19      1
59     51     43      35      27     19      11      3
61     53     45      37      29     21      13      5          Right (32 bits) odd
63     55     47      39      31     23      15      7
Here each row difference is 8 and column difference is2.

Step3: The right 32bits is given to expansion box where a block gets 48 bits as output written as
8 block.
32     1      2       3       4       5
4      5      6       7       8       9
8      9      10      11      12      13
12     13     14      15      16      17
16     17     18      19      20      21
20     21     22      23      24      25
24     25     26      27      28      29
28     29     30      31      32      33
32     33     34      35      36      37
36     37     38      39      40      41
40     41     42      43      44      45
44     45     46      47      48



                                                  40
Step4: 56 bits of key length is compressed to 48 bits.
60     52      44      36      28    20      12      4
62     54      46      38      30    22      14      6
64     56      48      40      32    24      16      8
57     49      41      33      25    17      19      1
59     51      43      35      27    19      11      3
61     53      45      37      29    21      13      5
63     55      47      39      31    23      15      7

Step5:48bits of key length and expansion of 48 bits as XORed and get 48 bits as output.
       Key-110000
Expansion-110000

Step6:48 bits of data is given to substitution box s1 to s8 and each block has 64 bits as input and
yields 48 bits block as output i.e. 32 bits.




Step7: pbox yields a 32 bits output and 32bits input by shifting the right and left the bits of the
input blocks.

Step8:32bits are XORed with left 32 bits. so, that total output is 64 bits.
step9: The total procedure repeats till it completes 16 rounds.

DECRYPTION: It is the reverse process of encryption.

ENCRYPTION: It is the reverse process of decryption.




                                                 41
SCOPE AND FUTURE DEVELOPMENT


           For the foreseeable future Triple DES is an excellent and reliable choice for the
    security needs of highly sensitive information. The AES will be at least as strong as
    Triple DES and probably much faster.

            It's the industry mandate from Visa and MasterCard that's requiring ATM
    deployers to upgrade and/or replace their legacy terminals. In a nutshell, it's all about
    three waves of encryption, and it's designed to make ATM transactions more secure.




                                           42
VHDL

1.   Introduction

     VHDL stands for VHSIC (Very High Speed Integrated Circuits) Hardware Description
     Language. In the mid-1980‟s the U.S. Department of Defense and the IEEE sponsored
     the development of this hardware description language with the goal to develop very
     high-speed integrated circuit. It has become now one of industry‟s standard languages
     used to describe digital systems. The other widely used hardware description language is
     Verilog. Both are powerful languages that allow you to describe and simulate complex
     digital systems. A third HDL language is ABEL (Advanced Boolean Equation
     Language) which was specifically designed for Programmable Logic Devices (PLD).
     ABEL is less powerful than the other two languages and is less popular in industry. This
     tutorial deals with VHDL, as described by the IEEE standard 1076-1993.

     Although these languages look similar as conventional programming languages, there are
     some important differences. A hardware description language is inherently parallel, i.e.
     commands, which correspond to logic gates, are executed (computed) in parallel, as soon
     as a new input arrives. A HDL program mimics the behavior of a physical, usually
     digital, system. It also allows incorporation of timing specifications (gate delays) as well
     as to describe a system as an interconnection of different components.


2.   Levels of representation and abstraction

     A digital system can be represented at different levels of abstraction [1]. This keeps the
     description and design of complex systems manageable. Figure 1 shows different levels
     of abstraction.




                                              43
Figure 1: Levels of abstraction: Behavioral, Structural and Physical

       The highest level of abstraction is the behavioral level that describes a system in
terms of what it does (or how it behaves) rather than in terms of its components and
interconnection between them. A behavioral description specifies the relationship
between the input and output signals. This could be a Boolean expression or a more
abstract description such as the Register Transfer or Algorithmic level. As an example,
let us consider a simple circuit that warns car passengers when the door is open or the
seatbelt is not used whenever the car key is inserted in the ignition lock At the behavioral
level this could be expressed as,

       Warning = Igniti_on on AND ( Door _open OR Seatbelt_ off)

       The structural level, on the other hand, describes a system as a collection of
gates and components that are interconnected to perform a desired function. A structural
description could be compared to a schematic of interconnected logic gates. It is a
representation that is usually closer to the physical realization of a system. For the
example above, the structural representation is shown in Figure 2 below.




Figure 2: Structural representation of a “buzzer” circuit.

       VHDL allows one to describe a digital system at the structural or the behavioral
level. The behavioral level can be further divided into two kinds of styles: Data flow and



                                         44
Algorithmic. The dataflow representation describes how data moves through the system.
     This is typically done in terms of data flow between registers (Register Transfer level).
     The data flow model makes use of concurrent statements that are executed in parallel as
     soon as data arrives at the input. On the other hand, sequential statements are executed in
     the sequence that they are specified. VHDL allows both concurrent and sequential signal
     assignments that will determine the manner in which they are executed. Examples of both
     representations will be given later.


3.   Basic Structure of a VHDL file

            A digital system in VHDL consists of a design entity that can contain other
     entities that are then considered components of the top-level entity. Each entity is
     modeled by an entity declaration and an architecture body. One can consider the entity
     declaration as the interface to the outside world that defines the input and output signals,
     while the architecture body contains the description of the entity and is composed of
     interconnected entities, processes and components, all operating concurrently, as
     schematically shown in Figure 3 below. In a typical design there will be many such
     entities connected together to perform the desired function.




     Figure 3: A VHDL entity consisting of an interface (entity declaration) and a body
     (architectural description).

            VHDL uses reserved keywords that cannot be used as signal names or
     identifiers. Keywords and user-defined identifiers are case insensitive. Lines with



                                              45
comments start with two adjacent hyphens (--) and will be ignored by the compiler.
VHDL also ignores line breaks and extra spaces. VHDL is a strongly typed language
which implies that one has always to declare the type of every object that can have a
value, such as signals, constants and variables.

a.     Entity Declaration

The entity declaration defines the NAME of the entity and lists the input and output ports.
The general form is as follows,

Entity NAME_OF_ENTITY is [generic generic_declarations);]

     Port (signal_names: mode type;

         signal_names: mode type;

           :

         signal_names: mode type);

End [NAME_OF_ENTITY];

     An entity always starts with the keyword entity, followed by its name and the
keyword is. Next are the port declarations using the keyword port. An entity declaration
always ends with the keyword end, optionally [] followed by the name of the entity.

The NAME_OF_ENTITY is a user
                            -selected identifier

signal_names consists of a comma separated list of one or more user-selected
     identifiers that specify external interface signals.

mode: is one of the reserved words to indicate the signal direction:

                in – indicates that the signal is an input




                                            46
 out – indicates that the signal is an output of the entity whose value can
              only be read by other entities that use it.
            buffer – indicates that the signal is an output of the entity whose value can
              be read inside the entity‟s architecture
            inout – the signal can be an input or an output.

type: a built-in or user-defined signal type. Examples of types are bit, bit_vector,
   Boolean, character, std_logic, and std_ulogic.

            bit – can have the value 0 and 1
            bit_vector – is a vector of bit values (e.g. bit_vector (0 to 7)
            std_logic, std_ulogic, std_logic_vector, std_ulogic_vector: can have 9
              values to indicate the value and strength of a signal. Std_ulogic and
              std_logic are preferred over the bit or bit_vector types.
            boolean – can have the value TRUE and FALSE
            integer – can have a range of integer values
            real – can have a range of real values
            character – any printing character
            time – to indicate time

   generic: generic declarations are optional and determine the local constants used
   for timing and sizing (e.g. bus widths) the entity. A generic can have a default value.
   The syntax for a generic follows,

       Generic (

       constant_name: type [:=value];

       constant_name: type [:=value] ;

       :

       constant_name: type [:=value] );




                                          47
The entity is called BUZZER and has three input ports, DOOR, IGNITION and
         SBELT and one output port, WARNING. Notice the use and placement of
         semicolons! The name BUZZER is an identifier. Inputs are denoted by the keyword
         in, and outputs by the keyword out. Since VHDL is a strongly typed language, each
         port has a defined type. In this case, we specified the std_logic type. This is the
         preferred type of digital signals. In contrast to the bit type that can only have the
         values „1‟ and „0‟, the std_logic and std_ulogic types can have nine values. This is
         important to describe a digital system accurately including the binary values 0 and 1,
         as well as the unknown value X, the uninitialized value U, “-” for don‟t care, Z for
         high impedance, and several symbols to indicate the signal strength (e.g. L for weak
         0, H for weak 1, W for weak unknown - see section on Enumerated Types). The
         std_logic type is defined in the std_logic_1164 package of the IEEE library. The type
         defines the set of values an object can have. This has the advantage that it helps with
         the creation of models and helps reduce errors. For instance, if one tries to assign an
         illegal value to an object, the compiler will flag the error.

b.   Architecture body

              The architecture body specifies how the circuit operates and how it is
     implemented. As discussed earlier, an entity or circuit can be specified in a variety of
     ways, such as behavioral, structural (interconnected components), or a combination of the
     above.

     The architecture body looks as follows,

     Architecture architecture_name of NAME_OF_ENTITY is

     -- Declarations

     -- Components declarations

     -- signal declarations

     -- Constant declarations



                                               48
-- Function declarations

-- Procedure declarations

-- Type declarations

         :

 Begin

-- Statements

         :

 End architecture_name;

Behavioral model

         The header line of the architecture body defines the architecture name, e.g.
behavioral, and associates it with the entity, BUZZER. The architecture name can be any
legal identifier. The main bodies of the architecture starts with the keyword begin and
give the Boolean expression of the function. We will see later that a behavioral model can
be described in several other ways. The “<=” symbol represents an assignment operator
and assigns the value of the expression on the right to the signal on the left. The
architecture body ends with an end keyword followed by the architecture name.

         The statements in the body of the architecture make use of logic operators. Logic
operators that are allowed are: and, or, nand, nor, xor, xnor and not. In addition, other
types of operators including relational, shift, arithmetic are allowed as well (see section
on Operators). For more information on behavioral modeling see section on Behavioral
Modeling.




                                         49
Concurrency

        It is worth pointing out that the signal assignments in the above examples are
concurrent statements. This implies that the statements are executed when one or more of
the signals on the right hand side change their value (i.e. an event occurs on one of the
signals). For instance, when the input A changes, the internal signals X and Y change
values that in turn causes the last statement to update the output Z. There may be a
propagation delay associated with this change. Digital systems are basically data-driven
and an event which occurs on one signal will lead to an event on another signal, etc. The
execution of the statements is determined by the flow of signal values. As a result, the
order in which these statements are given does not matter (i.e., moving the statement for
the output Z ahead of that for X and Y does not change the outcome). This is in contrast
to conventional, software programs that execute the statements in a sequential or
procedural manner.

Structural description

The circuit of Figure 2 can also be described using a structural model that specifies what
gates are used and how they are interconnected. The following example illustrates it.

                  Architecture structural of BUZZER is

-- Declarations

        Component AND2

        Port (in1, in2: in std_logic;

      out1: out std_logic);

        End component;

        Component OR2

         Port (in1, in2: in std_logic;



                                         50
out1: out std_logic);

        End component;

       Component NOT1

        Port (in1: in std_logic;

         out1: out std_logic);

       End component;

       -- Declaration of signals used to interconnect gates

       Signal DOOR_NOT, SBELT_NOT, B1, B2: std_logic;

       Begin

        -- Component instantiations statements

       U0: NOT1 port map (DOOR, DOOR_NOT);

       U1: NOT1 port map (SBELT, SBELT_NOT);

       U2: AND2 port map (IGNITION, DOOR_NOT, B1);

       U3: AND2 port map (IGNITION, SBELT_NOT, B2);

       U4: OR2 port map (B1, B2, WARNING);

End structural;

       Following the header is the declarative part that gives the components (gates)
that are going to be used in the description of the circuits. In our example, we use a two-
input AND gate, two-input OR gate and an inverter. These gates have to be defined first,
i.e. they will need an entity declaration and architecture body (as shown in the previous




                                        51
example). These can be stored in one of the packages one refers to in the header of the
file (see Library and Packages below). The declarations for the components give the
inputs (e.g. in1, in2) and the output (e.g. out1). Next, one has to define internal nets
(signal names). In our example these signals are called DOOR_NOT, SBELT_NOT, B1,
B2 (see Figure 2). Notice that one always has to declare the type of the signal.

         The statements after the begin keyword gives the instantiations of the components
and describes how these are interconnected. A component instantiation statement creates
a new level of hierarchy. Each line starts with an instance name (e.g. U0) followed by a
colon and a component name and the keyword port map. This keyword defines how the
components are connected. In the example above, this is done through positional
association: DOOR corresponds to the input, in1 of the NOT1 gate and DOOR_NOT to
the output. Similarly, for the AND2 gate where the first two signals (IGNITION and
DOOR_NOT) correspond to the inputs in1 and in2, respectively, and the signal B1 to the
output out1. An alternative way is to use explicit association between the ports, as shown
below.

Label:     component-name      port     map     (port1=>signal1,     port2=>       signal2,…
port3=>signaln);

U0: NOT1 port map (in1 => DOOR, out1 => DOOR_NOT);

U1: NOT1 port map (in1 => SBELT, out1 => SBELT_NOT);

U2: AND2 port map (in1 => IGNITION, in2 => DOOR_NOT, out1 => B1);

U3: AND2 port map (in1 => IGNITION, in2 => SBELT_NOT, B2);

U4: OR2 port map (in1 => B1, in2 => B2, out1 => WARNING);

Notice that the order in which these statements are written has no bearing on the
execution since these statements are concurrent and therefore executed in parallel.
Indeed, the schematic that is described by these statements is the same independent of the
order of the statements.



                                         52
Structural modeling of design lends itself to hierarchical design, in which one can define
components of units that are used over and over again. Once these components are
defined they can be used as blocks, cells or macros in a higher level entity. This can
significantly reduce the complexity of large designs. Hierarchical design approaches are
always preferred over flat designs.

c.     Library and Packages: library and use keywords

        A library can be considered as a place where the compiler stores information
about a design project. A VHDL package is a file or module that contains declarations of
commonly used objects, data type, component declarations, signal, procedures and
functions that can be shared among different VHDL models.

        We mentioned earlier that std_logic is defined in the package ieee.std_logic_1164
in the ieee library. In order to use the std_logic one needs to specify the library and
package. This is done at the beginning of the VHDL file using the library and the use
keywords as follows:

        Library ieee ;

        use ieee.std_logic_1164.all;

The .all extension indicates to use all ieee.std_logic_1164 packages.

The Xilinx Foundation Express comes with several packages.

ieee Library:

    std_logic_1164 package: defines the standard datatypes.
    std_logic_arith package: provides arithmetic, conversion and comparison functions
     for the signed, unsigned, integer, std_ulogic, std_logic and std_logic_vector types
    std_logic_unsigned
    std_logic_misc package: defines supplemental types, subtypes, constants and
     functions for the std_logic_1164 package.



                                          53
To use any of these one must include the library and use clause:

library ieee;

use ieee.std_logic_1164.all;

use ieee.std_logic_arith.all;

use ieee.std_logic_unsigned.all;

In addition, the synopsis library has the attributes package:

library SYNOPSYS;

use SYNOPSYS.attributes.all;

One can add other libraries and packages. The syntax to declare a package is as follows:

-- Package declaration

Package name_of_package is

Package declarations

End package name_of_package;

--                       Package                     body                    declarations
 package body name_of_package is

Package body declarations

 End package body name_of_package;

       For instance, the basic functions of the AND2, OR2, NAND2, NOR2, XOR2, etc.
components need to be defined before one can use them.


                                         54
4.   Lexical Elements of VHDL

a.   Identifiers

     Identifiers are user-defined words used to name objects in VHDL models. We have seen
     examples of identifiers for input and output signals as well as the name of a design entity
     and architecture body. When choosing an identifier one needs to follow these basic rules:

      May contain only alpha-numeric characters (A to Z, a to z, 0-9) and the underscore (_)
         character

      The first character must be a letter and the last one cannot be an underscore.

      An identifier cannot include two consecutive underscores.

      An identifier is c insensitive (ex. And2 and AND2 or and2 refer to the same object)
                         ase

      An identifier can be of any length.

     Examples of valid identifiers are: X10, x_10, My_gate1.

     Some invalid identifiers are: _X10, my_gate@input, gate-input.

             The above identifiers are called basic identifiers. The rules for these basic
     identifiers are often too restrictive to indicate signals. For example, if one wants to
     indicate an active low signal such as an active low RESET, one cannot call it /RESET. In
     order to overcome these limitations, there are a set of extended identifier rules which
     allow identifiers with any sequence of characters.

      An extended identifier is enclosed by the backslash, “ character.
                                                             ”,

     An extended identifier is case sensitive. An extended identifier is different from
      reserved words (keywords) or any basic identifier        (e.g. the identifier identity is
      allowed)




                                             55
Insi e the two backslashes one can use any character in any order, except that a
          d
      backslash as part of an extended identifier must be indicated by an additional backslash.
      As an example, to use the identifier BUS:data, one writes: BUS:data

      Extended identif are allowed in the VHDL-93 version but not in VHDL-87
                      iers

      Some examples of legal identifiers are:

      Input, Input, input#1, Rstas

b.   Keywords (Reserved words)

              Certain identifiers are used by the system as keywords for special use such as
      specific constructs. These keywords cannot be used as identifiers for signals or objects
      we define. We have seen several of these reserved words already such as in, out, or, and,
      port, map, end, etc. Keywords are often printed in boldface, as is done in this tutorial. For
      a list of all the keywords click on complete keyword list. Extended identifiers can make
      use of keywords since these are considered different words (e.g. the extended identifier
      end is allowed.

c.   Numbers

             The default number representation is the decimal system. VHDL allows integer
      literals and real literals. Integer literals consist of whole numbers without a decimal point,
      while real literals always include a decimal point. Exponential notation is allowed using
      the letter “E” or “e”. For integer literals the exponent must always be positive. Examples
      are:

      Integer literals: 12   10   256E3 12e+6

      Real literals: 1.2 256.24 3.14E-2

      The number –12 is a combination of a negation operator and an integer literal.




                                                56
CONCLUSION

       As DES will run through 16 iterations to achieve its desired cipher text (final
output).With Triple DES, it will Encrypt-Decrypt-Encrypt the block and a completely
different output is generated with a final combination. It‟s said that the security is 192 bit
encryption, but also argued that regardless of the keys, the security is only 168 bit. This
debate is clearly beyond the scope of this article/writer. If you wish to participate with the
scientists in their discussions, it‟s your humility at stake. It's a safe but that Triple DES is
exponentially stronger than the previous DES.


       After that, AES may supplant Triple DES as the default algorithm on most
systems if it lives up to its expectations. But Triple DES will be kept around for
compatibility reasons for many years after that. So the useful lifetime of Triple DES is far
from over, even with the AES near completion.




                                          57

More Related Content

Similar to 54522002 triple-des-vhdl-project

Introduction to differential power analysis - Rambus
Introduction to differential power analysis - RambusIntroduction to differential power analysis - Rambus
Introduction to differential power analysis - RambusRambus
 
Models and approaches for Differential Power Analysis
Models and approaches for Differential Power AnalysisModels and approaches for Differential Power Analysis
Models and approaches for Differential Power AnalysisAndrej Šimko
 
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...IJECEIAES
 
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWARE
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWAREHARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWARE
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWAREVLSICS Design
 
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWARE
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWAREHARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWARE
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWAREVLSICS Design
 
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWARE
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWAREHARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWARE
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWAREVLSICS Design
 
Algorithm selection for sorting in embedded and mobile systems
Algorithm selection for sorting in embedded and mobile systemsAlgorithm selection for sorting in embedded and mobile systems
Algorithm selection for sorting in embedded and mobile systemsJigisha Aryya
 
Power analysis attack against encryption devices: a comprehensive analysis of...
Power analysis attack against encryption devices: a comprehensive analysis of...Power analysis attack against encryption devices: a comprehensive analysis of...
Power analysis attack against encryption devices: a comprehensive analysis of...TELKOMNIKA JOURNAL
 
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITY
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITYDIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITY
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITYijgca
 
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITY
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITYDIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITY
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITYijgca
 
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITY
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITYDIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITY
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITYijgca
 
Wireless Ad Hoc Networks
Wireless Ad Hoc NetworksWireless Ad Hoc Networks
Wireless Ad Hoc NetworksTara Hardin
 
Certain Investigations on Security Issues in Smart Grid over Wireless Communi...
Certain Investigations on Security Issues in Smart Grid over Wireless Communi...Certain Investigations on Security Issues in Smart Grid over Wireless Communi...
Certain Investigations on Security Issues in Smart Grid over Wireless Communi...IJTET Journal
 
Obfuscating dsp circuits via high level transformations
Obfuscating dsp circuits via high level transformationsObfuscating dsp circuits via high level transformations
Obfuscating dsp circuits via high level transformationsjpstudcorner
 
Review and Performance Comparison of Distributed Wireless Reprogramming Proto...
Review and Performance Comparison of Distributed Wireless Reprogramming Proto...Review and Performance Comparison of Distributed Wireless Reprogramming Proto...
Review and Performance Comparison of Distributed Wireless Reprogramming Proto...IOSR Journals
 

Similar to 54522002 triple-des-vhdl-project (20)

Introduction to differential power analysis - Rambus
Introduction to differential power analysis - RambusIntroduction to differential power analysis - Rambus
Introduction to differential power analysis - Rambus
 
Models and approaches for Differential Power Analysis
Models and approaches for Differential Power AnalysisModels and approaches for Differential Power Analysis
Models and approaches for Differential Power Analysis
 
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...
 
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWARE
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWAREHARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWARE
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWARE
 
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWARE
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWAREHARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWARE
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWARE
 
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWARE
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWAREHARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWARE
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWARE
 
Algorithm selection for sorting in embedded and mobile systems
Algorithm selection for sorting in embedded and mobile systemsAlgorithm selection for sorting in embedded and mobile systems
Algorithm selection for sorting in embedded and mobile systems
 
Power analysis attack against encryption devices: a comprehensive analysis of...
Power analysis attack against encryption devices: a comprehensive analysis of...Power analysis attack against encryption devices: a comprehensive analysis of...
Power analysis attack against encryption devices: a comprehensive analysis of...
 
Vebek
VebekVebek
Vebek
 
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITY
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITYDIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITY
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITY
 
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITY
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITYDIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITY
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITY
 
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITY
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITYDIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITY
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITY
 
Wireless Ad Hoc Networks
Wireless Ad Hoc NetworksWireless Ad Hoc Networks
Wireless Ad Hoc Networks
 
Certain Investigations on Security Issues in Smart Grid over Wireless Communi...
Certain Investigations on Security Issues in Smart Grid over Wireless Communi...Certain Investigations on Security Issues in Smart Grid over Wireless Communi...
Certain Investigations on Security Issues in Smart Grid over Wireless Communi...
 
1678 1683
1678 16831678 1683
1678 1683
 
1678 1683
1678 16831678 1683
1678 1683
 
Obfuscating dsp circuits via high level transformations
Obfuscating dsp circuits via high level transformationsObfuscating dsp circuits via high level transformations
Obfuscating dsp circuits via high level transformations
 
Review and Performance Comparison of Distributed Wireless Reprogramming Proto...
Review and Performance Comparison of Distributed Wireless Reprogramming Proto...Review and Performance Comparison of Distributed Wireless Reprogramming Proto...
Review and Performance Comparison of Distributed Wireless Reprogramming Proto...
 
D0371028039
D0371028039D0371028039
D0371028039
 
40520130101005
4052013010100540520130101005
40520130101005
 

Recently uploaded

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi  6.pdf1029-Danh muc Sach Giao Khoa khoi  6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17Celine George
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Role Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptxRole Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptxNikitaBankoti2
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptxMaritesTamaniVerdade
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxheathfieldcps1
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxnegromaestrong
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.MaryamAhmad92
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701bronxfugly43
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17  How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17  How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesCeline George
 
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIFood Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIShubhangi Sonawane
 

Recently uploaded (20)

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi  6.pdf1029-Danh muc Sach Giao Khoa khoi  6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Role Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptxRole Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptx
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Asian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptxAsian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptx
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17  How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17  How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIFood Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
 

54522002 triple-des-vhdl-project

  • 1. CHAPTER - 1 1.1 INTRODUCTION Power analysis attacks have attracted significant attention within the cryptographic community. So far, they have been successfully applied to different kinds of (unprotected) implementations of symmetric and public-key encryption schemes. Although less general than classical cryptanalysis (because they target one specific implementation), power analysis attacks usually present a very serious threat for practical cryptosystems implemented on various platforms. Among the different countermeasures proposed to protect an implementation from such attacks, one of the most popular is the Boolean masking method. In this proposal, the cryptographic algorithm is modified in such a way that the intermediate data never appears as such, but is always “masked” with random Boolean vectors. The masking has been successfully applied to smart card implementations of the DES and the AES Rijndael. However, recent works have shown that power analysis attacks are also practical against ASIC and FPGA implementations of cryptographic algorithms. A practical problem is therefore to protect these devices. In this context, one important concern is the implementation cost of the countermeasure. In particular, the protected algorithms usually have much higher memory requirements than the unmasked ones. For this reason, it is often assumed that masking is not a practical solution for the protection of hardware implementations. On the opposite, it is demonstrated in this project that FPGA implementations of the DES offer very simple and interesting opportunities to implement the Boolean masking method. In practice a secure cryptographic design based on the use of large embedded memories available inside certain recent FPGAs. As the efficiency of the proposal highly depends on the size of the substitution tables used in the encryption algorithm, it was particularly well-fitted to the DES (and, for example, could not be applied as such to the AES Rijndael). Therefore, resulting protected DES implementation only requires a moderate additional hardware cost. It is observed that, most of the present counter measures against side-channel attacks; the masking does not provide any perfect security and only makes the attack more difficult. 1
  • 2. 1.2 POWER ANALYSIS In Cryptography, power analysis is a form of side channel attack in which the attacker studies the power consumption of cryptographic hardware device (such as a smart card, tamperproof,”blackbox”, microchip, etc.).It can yield information about what the device is doing, and including key and other secrets. Since increasingly confidential data are being exchanged on electronic way an ever greater importance is attached to the protection of the data. Where cryptosystems are being used in real applications attacks have to be taken into account. Hard and software implementations themselves present a vast field of attacks. Side-channel- Attacks exploit information that leaks from a cryptographic device. Especially one of these new attacks has attracted much attention since it has been announced. This method is called Differential Power Analysis (DPA) and was presented in 1998 by Cryptography Research. DPA uses the information that naturally leaks from a cryptographic hardware device, namely the power consumption. A less powerful variant, the Simple Power Analysis (SPA) was also announced by Cryptography Research. What does a DPA attack require? First, an attacker must be able to precisely measure the power consumption. Second, the attacker needs to know what algorithm is computed, and third an attacker needs the plain or ciphertext. The strategy of the attacker is to make a lot of measurements, and then divide them with the aid of some oracle into two or more different sets. Then, statistical methods are used to verify the oracle. If and only if the oracle was right, one can see noticeable peaks in the statistics. 1.2.1 Differential Power Analysis: is an extension of power analysis that can allow an attacker to compute the intermediate values of data blocks and key blocks by statistically analyzing data collected from multiple cryptographic operations. 1.2.2 Basics (Simple power Analysis) Examining graphs of time against current used by a device can often show exactly what the device is doing at a given point. For example, on a graph of smartcard performing a DES encryption, the sixteen rounds can be seen clearly. 2
  • 3. The currents passing through a device are usually small, but standard digital oscilloscopes equipment is precious and accurate enough to measure data –induced variations. It is reasonable for a cryptosystem designer to assume that an adversary will have access to such equipment. Power analysis does not seek to find weaknesses in algorithm or protocols so much as in their implementations. It provides a way to “see inside” otherwise „tamperproof‟ hardware. For example, DES‟s key schedule involves rotating 28 – bit key register. In order to save time, most implementations simply check the least significant bit to see if it is a 1 . If so, divides the register by two and prepends the 1 at the left end. Power analysis can show the difference between a register with a 1 and a register with a 0 at the end when this happens. This can leak information about key material. DES‟s permutations, usually clumsily implemented in software, reveal even more information through conditional branches. 1.3 Differential Power analysis Differential Power analysis (DPA) is a side – channel attack which involves statistically analyzing power consumption measurements from a cryptosystem. The attacks exploits biases varying power consumptions of microprocessors or other hardware while performing operations using secrete keys. DPA attacks have signal processing and error correction properties which can extract secrets from measurements which contain too much noise to be analyzed using simple power analysis. Using DPA, an adversary can obtain secret keys by analyzing power consumption measurements from multiple cryptographic operations performed by vulnerable smart card or other device. 1.4 Preventing simple and differential power analysis attacks Simple power analysis can most easily distinguish conditional branches in the execution of the cryptographic program since a device does different things (requiring different power) depending on which conditional branch is executed. For this reason, care should be taken to ensure there should no differences (from a power perspective) in the conditionals branches within cryptographic software implementations. All rotations, 3
  • 4. permutations and logic operations (such as XOR) should take the same time and draw equivalent power, no matter what the input. There are, however, some algorithms with inherently significant branching to eliminate information leakage from these, software engineers may have to be very creative. This Creative engineering may cause of performance reduction (in speed typically), and will almost always required greater development, which must be weighed against possibility of power analysis. An alternative, some cases is to use hardwired hardware cryptographic device. Their power consumption can vary very little, due to their construction. However, in the case of smart cards for example, it is not always possible to place software implementations with hardware implementations. Differential power analysis is more difficult to prevent, since even small biases in the power consumption can lead to exploitable weaknesses. Some countermeasure strategies involve algorithmic modifications such that the cryptographic operations occur on data that is related to the actual value by some mathematical relationship that survives the cryptographic operation. This is called blinding, and usually implies an algorithm that is based on number theory, such as factoring or discrete algorithms. 1.5 Power Analysis Foundations Almost every digital circuit built today is based on Complementary Metal Oxide Semiconductor (CMOS) technology. Therefore it is necessary to understand the power consumption characteristics of this technology. If a CMOS gate changes its state, this change can be measured at the Vdd (Vss) pin. The more circuits change their state, the more power is dissipated. In a synchronous design, gates are clocked which means that all gates change their state at the same time. Power dissipated by the circuit can be monitored by using a small resistor Rm in series between Vdd (or Vss) and the true source (or ground). The two most essential parts of the power consumption during a change of a state are the dynamic charge respective discharge (appr. 85%) and the dynamic short circuit current (appr. 15%). This is sketched on the example of an inverter shown in figure 1.1. The output of each gate has a capacitive load, consisting of the parasitic capacity of the connected wires and gates of the following stages. An input transition 4
  • 5. results in an output transition, which discharges or charges this parasitic capacity, causing a current flow to Vdd (or Vss). This current is the dynamic charge is the dynamic charge resp. discharge current. By measuring current Flow on Vdd we can detect whether the output changed from 0 to 1 or not. Figure 1.1Inverter 1.6 Differential Power Analysis of DES In the DES the subkey splits up in eight blocks, one for every sbox. Therefore we specify one target sbox for which we list all possible (=26) input values. We will refer to such an input value as subkey block. As assumed above we know the ciphertext, and so we can calculate the value of some of the bits in L15 for every possible subkey block. We select one of these bits as our target bit. The value of the target bit is our selection function D. If D=1 the corresponding power measurement will be put in sample set S1, if D-0 it is classified to S0. This procedure is repeated for a lot of measurement, so at the end we have, for every ciphertext and all subkey blocks, a classification of the corresponding measurement. Let n denote the amount of ciphertext, respective measurements. Then we can write all our classifications in a 26 x n matrix. So every line represents a possible key for the target sbox, and every column represents the classification of one ciphertext resp. measurement. For the DPA attack go through all lines and build the two sample sets S0 and S1. Then compute the mean (point wise) of the samples in the sets, M0 and M1, and compute the difference. For the correct subkey block there must be a peak in the trace of the difference. 5
  • 6. 1.7 ROM DESIGN AND EVALUATION AGAINST POWER ANALYSIS ATTACK 1.7.1 Power Simulation on an 8 x 8 ROM The ROM of 3-bit input, 8-bit output is as shown in figure 2.2. It consists of two main components: a 3 to 8 decoder and a memory array. The decoder is made up of eight 3-input AND gates each driven by a min-term of the 3 input signals. The memory array is an array of pull-down N-type transistors, on each intersection of a horizontal address line and a vertical data line. Increase the Hamming weight (the number of “1”s) of the ROM content one by one. Figure 1.2 8 x 8 ROM For each Hamming weight, randomly distribute the locations of “1”s (N-type transistors) and run power simulations around 10 times. The power consumption versus Hamming weight information is leaked, as average power increases linearly with it. 1.7.2 Inserting randomness in to ROM These are two dimensions of freedom which cause power consumption variation given a certain Hamming weight: 6
  • 7. i. Duty cycle of address lines ii. N-type transistors distribution The duty cycle of address lines are not identical to each other, due to inverter delay in the address decoder. When one address line is selected and the N-type transistors on it are turned on, the power dissipation caused by short-circuit current is approximately proportional to the duty cycle of selected address line. As a result, the power consumption differs when locations of N-type transistors change between different address lines. The power consumption variation caused by duty cycle nuance can be exploited to mask the linearity between the power and the Hamming weight. One may consider increasing the duty cycle nuances in address lines. But the influence would be slight since differences of some duty cycles are very small. Moreover, it increases the risk of timing analysis attack which in turn cancels the improvement on power information leakage. An alternative is to modify the N-type transistor distribution by using extra dummy bit line, i.e. to increase the scope of N-type transistor distribution over a larger ROM whose circuit is shown in Figure 1.3. Figure 1.3 8 x 8 ROM with extra bit lines, for random insertion 7
  • 8. 1.7.3 Dual-rail ROM design It is observed that a dual-rail ROM design may be a better countermeasure. Dual- rail refers to an encoding system where two-bit value “01” stands for Logic-0,”10” for logic-1. The dual rail ROM has a double numbers of bit lines, which in pairs represent logic words. With this encoding technique, a constant number (half the number of bilieness) of N-type transistors will be turned on no matter which address line is selected. Figure 1.4 shows a dual-rail 8 x 8 ROM example which has 16 bit lines to output 8-bit words. Run power simulation on it similar to its bundle-data version, but increasing the number of logic-1 instead of increasing the number of “1”s, which is consistently equal to half of the total intersections of address lines and bit lines. Figure 1.4 Dual-rail 8 x 8 ROM, 16 bit lines representing 80bit word 8
  • 9. 1.8 RANDOM NUMBER GENERATOR 1.8.1 INTRODUCTION The need for random numbers in cryptographic processes is ubiquitous. Initialization vectors block padding, challenges, nonce‟s, and, of course, keys are some of the cryptographic objects where a string of unpredictable bits is required. Often the same Random Number Generator (RNG) supplies bits for all of the above uses in a cryptographic system. Many of the bits generated by the RNG are transmitted in the clear and thus a passive attacker has ample opportunity to analyze the output of the RNG and can leverage any weaknesses found there. The random number generator (RNG) is an important cryptographic primitive widely used for one time pads, key generation and authentication protocols. The securities of such systems rely on the assumption that future values in the random number sequence cannot be predicted from the observed sequence. There are two types of random number generators commonly used for cryptographic applications. The true random number generator (TRNG) derives its output from a physical noise source whereas a pseudorandom number generator (PRNG) expands a relatively short key (possibly from a TRNG) into a long sequence of seemingly random bits based on a deterministic algorithm. A cryptographically secure random bit generator (CSRBG) is one which produces sequences for which there is no polynomial time algorithm which, on input of the first l bits of the output sequence s, can predict the (l + 1 )st bit of s with a probability significantly greater than I. Field programmable gate array (FPGA) devices have been successfully used for the implementation of cryptographic hardware, some examples being the data encryption standard (DES), advanced encryption standard (AES) candidate finalists, IDEA and RSA cryptography. In these and other implementations, FPGAs had ad-vantages in performance, design time, power consumption, flexibility, cost or area over comparable microprocessor and very large scale integration (VLSI) based systems. These designs are intended for integration with other FPGA based cryptographic hardware to produce embedded cryptosystems on a single FPGA. Apart from achieving a higher level of integration, keeping the critical random number generation operations 9
  • 10. internal to the device achieves better security since these data do not need to be passed to the FPGA via the pins. In many applications, highly secure random numbers are required only at very low bit rates, perhaps to generate a single key for the lifetime of the application. An example is public key cryptography where, once a key pair is generated, the same key is used for subsequent applications. The TRNG and PRNG reported in this paper are designed for low bit rate applications and both are able to generate highly secure random numbers while occupying minimal resources. They are particularly suitable for applications where integration of the RNG and other cryptographic algorithms on the same FPGA is required. Given the importance of random number generation, surprisingly few hardware implementations of TRNGs have been reported. There are three commonly used techniques namely oscillator sampling, direct amplification and discrete time chaos. In the oscillator sampling approach, period variation (i.e. oscillator jitter) in a low frequency clock of low quality factor (Q) is exploited by using it to sample a high frequency clock. The direct amplification technique digitizes thermal or shot noise, using a amplifier and comparator. Finally, chaotic systems can be used to produce TRNGs. 1.9 Kinds of Random Number Generators RNGs can be separated into two general categories: 1.9.1 Pseudo Random Number Generators (PRNGs): These generators are algorithms, which are initialized with an externally generated sequence and produce a much longer sequence that appears to be random. After being initialized with a seed value the internal state of the generator completely determines the next bit to be generated. Given the same seed value a PRNG will always produce the same sequence. 10
  • 11. 1.9.2 True Random Number Generators (TRNGs): These generators base their output entirely on an underlying random physical process. Unlike their deterministic cousins there is no internal state kept in the generator and the output is based only on the physical process and not any previously produced bits. Often the raw bits generated by the physical source are biased (the probability of a '1' is not 0.5), and thus some bias reduction is necessary. 11
  • 12. CHAPTER – 2 CRYPTOGRAPHY Cryptography is the study of mathematical techniques related to aspects of information security such as confidentiality, data integrity, entity authentication, and origin authentication. 2.1 Basic terminology and concepts Cryptanalysis is the study of mathematical techniques for attempting to defeat cryptographic techniques, and, more generally, information security services. A cryptanalysts is someone who engages in cryptanalysis. Cryptology is the study of cryptography and cryptanalysis. Cryptosystem is a general term referring to a set of cryptography primitives used to provide information security services. Most often the term is used in conjunction with primitives providing confidentiality, i.e. Encryption. It is an art of science that conveys message from source to destination in a secured basis. There are two kinds of cryptosystems: symmetric and asymmetric. Symmetric cryptosystems use the same key (the secret key) to encrypt and decrypt a message, and asymmetric cryptosystems use one key (the public key) to encrypt a message and a different key (the private key) to decrypt it. Asymmetric cryptosystems are also called public key cryptosystems. 2.2 Need for security Steps involved in secured communication: 1. Design an algorithm for performing the security related transformation such that the opponent cannot defeat its purpose. 2. Generate the secret information to be used with the algorithm. 3. Specify the protocol to be used by the two principles that make use of the security algorithm. 12
  • 13. 2.3 Threats in communication 2.3.1 Information access threat: Modification of the data without the knowledge of sender and then transmit the data. 2.3.2 Service threat: Exploit these flaws in the services available in computer to inhibit the use by legitimate users. 2.3.3 Types of intruders Masquerader: An individual who isn‟t authorized to use the computer and who penetrates a system occurs controls to exploit legitimate users account. Misfeasor: A legitimate user who access data, programs or resources for which access isn‟t authorized for such access. 2.4 SYMMETRIC CIPHER MODEL Symmetric encryption also referred to as conventional encryption or single-key encryption was the only type of encryption in use prior to the development of public-key encryption. The most widely used symmetric cipher is TDES. Plaintext: This is the original intelligible message or data that is fed into the algorithm as input. Encryption algorithm: The encryption algorithm performs various substitutions and transformations on the plaintext. Secret key: The secret key is also input to the encryption algorithm. The key is a value independent of the plaintext. The algorithm will produce a different output depending on the specific key being used at the time. The exact substitutions and transformations performed by the algorithm depend on the key. 13
  • 14. Secret key shared by Secret key shared by Sender and recipient sender and recipient Transmitted Decryption Encryption Process Process Cipher text Plaintext Encryption Algorithm Decryption Algorithm Plaintext Input (e.g., TDES) (reverse of Encryption output Algorithm) Figure-2.1. Simplified Model of Conventional Encryption  Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and the secret key. For a given message, two different keys will produce two different ciphertext. The ciphertext is an apparently random stream of data and, as it stands, is unintelligible.  Decryption algorithm: This is essentially the encryption algorithm run is reverse. It takes the ciphertext and the secret keys and produces the original plaintext. 2.5 MODEL OF CONVENTIONAL CRYPTOSYSTEM Cryptanalyst Figure 2.2 X K Message X Y X Encryption Decryption Destination source Algorithm Algorithm Key Source 14
  • 15. A source produces a message in plaintext, X=[X1, X2, X3. . . , XM].The M elements of X are letters in some finite alphabet. Traditionally, the alphabet usually consisted of the 26 capital letters. Nowadays, the binary alphabet {0, 1} is typically used. For encryption, a key of the form K= [K1, K2, K3……., KJ] IS GENERATED. If the key is generated at the message source, then it must also be provided to the destination by means of some secure channel. Alternatively, a third party could generate the key and securely deliver it to both source and destination. With the message X and the encryption key K as input, the encryption algorithm forms the ciphertext Y=[Y1, Y2, Y3, . . . . . . . ., YN]. We can write this as Y=EK(X) This notation indicates that Y is produced by using encryption algorithm E as a function of the plaintext X, with the specific function determined by the value of the key K. The intended receiver, in possession of the key, is able to invert the transformation: X=DK(Y) An opponent, observing Y but not having access to K or X, may attempt to recover X or K or both X and K. It is assumed that the opponent knows the encryption (E) and decryption (D) algorithms. If the opponent is interested in only this particular message, then focus of the effort is to recover X by generating a plaintext estimate X. Often, however, the opponent is interested in being able to read future messages as well, in which case an attempt is made to recover K by generating an estimate K. 15
  • 16. CHAPTER – 3 DATA ENCRYPTION STANDARD 3.1 DESCRIPTION OF DES DES (the Data Encryption Standard) is a symmetric block cipher developed by IBM. The algorithm uses a 56-bit key to encipher/decipher a 64-bit block of data. The key is always presented as a 64-bit block, every 8th bit of which is ignored. However, it is usual to set each 8th bit so that each group of 8 bits has an odd number of bits set to 1. The algorithm is best suited to implementation in hardware, probably to discourage implementations in software, which tend to be slow by comparison. However, modern computers are so fast that satisfactory software implementations are readily available. DES is the most widely used symmetric algorithm in the world, despite claims that the key length is too short. Ever since DES was first announced, controversy has raged about whether 56 bits is long enough to guarantee security. The key length argument goes like this. Assuming that the only feasible attack on DES is to try each key in turn until the right one is found, then 1,000,000 machines each capable of testing 1,000,000 keys per second would find (on average) one key every 12 hours. Most reasonable people might find this rather comforting and a good measure of the strength of the algorithm. Those who consider the exhaustive key-search attack to be a real possibility (and to be fair the technology to do such a search is becoming a reality) can overcome the problem by using double or triple length keys. In fact, double length keys have been recommended for the financial industry for many years. 3.1.1 Encryption Many people are not aware that the information they send or the files stored on their computers needs to be protected, however when you consider what you have on your computer and the many ways it can fall into the wrong hands, it does start to make sense to protect your privacy in some way. 16
  • 17. Key technology: encryption. Store and transmit information in an encoded form that does not make any sense. The basic mechanism: * Start with text to be protected. Initial readable text is called clear text. * Encrypt the clear text so that it does not make any sense at all. The nonsense text is called cipher text. The encryption is controlled by a secret password or number; this is called the encryption key. The encrypted text can be stored in a readable file, or transmitted over unprotected channels. 3.1.2 Decryption To make sense of the cipher text, it must be decrypted back into clear text. This is done with some other algorithm that uses another secret password or number, called the decryption key. All of this only works under three conditions: 17
  • 18. * The encryption function cannot easily be inverted (cannot get back to clear text unless you know the decryption key). * The encryption and decryption must be done in some safe place so the clear text cannot be stolen. * The keys must be protected. In most systems, can compute one key from the other (sometimes the encryption and decryption keys are identical), so cannot afford to let either key leak out. Figure-3.1 DES encryption 18
  • 19. Figure-3.2 DES algorithm Why DES? i) High level of security. ii) Same algorithm with the same key is used for encryption and decryption. iii) The algorithm and the key could be shared by the sender and receiver. iv) RSA and Substitution algorithm have some drawbacks, where the DES can 19
  • 20. Over comes. v) In the RSA algorithm we use two keys whereas in DES we use only one key for both encryption and decryption. vi) There is only one round process in RSA whereas there are 16 rounds of process in DES. vii) In substitution algorithm we replace a character by some other character code whereas in DES we encryption the text and process it for 16 rounds. 3.2 Limitations of DES Generating the per-round keys that the key is subjected to and a initial permutation to generate two 28 – bit quantities, C0 and D0. The sixteen suspect keys are ones for which, C0 and D0 are one of the four values: all ones, all zeroes, alternating ones and zeroes, alternating zeroes and ones. Since there are four possible values for each half, there are sixteen possibilities in all. The four weak keys are the ones for which each of, C0 and D0 are all ones or all zeroes. Weak keys are their own inverses. The remaining twelve keys are the semi- weak keys. Each is the inverse of one of the others. 3.2.1 Applications The DES core can be utilized for a variety of encryption applications including:  Secure File/Data transfer  Electronic Funds Transfer  Encrypted Storage Data  Secure communications 3.2.2 Features  FIPS 46-3 Standard Compliant  Encryption/Decryption performed in 16 cycles (ECB mode) 20
  • 21. 56 bits of security  For use in FPGA or ASIC designs  Verilog IP Core Non Pipelined version  Small gate count Pipelined version  Pipelined for maximum performance  Encryption/Decryption performed in 1 cycle (ECB mode) after an initial latency of 16 cycles 3.3 Triple-DES: Use of multiple length keys leads us to the Triple-DES algorithm, in which DES is applied three times. Triple DES is simply another mode of DES operation. It takes three 64-bit keys, for an overall key length of 192 bits. In Private Encryption, you simply type in the entire 192-bit (24 character) key rather than entering each of the three keys individually. The Triple DES DLL then breaks the user provided key into three sub keys, padding the keys if necessary so they are each 64 bits long. The procedure for encryption is exactly the same as regular DES, but it is repeated three times. Hence the name Triple DES, The data is encrypted with the first key, decrypted with the second key, and finally encrypted again with the third key. Triple DES, also known as 3DES. Consequently, Triple DES runs three times slower than standard DES, but is much more secure if used properly. The procedure for decrypting something is the same as the procedure for encryption, except it is executed in reverse. Like DES, data is encrypted and decrypted in 64-bit chunks. Unfortunately, there are some weak keys that one should be aware of: if all three keys, the first and second keys, or the second and third keys are the same, then the encryption procedure is essentially the same as standard DES. This situation is to be avoided because it is the same as using a really slow version of regular DES. 21
  • 22. Note that although the input key for DES is 64 bits long, the actual key used by DES is only 56 bits in length. The least significant (right-most) bit in each byte is a parity bit, and should be set so that there are always an odd number of 1s in every byte. These parity bits are ignored, so only the seven most significant bits of each byte are used, resulting in a key length of 56 bits. This means that the effective key strength for Triple DES is actually 168 bits because each of the three keys contains 8 parity bits that are not used during the encryption process. If we consider a triple length key to consist of three 56-bit keys K1, K2, K3 then encryption is as follows: •EncryptwithK1 •DecryptwithK2 •Encrypt with K Decryption is the reverse process: •Decrypt with K3 •Encrypt with K2 •Decrypt with K1 Setting K3 equal to K1 in these processes gives us a double length key K1, K2. 22
  • 23. Setting K1, K2 and K3 all equal to K has the same effect as using a single-length (56-bit key). Thus it is possible for a system using triple-DES to be compatible with a system using single-DES. Figure-3.4 Enciphering computation DES operates on a 64 – bit block of plaintext. After an initial permutation the block is broken into a right half and left half, each 32 – bits long. Then there are 16 rounds of identical operations, called Function f, in which the data are combined with the key. After the sixteenth round, the right and left halves are joined, and a final permutation (the inverse of the initial permutation) finishes off the algorithm. 23
  • 24. In each round the key bits are shifted, and then 48 – bits are selected from the 56 –bits of the key. The right half of the data is expanded to 48 – bits via an expansion permutation, combined with 48 –bits of a shifted and permuted key via an XOR, sent through 8 S- boxes producing 32- new bits, and permuted again. These four operations make up Function f. The output of Function f is then combined with the left half via another XOR. The results of these operations become the new right half; the old right half becomes the new left half. These operations are repeated sixteen times, making 16 rounds of DES. Figure 3.5 TDES Algorithm 24
  • 25. Figure 3.6 Single Round of DES 25
  • 26. 3.4 Initial permutation (IP) Figure-3.7 Initial permutation Table-3.1 Initial permutation IP 58 50 42 34 26 18 10 2 60 52 44 36 28 20 12 4 62 54 46 38 30 22 14 6 64 56 48 40 32 24 16 8 57 49 41 33 25 17 9 1 59 51 43 35 27 19 11 3 61 53 45 37 29 21 13 5 63 55 47 39 31 23 15 7 Table 3.1 specifies the input permutation on a 64-bit block. The meaning is as follows: the first bit of the output is taken from the 58th bit of the input; the second bit from the 50th bit, and so on, with the last bit of the output taken from the 7th bit of the input. The initial permutation occurs before round one; it transposes the input block as described in table 3.1 this table, like all the other tables in this chapter , should be read left to right, top to bottom. For example, the initial permutation moves bit 58 of the plaintext to bit position 1, bit 50 to bit position 2, and so forth. The initial permutation and the corresponding final permutation do not affect DES„s security. 26
  • 27. 3.5 Final permutation (IP-1) Figure-3.8. Final permutation Table-3.2 Final permutation IP-1 40 8 48 16 56 24 64 32 39 7 47 15 55 23 63 31 38 6 46 14 54 22 62 30 37 5 45 13 53 21 61 29 36 4 44 12 52 20 60 28 35 3 43 11 51 19 59 27 34 2 42 10 50 18 58 26 33 1 41 9 49 17 57 25 The final permutation is the inverse of the initial permutation; the table is interpreted similarly. This is shown in table 3.2. 27
  • 28. 3.6 Expansion permutation (E) Figure-3.9 Expansion permutation Table-3.3 Expansion permutation E 32 1 2 3 4 5 4 5 6 7 8 9 8 9 10 11 12 13 12 13 14 15 16 17 16 17 18 19 20 21 20 21 22 23 24 25 24 25 26 27 28 29 28 29 30 31 32 1 The expansion permutation is interpreted as for the initial and final permutations. Note that some bits from the input are duplicated at the output; e.g. the fifth bit of the input is duplicated in both the sixth and eighth bit of the output. Thus, the 32-bit half- block is expanded to 48 bits. This operation expands the right half of the data, RI, from 32-bits to 48 bits. Because this operation changes the order of the bits as well as repeating certain bits, it is known as an expansion permutation. This operation has two purposes: it makes the right half the same size as the key for the XOR operation and it provides a longer result that can be compressed during the substitution operation. However, neither of those is its main cryptographic purpose. By allowing one bit to affect two substitutions, the dependency of the output bits on the input bits spreads faster. This is called an avalanche effect. This is shown in table 3.3. 28
  • 29. 3.7 Permutation (P) Figure-3.10 Permutation Table-3.4 Permutation P 16 7 20 21 29 12 28 17 1 15 23 26 5 18 31 10 2 8 24 14 32 27 3 9 19 13 30 6 22 11 4 25 The 32 – bit output of the S –box substitution is permuted according to a P –box. This permutation maps each input bit to an output position; no bits are used twice and no bits are ignored. This is called a straight permutation or just a permutation. This is shown in table 3.4. 29
  • 30. 3.8 Permuted choice 1 (PC-1) Figure-3.11 Permuted choice 1 Table-3.5 Permuted choice 1 PC-1 Left 57 49 41 33 25 17 9 1 58 50 42 34 26 18 10 2 59 51 43 35 27 19 11 3 60 52 44 36 Right 63 55 47 39 31 23 15 7 62 54 46 38 30 22 14 6 61 53 45 37 29 21 13 5 28 20 12 4 The "Left" and "Right" halves of the table show which bits from the input key form the left and right sections of the key schedule state. Note that only 56 bits of the 64 bits of the input are selected; the remaining eight were specified for use as parity bits. The DES performs a function, on 64 – bits key to generate sixteen 48 bit keys. Which are k1, K2, k3, .k16.First it does an initial permutation on the 56 useful bits of the key, to generate a 56 –bit output, which it divides into two 28 bit values, called Co and Do. The permutation is specified as in Table 4.5. 30
  • 31. 3.9 Permuted choice 2 (PC-2) Figure-3.12 Permuted choice 2 Table-3.6 Permuted choice 2 Permutation to obtain the left half of Ki PC-2 14 17 11 24 1 5 3 28 15 6 21 10 23 19 12 4 26 8 16 7 27 20 13 2 Permutation to obtain the right half of Ki 41 52 31 37 47 55 30 40 51 45 33 48 44 49 39 56 34 53 46 42 50 36 29 32 The permutations in this case are likely to be of some security value. The permutation of Ci that produces the left half of Ki is shown in Table 3.6.Note that bits 9, 18, 22 and 25 are discarded. The permutations of the rotated Di – 1 that produces right half of Ki is shown in Table 3.6.Bits 35, 38, 43, and 54 are discarded. Each of the halves of the Ki is 24 –bits, so Ki is 48- bits long. 31
  • 32. 3.9 Substitution boxes (S-boxes) Figure-3.13 Calculation of f(R, k) After the compressed key is XORed with expanded block, the 48 – bit result moves to a substitution operation. The substitutions are performed by eight substitution boxes, or S-boxes. Each S – box has a 6-bit input and a 4-bit output, and there are eight different S-boxes. The total memory requirements for the eight DES S-boxes are 256 bytes. The 48 bits are divided into eight 6-bit sub-blocks. Each separate block is operated on by a separate S-box: The first block is operated on by S-box 1; the second block is operated on by S-box 2, and so on. Table-3.7 Substitution boxes (S-boxes) S-boxes S1 14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7 0 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8 4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0 15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13 32
  • 33. S2 15 1 8 14 6 11 3 4 9 7 2 13 12 0 5 10 3 13 4 7 15 2 8 14 12 0 1 10 6 9 11 5 0 14 7 11 10 4 13 1 5 8 12 6 9 3 2 15 13 8 10 1 3 15 4 2 11 6 7 12 0 5 14 9 S3 10 0 9 14 6 3 15 5 1 13 12 7 11 4 2 8 13 7 0 9 3 4 6 10 2 8 5 14 12 11 15 1 13 6 4 9 8 15 3 0 11 1 2 12 5 10 14 7 1 10 13 0 6 9 8 7 4 15 14 3 11 5 2 12 S4 7 13 14 3 0 6 9 10 1 2 8 5 11 12 4 15 13 8 11 5 6 15 0 3 4 7 2 12 1 10 14 9 10 6 9 0 12 11 7 13 15 1 3 14 5 2 8 4 3 15 0 6 10 1 13 8 9 4 5 11 12 7 2 14 S5 2 12 4 1 7 10 11 6 8 5 3 15 13 0 14 9 14 11 2 12 4 7 13 1 5 0 15 10 3 9 8 6 4 2 1 11 10 13 7 8 15 9 12 5 6 3 0 14 11 8 12 7 1 14 2 13 6 15 0 9 10 4 5 3 S6 12 1 10 15 9 2 6 8 0 13 3 4 14 7 5 11 10 15 4 2 7 12 9 5 6 1 13 14 0 11 3 8 9 14 15 5 2 8 12 3 7 0 4 10 1 13 11 6 4 3 2 12 9 5 15 10 11 14 1 7 6 0 8 13 S7 4 11 2 14 15 0 8 13 3 12 9 7 5 10 6 1 13 0 11 7 4 9 1 10 14 3 5 12 2 15 8 6 1 4 11 13 12 3 7 14 10 15 6 8 0 5 9 2 6 11 13 8 1 4 10 7 9 5 0 15 14 2 3 12 S8 13 2 8 4 6 15 11 1 10 9 3 14 5 0 12 7 1 15 13 8 10 3 7 4 12 5 6 11 0 14 9 2 7 11 4 1 9 12 14 2 0 6 10 13 15 3 5 8 2 1 14 7 4 10 8 13 15 12 9 0 3 5 6 11 Table 3.7 lists the eight S-boxes used in DES. Each S-box replaces a 6-bit input with a 4-bit output. Given a 6-bit input, the 4-bit output is found by selecting the row using the outer two bits, and the column using the inner four bits. For example, an input "011011" has outer bits "01" and inner bits "1101"; the corresponding output would be "1001". . . 33
  • 34. Figure 3.7.1 E table Figure 3.7.2 Input Key Figure 3.7.3 Permuted choice one (PC-1) 34
  • 35. Figure 3.7.4 Permuted choice one (PC-2) Figure 3.7.5 Rotation in the key schedule 3.11 Rotations in the key-schedule Before the round subkey is selected, each half of the key schedule state is rotated left by a number of places. This table specifies the number of places rotated. Triple DES has two attractions that assure its widespread use over the next few years. First, with its 168-bit key length, it overcomes the vulnerability to brute-force attack of DES. Second, the underlying encryption algorithm in Triple DES is the same as in DES. This algorithm has been subjected to more scrutiny than any other encryption algorithm over a longer period of time, and no effective cryptanalytic attack based on the algorithm rather than brute-force has been found. Accordingly, there is a high level of confidence that 3DES is very resistant to cryptanalysis. If security were the only consideration, then 3DES would be an appropriate choice for a standardized encryption algorithm for decades to come. 35
  • 36. Figure-3.14 Key schedule calculation 36
  • 38. 3.12 DES Decryption i) Use same function ii) Key is the key… Used in reverse order (K1,…, K16 becomes K16,…, K1) Right circular shift of 0-2 bits 0 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 (1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1) With DES it is possible to use the same function to encrypt or decrypt a block. The only difference is that the keys must be used in the reversed order. That is , if the encryption keys for each round are K1,K2,K3,…K16, then the decryption keys are K16, K15, K14, …,K1.The algorithm that generates the key used for each round is circular as well. The key shift is shown above. 3.13 Applications The DES3 core can be utilized for a variety of encryption applications including:  Secure File/Data transfer  Electronic Funds Transfer  Encrypted Storage Data  Secure communications 3.13.1 Features  FIPS 46-3 Standard Compliant  Encryption/Decryption performed in 48 cycles(ECB mode)  Up to 168 bits of security  For use in FPGA or ASIC designs  Verilog IP Core 38
  • 39. Non Pipelined version  Small gate count shared DES Pipelined version  Pipelined for maximum performance  Encryption/Decryption performed in 1 cycle (ECB mode) after an initial latency of 48 cycles 39
  • 40. ALGORITHM FOR TDES ENCRYPTION Step1:k1, K2, k3 are the keys in key expander with the selection function. Step2: If selection function is active i.e. „1‟ then encryption process is activated with key k1.And this encryption output is given to input of the decryption i.e. selection function is „0‟ with key K2. Step3: Decryption output is given to input of encryption i.e. if selection function is „1‟ with k3. DECRYPTION step4: It is the reverse process of encryption. ALGORITHM FOR DES ENCRYPTION Step 1: Initial input data applied is 64 bits. Step2: The initial permuted data 64 bits is divided into right (32bits) i.e. r0 and left (32bits) i.e. l0. 58 50 42 34 26 18 10 2 60 52 44 36 28 20 12 4 62 54 46 38 30 22 14 6 left (32 bits) even 64 56 48 40 32 24 16 8 57 49 41 33 25 17 19 1 59 51 43 35 27 19 11 3 61 53 45 37 29 21 13 5 Right (32 bits) odd 63 55 47 39 31 23 15 7 Here each row difference is 8 and column difference is2. Step3: The right 32bits is given to expansion box where a block gets 48 bits as output written as 8 block. 32 1 2 3 4 5 4 5 6 7 8 9 8 9 10 11 12 13 12 13 14 15 16 17 16 17 18 19 20 21 20 21 22 23 24 25 24 25 26 27 28 29 28 29 30 31 32 33 32 33 34 35 36 37 36 37 38 39 40 41 40 41 42 43 44 45 44 45 46 47 48 40
  • 41. Step4: 56 bits of key length is compressed to 48 bits. 60 52 44 36 28 20 12 4 62 54 46 38 30 22 14 6 64 56 48 40 32 24 16 8 57 49 41 33 25 17 19 1 59 51 43 35 27 19 11 3 61 53 45 37 29 21 13 5 63 55 47 39 31 23 15 7 Step5:48bits of key length and expansion of 48 bits as XORed and get 48 bits as output. Key-110000 Expansion-110000 Step6:48 bits of data is given to substitution box s1 to s8 and each block has 64 bits as input and yields 48 bits block as output i.e. 32 bits. Step7: pbox yields a 32 bits output and 32bits input by shifting the right and left the bits of the input blocks. Step8:32bits are XORed with left 32 bits. so, that total output is 64 bits. step9: The total procedure repeats till it completes 16 rounds. DECRYPTION: It is the reverse process of encryption. ENCRYPTION: It is the reverse process of decryption. 41
  • 42. SCOPE AND FUTURE DEVELOPMENT For the foreseeable future Triple DES is an excellent and reliable choice for the security needs of highly sensitive information. The AES will be at least as strong as Triple DES and probably much faster. It's the industry mandate from Visa and MasterCard that's requiring ATM deployers to upgrade and/or replace their legacy terminals. In a nutshell, it's all about three waves of encryption, and it's designed to make ATM transactions more secure. 42
  • 43. VHDL 1. Introduction VHDL stands for VHSIC (Very High Speed Integrated Circuits) Hardware Description Language. In the mid-1980‟s the U.S. Department of Defense and the IEEE sponsored the development of this hardware description language with the goal to develop very high-speed integrated circuit. It has become now one of industry‟s standard languages used to describe digital systems. The other widely used hardware description language is Verilog. Both are powerful languages that allow you to describe and simulate complex digital systems. A third HDL language is ABEL (Advanced Boolean Equation Language) which was specifically designed for Programmable Logic Devices (PLD). ABEL is less powerful than the other two languages and is less popular in industry. This tutorial deals with VHDL, as described by the IEEE standard 1076-1993. Although these languages look similar as conventional programming languages, there are some important differences. A hardware description language is inherently parallel, i.e. commands, which correspond to logic gates, are executed (computed) in parallel, as soon as a new input arrives. A HDL program mimics the behavior of a physical, usually digital, system. It also allows incorporation of timing specifications (gate delays) as well as to describe a system as an interconnection of different components. 2. Levels of representation and abstraction A digital system can be represented at different levels of abstraction [1]. This keeps the description and design of complex systems manageable. Figure 1 shows different levels of abstraction. 43
  • 44. Figure 1: Levels of abstraction: Behavioral, Structural and Physical The highest level of abstraction is the behavioral level that describes a system in terms of what it does (or how it behaves) rather than in terms of its components and interconnection between them. A behavioral description specifies the relationship between the input and output signals. This could be a Boolean expression or a more abstract description such as the Register Transfer or Algorithmic level. As an example, let us consider a simple circuit that warns car passengers when the door is open or the seatbelt is not used whenever the car key is inserted in the ignition lock At the behavioral level this could be expressed as, Warning = Igniti_on on AND ( Door _open OR Seatbelt_ off) The structural level, on the other hand, describes a system as a collection of gates and components that are interconnected to perform a desired function. A structural description could be compared to a schematic of interconnected logic gates. It is a representation that is usually closer to the physical realization of a system. For the example above, the structural representation is shown in Figure 2 below. Figure 2: Structural representation of a “buzzer” circuit. VHDL allows one to describe a digital system at the structural or the behavioral level. The behavioral level can be further divided into two kinds of styles: Data flow and 44
  • 45. Algorithmic. The dataflow representation describes how data moves through the system. This is typically done in terms of data flow between registers (Register Transfer level). The data flow model makes use of concurrent statements that are executed in parallel as soon as data arrives at the input. On the other hand, sequential statements are executed in the sequence that they are specified. VHDL allows both concurrent and sequential signal assignments that will determine the manner in which they are executed. Examples of both representations will be given later. 3. Basic Structure of a VHDL file A digital system in VHDL consists of a design entity that can contain other entities that are then considered components of the top-level entity. Each entity is modeled by an entity declaration and an architecture body. One can consider the entity declaration as the interface to the outside world that defines the input and output signals, while the architecture body contains the description of the entity and is composed of interconnected entities, processes and components, all operating concurrently, as schematically shown in Figure 3 below. In a typical design there will be many such entities connected together to perform the desired function. Figure 3: A VHDL entity consisting of an interface (entity declaration) and a body (architectural description). VHDL uses reserved keywords that cannot be used as signal names or identifiers. Keywords and user-defined identifiers are case insensitive. Lines with 45
  • 46. comments start with two adjacent hyphens (--) and will be ignored by the compiler. VHDL also ignores line breaks and extra spaces. VHDL is a strongly typed language which implies that one has always to declare the type of every object that can have a value, such as signals, constants and variables. a. Entity Declaration The entity declaration defines the NAME of the entity and lists the input and output ports. The general form is as follows, Entity NAME_OF_ENTITY is [generic generic_declarations);] Port (signal_names: mode type; signal_names: mode type; : signal_names: mode type); End [NAME_OF_ENTITY]; An entity always starts with the keyword entity, followed by its name and the keyword is. Next are the port declarations using the keyword port. An entity declaration always ends with the keyword end, optionally [] followed by the name of the entity. The NAME_OF_ENTITY is a user -selected identifier signal_names consists of a comma separated list of one or more user-selected identifiers that specify external interface signals. mode: is one of the reserved words to indicate the signal direction:  in – indicates that the signal is an input 46
  • 47.  out – indicates that the signal is an output of the entity whose value can only be read by other entities that use it.  buffer – indicates that the signal is an output of the entity whose value can be read inside the entity‟s architecture  inout – the signal can be an input or an output. type: a built-in or user-defined signal type. Examples of types are bit, bit_vector, Boolean, character, std_logic, and std_ulogic.  bit – can have the value 0 and 1  bit_vector – is a vector of bit values (e.g. bit_vector (0 to 7)  std_logic, std_ulogic, std_logic_vector, std_ulogic_vector: can have 9 values to indicate the value and strength of a signal. Std_ulogic and std_logic are preferred over the bit or bit_vector types.  boolean – can have the value TRUE and FALSE  integer – can have a range of integer values  real – can have a range of real values  character – any printing character  time – to indicate time generic: generic declarations are optional and determine the local constants used for timing and sizing (e.g. bus widths) the entity. A generic can have a default value. The syntax for a generic follows, Generic ( constant_name: type [:=value]; constant_name: type [:=value] ; : constant_name: type [:=value] ); 47
  • 48. The entity is called BUZZER and has three input ports, DOOR, IGNITION and SBELT and one output port, WARNING. Notice the use and placement of semicolons! The name BUZZER is an identifier. Inputs are denoted by the keyword in, and outputs by the keyword out. Since VHDL is a strongly typed language, each port has a defined type. In this case, we specified the std_logic type. This is the preferred type of digital signals. In contrast to the bit type that can only have the values „1‟ and „0‟, the std_logic and std_ulogic types can have nine values. This is important to describe a digital system accurately including the binary values 0 and 1, as well as the unknown value X, the uninitialized value U, “-” for don‟t care, Z for high impedance, and several symbols to indicate the signal strength (e.g. L for weak 0, H for weak 1, W for weak unknown - see section on Enumerated Types). The std_logic type is defined in the std_logic_1164 package of the IEEE library. The type defines the set of values an object can have. This has the advantage that it helps with the creation of models and helps reduce errors. For instance, if one tries to assign an illegal value to an object, the compiler will flag the error. b. Architecture body The architecture body specifies how the circuit operates and how it is implemented. As discussed earlier, an entity or circuit can be specified in a variety of ways, such as behavioral, structural (interconnected components), or a combination of the above. The architecture body looks as follows, Architecture architecture_name of NAME_OF_ENTITY is -- Declarations -- Components declarations -- signal declarations -- Constant declarations 48
  • 49. -- Function declarations -- Procedure declarations -- Type declarations : Begin -- Statements : End architecture_name; Behavioral model The header line of the architecture body defines the architecture name, e.g. behavioral, and associates it with the entity, BUZZER. The architecture name can be any legal identifier. The main bodies of the architecture starts with the keyword begin and give the Boolean expression of the function. We will see later that a behavioral model can be described in several other ways. The “<=” symbol represents an assignment operator and assigns the value of the expression on the right to the signal on the left. The architecture body ends with an end keyword followed by the architecture name. The statements in the body of the architecture make use of logic operators. Logic operators that are allowed are: and, or, nand, nor, xor, xnor and not. In addition, other types of operators including relational, shift, arithmetic are allowed as well (see section on Operators). For more information on behavioral modeling see section on Behavioral Modeling. 49
  • 50. Concurrency It is worth pointing out that the signal assignments in the above examples are concurrent statements. This implies that the statements are executed when one or more of the signals on the right hand side change their value (i.e. an event occurs on one of the signals). For instance, when the input A changes, the internal signals X and Y change values that in turn causes the last statement to update the output Z. There may be a propagation delay associated with this change. Digital systems are basically data-driven and an event which occurs on one signal will lead to an event on another signal, etc. The execution of the statements is determined by the flow of signal values. As a result, the order in which these statements are given does not matter (i.e., moving the statement for the output Z ahead of that for X and Y does not change the outcome). This is in contrast to conventional, software programs that execute the statements in a sequential or procedural manner. Structural description The circuit of Figure 2 can also be described using a structural model that specifies what gates are used and how they are interconnected. The following example illustrates it. Architecture structural of BUZZER is -- Declarations Component AND2 Port (in1, in2: in std_logic; out1: out std_logic); End component; Component OR2 Port (in1, in2: in std_logic; 50
  • 51. out1: out std_logic); End component; Component NOT1 Port (in1: in std_logic; out1: out std_logic); End component; -- Declaration of signals used to interconnect gates Signal DOOR_NOT, SBELT_NOT, B1, B2: std_logic; Begin -- Component instantiations statements U0: NOT1 port map (DOOR, DOOR_NOT); U1: NOT1 port map (SBELT, SBELT_NOT); U2: AND2 port map (IGNITION, DOOR_NOT, B1); U3: AND2 port map (IGNITION, SBELT_NOT, B2); U4: OR2 port map (B1, B2, WARNING); End structural; Following the header is the declarative part that gives the components (gates) that are going to be used in the description of the circuits. In our example, we use a two- input AND gate, two-input OR gate and an inverter. These gates have to be defined first, i.e. they will need an entity declaration and architecture body (as shown in the previous 51
  • 52. example). These can be stored in one of the packages one refers to in the header of the file (see Library and Packages below). The declarations for the components give the inputs (e.g. in1, in2) and the output (e.g. out1). Next, one has to define internal nets (signal names). In our example these signals are called DOOR_NOT, SBELT_NOT, B1, B2 (see Figure 2). Notice that one always has to declare the type of the signal. The statements after the begin keyword gives the instantiations of the components and describes how these are interconnected. A component instantiation statement creates a new level of hierarchy. Each line starts with an instance name (e.g. U0) followed by a colon and a component name and the keyword port map. This keyword defines how the components are connected. In the example above, this is done through positional association: DOOR corresponds to the input, in1 of the NOT1 gate and DOOR_NOT to the output. Similarly, for the AND2 gate where the first two signals (IGNITION and DOOR_NOT) correspond to the inputs in1 and in2, respectively, and the signal B1 to the output out1. An alternative way is to use explicit association between the ports, as shown below. Label: component-name port map (port1=>signal1, port2=> signal2,… port3=>signaln); U0: NOT1 port map (in1 => DOOR, out1 => DOOR_NOT); U1: NOT1 port map (in1 => SBELT, out1 => SBELT_NOT); U2: AND2 port map (in1 => IGNITION, in2 => DOOR_NOT, out1 => B1); U3: AND2 port map (in1 => IGNITION, in2 => SBELT_NOT, B2); U4: OR2 port map (in1 => B1, in2 => B2, out1 => WARNING); Notice that the order in which these statements are written has no bearing on the execution since these statements are concurrent and therefore executed in parallel. Indeed, the schematic that is described by these statements is the same independent of the order of the statements. 52
  • 53. Structural modeling of design lends itself to hierarchical design, in which one can define components of units that are used over and over again. Once these components are defined they can be used as blocks, cells or macros in a higher level entity. This can significantly reduce the complexity of large designs. Hierarchical design approaches are always preferred over flat designs. c. Library and Packages: library and use keywords A library can be considered as a place where the compiler stores information about a design project. A VHDL package is a file or module that contains declarations of commonly used objects, data type, component declarations, signal, procedures and functions that can be shared among different VHDL models. We mentioned earlier that std_logic is defined in the package ieee.std_logic_1164 in the ieee library. In order to use the std_logic one needs to specify the library and package. This is done at the beginning of the VHDL file using the library and the use keywords as follows: Library ieee ; use ieee.std_logic_1164.all; The .all extension indicates to use all ieee.std_logic_1164 packages. The Xilinx Foundation Express comes with several packages. ieee Library:  std_logic_1164 package: defines the standard datatypes.  std_logic_arith package: provides arithmetic, conversion and comparison functions for the signed, unsigned, integer, std_ulogic, std_logic and std_logic_vector types  std_logic_unsigned  std_logic_misc package: defines supplemental types, subtypes, constants and functions for the std_logic_1164 package. 53
  • 54. To use any of these one must include the library and use clause: library ieee; use ieee.std_logic_1164.all; use ieee.std_logic_arith.all; use ieee.std_logic_unsigned.all; In addition, the synopsis library has the attributes package: library SYNOPSYS; use SYNOPSYS.attributes.all; One can add other libraries and packages. The syntax to declare a package is as follows: -- Package declaration Package name_of_package is Package declarations End package name_of_package; -- Package body declarations package body name_of_package is Package body declarations End package body name_of_package; For instance, the basic functions of the AND2, OR2, NAND2, NOR2, XOR2, etc. components need to be defined before one can use them. 54
  • 55. 4. Lexical Elements of VHDL a. Identifiers Identifiers are user-defined words used to name objects in VHDL models. We have seen examples of identifiers for input and output signals as well as the name of a design entity and architecture body. When choosing an identifier one needs to follow these basic rules: May contain only alpha-numeric characters (A to Z, a to z, 0-9) and the underscore (_) character The first character must be a letter and the last one cannot be an underscore. An identifier cannot include two consecutive underscores. An identifier is c insensitive (ex. And2 and AND2 or and2 refer to the same object) ase An identifier can be of any length. Examples of valid identifiers are: X10, x_10, My_gate1. Some invalid identifiers are: _X10, my_gate@input, gate-input. The above identifiers are called basic identifiers. The rules for these basic identifiers are often too restrictive to indicate signals. For example, if one wants to indicate an active low signal such as an active low RESET, one cannot call it /RESET. In order to overcome these limitations, there are a set of extended identifier rules which allow identifiers with any sequence of characters. An extended identifier is enclosed by the backslash, “ character. ”, An extended identifier is case sensitive. An extended identifier is different from reserved words (keywords) or any basic identifier (e.g. the identifier identity is allowed) 55
  • 56. Insi e the two backslashes one can use any character in any order, except that a d backslash as part of an extended identifier must be indicated by an additional backslash. As an example, to use the identifier BUS:data, one writes: BUS:data Extended identif are allowed in the VHDL-93 version but not in VHDL-87 iers Some examples of legal identifiers are: Input, Input, input#1, Rstas b. Keywords (Reserved words) Certain identifiers are used by the system as keywords for special use such as specific constructs. These keywords cannot be used as identifiers for signals or objects we define. We have seen several of these reserved words already such as in, out, or, and, port, map, end, etc. Keywords are often printed in boldface, as is done in this tutorial. For a list of all the keywords click on complete keyword list. Extended identifiers can make use of keywords since these are considered different words (e.g. the extended identifier end is allowed. c. Numbers The default number representation is the decimal system. VHDL allows integer literals and real literals. Integer literals consist of whole numbers without a decimal point, while real literals always include a decimal point. Exponential notation is allowed using the letter “E” or “e”. For integer literals the exponent must always be positive. Examples are: Integer literals: 12 10 256E3 12e+6 Real literals: 1.2 256.24 3.14E-2 The number –12 is a combination of a negation operator and an integer literal. 56
  • 57. CONCLUSION As DES will run through 16 iterations to achieve its desired cipher text (final output).With Triple DES, it will Encrypt-Decrypt-Encrypt the block and a completely different output is generated with a final combination. It‟s said that the security is 192 bit encryption, but also argued that regardless of the keys, the security is only 168 bit. This debate is clearly beyond the scope of this article/writer. If you wish to participate with the scientists in their discussions, it‟s your humility at stake. It's a safe but that Triple DES is exponentially stronger than the previous DES. After that, AES may supplant Triple DES as the default algorithm on most systems if it lives up to its expectations. But Triple DES will be kept around for compatibility reasons for many years after that. So the useful lifetime of Triple DES is far from over, even with the AES near completion. 57