ECE 448 – FPGA and ASIC Design with VHDL George Mason University

ECE 448: Lab 2

Implementing Sequential Logic in VHDL

Part 1: Introduction to Experiment 2: Stream Cipher Trivium

Part 2: Example: Programmable LFSR-based Pseudorandom Number Generator

Part 3: Hands-on Session: Simulation using ModelSim

Agenda for today

Part 1

Introduction to Experiment 2Stream Cipher Trivium

Secret-Key Ciphers

key of Alice and Bob - KAB key of Alice and Bob - KAB

Alice Bob

Network

Encryption Decryption

Cipher

Message / Ciphertext

Ciphertext / Message

CryptographicKey

m bits

m bits

k bits

Encrypt/Decrypt

1 bit

Block vs. stream ciphers

Stream cipher

memoryBlock cipher

KK

M1, M2, …, Mn m1, m2, …, mn

C1, C2, …, Cn c1, c2, …, cn

Ci=fK(Mi) ci = fK(mi, mi-1, …, m2, m1)

Every block of ciphertext is a function of only one

corresponding block of plaintext

Every block of ciphertext is a function of the current and

all proceeding blocks of plaintext

Typical stream cipher

Sender Receiver

PseudorandomKeyGenerator

mi

plaintext

ci

ciphertext

kikeystream

Key - KInitialization Vector - IV

PseudorandomKeyGenerator

mi

plaintext

ci

ciphertext

ki keystream

Key - K InitializationVector - IV

Example

ci = mi ki

mi

ki

ci

011101101010010101101011101110111011010111011010101011011111111000011

messagekeystreamciphertext

mi = ci ki

ci

ki

mi

101010110111111110000111101110111011010111011001110110101001010110101

ciphertextkeystreammessage

Common Building Blocks ofPseudorandom Key Generators

• Linear Feedback Shift Register (LFSR)

• Non-linear Feedback Shift Register (NFSR)

LFSR = Linear Feedback Shift Register Example of a simple 5-stage LFSR

si si+1 si+2 si+3 si+4 si+5

si+5 = si + si+1 + si+3

+ is used to denote XOR

Notation:

1 register stage = D flip-flop

NFSR = Non-Linear Feedback Shift Register Example of a simple 5-stage NFSR

bi bi+1 bi+2 bi+3 bi+4 bi+5

bi+5 = bibi+1 + bi+3

+ is used to denote XORbmbn is used to denote bm AND bn

eSTREAM - Contest for a new stream cipher standard, 2004-2008

PROFILE 1• Stream cipher suitable for software implementations optimized for high speed• Minimum key size - 128 bits• Initialization vector – 64 bits or 128 bits

PROFILE 2

• Stream cipher suitable for hardware implementations with limited memory, number of gates, or power supply• Minimum key size - 80 bits• Initialization vector – 32 bits or 64 bits

One of the 3 winners of the contest 80 Bit Key and IV Hardware Oriented Very simple (“trivial”) internal structure Parallelizable up to 64 bits/clock cycle

Trivium Stream Cipher

Trivium – Internal Structure

t3

t2

t1

s91s92

s171

s175s176

s264

s286s287s69

Shift Register

AND

XOR

u3

u1

u2

Pseudocode of the Keystream Generation

for i = 1 to N do t1 ← s66 + s93 t2 ← s162 + s177 t3 ← s243 + s288 zi ← t1 + t2 + t3 u1 ← t1 + s91 · s92 + s171 u2 ← t2 + s175 · s176 + s264 u3 ← t3 + s286 · s287 + s69 (s1, s2, ... , s93) ← (u3, s1, ... , s92) (s94, s95, ... , s177) ← (u1, s94 , ... , s176) (s178, s279 , ... , s288) ← (u2, s178 , ... , s287)end for

Initialization

• Key is placed in registers s1-s80• IV is placed in registers s94-174• Remaining bits are 0 except for 286-288

which are 1• Run for 4 complete cycles discarding

keystream

Pseudocode of the Initialization

Requested Interface & Control Unit

Extra Credit

Parallelized Architecture of Trivium

Parallelization of Trivium

Approach:• Duplicate logic in feedback loops

(XOR and AND gates)• Shift by two (or more) positions per clock cycle

Goal:• Encrypt two (or more) bits of a message per clock

cycle• Requires generating two (or more) bits of the

corresponding keystream per clock cycle

Pseudocode of the Keystream Generationin a parallelized version of Trivium

A 2-bit output per clock cyclefor i = 1 to N/2 dot1 <- s66 + s93 t2 <- s162 + s177t3 <- s243 + s288

t1_1 <- s65 + s92 t2_1 <- s161 + s176t3_1 <- s242 + s287

zi <- (t1 + t2 + t3) || (t1_1 + t2_1 + t3_1)

u1 <- t1 + s91 + s92 + s171u2 <- t1 + s175 + s176 + s264u3 <- t1 + s286 + s287 + s69

u1_1 <- t1_1 + s90 + s91 + s170u2_1 <- t2_1 + s174 + s175 + s263u3_1 <- t3_1 + s285 + s286 + s68

(s1,s2,...,s93) <- (u3_1,u3,s1,...,s91) (s94,s95,...,s177) <- (u1_1,u1,s94,...,s175) (s178,s279,...,s288) <- (u2_1,u2,s178,...,s286) end for

Part 2Example:

Programmable LFSR-based Pseudorandom

Number Generator

c0c1cL-2cL-1

sin

Current_state

LFSR with the Programmable Feedback Logic

See source codes available on the lab web page

Part 3

Hands-on Sessionon Simulation using ModelSim