Final

TCDG
VHDL & Verilog Synthesizable model of the Data Encryption Standard (DES)
DISTINCTIVE CHARACTERISTICS
High Performance
16 clock cycles for a complete DES encryption or decryption Simple interface with a start/done handshake No external logic necessary

Target Technology
FPGA ASIC Gate Array ....

Compatibility
Based on the FIPS PUB 44-2 specification ANSI X3.92, ANSI X3.106 Suitable for triple DES implementations Suitable for electronic code block (ECB), cipher block coding (CBC), cipher feedback (CFB) and output feedback (OFB) implementations

Typical application
Data files protection on any media (hard disk, CDROM, EEPROM,...) Access authentification Smart card applications Internet & Intranet communication protection Space telecommunication Banking applications Private informations protections

Description language & Synthesis caracteristics

Available in VHDL and Verilog Described for both synthesis and simulation Fully Synchronous design Low gate count High clock speed Test bench provided
0110110000 1100000101 0101001000 0010000001 1000101010 1010000110 1000100000 1000100000 0101111111 1110100000 1110100010 1010010101 1000100010 0000100010 0000011001 0111010010 0101000100 1000010011 0100100000 1111100110 1000010110 1101001111 0110101000 1001100001 0010101110 0011111110 0011110101 1101100111 0100011111 1001101111 0100100000 1101000110 0101110010 0001101100 1011000001 0001100110 1101010010 0001101010 10000010 01000001 11011101 10010100 01100001 01010010 11111110 01100001 10110100 10011010 10100110 11001010 00001111 01001111 11110110 01010001 11100110 01010010 01110100 01010111 11000110 10101100 00000110 00110101 00000110 01111111 01000111 11000110 10101100 01110111 01010100 10010110 10111000 00100000 01010000 00111101 00000101 10011111 00 10 00 01 00 00 01 01 11 10 00 11 11 01 01 11 11 00 01 00 11 00 01 00 10 11 10 10 11 00 00 11 00 10 01 00 01 11 10010011 01111101 10010100 00111001 11010100 00011101 10010101 10110001 11101011 00000001 01001101 10000001 10011111 01010001 11110001 11101011 11011101 00010101 10100101 10101110 00001000 01010100 10001111 10000001 10100111 01010101 11000100 01100111 01101011 10000001 01100110 01011001 01101010 00100100 10011111 01101100 01000011 11010011

Complete product range

See TETRAEDREs products portofolio for availability of low-power, full-scan products. As well as for C (C++) source files and Triple DES modules.

01101100 11111010 00110110 10110100 00001110 00110001 10111000 11011100 01010011 11101001 01000000 11110110 10101011 11000010 00010101 00100011 00000110 10101001 00011001 10000011 10000001 11111110 10000010 10001010 01010111 10001000 10001001 01100111 01001001 00010011 01001101 10000001 10011001 01011011 00111110 10100000 10000100 10111000

11010101000111101100 10011111000110100110 01111110101100110110 10111101110111001000 10000001010100000110 00011010010110110101 11001010111000000110 10110000100000100010 00000101010000011001 10011000111101000110 01001000000101010100 10101010011111111101 key(63:0) 11110101010111000101 1 1 1 0 1 1 0 0 0 1 0 0 1 0 1TCDG 10101 10100110011110111101 d(63:0) 00110110101100010000 11001000000110100101 0 0 0 0 0 1 1 0 start 011000111101 10110101100101001000 0 0 0 0 0 1 1 0 crypt 101010011111 0 0 1 0 0 0 1 0 clk 010011110101 00011001111101100111 0 1 0 0 0 1 1 0 nreset 110011011111 01010100001101100010 11111101001101011011 11000101111110000000 10110101011000111011 10111101111101101000 00010000000011010000 10100101110011001000 00111101000110110011 01001000000110101000 10011111111101001101 11110101010001111011 01100111110000110001 11011111000100100000 01100010011101100000 01011011010010011010

01001011 01111011 10110001 00011010 01100011 10010100 10101001 01001111 11110110 11001101 00110110 00110101 q(63:0) 11111000 01100011 11110110 00001101 11001100 000 11011 done 00011010 11110100 01000111 11000011 00010010 01110110 01001001 11111010 01010011 10110111 11101010 00011101 01111100 10011100 01101101 00010010 01001111 00100100 11001100 10001001

01 11 00 01 11 10 11 01 01 11 00 10 00 10 10 00 10 00 10 11 10 00 00 00 10 10 01 00 11 00 01 01 00 11 10 00 00 11

01011000 01111101 00000011 01110011 01000110 00000110 11111101 01010001 11110000 11000100 10011101 11010010 00111110 11010100 00101101 00111010 00000111 11011111 00100111 01011011 11000100 01010011 00001001 00110011 10100010 10101011 01111111 10010110 10000111 00111111 00100000 01111000 10011001 01010110 00001100 11000011 01001110 00010111

1110110101 0011010111 11111011 01 1010001011 0111001001 01101010 00 0100001110 1010111000 01110111 00 0010000001 1101000011 11111010 01 1100110111 1100010010 00000010 01 1010001001 1100010111 10000111 10 0011010110 1101001001 10011001 10 1110110001 0010110101 01100011 10 1100010100 1111100000 11001001 11 1000000010 0100001100 00111111 10 1000001100 1100000100 11101110 10 0110101000 1001110001 01111000 01 1010101010 1100010001 01101100 01 1101011111 1110110100 11111010 11 1100100101 1010100010 00110110 01 1011100001 1101110001 10110100 00 0100001111 11101001000 0001110 10 0001001000 0000100100 00110001 10 0001011110 0001111010 10111000 10 0100100110 0110011011 11011100 10 1011010101 1000111011 01010011 01 111 0000011 0010011111 11101001 11 0000110000 1111111010 01000000 11 0000010011 1011101001 11110110 10 0111000101 1110000111 10101011 10 0001000101 1011000110 11000010 00 1011010011 1110101100 00010101 00 1010001000 1101100101 00100011 01 011100011011010000100000011001 1010010000 0011101000 10101001 10 0010010000 1100011010 00011001 01 0111101010 1110001000 10000011 11 1001101111 0111001000 10000001 10 00111011010 100110101 11111110 11 1001111111 1010011110 10000010 01 1111101001 0000001110 10001010 10 1110100111 1101101010 01010111 00 1000011110 1010111000 10001000 00

00 10 01 00 00 10 11 11 11 10 01 11 10 00 01 10 00 10 00 00 01 10 10 10 00 00 00 11 01 00 00 11 00 01 10 01 10 11

Version : 1.0 Printing date : 10/09/99

GENERAL DESCRIPTION
The Data Encryption Standard (DES) algorithm, adopted by the U.S. government in 1977, is a block cipher that transforms 64-bit data blocks under a 56-bit secret key, by means of permutation and substitution. It is officially described in FIPS PUB 46. The DES algorithm is used for many applications within the government and in the private sector. In general, cryptography is used to protect data while it is being communicated between two points or while it is stored on a medium vulnerable to physical theft. Communication security provides protection to data by enciphering it at the transmitting point and deciphering it at the receiving point. File security proceeds protection to data by enciphering it when it is recorded on a storage medium and deciphering it when it is read back from the storage medium. In the first case, the key must be available at the transmitter and receiver simultaneously during communication. In the second case, the key must be maintained and accessible for the duration of the storage period. Key A key consists of 64 binary digits ("0"s or "1"s) of which 56 bits are randomly generated and used directly by the algorithm. The other 8 bits, which are not used by the algorithm may be used for error detection if they are interpreted as parity bits. The TCDG modules doesnt use these bits at all. When these parity bit are used, they must be set to make the parity of each 8-bit byte of the key odd. The user must have the key that was used to encipher the data in order to decrypt it. Use of a different key causes the cipher that is produced for any given set of inputs to be different. The encryption algorithm specified for the DES is commonly known among those using the standard. The cryptographic security of the data depends on the security provided for the key used to encipher and decipher the data.

Qualification
The cryptographic DES algorithm transforms a 64-bit binary value into a unique 64-bit binary value based on a 56-bit variable. If the complete 64-bit input is used and if the 56-bit variable is randomly chose, no technique other than trying all possible keys using known input and output for the DES will guarantee finding the chosen key. As these are over 70,000,000,000,000,000 (seventy quadrillion) possible keys of 56 bits, the feasibility of deriving a particular key in this way is extremely unlikely in typical threat environments. Moreover, if the key is changed frequently, the risk of this event is greatly diminished. If improved security level are needed by your application, the Triple DES algorithm may be used. This algorithm, based on the DES uses three independents key (leading to 168-bit key) to cipher the data. Products implemented the Triple DES algorithm are also available by Tetraedre.

Export control and restrictions

In the United States of America, cryptographic devices and technical data regarding them are subject to U.S. Federal Government export controls (Code of Federal Regulations). Some export of cryptographic modules implementing this standard and technical data regarding them must comply with these regulations and be licensed by the U.S. Department of State or by the Bureau of Export Administration of the U.S. Department of Commerce. This product is not suitable for life support equipment.

Patents
Data input The DES algorithm can crypt or decrypt any data (either text, numbers) expressed in 64 binary digits words. The input is processed in blocks. Therefore, this algorithm can be used to protect any kind of documents, like pictures, private data, bank account number, confidential documents, ... Cryptographic devices implementing this standard may be covered by U.S. and foreign patents issued to the International Business Machines Corporation. However, IBM has granted nonexclusive, royalty-free licenses under the patents to make, use and sell apparatus which complies with this standard. The VHDL and Verilog modules, TCDG products, are protected by copyrights and belong to Tetraedre Sarl, Switzerland. These modules can be used only by signing a license agreement with Tetraedre Sarl.

Data output Data can be recovered from cipher only by using exactly the same key used to encipher it. Unauthorized recipients of the cipher who know the algorithm but do not have the correct key cannot derive the original data algorithmically. However, anyone who does have the key can decipher the cipher and obtain the original data.

TCDG

2/9

LOGIC SYMBOL

PIN CONFIGURATION

key(63:0) TCDG d(63:0) start crypt clk nreset

q(63:0)

key(63:0) d(63:0)

key input data input result output conversion start crypt/decrypt mode selection conversion done flag clock input asynchronous reset

done

q(63:0) start crypt done clk nreset

Block diagram

d Initial Permutation

clk
nreset crypt start done Control state machine

Expansion

key

subkey generator

XOR S Boxes

XOR Left Register Left Register

Inverse Initial Permutation

TCDG

3/9

OPERATING MODES
The TCDG module is a very easy to use component. The data to be encrypted or decrypted is applied to the d input, the appropriate operation mode is selected by setting crypt in the right state. Then, to start the conversion, the start signal is asserted. Once the conversion is finished, the done signal is asserted. The result can be read on the q output pin. The word "conversion" is used hereafter to indicate either an encryption or a decryption. The choice of the operation is selected by the crypt pin, as explained below. Since the design is completely synchronous, no clock signals are generated and no gated clock are used inside this component. So the interface between the DES module and your application is very easy to implement.

crypt

This signal indicates if the data at the input must be encrypted (crypt=1) or decrypted (crypt=0). This signal is sampled in an internal register at clks rising edge when the conversion starts. This output indicates (at 1) when the result has been calculated. This signal remains at one as long as no START signal is asserted. Clock signal. This signal is an asynchronous reset signal

done

clk nreset
(low active).

Conversion timing diagram Pinout description key(63:0)

This 64-bit wide bus represents the key of the DES encryption or decryption. The key input must remain stable during the complete conversion. The key must not change until the result has been stored since the output depends directly on the key value. This 64-bits input represents the data which must be encrypted or decrypted. The data is sampled in internal registers at clks rising edge at the conversions start. This 64-bits output represents the result of the calculation. This signal can be sampled by your application at clks rising edge, when done is asserted (high). The result appears on the output line simultaneously with the done signal. This signal indicates to the internal state machine to start a conversion. The conversion starts at clks rising edge after start has changed from 0 to 1. The start signal is internally synchronized with the clock. The figure 1 shows the timing diagram of a conversion. Since the data (d) and crypt inputs are sampled at the start of the conversion, the can change after the start. The key input is not sampled inside the component so modifying the key will change the result, even after the conversion ended. The start signal starts the conversion. done is asserted 15 clock cycles after start has been negated. The result remains stable as long as no START occurs and as long as the input remains stable.

d(63:0)

q(63:0)

start

10

11

12

13

14

15

16

ck key d, crypt start done q

valid result

Figure 1. Conversion timing

TCDG

4/9

Alternative modes of using the DES

Four different modes for using the algorithm have been described in several standard (for example FIPS PUB 81). The four modes are called the Electronic Codebook (ECB) mode, the Cipher Block Chaining (CBC) mode, the Cipher Feedback (CFB) mode and the Output Feedback (OFB) mode. ECB is a direct application of DES algorithm to encrypt and decrypt data. CBC is an enhanced mode of ECB which chains together blocks of cipher text. CFB uses previously generated cipher text as input to the DES to generate pseudorandom outputs which are combined with the plaintext to produce cipher, thereby chaining together the resulting cipher. OFB is identical to CFB except that the previous output of the DES is used as input in OFB while the previous cipher is used as input in CFB. OFB does not chain the cipher.

TCDG

5/9

SIMULATION INFORMATION
The DES module, TCDG, is delivered with a HDL testbench (either VHDL or Verilog). This testbench is composed of several hundreds encryption and decryption calculations. The test vectors define the input parameters (d, key, crypt) and also the expected output of the block. The value generated by the DES module is compared with the expected value. If they dont match, the "erreur" signal is asserted (high) and an error message is displayed on see note 1 . The "erreur" signal the simulators standard output is negated at the beginning of the simulation and remains low as long as no error is detected. At the end of the simulation, a message is displayed see note 1 . indicating if the complete test failed or if it succeed This message has a severity of type "error" if the test failed and a severity of type "note" if it succeeded. Dont forget to enable the display of these type of message for a proper simulation. The DES component and all its sub-blocks are described in a single file: TCDG.V or TCDG.VHD. The testbench is

completely described in the TCDG_BENCH.V or TCDG_BENCH.VHD file. This file must be compiled AFTER the other file since it has the highest level of hierarchy. The figure 2 shows this hierarchy.

Compilation and Simulation script

The following commands are for Mentor ModelSim Tools Library creation:

vlib work
Compilation:

vcom -work work -explicit tcdg.vhd

Compilation of the test bench:

vcom -work work -explicit tcdg_bench.vhd

Simulation:

vsim -lib work tcdg_bench

tcdg_bench component tcdg_bench.v, tcdg_bench.vhd files

tcdg component

subkey component

subs_8 subs_7 subs_6 subs_5 subs_4 subs_3 subs_2 subs_1 component

tcdg.v, tcdg.vhd files

Figure 2. HDL files and design hierachy

1 This feature is only available for the VHDL description. For the Verilog model, the value of the "erreur" signal must be tested at the end of the simulation.

TCDG

6/9

Validation
The TCDG module is validated using test vectors. These vectors are composed of input parameters and an expected result. This expected result is automatically compared with the result of the TCDG operation. The data input and expected results for these testbenches are taken from the following sources: The ANSI X3.106 specification The ANSI X9.52 specification Some vectors have been calculated using shareware using the DES algorithm. Some vectors have been calculated with the C++ description of the DES function.

In addition, the different permutation tables and the S-Box are formally compared with the one in the ANSI specification.

TCDG

7/9

SYNTHESIS INFORMATION
Architecture
The DES has nine sub-blocks: "subkey" and "subs_1" to "subs_8". All the sub-blocks are completely combinatorial. The DES component and all its sub-blocks are grouped in the same file. The synthesis can be made directly on the top module by loading the TCDG.V or TCDG.VHD file. The subkey module is solely composed of multiplexers. Thus flattening this component will not modify drastically the result in term of area or speed. The subs (S-Box permutation) are mainly look-up tables. Due to the specificity of the DES algorithm (pseudorandom permutations), the S-Box cannot be very well optimized. The internal architecture of the DES is mainly composed of multiplexers, XOR gated and the substitution boxes. The control logic is very simple . The easiest way to synthesize this component is to define a clock, set the correct input and output constraints regarding your designs constraints and to optimize the block (see "synthesis script" below) The DES specification uses only a 56-bit key, but for most applications, a 64-bit key is provided. The 8 unused bits are often treated as parity control bit. In this HDL description, the key input is 64-bit wide therefrom 8 inputs are unused. These unused inputs will be notified by the synthesizer.

Synthesis
The following commands provide you an example of constraints to synthesize the TCDG module with your Synthesizer. synthesis script (for Synplicity Tools):

define_clock clk -freq 30.0 define_input_delay {k[63:0]} define_input_delay {d[63:0]} define_input_delay start define_input_delay crypt define_input_delay nreset -1000 10 7 5 -1000

define_output_delay done 15 define_output_delay {q[63:0]} 5

synthesis result on FPGA Actel A54SX32-1: Estimated frequency: IO number: Sequential cells: Combinatorial cells: 31 MHz 187 163* 886

*The number of sequential cells given by the synthesizer is bigger here than the number of necessary flip-flops because of fan-out constraints. (Results given by Synplicity Tools).

tcdg_bench component

MUST NOT BE SYNTHETISED

tcdg component

subkey component

subs_8 subs_7 subs_6 subs_5 subs_4 subs_3 subs_2 subs_1 component

MUST BE SYNTHETISED
Figure 3. Design hierachy and synthesis

TCDG

8/9

ORDERING INFORMATION

Worldwide Sales Offices

Tetraedre Sarl Chenes 19 2072 Saint-Blaise Switzerland

e-mail: web: phone: fax:

sales@tetraedre.com www.tetraedre.com +41 79 402 25 39 +41 86 079 402 25 39

Device Number

TCDG VHDL

VHDL description of the DES, including functional test bench.

TCDG Verilog

Verilog description of the DES, including functional test bench.

Copyright 1999 TETRAEDRE S.A.R.L All rights are reserved. Reproduction whole or in part is prohibited without the prior written consent of the copyright owner. The information presented in this document does not form part of any quotation or contract, is believed to be accurate and reliable and may be changed without notice. No liability will be accepted by the publisher for any consequence of its use. Printed in Switzerland

TCDG

9/9