TCDG
VHDL & Verilog Synthesizable model of the Data Encryption Standard (DES)
DISTINCTIVE CHARACTERISTICS
High Performance
16 clock cycles for a complete DES encryption or decryption Simple interface with a start/done handshake No external logic necessary
Target Technology
FPGA ASIC Gate Array ....
Compatibility
Based on the FIPS PUB 44-2 specification ANSI X3.92, ANSI X3.106 Suitable for triple DES implementations Suitable for electronic code block (ECB), cipher block coding (CBC), cipher feedback (CFB) and output feedback (OFB) implementations
Typical application
Data files protection on any media (hard disk, CDROM, EEPROM,...) Access authentification Smart card applications Internet & Intranet communication protection Space telecommunication Banking applications Private informations protections
01101100 11111010 00110110 10110100 00001110 00110001 10111000 11011100 01010011 11101001 01000000 11110110 10101011 11000010 00010101 00100011 00000110 10101001 00011001 10000011 10000001 11111110 10000010 10001010 01010111 10001000 10001001 01100111 01001001 00010011 01001101 10000001 10011001 01011011 00111110 10100000 10000100 10111000
11010101000111101100 10011111000110100110 01111110101100110110 10111101110111001000 10000001010100000110 00011010010110110101 11001010111000000110 10110000100000100010 00000101010000011001 10011000111101000110 01001000000101010100 10101010011111111101 key(63:0) 11110101010111000101 1 1 1 0 1 1 0 0 0 1 0 0 1 0 1TCDG 10101 10100110011110111101 d(63:0) 00110110101100010000 11001000000110100101 0 0 0 0 0 1 1 0 start 011000111101 10110101100101001000 0 0 0 0 0 1 1 0 crypt 101010011111 0 0 1 0 0 0 1 0 clk 010011110101 00011001111101100111 0 1 0 0 0 1 1 0 nreset 110011011111 01010100001101100010 11111101001101011011 11000101111110000000 10110101011000111011 10111101111101101000 00010000000011010000 10100101110011001000 00111101000110110011 01001000000110101000 10011111111101001101 11110101010001111011 01100111110000110001 11011111000100100000 01100010011101100000 01011011010010011010
01001011 01111011 10110001 00011010 01100011 10010100 10101001 01001111 11110110 11001101 00110110 00110101 q(63:0) 11111000 01100011 11110110 00001101 11001100 000 11011 done 00011010 11110100 01000111 11000011 00010010 01110110 01001001 11111010 01010011 10110111 11101010 00011101 01111100 10011100 01101101 00010010 01001111 00100100 11001100 10001001
01 11 00 01 11 10 11 01 01 11 00 10 00 10 10 00 10 00 10 11 10 00 00 00 10 10 01 00 11 00 01 01 00 11 10 00 00 11
01011000 01111101 00000011 01110011 01000110 00000110 11111101 01010001 11110000 11000100 10011101 11010010 00111110 11010100 00101101 00111010 00000111 11011111 00100111 01011011 11000100 01010011 00001001 00110011 10100010 10101011 01111111 10010110 10000111 00111111 00100000 01111000 10011001 01010110 00001100 11000011 01001110 00010111
1110110101 0011010111 11111011 01 1010001011 0111001001 01101010 00 0100001110 1010111000 01110111 00 0010000001 1101000011 11111010 01 1100110111 1100010010 00000010 01 1010001001 1100010111 10000111 10 0011010110 1101001001 10011001 10 1110110001 0010110101 01100011 10 1100010100 1111100000 11001001 11 1000000010 0100001100 00111111 10 1000001100 1100000100 11101110 10 0110101000 1001110001 01111000 01 1010101010 1100010001 01101100 01 1101011111 1110110100 11111010 11 1100100101 1010100010 00110110 01 1011100001 1101110001 10110100 00 0100001111 11101001000 0001110 10 0001001000 0000100100 00110001 10 0001011110 0001111010 10111000 10 0100100110 0110011011 11011100 10 1011010101 1000111011 01010011 01 111 0000011 0010011111 11101001 11 0000110000 1111111010 01000000 11 0000010011 1011101001 11110110 10 0111000101 1110000111 10101011 10 0001000101 1011000110 11000010 00 1011010011 1110101100 00010101 00 1010001000 1101100101 00100011 01 011100011011010000100000011001 1010010000 0011101000 10101001 10 0010010000 1100011010 00011001 01 0111101010 1110001000 10000011 11 1001101111 0111001000 10000001 10 00111011010 100110101 11111110 11 1001111111 1010011110 10000010 01 1111101001 0000001110 10001010 10 1110100111 1101101010 01010111 00 1000011110 1010111000 10001000 00
00 10 01 00 00 10 11 11 11 10 01 11 10 00 01 10 00 10 00 00 01 10 10 10 00 00 00 11 01 00 00 11 00 01 10 01 10 11
GENERAL DESCRIPTION
The Data Encryption Standard (DES) algorithm, adopted by the U.S. government in 1977, is a block cipher that transforms 64-bit data blocks under a 56-bit secret key, by means of permutation and substitution. It is officially described in FIPS PUB 46. The DES algorithm is used for many applications within the government and in the private sector. In general, cryptography is used to protect data while it is being communicated between two points or while it is stored on a medium vulnerable to physical theft. Communication security provides protection to data by enciphering it at the transmitting point and deciphering it at the receiving point. File security proceeds protection to data by enciphering it when it is recorded on a storage medium and deciphering it when it is read back from the storage medium. In the first case, the key must be available at the transmitter and receiver simultaneously during communication. In the second case, the key must be maintained and accessible for the duration of the storage period. Key A key consists of 64 binary digits ("0"s or "1"s) of which 56 bits are randomly generated and used directly by the algorithm. The other 8 bits, which are not used by the algorithm may be used for error detection if they are interpreted as parity bits. The TCDG modules doesnt use these bits at all. When these parity bit are used, they must be set to make the parity of each 8-bit byte of the key odd. The user must have the key that was used to encipher the data in order to decrypt it. Use of a different key causes the cipher that is produced for any given set of inputs to be different. The encryption algorithm specified for the DES is commonly known among those using the standard. The cryptographic security of the data depends on the security provided for the key used to encipher and decipher the data.
Qualification
The cryptographic DES algorithm transforms a 64-bit binary value into a unique 64-bit binary value based on a 56-bit variable. If the complete 64-bit input is used and if the 56-bit variable is randomly chose, no technique other than trying all possible keys using known input and output for the DES will guarantee finding the chosen key. As these are over 70,000,000,000,000,000 (seventy quadrillion) possible keys of 56 bits, the feasibility of deriving a particular key in this way is extremely unlikely in typical threat environments. Moreover, if the key is changed frequently, the risk of this event is greatly diminished. If improved security level are needed by your application, the Triple DES algorithm may be used. This algorithm, based on the DES uses three independents key (leading to 168-bit key) to cipher the data. Products implemented the Triple DES algorithm are also available by Tetraedre.
Patents
Data input The DES algorithm can crypt or decrypt any data (either text, numbers) expressed in 64 binary digits words. The input is processed in blocks. Therefore, this algorithm can be used to protect any kind of documents, like pictures, private data, bank account number, confidential documents, ... Cryptographic devices implementing this standard may be covered by U.S. and foreign patents issued to the International Business Machines Corporation. However, IBM has granted nonexclusive, royalty-free licenses under the patents to make, use and sell apparatus which complies with this standard. The VHDL and Verilog modules, TCDG products, are protected by copyrights and belong to Tetraedre Sarl, Switzerland. These modules can be used only by signing a license agreement with Tetraedre Sarl.
Data output Data can be recovered from cipher only by using exactly the same key used to encipher it. Unauthorized recipients of the cipher who know the algorithm but do not have the correct key cannot derive the original data algorithmically. However, anyone who does have the key can decipher the cipher and obtain the original data.
TCDG
2/9
LOGIC SYMBOL
PIN CONFIGURATION
q(63:0)
key(63:0) d(63:0)
key input data input result output conversion start crypt/decrypt mode selection conversion done flag clock input asynchronous reset
done
Block diagram
d Initial Permutation
clk
nreset crypt start done Control state machine
Expansion
key
subkey generator
XOR S Boxes
TCDG
3/9
OPERATING MODES
The TCDG module is a very easy to use component. The data to be encrypted or decrypted is applied to the d input, the appropriate operation mode is selected by setting crypt in the right state. Then, to start the conversion, the start signal is asserted. Once the conversion is finished, the done signal is asserted. The result can be read on the q output pin. The word "conversion" is used hereafter to indicate either an encryption or a decryption. The choice of the operation is selected by the crypt pin, as explained below. Since the design is completely synchronous, no clock signals are generated and no gated clock are used inside this component. So the interface between the DES module and your application is very easy to implement.
crypt
This signal indicates if the data at the input must be encrypted (crypt=1) or decrypted (crypt=0). This signal is sampled in an internal register at clks rising edge when the conversion starts. This output indicates (at 1) when the result has been calculated. This signal remains at one as long as no START signal is asserted. Clock signal. This signal is an asynchronous reset signal
done
clk nreset
(low active).
d(63:0)
q(63:0)
start
10
11
12
13
14
15
16
TCDG
4/9
TCDG
5/9
SIMULATION INFORMATION
The DES module, TCDG, is delivered with a HDL testbench (either VHDL or Verilog). This testbench is composed of several hundreds encryption and decryption calculations. The test vectors define the input parameters (d, key, crypt) and also the expected output of the block. The value generated by the DES module is compared with the expected value. If they dont match, the "erreur" signal is asserted (high) and an error message is displayed on see note 1 . The "erreur" signal the simulators standard output is negated at the beginning of the simulation and remains low as long as no error is detected. At the end of the simulation, a message is displayed see note 1 . indicating if the complete test failed or if it succeed This message has a severity of type "error" if the test failed and a severity of type "note" if it succeeded. Dont forget to enable the display of these type of message for a proper simulation. The DES component and all its sub-blocks are described in a single file: TCDG.V or TCDG.VHD. The testbench is
completely described in the TCDG_BENCH.V or TCDG_BENCH.VHD file. This file must be compiled AFTER the other file since it has the highest level of hierarchy. The figure 2 shows this hierarchy.
vlib work
Compilation:
tcdg component
subkey component
1 This feature is only available for the VHDL description. For the Verilog model, the value of the "erreur" signal must be tested at the end of the simulation.
TCDG
6/9
Validation
The TCDG module is validated using test vectors. These vectors are composed of input parameters and an expected result. This expected result is automatically compared with the result of the TCDG operation. The data input and expected results for these testbenches are taken from the following sources: The ANSI X3.106 specification The ANSI X9.52 specification Some vectors have been calculated using shareware using the DES algorithm. Some vectors have been calculated with the C++ description of the DES function.
In addition, the different permutation tables and the S-Box are formally compared with the one in the ANSI specification.
TCDG
7/9
SYNTHESIS INFORMATION
Architecture
The DES has nine sub-blocks: "subkey" and "subs_1" to "subs_8". All the sub-blocks are completely combinatorial. The DES component and all its sub-blocks are grouped in the same file. The synthesis can be made directly on the top module by loading the TCDG.V or TCDG.VHD file. The subkey module is solely composed of multiplexers. Thus flattening this component will not modify drastically the result in term of area or speed. The subs (S-Box permutation) are mainly look-up tables. Due to the specificity of the DES algorithm (pseudorandom permutations), the S-Box cannot be very well optimized. The internal architecture of the DES is mainly composed of multiplexers, XOR gated and the substitution boxes. The control logic is very simple . The easiest way to synthesize this component is to define a clock, set the correct input and output constraints regarding your designs constraints and to optimize the block (see "synthesis script" below) The DES specification uses only a 56-bit key, but for most applications, a 64-bit key is provided. The 8 unused bits are often treated as parity control bit. In this HDL description, the key input is 64-bit wide therefrom 8 inputs are unused. These unused inputs will be notified by the synthesizer.
Synthesis
The following commands provide you an example of constraints to synthesize the TCDG module with your Synthesizer. synthesis script (for Synplicity Tools):
define_clock clk -freq 30.0 define_input_delay {k[63:0]} define_input_delay {d[63:0]} define_input_delay start define_input_delay crypt define_input_delay nreset -1000 10 7 5 -1000
*The number of sequential cells given by the synthesizer is bigger here than the number of necessary flip-flops because of fan-out constraints. (Results given by Synplicity Tools).
tcdg_bench component
tcdg component
subkey component
MUST BE SYNTHETISED
Figure 3. Design hierachy and synthesis
TCDG
8/9
ORDERING INFORMATION
Device Number
TCDG VHDL
TCDG Verilog
Copyright 1999 TETRAEDRE S.A.R.L All rights are reserved. Reproduction whole or in part is prohibited without the prior written consent of the copyright owner. The information presented in this document does not form part of any quotation or contract, is believed to be accurate and reliable and may be changed without notice. No liability will be accepted by the publisher for any consequence of its use. Printed in Switzerland
TCDG
9/9