Académique Documents
Professionnel Documents
Culture Documents
Stream ciphers based on Quasi Cyclic Low Density Parity Check (QC-LDPC)
code is a good option to reduce hardware complexity of the cryptosystem. For encryption
of data stream ciphers are preferred to block ciphers because it consumes less power and
hardware. As in classical coding theory quantum analogous of Low Density Parity
Check (LDPC) codes good error correction performance with low decoding complexity.
This project proposes to design and implement a hardware efficient stream cipher using
QC-LDPC codes. The performance of the resulting system will be compared to the
previous stream cipher design using CRC hash.
ACKNOWLEDGEMENT
The completion of this project work is due to the experience, efforts and
inspiration of many people. I would like to express my gratitude to all the people without
whom it would have difficult to carry out this project. I am very much thankful to all of
them for having spent their valuable time in helping and supporting me.
I wish to express my heartfelt and sincere thanks to Dr. M.P. PILLAI, Director,
NIELIT, Calicut for his constant support throughout the course of the project work.
My sincere thanks to all teaching and non teaching staff members of our
institution for their constant support, valuable suggestions and co-operation.
I am very much greatfull to my parents, family members and friends for their
support and well wishes.
AMBILI K.
CONTENTS
CHAPTER No.
TITLE
PAGE No.
LIST OF FIGURES
LIST OF TABLES
ii
INTRODUCTION
1.1
1.2
Motivation
1.3
Project Objective
1.4
Existing System
1.5
Proposed System
1.6
1.7
LITERATURE SURVEY
3.1
Network
3.2
Sensor Network
3.3
Cryptography
10
3.3.1 Security
10
10
10
10
11
11
12
15
QC-LDPC CODES
17
4.1
17
4.2
18
Encoder Implementation
5
SOFTWARE DETAILS
23
5.1
23
5.2
23
23
26
30
HARDWARE DETAILS
37
37
Xilinx Spartan-3E
38
39
40
40
41
45
8.1
Conclusion
45
8.2
Future Scope
45
REFERENCES
OUTCOME OF THE PROJECT
LIST OF FIGURES
FIGURE No.
TITLE
PAGE No.
1.1
1.2
3.1
13
3.2
13
Key Algorithm
3.3
14
Key Algorithm
3.4
16
3.5
16
4.1
21
4.2
22
5.1
23
5.2
24
5.3
25
5.4
25
5.5
26
5.6
27
5.7
28
5.8
29
5.9
30
5.10
31
5.11
31
5.12
32
5.13
33
5.14
Simulation window
34
5.15
35
5.16
36
6.1
39
7.1
Simulation output
41
7.2
RTL Schematic
42
7.3
42
Pro
LIST OF TABLES
TABLE No.
TITLE
PAGE No.
7.1
43
7.2
43
7.3
43
7.4
43
7.5
44
ii
CHAPTER 1
INTRODUCTION
1.1 Overview and Problem Identification
Hardware complexity and power consumption are important design criteria for
hand held devices, sensor network, smart cards, etc. Encryption systems can be built
using either block ciphers or stream ciphers. Stream ciphers include time varying
transformation on individual data bits, whereas block ciphers are obtained by applying
same transformation on a group of data bits. Since the security of the block cipher
algorithm directly depends upon the complexity of the algorithm, a good amount of
security demands a very complex structure for the encryption system. So when circuit
complexity is not a matter of concern, block ciphers can be designed to have better
security per key bit than stream ciphers. Since in stream ciphers security is not directly
depended on the circuit complexity, for ciphers of low hardware complexity stream
ciphers are preferred. Also since the encryption operation in synchronous stream cipher
is just an XOR operation, it allows real-time operation of data, which is essential in
multimedia communication. Furthermore stream ciphers have different implementation
properties that restrict the cryptanalyst from performing side channel analysis.
Linear Feedback Shift Register (LFSR) based stream ciphers are the most
commonly used stream ciphers due to the low hardware complexity and less power
consumption. But the main drawback of that is susceptibility to attack due to linearity in
the structure. So for better security one-way function based stream ciphers are preferred
over LFSR stream ciphers. Hash function can be used as a part of keystream generators
inn synchronous stream ciphers due to the high security provided by the one wayness of
hash functions.
LFSR based Toeplitz hash [3] is seen to be highly suitable for hardware
implementation. The suitability of this hash function for being used as a building block
in the generation of pseudorandom bit sequence was analyzed and low hardware
complexity binary additive stream cipher was presented in the computers and security
journal [3] based on the Toeplitz hash. The hardware efficient stream cipher proposed in
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
[3] is based on the Toeplitz matrix concept and the cryptanalysis of that proposed cipher
was attempted in [2]. Later the Toeplitz hash is replaced with CRC hash and the structure
is redesigned. This design is developed in such a way that retrieval of the initial key
becomes impossible, through the method discussed in [2]. The stream cipher design
using CRC hash is discussed in [1]. In our work we suggest some changes in the design
of recently proposed stream cipher so that we can make the system cryptographically
strong. In this work the CRC hash is completely replaced with QC-LDPC Codes [10],
which ensures low hardware complexity, less power consumption and high security.
1.2 Motivation
Security of the data is the prime aspect in the field of communication. The
existing technologies provide high security, but with high power consumption and high
hardware complexity. These aspects motivated me to design low power, low hardware
complexity stream cipher for high security system.
In the existing system to generate the keystream of the stream cipher it used the
CRC Hash as the nonlinear function.
QC-LDPC CIRCUIT
QC-LDPC codes are one of the most important examples of structured LDPC
codes, and they have also been proved to achieve very good performance. The existence
of efficient iterative decoding algorithms for LDPC codes is the distinguishing feature of
this class of codes. The rationale of these algorithms is an iterated updating and exchange
of messages along a bipartite graph, also known as Tanner graph, which represents the
code parity-check matrix. Very good decoding performance is achieved as long as the
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
code Tanner graph is free of short cycles, that is, closed loops starting and ending at one
node.
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
CHAPTER 2
LITERATURE SURVEY
In the previous chapter were discussed the motivation, objectives, problem
formulation of the work. This chapter explains why the problem was so chosen after the
survey of popular literature from journals and conference proceedings etc. of high repute.
A.L Huang etal proposed the paper [4] In this paper they investigated various
cryptographic hash functions to determine their suitability for low power purpose. This
paper also gave a brief overview of the different techniques for low power digital circuit
designs. Only a few cryptographic hash functions were discussed in this paper. They
showed there is a major advantage to implement cryptographic hash in low-end hardware
by means of LFSRs.
Hugo Krawczyk developed the paper [5] in which he presented the simple and
efficient hash functions applicable to secure authentication of information. The
constructions are mainly intend for message authentication in systems implementing
stream cipher encryption and are suitable for other applications also. The proposed hash
functions are implanted through linear feedback shift registers and are therefore
attractive for hardware applications. As an example, a single bit LFSR will be used to
authenticate 1Gbit of information with a failure probability less than 2-30. One of the
constructions is the cryptographic version of the well known cyclic redundancy codes
(CRC); the other is based on Toeplitz hashing where the matrix entries are generated by
LFSR. The later construction achieves essentially the same hashing and authentication
strength of a completely random matrix but a substantially lower cost in randomness, key
size and implementation complexity. Of independent interest is the characterization of
the properties required from a family of gash functions in order to be secure for
authentication when combined with a secure stream cipher
Yong Zhang etal proposed the paper [6]. The main purpose of this paper was not
only the using of existing one-way hash functions to construct a stream cipher, but also
on the proposing of a frame work to construct the secure stream cipher using the oneway hash functions mode. For regular one-way hash functions, the digest size is limited,
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
which can lower the hashing stream cipher (HSC) efficiency. If the HSC is constructed
iteratively using the one-way hash functions with a longer hash digest every time, a
higher security level and better efficiency would be achieved.
Angelo. P.E Rosiello proposed the paper [7]. He suggested a simple and secure
way to realize a synchronous stream cipher from iterated hash functions in this paper. It
is similar to output feedback mode where the underlying block cipher algorithm is
replaced with the keyed hash function, adopting secret suffix method. In this paper he
analyzed the key, the keystream and the necessary properties to assume from the
underlying hash function for the stream cipher to be considered secure. From the analysis
he conjecture that the most efficient way to break the proposed stream cipher is to break
the hash function or through exhaustive search for the keyspace K of k bits, that requires
O(2^k) operations. He explores that the pseudo-randomness of the keystream is
unconditionally secure only under the random oracle model but a ROM-based security
proof suggests that for a real world encryption scheme which uses real world hash
functions rather than ROs, the most vulnerable point to mount an attack is the hash
function used in the scheme[16]. Since breaking suitable real world iterated hash
functions such as RIPEMD-160 or SHA-1 is considered a hard problem, breaking the
stream cipher should be, too. The complexity of the algorithm is embedded in the
oneway hash function.
P.P. Deepthi etal developed the paper [3]. Design and implementation of a
hardware efficient stream cipher using hash functions and analysis of their periodicity
and security are discussed in this paper. Tthey explains tha the hash generation circuits
used for the design and development of stream ciphers are low power, low hardware
complexity Linear Feedback Shift Register (LFSR) based circuits. One stream cipher
design uses LFSR based Toeplitz hash generation circuit together with LFSR keystream
generator circuit, while the other design combines LFSR based filter generator circuit
with LFSR based modular division circuit. Both designs possess good security and
periodicity properties for the keystreams generated. The developed circuits can compete
with the most popular classic LFSR based stream ciphers in hardware complexity at the
same time providing additional advantage that the same circuit can be used for hash
generation.
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
Nasarthul Nisha P K etal put forward the paper [1].in this paper they explores that
Stream cipher based on hash function is a good option to reduce hardware complexity of
the cryptosystem. For encryption of data, stream ciphers are preferred to block ciphers
because it consumes less power and hardware. Hash functions are generally employed in
communication devices for integrity verification and authentication of data and control
packets. In this paper by introducing CRC hash in place of Toeplitz hash they reduced
the hardware complexity of the system to a great extent and they showed that by
replacing CRC hash with Toeplitz hash the periodicity and security are increased by a
large margin.
A new stream cipher, Grain, is proposed in paper[8] by Martin Hell etal. The
design targets hardware environments where gate count, power consumption and
memory is very limited. It is based on two shift registers and a nonlinear filter function.
The cipher has the additional feature that the speed can be increased at the expense of
extra hardware. The key size is 80 bits and no attack faster than exhaustive key search
has been identified. The hardware complexity and throughput compares favourably to
other hardware oriented stream ciphers like E0 and A5/1.
In paper[9] Zongwang Li etal explains that Quasi-cyclic (QC) low-density paritycheck (LDPC) codes form an important subclass of LDPC codes. These codes have
encoding advantage over other types of LDPC codes. This paper addressed the issue of
efficient encoding of QC-LDPC codes. Two methods are presented to find the generator
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
matrices of QC-LDPC codes in systematic circulant (SC) form from their parity-check
matrices, given in circulant form. Based on the SC form of the generator matrix of a QCLDPC code, various types of encoding circuits using simple shift registers are devised. It
is shown that the encoding complexity of a QC-LDPC code is linearly proportional to the
number of parity bits of the code for serial encoding, and to the length of the code for
high-speed parallel encoding.
In the paper discussed [1], by replacing Toeplitz hash function by CRC hash, the
security and periodicity of the system increased. But there was not a great decrease in the
system hardware complexity. So in order to reduce the hardware complexity the CRC
hash function circuit can be replaced with QC-LDPC codes [9].
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
CHAPTER 3
In order for a network to function, it must meet three basic requirements, it must
provide connections, communications and services.
Connections refers to the hardware.
Communications is the way in which the devices talk to each other.
Services are the things which are shared with the rest of the network
Advantages
Reduces the traffic load.
Conserves energy of the sensors.
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
3.3 Cryptography
All aspects such as security and integrity of information have been aided by rapid
advances in communication technology and networking. Hackers can utilize both active
and passive methods to overload networks and alter data. To provide Security and
integrity for information/data Cryptography came into existence.
Definition
Writing the messages in secret way is called cryptography [11].
3.3.1 Security
Security is mainly of three types, namely;
1. Computer Security
2. Information Security
3. Network Security
10
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
11
Crypto-System Model
The general basic model which is used for encryption and decryption is shown
below in figure 3.1. A message is to be transferred from sender to recipient across the
information channel and that message must not be accessible by intruders who are
having means of accessing the channel. The sender uses his key to scramble the message
data and generate cipher text. Although the algorithm which is used in the process of
scrambling or encrypting the message is known to public, the key which is used for
encryption is a secret component. Therefore, no one can divulge the message out of
cipher text without having the combination of particulars of encryption algorithm and the
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
12
key. The recipient uses the agreed algorithm and key to decrypt or descramble cipher text
which he received from the sender via an unsecured information channel.
Fig. 3.2 : Model for Encryption and decryption with Symmetric Key Algorithm
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
13
Fig. 3.3 : Model for Encryption and decryption with Asymmetric Key Algorithm
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
14
All cryptosystems are secure only if the difficulty of the mathematical problem
that they are based on should be determined to be hard. Public-key cryptosystems are
based on the intractability of one of three problems. These problems and the
cryptosystems based on them are:
1. The Integer Factorization Problem; RSA
2. The Discrete Logarithm Problem; DSA, Diffie-Hellman
3. The Elliptic Curve Discrete Logarithm Problem; ECDSA, ECDH
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
15
The public-key algorithm uses a one-way function to translate plain text to cipher
text. Then, without the private key, it is very difficult for anyone (including the sender)
to reverse the process (i.e., translate the cipher text back to plain text). A one-way
function is a function that is easy to apply, but extremely difficult to invert. The most
common one-way function used in public-key cryptography involves factoring very large
numbers. The idea is that it is relatively easy to multiply numbers even large ones, with a
computer; however, it is very difficult to factor large numbers. The only known
algorithms basically have to do a sort of exhaustive search (Does 2 go in to? Does 3? 4?
5? 6? and so on). With numbers 128 bits long, such a search requires performing as
many tests as there are particles in the universe.
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
16
CHAPTER 4
QC-LDPC CODES
4.1 Introduction to QC-LDPC Codes
A circulant is a square matrix in which each row is the cyclic shift (one place to
the right) of the row above it, and the first row is the cyclic shift of the last row. For such
a circulant, each column is the downward cyclic shift of the column on its left, and the
first column is the cyclic shift of the last column. The row and column weights of a
circulant are the same, say . For simplicity, we say that the circulant has weight . A
circulant is completely characterized by its first row (or first column), which is called the
generator of the circulant. For a bb circulant A over GF(2), if its rank is b, then all its
rows are linearly independent.
A QC-LDPC code [10] [14]is given by the null space of an array of sparse
circulants of the same size. For two positive integers c and t with c t, consider the
following ct array of bb circulants over GF(2):
Hqc =
A1,1
A1,2
. . .
A1,t
A2,1
A2,2
. . .
Ac,1
Ac,2
A2,t
.
.
.
. . .
(4.1)
.
Ac,t
which has the following structural properties: 1) the weight of each circulant Aij is small
compared with its size b ; and 2)no two rows (or two columns) of Hqc have more than
one 1-component in common, called the row-column (RC) constraint. Property 1) simply
implies that each circulant in Hqc is a sparse circulant, and hence, Hqc is a sparse
matrix[12]. Property 2), the RC constraint, ensures that there are no four 1-entries at the
four corners of a rectangle in H qc . Then the null space of H qc gives a QC-LDPC code
qc c of length n = tb , whose Tanner graph is free of cycles of length four, and hence, has
a girth of at least six. If all the circulants in H qc have the same weight , then Hqc has
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
17
constant column weight and constant row weight n = tw. In this case, Cqc is a regular
QC-LDPC code. The RC constraint on Hqc ensures that there are cw check sums
orthogonal on every code bit, and hence, the minimum distance of qc c is at least cw+1.
If the weight distribution of the circulants in Hqc results in multiple column weights or
multiple row weights in Hqc, then Cqc is an irregular QC-LDPC code.
The structure of a QC-LDPC code can be viewed from its parity-check matrix in
circulant form. Based on this form, every codeword v in Cqc can be divided into t
sections,V=(v1,v2,....vt) and each section Vj consists of b consecutive components of V.
For 1 j t , the b components of the jth column of circulants of Hqc . For 0 l n , let
Vj(l) denote the vector obtained by cyclically shifting each of the b components of the j
th section Vj to the right l places. It is clear that Vj(0)=Vj (n)=Vj. We call Vj(l) that the l th
(right) cyclic shift of Vj. Then it follows from the circulant structure of H qc that the
vector V* = (V1(l),V2(l),....Vt(l)) is also a codeword in Cqc . This says that Cqc has
sectionized cyclic structure. If the parity-check matrix Hqc consists of a single circulant
or a single column of circulants, then Cqc is a cyclic code. Therefore, cyclic
LDPC[13][17] codes form a subclass of QC-LDPC codes.
Consider the QC-LDPC code Cqc given by the null space of the parity-check
matrix Hqc[12]. Suppose the rank r of Hqc is equal to cb. We assume that the columns of
circulants of Hqc are arranged in such a way that the rank of the following subarray of
Hqc:
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
18
(4.2)
is cb, the same as the rank r of Hqc .We also assume that the first (t-c)b columns of Hqc
correspond to the (t-c)b information bits. Then the desired generator matrix of Cqc has
the following form:
(4.3)
Where I is a bxb identity matrix,O is a zero matrix, and Gi,j with 1 i t-c and
1 j c is a bxb circulant. The generator matrix Gqc is said to be in SC form. It consists
of two parts, the left part I(t-c)b and the right part P . The left part I(t-c)b of Gqc with
identity matrices on its main diagonal is actually a a(t-c)b x (t-c)b identity matrix, and
the right part P of Gqc is a (t-c) x c array of b x b circulants. In coding theory Gqc is
known as being in systematic form, and the right part P of Gqc is called the P matrix that
corresponds to the parity-check section of a codeword in systematic form. We say that
Gqc is in SC form, because its P matrix is an array of circulants. The SC form allows us
to encode a QC-LDPC code with simple shift registers.
The necessary and sufficient condition for Gqc to be a generator matrix of Cqc is
that, HqcGqcT=[O], where [O] is a cb X (t-c)b zero matrix. For 1 i t-c and 1 j t-c,
let gi,js be the generator of the circulant Gi,j . Once we know gi,j s, we can form all the
circulants Gi,js of Gqc .
Therefore Gqc, is completely characterized by a set of c(t-c) circulant generators,
which are called the generators of Cqc .
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
19
Let u=(1,0,0,...,0) be the unit b -tuple with a 1 at the first position, and
0=(0,0,...,0) be the all-zero b -tuple. For1 i t-c, the first row of the submatrix of Gi,j is
(4.4)
th
where the unit b-tuple u is at the i position of gi . Then for Gqc to be a generator matrix
of Cqc, we must have HqcgiT=0 for 1 i t-c . Let zi = (gi,1, gi,2,...gi,c)(the last sections of
gi ) and Mi=[A1,iT...Ac,iT] (the th column of circulants of Hqc). Then Hqcgi=0 gives the
following equality:
MiuT+DziT=0
(4.5)
Since D is a square matrix and has full rank, it is non-singular and has an inverse
-1
(4.6)
Solving (4.6) for 1 i t-c , we obtain z1,z2,...zt-c. From z1,z2,...zt-c , we obtain all
the generators gi,j s of the circulants in Gqc . Then Gqc can be constructed readily.
An encoding circuit for Cqc can be devised based on the generators of the
circulants in the P matrix of Gqc. Let a=(a1,a2,... , a (t-c)b) be the information sequence of
(t-c)b bits to be encoded. Divide this sequence into (t-c) sections of equal length,
a=(a1,a2,... , a
(t-c)),
information bits, ai= (a(i-1)b+1,a(i-1)b+2,...aib). Then the codeword for the information
sequence a is v=aGqc, which has the following systematic form: v=(a,p1,p2,...pc) , where
for 1 j c, pj= (pj,1,pj,2...pc) is a section of b parity-check bits. It follows from v=aGqc
that:
Pj=a1G1,j+a2G2,j+...at-cGt-c,j
(4.7)
For 1 j c. For 0 l b, let gi,j(l) be the lth(right) cyclic shift of the generator
gi,j, with gi,j(0)=gi,j(b)=gi,j. Then for 1 i t- c
aiGi,j=a(i-1)b+1gi,j(0)+a(i-1)b+2gi,j(1)+...+aibgi,j(b-1)
(4.8)
It follows from (4.7) and (8) that the jth parity-check section pi can be computed,
step by step, as the information sequence a is shifted into the encoder. For 1 k t- c, at
the kth step, the accumulated sum sk,j=a1Gi,j+a2G2,j +... +akgk,j is formed and stored in a
register. At the (k+1)th step, the partial sum ak+1Gk+1,j is computed from (4.8) and added
to sk,j to form the next accumulated sum sk+1,j. At the end of the (t-c)th step, the
accumulated sum st-c,j gives the jth parity section pj .
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
20
Based on the above encoding process and the expression given by (4.8), the jth
parity check section pj can be formed with a shift-register-adder-accumulator (SRAA)
circuit, as shown in Figure 4.1.
21
A block diagram for the entire encoder is shown in Figure 4.2. The information
sequence is encoded serially.
The information sequence a is encoded serially. All the parity sections are formed
at the same time in parallel, and they are then shifted into the channel serially. The
encoding circuit consists of c SRAA circuits with a total of 2cb flip-flops, cb AND gates,
and cb two-input XOR gates (or modulo-2 adders). The encoding is accomplished in
linear time with complexity linearly proportional to the number of parity-check bits cb of
the code. The encoding is accomplished with (t-c)b clock cycles, where (t-c)b is the
length of the information sequence.
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
22
CHAPTER 5
SOFTWARE DETAILS
The software tool used for the design of low hardware complexity stream cipher
is Xilinx ISE Design Suite 14.4. So the minimum software requirements are as below.
Open the Xilinx ISE Design Suit 14.4. You can click on the ISE icon on the
desktop, or search Start All Programs Xilinx ISE Design Suite 14.4
ISE Design Tools Project Navigator
The screen should look as shown in figure 5.1, the ISE always defaults to the last
open project unless none where open before just like the following:
2.
Now either press the New Project tab or select File New Project and
change the Name and Location to whatever we like.
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
23
The selected Top Level Source Type is Schematic because thats what were
planning on using first. This is not critical, as we can always add a new source file of any
type later. The dialog box for the project wizard looks like figure 5.2.
3.
Click NEXT and in the next dialog box we should fill in the fields as shown in
Figure 5.3. We can do this in two ways, one is to select an Evaluation
Development Board from the drop down list, in our case you should select
sparten 3E. This will automatically fill out the board information in the next
five sections. If the board does not exist in the list then you can set correct
choises according to following image.
We are using a General Purpose Product in the Xilinx Spartan6 family. The
specific chip on our board is an XC6SLX16 in a CSG324 package and the 3 speed
grade. Please make sure that the Synthesis Tool is XST, the Simulator is the ISIM, and
the Preferred Language is Verilog. This is very important for proper operation
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
24
4.
Click NEXT and review the project summary page and then click FINISH, it is
always good to double-check the summary to prevent headaches due to the
problems we can face while implementing our design if the information is
incorrect. Project summary page will be as show in figure 5.4.
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
25
2. Click NEXT and we will see the module definition box as in Figure 5.6. Here we can
setup I/O names with correct polarity and a choice for buses and the width which we
will be using in the future labs. Note that we do not have to add anything here right
away and we can always add the I/O definitions to the modules header when it is
created. After were done click NEXT and then observe the summary page for a
quick review of our I/O list.
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
26
3. Now we should have a tab for the Verilog file opened in the ISE main pane. There is
a line reading `timescale 1ns / 1ps. Please leave line alone and never delete it. It
just lets the ISE know that each unit of time should be 1ns and have the resolution up
to 1ps for any timing purposes (more on this later).
Next is the module header that contains the module name and the list of I/O as its
parameters. We have declared multiple outputs to implement the same circuit using
different HDL forms when writing in Verilog.
Also we should notice that the Verilog file is added to the Hierarchy next to the
schematic as a part of this project. Now were ready to implement the Verilog
description of the function F in the three intended forms.
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
27
4. For the implementation the three forms we have different formats. Sometimes we
want to declare internal wires to connect things easily and in a more organized
fashion, but if we didnt declare these wires, ISE will assume a single bit wire for the
use.
The Structural version: This is done using gate primitives that are automatically
taken from the Xilinx libraries (just as you would with a schematic) by calling their name
and passing parameters, so for a two input gate we have the format gate (output, input1,
input2) and this is just like doing a schematic in words.
The Functional version: Using the assign keyword to assign the results of the
function expression to the output. The expression of the function looks a lot like how we
would write it down on paper.
The Behavioural version: Using a synthesis directive called an Always Block
we can implement the same function. The difference is that it only wakes up and assign
the output.
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
28
When any of the inputs changes, hence the (*) which means any change. One
thing to notice is that any output being assigned inside of an always block needs to be
declared as a reg for synthesis purposes, and that we cannot use the assign keyword
inside of such block.
5. We should always save your work multiple times as there always a slight chance
that the tool may crash and you will lose your work. It is important to understand
that hardware CAD tools are massive and complex so there is always a chance for
unexpected or faulty behaviour.
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
29
Testbench: is a file that becomes a top module to our design and applies inputs to
our circuit, and potentially checks that the outputs are correct. This will be another
Verilog file written slightly differently than circuit implementation. The testbench will
instantiate one copy of our verilog code, and call it UUT for Unit Under Test. we will
then write the Verilog statements that set the inputs to our circuit (the UUT), and looks at
the outputs produced. We need to know only very basic Verilog syntax to do this.
1. First we need to ensure that the ISE more is changed to Simulation from
implementation as shown in figure 5.9. Go to the top left pane and change the
View field to simulation. The design window will then change slightly with
different options. Referring back to the same step in creating a New Source create
a Verilog Test Fixture to create a Verilog file that will contain the test code.
2. Click NEXT and choose which design we want to associate the test bench with. This
is very important as we will have multiple modules or schematics in the future and
we need to be sure which design will be going under test using the test bench. In this
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
30
choose the simple_verilog module to be tested. The procedure for testing the
schematic version is exactly the same; we just have to choose the appropriate source
to be associated with the test bench. This is shown in figure 5.10.
31
4. We can now write our test bench code as an initial block right before the endmodule.
Basically we set the values of our inputs, and tell the simulator how long to wait
between each change on the inputs. The results will eventually be plotted on a
waveform for us. Verilog syntax for setting a variable is very simple, and the #50
notation just means for the simulation to wait for 50 ticks of the simulation clock
before moving on to the next statement. A very simple test bench for this circuit
looks like as in figure 5.11. I added the lines between initial and end to drive the
inputs with different values so that we can see what the circuit result is. Note that
each statement in Verilog ends with a semicolon, and you can put multiple
statements on a line if we like.
We will see how using a For loop in the test bench will make things a lot and
shorter.
5. We usually want to test all possible inputs to be able to draw a better conclusion on
whether the circuit is functioning correctly. After were satisfied with the input
setting of our test bench make sure to save. Always observe the console window to
look out for errors after saving.
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
32
Now we are ready to simulate our Verilog circuit. Observe that the test bench
Verilog file is now the top module to our simple_verilog module in the simulation
design view. It is very important to have the test bench file selected for simulation or
things will go wrong. After selecting and highlighting the test bench file in the design
windows, we can check our test bench for syntactic errors by clicking the Behavioural
Check Syntax in the processes windows right below. If our code is correct syntactically
then well get a green check mark. This is not crucial as if we run the simulation without
it then the syntax will be automatically checked by the ISIM and will not run if there are
errors in our test bench. Now we can double-click the Simulate Behavioral Model to
see the waveform generated by the ISIM.
6. Double-clicking the Simulate Behavioural Model will fire up the simulator on our
testbench file. Because our testbench includes an instance of our schematic (the
UUT) and some commands to drive signals into our schematic, this will result in
simulating our schematic. The output will be displayed as waveforms as shown in
figure 5.14. The values reported for A, B, S, and F are the values seen at the blue bar.
We can pick up (with the mouse) and move the blue bar to see the values at different
points in the simulation.
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
33
By looking at the waveform we can see that all three different forms of
expressing the function in Verilog (structural, functional, and behavioral) are all holding
the same behaviour throughout the simulation. We can click on the waveform in
different places (the yellow line is where in the range of time in the waveform it was
clicked) and we can see values quickly for all I/O in the Name and Value sections to
the left of the waveform.
The simulation is now done. We can always go back to the test bench and make a
more complicated set of tests and re-simulate the circuit.
The left panes will allow us to dig into our design hierarchy to grab signals that
are deep in the design and may not be set in the top module, recall that the test bench is
only created for one module, so if we have a multiple level hierarchy then we need to use
these windows to navigate to the desired signal and drag-and-drop into the simulation
windows.
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
34
Sometimes we want the values of the test bench results for the Verilog modules
output to be printed into the console of the simulator windows. We can then add the
Verilog print statement called $display in between our test bench code. This will allow
us to monitor signals in large designs and long waveforms with many signals being
looked at. We can also format the printed statement to what we want it to show on the
console for better readability of the results.
Below are some $display statements added to the current test bench to show the
effects it will have. Never the less, we should always put a $display statement at the
beginning and the end of your test code to indicate the starting and actual finishing of the
simulations.
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
35
And the resulting console output for the above test bench code is as shown in
figure 5.16.
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
36
CHAPTER 6
HARDWARE DETAILS
The hardware used for the design of low hardware complexity stream cipher is
Spartan 3E FPGA Starter kit
FPGA architecture is an array of logic cells that communicate with i/o via wires
routing channels. In a FPGA, existing wire resources that run in horizontal and vertical
columns (routing channels) are connected via programmable elements. These routing
wires also connect logic to i/0s.
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
37
design that effect logic, routing, and i/o resources without a significantly adverse
effect on timing.
In- system programmability and in circuit re-programmability the ability to
program or reprogram a device while it is in-system, mainstreaming, and
inverters as well as allowing for field upgrades and user configurability.
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
38
Figure 6.1 shows the Xilinx Spartan-3E FPGA start kit. The Xilinx Spartan-3E
sample pack is a demonstration platform intended for you to become familiar with the
new features and availability of the Spartan-3E FPGA family. For a comprehensive
development platform including a 500k gate FPGA evolution versions of Xilinx ISE and
embedded development kit (EDK) and more purchase a Spartan-3E starter kit.
39
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
40
CHAPTER 7
Figure 7.1 shows the simulation output. In the output out1 and out2 represents the
outputs of two SRAA circuits, keystream represents the total keystream, a shows the
80bit information in which first 16bits represents the constant key and remaining 64bits
are the output of 64bit LFSR and stream out gives the stream cipher using QCLDPC
code output.
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
41
The RTL schematic of the design is shown in figure 7.2, which shows the two
SRAA blocks and the 64bit LFSR.
The FPGA implementation verified using Chip scope Pro is shown in figure 7.3.
The figure shows the same result obtained during the simulation.
Fig. 7.3 : FPGA implementation result verified using Chip Scope Pro
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
42
Gate Count
D Flip Flop
2 input NAND
2 input AND
2 input XOR
2.5
4 input NAND
4 input XOR
Number
D Flip flop
40
320
2 input XOR
20
50
2 input AND
20
20
Number
D Flip flop
64+16
640
Number
2 input XOR
80
200
From the above tables, the gate count of the proposed Stream cipher is 1230
while that of CRC Hash stream cipher is 1314.
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
43
Grain
Cipher
Stream
Cipher
80 bit
bits)
(64Bits)
1450
1314
1230
Gate Count
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
44
CHAPTER 8
The security of the cipher is increased by combining the input bits through nonlinear Boolean function. Thus it becomes impossible to retrieve the keys through solution
of linear equations. The suggested minimum hardware for this purpose is seen to provide
large periodicity and throughput with good security.
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
45
REFERENCES
[1]
Nasarathul Nisha P.K, Deepthi P.P, Lalmohan K.S., Design and Analysis of
Stream Cipher of Low Hardware Complexity, 2012 International Conference on
Communication Systems and Network Technologies.
[2]
[3]
[4]
[5]
[6]
Yong Zhang, Xiamu niu, Juncao Li, Chunming Li, Research on a Novel
Hashing Stream Cipher, International Conference on Computational Intelligence
and Security, 3-6 Nov 2006, Guangzhou, Vol. 2, 3-6, pp. 1339 1344, Nov 2006.
[7]
[8]
Martin Hell, Thomas Johansson, Willi Meier, Grain - A Stream Cipher for
Constrained Environments.
[9]
Zongwang Li, Lei Chen, Lingqi Zeng, Shu Lin, and Wai H. Fong, Efficient
Encoding of Quasi-Cyclic Low-Density Parity-Check Codes, IEEE Transactions
On Communications, VOL. 54, NO. 1, January 2006.
[10]
R. G. Gallager, Low density parity check codes, IRE Trans. Inf. Theory, vol.
IT-8, no. 1, pp. 2128, Jan. 1962.
[11]
Wenbo Mao. Modern Cryptography Theory and Practice. Prentice Hall PTR,
2004.
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
46
[12]
[13]
K. Yu, S. Lin, and M. Fossorier, Low density parity check codes based on finite
geometries: A discovery and new results, IEEE Trans. Inf. Theory, vol. 47, no.
11, pp. 27112736, Nov. 2001.
[14]
L. Chen, J. Xu, I. Djurdjevic, and S. Lin, Near-Shannon-limit quasicyclic lowdensity parity-check codes, IEEE Trans. Commun., vol. 52, no. 7, pp. 1038
1042, Jul. 2004.
[15]
S. Lin and D.J. Costello, Jr., Error Control Coding: Fundamentals and
Applications, 2nd ed. Upper Saddle River, NJ: Prentice-Hall, 2004.
[16]
W.W. Peterson and E.J. Weldon, Jr., Error Correcting Codes, 2nd ed. Cambridge,
MA: MIT Press, 1972.
[17]
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
47
Ambili K., Lalmohan KS, Pradeesh K.P., Design And Development of low
hardware Complexity Stream cipher on FPGA National Conference on
Emerging Trends In Engineering And Technology in Canara college Of
Engineering, Bantwal. Date: 24th April 2014.
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
48
Ambili K., M.Tech (VLSI Design & Embedded Systems), KVGCE, Sullia
49