ISSN 2319-8885 Vol.03,Issue.05, April & May-2014, Pages:0796-0801 www.semargroup.org, www.ijsetr.com

VLSI Architecture Implementation for Blowfish Block Cipher 1 2 3 ADDALA VIJAYADURGA , RAMESHWARRAO , TADI CHANDRA SEKHAR 1Research Scholar, Dept of ECE, GIET Engineering College, Rajahmundry, AP, India, Email: [email protected]. 2Research Scholar, Dept of ECE, GIET Engineering College, Rajahmundry, AP, India, Email: [email protected]. 3Prof, Dept of ECE, GIET Engineering College, Rajahmundry, AP, India, Email: [email protected].

Abstract: In this paper, a novel VLSI architecture of the BLOWFISH block cipher is presented. Based on the loop-folding technique combined with secure modes (ECB, CBC) of operation, the architecture can make data encryption/decryption more efficient and secure. To demonstrate the correctness of our design, a prototype chip for the architecture has been implemented by using VLSI design. The chip can achieve an encryption rate of 288 Mb/s and consume 32.7 mW while operating at a 72 MHz clock rate. Therefore, the chip can be applied to on-line encryption in high-speed networking protocols like ATM networks.

Keywords: VLSI architecture, ATM networks.

I. INTRODUCTION performing encryption or decryption — a series of well- With the increased possibilities for various defined steps that can be followed as a procedure. An communications among people by means of telephony, alternative, less common term is encipherment. In non- computers, internet, broadcasting etc. Thus, the mobile technical usage, a “cipher” is the same thing as a “code”; computing and global networking has become the biggest however, the concepts are distinct in cryptography. In trends today. However, in these communication classical cryptography, ciphers were distinguished from environments there are no such guarantees that all kinds of codes. Codes operated by substituting according to a large information (databases, video programs, telecommunication codebook which linked a random string of characters or etc...) can avoid unauthorized access, because the numbers to a word or phrase. For example, “UQJHSE” transmission medium is open, which implies that anyone could be the code for “Proceed to the following with the appropriate protocol analyzer can eavesdrop as coordinates”. When using a cipher the original information well. Thus, the needs towards the protection and security of is known as plaintext, and the encrypted form as cipher text. the information being stored or transmitted have also The cipher text message contains all the information of the increased in demand. Many of the cryptographic algorithms plaintext message, but is not in a format readable by a that have been developed are being used in software human or computer without the proper mechanism to implementations on computers (e.g. to have protection of decrypt it; it should resemble random gibberish to those not coded passwords for users). For low complexity type of intended to read it. Most modern ciphers can be categorized applications, such as the protection of information in files in several ways and databases this is probably the most economical solution. However, a number of applications require such high  By whether they work on blocks of symbols usually of throughputs for the encryption decryption process that they a fixed size (block ciphers), or on a continuous stream cannot be executed on a normal general purpose of symbols (stream ciphers). microprocessor. These applications require dedicated ASIC  By whether the same key is used for both encryption implementations. In the past, many VLSI implementations and decryption (symmetric key algorithms), or if a in block cipher have been proposed such as DES, IDEA, different key is used for each (asymmetric key SAFER, and 3WAY. algorithms). If the algorithm is symmetric, the key must be known to the recipient and sender and to no In this paper, we present a novel architecture and VLSI one else. If the algorithm is an asymmetric one, the implementation of compact and low-power module which enciphering key is different from, but closely related implements the Blowfish data encryption algorithm. In to, the deciphering key. If one key cannot be deduced addition, in order to increase communication security, four from the other, the asymmetric key algorithm has the secure modes of operation of block ciphers are also supported. In cryptography, a cipher is an algorithm for

Copyright @ 2014 SEMAR GROUPS TECHNICAL SOCIETY. All rights reserved. ADDALA VIJAYADURGA, RAMESHWARRAO, TADI CHANDRA SEKHAR

public/private key property and one of the keys may D. Need for security be made public without loss of confidentiality. Steps involved in secured communication: 1. Design an algorithm for performing the security A. Symmetric-key algorithms related transformation such that the opponent cannot Symmetric-key algorithms are a class of algorithms for defeat its purpose. cryptography that use trivially related, often identical, 2. Generate the secret information to be used with the cryptographic keys for both decryption and encryption etc. algorithm. The encryption key is trivially related to the decryption key, 3. Specify the protocol to be used by the two principles in that they may be identical or there is a simple that make use of the security algorithm. transformation to go between the two keys. The keys, in practice, represent a shared secret between two or more E. Threats in communication parties that can be used to maintain a private information Information access threat: Modification of the data link. Other terms for symmetric-key encryption are secret- without the knowledge of sender and then transmit the data. key, single-key, shared-key, one-key, and private-key encryption. Use of the last and first terms can create Service threat: Exploit these flaws in the services available ambiguity with similar terminology used in public-key in computer to inhibit the use by legitimate users. cryptography. F. Types of intruders B. Asymmetric Key Algorithms Masquerader: An individual who isn’t authorized to use Asymmetric key algorithms that is, the non-message the computer and who penetrates a system occurs controls to information (the public key) needed to transform the exploit legitimate users account. message to a secure form is different from the information needed to reverse the process (the private key). The person Misfeasor: A legitimate user who access data, programs or who anticipates receiving messages first creates both a resources for which access isn’t authorized for such access. public key and an associated private key, and publishes the II. SYMMETRIC CIPHER MODEL public key. When someone wants to send a secure message Symmetric encryption also referred to as conventional to the creator of these keys, the sender encrypts it encryption or single-key encryption was the only type of (transforms it to secure form) using the intended recipient's encryption in use prior to the development of public-key public key; to decrypt the message, the recipient uses the encryption. The most widely used symmetric cipher is private key. Public-key cryptography refers to a widely used TDES. set of methods for transforming a written message into a form that can be read only by the intended recipient. This cryptographic approach involves the use of asymmetric key algorithms .

C. Basic Terminology and Concepts Cryptanalysis: is the study of mathematical techniques for attempting to defeat cryptographic techniques, and, more generally, information security services. A cryptanalysts: is someone who engages in cryptanalysis. Cryptology: is the study of cryptography and cryptanalysis. Cryptosystem: is a general term referring to a set of cryptography primitives used to provide information security services. Most often the term is used in conjunction with primitives providing confidentiality, i.e. Encryption. Fig 1: Simplified Model of Conventional Encryption. It is an art of science that conveys message from source to destination in a secured basis. There are two kinds of Plaintext: This is the original intelligible message or data cryptosystems: symmetric and asymmetric. Symmetric that is fed into the algorithm as input. cryptosystems use the same key (the secret key) to encrypt and decrypt a message, and asymmetric cryptosystems use Encryption algorithm: The encryption algorithm performs one key (the public key) to encrypt a message and a various substitutions and transformations on the plaintext. different key (the private key) to decrypt it. Asymmetric cryptosystems are also called public key cryptosystems. Secret key: The secret key is also input to the encryption algorithm. The key is a value independent of the plaintext.

International Journal of Scientific Engineering and Technology Research Volume.03, IssueNo.05, April & May-2014, Pages: 0796-0801 VLSI Architecture Implementation for Blowfish Block Cipher

The algorithm will produce a different output depending on  Has a scalable key, from 32 bits to at least 256 bits. the specific key being used at the time. The exact  Uses simple operations that are efficient on substitutions and transformations performed by the microprocessors. e.g., exclusive-or, addition, table algorithm depend on the key. lookup, modular- multiplication. It does not use variable-length shifts or bit-wise permutations, or Ciphertext: This is the scrambled message produced as conditional jumps. output. It depends on the plaintext and the secret key. For a  Employs pre computable sub keys: On large- given message, two different keys will produce two memory systems, these subkeys can be pre computed different ciphertext. The ciphertext is an apparently random for faster operation. Not pre computing the subkeys stream of data and, as it stands, is unintelligible. will result in slower operation, but it should still be possible to encrypt data without any pre computations. Decryption algorithm: This is essentially the encryption  Consists of a variable number of iterations: For algorithm run is reverse. It takes the ciphertext and the applications with a small key size, the trade-off secret keys and produces the original plaintext. between the complexity of a brute-force attack and a differential attack make a large number of iterations III. BLOWFISH ENCRYPTION ALGORITHM superfluous. Hence, it should be possible to The data transformation process for Pocket Brief uses reduce the number of iterations with no loss of the for Encryption and Decryption, respectively. The security (beyond that of the reduced key size). details and working of the algorithm are given below.  Uses subkeys that are a one-way hash of the key. This Blowfish is a symmetric block cipher that can be allows the use of long pass phrases for the key effectively used for encryption and safeguarding of without compromising Security. data. It takes a variable-length key, from 32 bits to  Have no linear structures that reduce the complexity of 448 bits, making it Blowfish ideal for securing data was exhaustive search. designed in 1993 by Bruce Schneier as a fast, free Blowfish alternative to existing encryption algorithms. Is  Uses a design that is simple to understand. This unpatented and license-free, and is available free for all facilitates analysis and increase the confidence in the uses. Blowfish Algorithm is a Feistel Network, iterating a algorithm. In practice, this means that the algorithm will be a Feistel iterated block cipher. simple encryption function 16 times. The block size is 64 bits, and the key can be any length up to 448 bits. Although there is a complex initialization phase required C. Description of the Algorithm before any encryption can take place, the actual encryption Blowfish is a variable-length key, 64-bit block cipher. of data is very efficient on large microprocessors. Blowfish The algorithm consists of two parts: a key-expansion part and a data- encryption part. Key expansion converts a key is a variable-length key block cipher. It is suitable for of at most 448 bits into several subkey arrays totaling 4168 applications where the key does not change often, like a bytes Data encryption occurs via a 16-round Feistel communications link or an automatic file encryptor. It is significantly faster than most encryption algorithms when network. Each round consists of a key- dependent implemented on 32-bit microprocessors with large data permutation, and a key- and data-dependent substitution. All operations are XORs and additions on 32-bit words. caches. The only additional operations are four indexed array data A. Feistel Networks lookups per round. A Feistel network is a general method of transforming any function (usually called an F- function) into a D. Subkeys Subkeys uses a large number of subkeys. These keys permutation. It was invented by Horst Feistel and has been used in many block cipher designs. The working of a Feistal must be pre computed before any data encryption or Network is given below: decryption. The P-array consists of 18 32-bit subkeys:  Split each block into halves P1, P2... P18.  Right half becomes new left half  New right half is the final result when the left half There are four 32-bit S-boxes with 256 entries each: is XOR’d with the result of applying f to the right S1,0, S1,1,..., S1,255; half and the key. S2,0, S2,1,..,, S2,255;  Note that previous rounds can be derived even if the S3,0, S3,1,..., S3,255; function f is not invertible. S4,0, S4,1,..,, S4,255.

B. Algorithm E. Encryption  Manipulates data in large blocks Blowfish has 16 rounds.  Has a 64-bit block size. The input is a 64-bit data element, x. International Journal of Scientific Engineering and Technology Research Volume.03, IssueNo.05, April & May-2014, Pages: 0796-0801 ADDALA VIJAYADURGA, RAMESHWARRAO, TADI CHANDRA SEKHAR

Divide x into two 32-bit halves: xL, xR. 2. XOR P1 with the first 32 bits of the key, XOR Then, for i = 1 to 16: P2 with the second 32-bits of the key, and so on xL = xL XOR Pi for all bits of the key (possibly up to P14). xR = F(x L) XOR xR Repeatedly cycle through the key bits until the Swap xL and xR entire P-array has been XORed with key bits. After the sixteenth round, swap xL and xR again to (For every short key, there is at least one undo the last swap. equivalent longer key; for example, if A is a 64-bit Then, xR = xR XOR P17 and XL = xL XOR P18. key, then AA, AAA, etc., are equivalent keys.) Finally, recombine x L and xR to get the cipher text. 3. Encrypt the all-zero string with the algorithm, using the subkeys described in steps (1) and (2). Decryption is exactly the same as encryption, except 4. Replace P1 and P2 with the output of step (3). that P1, P2,..., P18 are used in the reverse order. 5. Encrypt the output of step (3) using the algorithm Blowfish Implementations of that require the fastest with the modified subkeys. speeds should unroll the loop and ensure that all subkeys 6. Replace P3 and P4 with the output of step (5). are stored in cache. 7. Continue the process, replacing all entries of the P array, and then all four S-boxes. F. Generating the Subkeys The subkeys are calculated using the algorithm: As shown in fig 2, Blowfish in order, with the output of 1. Initialize first the P-array and then the four S-boxes, the continuously changing algorithm. In total, 521 iterations in order, with a fixed string.This string consists of are required to generate all required subkeys. Applications the hexadecimal digits of pi (less the initial 3): can store the subkeys rather than execute this derivation P1=0x243f6a88, P2= 0x85a308d3, P3 = 0x13198a2e, process multiple times. P4 = 0x03707344, etc.

Fig 3: Function F.

G. Modes of Operation 1. Electronic codebook (ECB) The simplest of the encryption modes is the electronic codebook (ECB) mode(see fig 4). The message is divided into blocks and each block is encrypted separately. The disadvantage of this method is that identical plaintext blocks are encrypted into identical ciphertext blocks; thus, it does not hide data patterns well. In some senses, it doesn't provide serious message confidentiality, and it is not recommended for use in cryptographic protocols at all.

2. Cipher-block chaining (CBC) As shown in fig 5, CBC mode of operation was invented by IBM in 1976. In the cipher-block chaining (CBC) mode, each block of plaintext is XORed with the previous cipher Fig 2: Data flow of blowfish.

International Journal of Scientific Engineering and Technology Research Volume.03, IssueNo.05, April & May-2014, Pages: 0796-0801 VLSI Architecture Implementation for Blowfish Block Cipher text block before being encrypted. This way, each cipher A. Simulated Waveform text block is dependent on all plaintext blocks processed up to that point. Also, to make each message unique, an initialization vector must be used in the first block. If the first block has index 1, the mathematical formula for CBC encryption is

(1)

While the mathematical formula for CBC decryption is

(2)

Fig 6: Simulated Waveform.

B. RTL Schematic

Fig 4: Electronic codebook (ECB) mode encryption.

Fig 7: RTL Schematic. Fig 5: Cipher-block chaining mode encryption.

CBC has been the most commonly used mode of V. CONCLUSION operation. Its main drawbacks are that encryption is A high-speed VLSI block encryption chip based on the sequential (i.e., it cannot be parallelized), and that the BLOWFISH block cipher has been presented. It integrates message must be padded to a multiple of the cipher block loop folding technique and four secure modes (ECB, CBC) size. One way to handle this last issue is through the method of operation in the ordinary and high-speed adapted known as cipher text stealing. versions. Thus it makes data encryption decryption more efficient and secure. Furthermore, high data throughput of IV. RESULTS 288 Mb/s has been obtained from pipelining and operator re The following diagrams 6 and 7 show the simulated scheduling, it is suitable for high-speed networking waveform and RTL schematic representation of the protocols like ATM or FDDI. The functionality is verified experimental results. using XILINX ISE using HDL language.

International Journal of Scientific Engineering and Technology Research Volume.03, IssueNo.05, April & May-2014, Pages: 0796-0801 ADDALA VIJAYADURGA, RAMESHWARRAO, TADI CHANDRA SEKHAR

VI. REFERENCES [1] S.L.C. Salomao. J.M.S. de Alcantara, V.C. Alves, and A.C.C. Vieira "SCOB, a soft-core for the blowfish cryptographic algorithm," in Proc. IEEE Inr. Con$ Integrated Circuit and system Design, pp. 220-223,1999.

[2] M.C.J. Lin and Y.L. Lin, " A VLSI implementation of the blowfish encryption decryption algorithm," in PWC. ZEEE ASP-DAC, pp. 1-2, 2000.

[3] S. Wolter, H. Matz, A. Schubert, and R. Laur, “ On the VLSI implementation of the international data encryption algorithm IDEA,” in Proc. Int. Symp. Circuits and Systems, vol. 1, pp.397-400, 1995.

[4] R. Zimmerrnann. A. Curiger. H. Bonnenberg, H. Kaeslin, N. Felber, and W. Fichtner, “A 177 Mb/s VLSI implementation of the international data encryption algorithm,” IEEE J. Solid-State Circuits. vol. 29, no. 3, pp. 303-307, Mar, 1994.

[5] A. Schubert, V. Meyer, and W.Anheier, “Reusable cryptographic VLSI core based on the safer K-128 algorithm with 25 1.8 Mbit/s throughput,” in IEEE Workshop oil Signal Processing Systenis, pp. 437-446, 1998.

International Journal of Scientific Engineering and Technology Research Volume.03, IssueNo.05, April & May-2014, Pages: 0796-0801