advanced encryption standard (aes) with dynamic substitution box

1

Verilog Design of Advanced Encryption Standard with

Dynamic S-Box

Hardik Manocha Samnit Dua

Electronics & Communication Engineering Student Electronics & Communication Engineering Student

G B Pant Government Engineering College, Delhi G B Pant Government Engineering College, Delhi

India India

ABSTRACT

On October, 2, 2000, The National Institute of Standards and Technology (NIST) announced

Rijndael as the new Advanced Encryption Standard (AES).The predecessor to the AES was Data

Encryption Standard (DES) which was considered to be insecure because of its vulnerability to

brute force attacks. DES was a standard from 1977 and stayed until the mid 1990’s. However, by

the mid 1990s, it was clear that the DES’s 56-bit key was no longer big enough to prevent attacks

mounted on contemporary computers, which were thousands of times more powerful than those

available when the DES was standardized. The AES is a 128 bit Symmetric block Cipher.

This project includes the complete step by step implementation of Advanced Encryption

Technique, i.e. encrypting and decrypting 128 bit data using the AES and it’s modification for

enhanced reliability and security. The encryption process consists of the combination of various

classical techniques such as substitution, rearrangement and transformation encoding techniques.

The encryption and decryption modules include the Key Expansion module which generates Key

for all iterations. The modifications include the addition of an arithmetic operation and a route

transposition cipher in the attacks iterative rounds. The key expansion module is extended to

double the number of iterative processing rounds in order to increase its immunity against

unauthorized attacks.

Many algorithms have come out to develop more enhanced Encrypted messages from RC4 to

DES to T-DES to AES. Since, developers are developing more enhanced and secured algorithms;

Hackers are also working on to crack those algorithms. For AES, there has not been any crack

method which is discovered yet practically, but with increasing fast computing, soon AES could

be cracked. Different attacks such as Brute force, side channel etc are rapidly been applied to

AES to develop the crack for the algorithm. Therefore, to further increase the security levels, one

way is to replace standard S Box with a new and dynamic S box, through which chances of

2

obtaining the plain text are decreased. In this paper, AES (Advanced Encryption Standard) with

Dynamic S Box is used which is based on the Input Key. Xilinx ISE 14.7 is used for RTL

development in Verilog, Synthesize process and Simulation. For performance estimation, again

Xilinx 14.7 is used. No FPGA implementation is done for the design.

Project Overview

Introduction

Encryption is the most effective way to achieve data security. The Advanced Encryption Standard

(AES), also known as Rijndael (its original name), is a specification for the encryption of

electronic data established by the U.S. National Institute of Standards and Technology (NIST) in

2001.

The aim of the project is to achieve an efficient Verilog implementation of 128bit block and 128

bit key AES with Dynamic S box cryptosystem. An Optimized and Synthesizable Verilog code is

developed for the implementation of both 128 bit data encryption and decryption process &

description is verified using Xilinx.

Objective

In today's electronic age, the importance of digital cryptography in securing electronic data

transactions is unquestionable. Every day, users electronically generate and communicate a large

volume of information with others. This information includes medical, financial and legal files;

automatic and Internet banking; phone conversations; pay-per-view television; and other e-

commerce transactions. To meet these requirements, Advanced Encryption Standard (AES) for

the encryption of electronic data can be used. But increasing threats are making developers to

look for more secured algorithms and one such step is to replace standard and fixed S Box with

dynamic S box. Values of the look up table would now depend on the input key and therefore

chances to crack are decreased as the values are no more fixed. Here we are going to achieve an

efficient Verilog implementation of 128bit block and 128 bit key AES with dynamic S Box

cryptosystem.

The Advanced Encryption Standard (AES)

Introduction to Cryptography

Cryptography or cryptology is the practice and study of techniques for secure communication in

the presence of third parties (called adversaries).Cryptography prior to the modern age was

3

effectively synonymous with encryption, the conversion of information from a readable state to

apparent nonsense. Modern cryptography is heavily based on mathematical theory and computer

science practice; cryptographic algorithms are designed around computational hardness

assumptions, making such algorithms hard to break in practice by any adversary. It is

theoretically possible to break such a system, but it is infeasible to do so by any known practical

means. These schemes are therefore termed computationally secure; theoretical advances, e.g.,

improvements in integer factorization algorithms, and faster computing technology require these

solutions to be continually adapted. There exist information-theoretically secure schemes that

provably cannot be broken even with unlimited computing power but these schemes are more

difficult to implement than the best theoretically breakable but computationally secure

mechanisms.

Until modern times, cryptography referred almost exclusively to encryption, which is the process

of converting ordinary information (called plaintext) into unintelligible text (called cipher text).

Decryption is the reverse, in other words, moving from the unintelligible cipher text back to

plaintext. In cryptography, a cipher (or cipher) is an algorithm for

performing encryption or decryption—a series of well-defined steps that can be followed as a

procedure. The detailed operation of a cipher is controlled both by the algorithm and in each

instance by a "key".

Introduction to the Advanced Encryption Standard

The Advanced Encryption Standard (AES), also known as Rijndael (its original name), is a

specification for the encryption of electronic data established by the U.S. National Institute of

Standards and Technology (NIST) in 2001.AES is based on the Rijndael cipher developed by two

Belgian cryptographers, Joan Daemen and Vincent Rijmen, who submitted a proposal to NIST

during the AES selection process. Rijndael is a family of ciphers with different key and block

sizes. For AES, NIST selected three members of the Rijndael family, each with a block size of

128 bits, but three different key lengths: 128, 192 and 256 bits. AES has been adopted by the U.S.

government and is now used worldwide. It supersedes the Data Encryption Standard (DES),

which was published in 1977. The algorithm described by AES is a symmetric-key algorithm,

meaning the same key is used for both encrypting and decrypting the data. In the United States,

AES was announced by the NIST as U.S. FIPS PUB 197 (FIPS 197) on November 26, 2001.This

announcement followed a five-year standardization process in which fifteen competing designs

4

were presented and evaluated, before the Rijndael cipher was selected as the most suitable.AES

became effective as a federal government standard on May 26, 2002 after approval by the

Secretary of Commerce.AES is included in the ISO/IEC 18033-3 standard.

AES is available in many different encryption packages, and is the first publicly accessible and

open cipher approved by the National Security Agency (NSA) for top secret information when

used in an NSA approved cryptographic module. The name Rijndael is a play on the names of the

two inventors (Joan Daemen and Vincent Rijmen). It is also a combination of the Dutch name for

the Rhine River and a dale.

Description of the cipher

AES is based on a design principle known as a substitution-permutation network, combination of

both substitution and permutation, and is fast in both software and hardware. AES is a variant of

Rijndael which has a fixed block size of 128 bits, and a key size of 128, 192, or 256 bits. By

contrast, the Rijndael specification per se is specified with block and key sizes that may be any

multiple of 32 bits, both with a minimum of 128 and a maximum of 256 bits.AES operates on a

4×4 column-major order matrix of bytes, termed the state, although some versions of Rijndael

have a larger block size and have additional columns in the state. Most AES calculations are done

in a special finite field. For instance, if you have 16 bytes, b0, b1... b15, these bytes are

represented as this matrix:

The key size used for an AES cipher specifies the number of repetitions of transformation rounds

that convert the input, called the plaintext, into the final output, called the cipher text. The number

of cycles of repetition is as follows:

� 10 cycles of repetition for 128-bit keys.



5

Each round consists of several processing steps, each containing four similar but different stages,

including one that depends on the encryption key itself. A set of reverse rounds are applied to

transform cipher text back into the original plaintext using the same encryption key.

Fig 1 Cipher description

Description of the algorithm

1. KeyExpansions—round keys are derived from the cipher key using Rijndael’s key schedule.

AES requires a separate 128-bit round key block for each round plus one more.

2. InitialRound

(a) AddRoundKey—each byte of the state is combined with a block of the round key using

bitwise xor.

6

3. Rounds

(a) SubBytes—a non-linear substitution step where each byte is replaced with another according

to a lookup table.

(b) ShiftRows—a transposition step where the last three rows of the state are shifted cyclically a

certain number of steps.

(c) MixColumns—a mixing operation which operates on the columns of the state, combining the

four bytes in each column.

(d) AddRoundKey

4. Final Round (no MixColumns)

(a) SubBytes

(b) ShiftRows

(c) AddRoundKey

The Rijndael Key Schedule

The Key Schedule is responsible for expanding a short key into a larger key, whose parts are used

during the different iterations. Each key size is expanded to a different size:

� An 128 bit key is expanded to an 176 byte key.

� An 192 bit key is expanded to an 208 by

� An 256 bit key is expanded to an 240 byte key.

There is a relation between the cipher key size, the number of rounds and the Expanded Key size.

For an 128-bit key, there is one initial AddRoundKey operation plus there are 10 rounds and each

round needs a new 16 byte key, therefore we require 10+1 Round Keys of 16 byte, which equals

176 byte. The same logic can be applied to the two other cipher key sizes. The general formula is

that:

ExpandedKeySize = (nbrRounds+1) * BlockSize

7

The Rijndael Key Schedule

Schedule is responsible for expanding a short key into a larger key, whose parts are used

during the different iterations. Each key size is expanded to a different size:

An 128 bit key is expanded to an 176 byte key.




bit key, there is one initial AddRoundKey operation plus there are 10 rounds and each

eeds a new 16 byte key, therefore we require 10+1 Round Keys of 16 byte, which equals


ExpandedKeySize = (nbrRounds+1) * BlockSize

Schedule is responsible for expanding a short key into a larger key, whose parts are used


bit key, there is one initial AddRoundKey operation plus there are 10 rounds and each

eeds a new 16 byte key, therefore we require 10+1 Round Keys of 16 byte, which equals


8

AES operations

STATE MATRIX: is 4X4 matrix which contains the Input data which is to be encrypted or

decrypted. Following diagram represents how the Input/Plain data is arranged in the state matrix:

The SubBytes operation

The SubBytes operation is a non-linear byte substitution, operating on each byte of the state

independently. The substitution table (S-Box) is invertible and is constructed by the composition

of two transformations:

1. Take the multiplicative inverse in Rijndael's finite field

2. Apply an affine transformation which is documented in the Rijndael documentation.

Since the S-Box is independent of any input, pre-calculated forms are used. Each byte of the state

is then substituted by the value in the S-Box whose index corresponds to the value in the state:

b (i,j) = SBox[a(i,j)]

The inverse of SubBytes is the same operation, using the inversed S-Box, which is also

precalculated.

9

Subbyte is a non-linear process operating independently on each block from a table called

substitution. Subbyte operation is operated upon the state matrix and output results are stored in

the state matrix only.

Following structure represents how the substitution is carried out on state matrix:

Following table represents the Lookup table used in standard AES Subbyte operation:

This paper consists of Dynamic S Box which is key dependent. Following steps are performed to

generate Dynamic S Box:

� First 8 bits of Key, K are selected and stored in dynamic_creation_variable.

� If dynamic_creation_variable is 0x00, then all 8 bit chunks of Key are XORed

with each other and stored in dynamic_variable_creation. This step is performed

because any number XORed with 0 is number itself and Lookup table would

remain as it is.

� Now every value in Lookup table is XORed with dynamic_creation_variable to

generate new S Box.

� Developed S Box is used in Subbyte operation.

K2,2=dynamic_creation_variable

10

The ShiftRow operation

In this operation, each row of the state is cyclically shifted to the left, depending on the row

index.

� The 1st row is shifted 0 positions to the left.

� The 2nd row is shifted 1 position to the left.

� The 3rd row is shifted 2 positions to the left.

� The 4th row is shifted 3 positions to the left.

The inverse of Shift Row is the same cyclically shift but to the right. It is needed later for

decoding.

The MixColumn operation

In the MixColumns step, the four bytes of each column of the state are combined using an

invertible linear transformation

four bytes, where each input byte affects all four output bytes. Togeth

MixColumns provides diffusion

During this operation, each column is transformed using a fixed matrix (matrix multiplied by

column gives new value of column in the state):

This can also be seen as the following:

11

The MixColumn operation


linear transformation. The MixColumns function takes four bytes as input and outputs

four bytes, where each input byte affects all four output bytes. Together with ShiftRows,

diffusion in the cipher.


column gives new value of column in the state):

This can also be seen as the following:

Or:


. The MixColumns function takes four bytes as input and outputs

er with ShiftRows,


The AddRoundKey operation

In this operation, a Round Key is applied to the state by a simple

The Round Key is derived from the Cipher Key by the means of the key schedule.

The Round Key length is equal to the block key length (=16 bytes).

In the AddRoundKey step, the subkey is combined with the state. For each round, a subkey is

derived from the main key using

12

The AddRoundKey operation

In this operation, a Round Key is applied to the state by a simple bitwise XOR.


The Round Key length is equal to the block key length (=16 bytes).


using Rijndael’s key schedule; each subkey is the same size as the



; each subkey is the same size as the

13

state. The subkey is added by combining each byte of the state with the corresponding byte of the

subkey using bitwise XOR.

In the AddRoundKey step, each byte of the state is combined with a byte of the round subkey

using the XOR operation.

Fig 14 AddRoundKey Scheme

Implementation of the Algorithm

Implementation

The AES 128 algorithm is implemented using Verilog coding in Xilinx ISE 13.2. First, the

Algorithm’s Encryption module is designed with the Key Expansion unit. After designing this

encryption module, the next step is to design Decryption module separately. After this, a Top

module is designed where Encryption and Decryption modules are instantiated. Also Top module

is designed with Memory to hold the values of Key generated in Encryption so that Decryption

Module can use those values.

14

aes_top

clk

rst_enc

rst_dec

rst_dec

ENCRYPTION

data_in= 128’h343aaf5503e7d407ea507d41f4eeda64

key_in= 128’h155e57340f09e90d2e500c78735555e8

cipher_data= 128’hcfd167a6677d56851da896d0bb35826b

DECRYPTION

data_match=1’b1

Encryption

Module

Key

Expansion

Module

Key

Memory

Decryption

Module

Plain Tex

Cipher Key

Data Match

15

PERFORMANCE ESTIMATION

for aes_top.v module on Virtex 5 (Device= XC5VLX20T & Package= FF323)

Parameter Enhanced Pentium Architecture

Time (ns)

3.798

Frequency (MHz)

263.296

Throughput (Gbps)

3.370

Throughput/slice (Mbps/slice)

345.286

Conclusion & Future scope

16

Conclusion

The Advanced Encryption Standard algorithm is an iterative private key symmetric block cipher

that can process data blocks of 128 bits through the use of cipher keys with lengths of 128, 192,

and 256 bits. An efficient Verilog implementation of 128 bit block and 128 bit key AES with

dynamic S Box cryptosystem has been presented in this project. An Optimized and Synthesizable

Verilog code is developed for the implementation of both 128 bit data encryption and decryption

process & description is verified using Xilinx.

Future Scope

Side Channel attacks are the way to test the security levels of a Cryptosystem. Therefore, future

works of our project involves testing of the AES with Dynamic S Box design against the Side

channel attacks and thereby comparing AES and AES with Dynamic S box in terms of better

security and thereby proposed a better crypto algorithm. Also, other possible attacks are to be

tested on the design.

REFERENCES

[1] AES page available via http://www.nist.gov/CryptoToolkit.4

[2] Computer Security Objects Register (CSOR): http://csrc.nist.gov/csor/.

[3] J. Daemen and V. Rijmen, AES Proposal: Rijndael, AES Algorithm

Submission, September 3, 1999, available at [1].

[4] J. Daemen and V. Rijmen, The block cipher Rijndael, Smart Card research and

Applications, LNCS 1820, Springer-Verlag, pp. 288-296.

[5] B. Gladman’s AES related home page

http://fp.gladman.plus.com/cryptography_technology/.

[6] A. Lee, NIST Special Publication 800-21, Guideline for Implementing

Cryptography in the Federal Government, National Institute of Standards and

Technology, November 1999.

[7] A. Menezes, P. van Oorschot, and S. Vanstone, Handbook of Applied

17

Cryptography, CRC Press, New York, 1997, p. 81-83.

[8] J. Nechvatal, ET. al., Report on the Development of the Advanced Encryption

Standard (AES), National Institute of Standards and Technology, October 2, 2000,

[9] Understanding AES Inverse Mix-Columns Transformation Calculation.pdf

[10] http://www.ijsrd.com/articles/IJSRDV1I9071.pdf

[11] http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf

[12] http://www.jatit.org/volumes/Vol53No2/6Vol53No2.pdf