International Journal of Engineering Trends and Technology (IJETT) – Volume 34 Number 1- April 2016
Implementation of Fault Diagnosis Scheme for
Clefia Algorithm
P.Ramakrishna #1, Morigadi Anusha*2 M. Swathi #3
#1Associate Professor, *2 M.Tech(vlsi system design) Scholar & Department of ECE & Anurag Group of
Institutions, #3Associate Professor
Hyderabad, Telangana, India
many commercial computer applications. The
ABSTRACT- In this paper fault diagnosis scheme for
module will explain the principles of modern public
the lightweight internationally standard block
key cryptography, a cornerstone of many securityCLEFIA algorithm is proposed. The CLEFIA is a
enabled network applications in current use. A
symmetric key block cipher. The symmetric key
number of cryptographic primitives, including
algorithm in which both the encryption and
message digests, digital signatures and certificates,
decryption use a single key. The CLEFIA provides
will be discussed. CLEFIA is an efficient, highly
acceptable confidentiality with low cost and compare
secure block cipher. The block length is 128 bits,
to other algorithm like AES, DES...etc has more
while key length of 128 bits, 192 bits, and 256 bits
compact hardware implementation. The CLEFIA
can be selected. To make the CLEFIA more reliable,
algorithm s-boxes are different from AES both in
the algorithm specification of CLEFIA is publicly
terms of the irreducible polynomial used and the
available to enable public evaluations by
different affine transforms used before and after the
cryptographers in worldwide. The module will go
multiplicative inversion. To analyze the propagation
through all details of how to write secure network
of faults that occur during transmission due to error
applications using these cryptographic primitives
in s-box is detected and corrected. The fault detection
With this motivation, in this project, we present an
is done by using parity based error detection
design and implement a novel reconfigurable fault
approach. Those faults are rectified by using fault
diagnosis scheme architecture for CLEFIA on FPGA
diagnosis scheme. This reduces the data corruption
using Xilinx ISE 13.2i EDA tool for prompt
and increases the performance. Xilinx ISE 14.3 is
prototyping.
used for simulation and functionality verification and
Fault diagnosis schemes are essential for their
Xilinx XST is used for synthesis. Implemented Zynq
reliability
and confidentiality. Error detection and
7000 FPGA
correction approaches are presented for the nonlinear
S-boxes, applicable to their composite-field
Key words- CLEFIA, symmetric-key block cipher,
implementations as well as their lookup table
efficient error detection and correction approach,
realization. Fault detection is recognizing that a
field-programmable gate array (FPGA), reliability.
problem has occurred, even if you don't know the
reason. . In mathematics, parity refers to the evenness
I INTRODUCTION
or oddness of an integer, which for a binary number
In today’s world cryptography has become a
is determined only by the least significant bit. In
necessity for all the organizations. Data security is an
telecommunications and computing, parity refers to
essential component of an organization in order to
the evenness or oddness of the number of bits with
keep the information safe from various competitors.
value one within a given set of bits, and is thus
It also helps to ensure the privacy of a user from
determined by the value of all the bits. It can be
others. These days’ passwords are not considered as
calculated via an XOR sum of the bits, yielding 0 for
reliable for this task because it is easy to guess
even parity and 1 for odd parity. This property of
passwords due to its short range. Moreover, if the
being dependent upon all the bits and changing value
range of password is small a brute force search can
if any one bit change allows for its use in error
be applied to crack it. So, as to protect our data
detection scheme.
various algorithms have been designed. It helps us to
securely access bank accounts, electronic transfer of
funds and many more daily life applications. A
II LITERATURE SURVEY
fundamental part of security systems is cryptography,
This chapter involves the work done by the various
the science of secret writing. There have been rapid
researchers in the field of cryptographic algorithm for
advances in cryptography in the past few decades,
data security. From the literature survey various
and cryptography has become an integral part of
observations have been drawn and listed at the end of
ISSN: 2231-5381
http://www.ijettjournal.org
Page 43
International Journal of Engineering Trends and Technology (IJETT) – Volume 34 Number 1- April 2016
this chapter. From the observations various objectives
have also been drawn.CLEFIA algorithm is used for
F-functions which consist of s-box. From This paper
implement the finite field multiplication inverse
with 24 elements is denoted GF (24) and is also called
the Galois Field. The inverse Galois Field [1]
performs and gets the output as q-1= {q3-1q2-1q1-1q0-1}.
In the project GF (28) is done by using inverse Galois
Field GF (24) .The inverses of the individual bits can
be computed Fault diagnosis schemes are essential
for their reliability and confidentiality. There are
many different approaches [4] to detect and isolate
faults. Because each approach has their benefits and
limitations, maximum applications mix multiple
approaches. We emphasize some of the key
differentiating factors between the different
techniques. Error detection approaches are presented
for the nonlinear S-boxes, applicable to their
composite-field implementations as well as their
lookup table realization. Fault detection [6] is
recognizing that a problem has occurred, even if you
don't know the reason. Faults may be detected by a
variety of quantitative or qualitative approaches.
In telecommunications and computing, parity refers
[9] to the evenness or oddness of the number of bits
with value one within a given set of bits, and is thus
determined by the value of all the bits. It can be
calculated via an XOR sum of the bits, yielding 0 for
even parity and 1 for odd parity. This property of
being dependent upon all the bits and changing value
if any one bit change allows for its use in error
detection schemes. Hardware Implementations of the
128-bit Block cipher CLEFIA[2] referred and
designed with key size of 256 bit.
Data Processing Part
The data processing part of CLEFIA consists of
encryption and decryption. Which is based on the 4branch generalized Feistel structure GFN4,r. The
plaintext input and the Cipher text output (each
contains 128-b blocks) are divided into p0|p1|p2|p3
and
c0|c1|c2|c3 each of
32-b. and let
WK0;WK1;WK2;WK3 be whitening keys and RKi
(0≤i<2r) be rounding keys. Whitening keys are
utilized at the beginning and the end of the CLEFIA,
and round keys are used in its two main functions,
i.e., 32-b functions F0 and F1 used in both the
CLEFIA encryption and decryption.
A. F-FUNCTIONS: Two different F-Functions, F0
and F1 are employed in each Round, used for data
randomization. These F-Functions consist of
additions in GF (28) between the round data and the
Round Keys. Substitution Boxes S0 and S1, and
Diffusion Matrices M0 and M1, one for each FFunction (F0 and F1), as depicted in Figure 3.1, 3.2.
It consists of three blocks:
1.
2.
S-box module s0, s1.
Diffusion matrices M0, M1.
F0: The Block Diagram of F0-function is shown in
below figure:
III DESIGN OF CLEFIA
ALGORITHM
CLEFIA block cipher consists of two parts, one is
data processing part and other is a key scheduling
part. The plaintext input and the Cipher text output
(each contains 128-b blocks) are divided into 32-b
parts. Key scheduling part performed for the
whitening and round Keys. The round keys are used
as inputs to the main functions of the algorithm, and
the whitening keys are XORed with the input and the
output of the entire encryption/decryption. Then, the
CLEFIA employs a type-2 generalized Feistel
network with four data lines, each data line with a
length of 32 b. The CLEFIA is a 128-b block cipher
with key lengths of 128, 192, and 256 b
corresponding to 18, 22, and 26 numbers of rounds,
respectively.
FIGURE 3: F0 block
F1: The Block Diagram of F1-function is shown in
below figure:
FIGURE 4: F1 block
ISSN: 2231-5381
http://www.ijettjournal.org
Page 44
International Journal of Engineering Trends and Technology (IJETT) – Volume 34 Number 1- April 2016
Two different F-Functions, F0 and F1 are employed
in each Round, used for data randomization. These FFunctions consist of additions in GF (28) between the
round data and the Round Keys. Substitution Boxes
S0 and S1, and Diffusion Matrices M0 and M1, one
for each F-Function (F0 and F1), as depicted in
Figure 3.1, 3.2. It consists of three blocks: These
functions consist of nonlinear 8-b S-boxes namely
S0, S1.
1) S0 MODULE: S0 is generated by
combining four 4-bit S-boxes SS0, SS1, SS2
and SS3.This is shown in Table I in which
the outputs for these four S-boxes are shown
in hexadecimal form.
The multiplication in 0x2 is scalar
multiplication. It is performed in GF (24) defined by
the lexicographically first primitive polynomial z4 +
z + 1. Figure 2 shows the construction of S0.
Figure 2: S1 module block
S1 is defined as follows:
Pre affine transform f(.): The following equation
expresses an affine transformation in GF(2) (with "+"
representing XOR):
f(.) : x=a{i}+{v}.
Where [a] is the matrix, and {v} is the vector. For
instance, the affine transformation of the element {
x} = a7 + a6 + a3 + a = {11001010} in big-endian
binary notation = {CA} in big-endian hexadecimal
notation.
The f(.) function is defined as:
Figure 1: S0 module
2) S1 MODULE
The nonlinear S-box S1 is based on the
finite-field inversion over GF(2^8). The primitive
polynomial used for this multiplicative inversion is
P2(z) = z8+ z4 + z3 + z2 + 1. Two affine
transformations are used in the S-box S1, denoted
here after as pre- and post inversion affine
transformations, i.e., f (.) and g (.), respectively. The
8-b output of the S-box S1 is computed. The Block
Diagram of S1 module is shown in below figure.
It consists of 3blocks.
1.
2.
3.
Preinversion affine transform f (.).
Multiplicative inversion in GF (28).
Post inversion affine transform f
(.).
ISSN: 2231-5381
Here x=x0│x1│x2│x3│x4│x5│x6│x7 ; xi, yi
€{0,1}.The constants in f can be represented as 0x1e.
Post affine transform g(.): The following equation
expresses an affine transformation in GF(2) (with "+"
representing XOR):
g(.) : x=a{i}+{v}.
Where [a] is the matrix, and {v} is the vector. For
instance, the affine transformation of the element {
http://www.ijettjournal.org
Page 45
International Journal of Engineering Trends and Technology (IJETT) – Volume 34 Number 1- April 2016
x} = a7 + a6 + a3 + a = {11001010} in big-endian
binary notation = {CA} in big-endian hexadecimal
notation.
The g(.) function is defined as:
y=y0│y1│y2│y3│y4│y5│y6│y7; xi, yi €{0,1}.The
constants in g can be represented as 0x69.
MULTIPLICATIVE INVERSION in GF (24): The
finite field with pn elements is denoted GF (pn) and is
also called the Galois Field, in honor of the founder
of finite field theory, Évariste Galois. GF (p),
where p is a prime number, is simply the ring of
integers modulo p. That is, one can perform
operations (addition, subtraction, multiplication)
using the usual operation on integers. A particular
case is GF (2), where addition is exclusive
OR (XOR) and multiplication is AND.
Polynomial: x6 + x4 + x + 1
Binary: {01010011}
Hexadecimal: {53}
The finite field with 24 elements is denoted GF (24)
and is also called the Galois Field. The formula to
compute the multiplicative inverse of q (where q is an
element of GF (24)) such that q-1={q3-1q2-1q1-1q01
}.The inverses of the individual bits can be
computed from the equation below.
error occurred during transmission of the message. A
simple example of error-detecting code is parity
check.In this section, error detection schemes for two
nonlinear S-boxes in the F-functions of the
encryption and the decryption of the CLEFIA are
proposed. Error detection schemes for S0 are
proposed through Fig. 3.3. As seen in this figure, the
linear and nonlinear layers of this S-box are depicted.
The first scheme is based on the modification of the
original S-boxes, and the second one is based on
investing on the derived lightweight parity prediction
circuitry of the intact original S-box S0. First, the
scheme which is based on expanding the S-box S0 is
devised. It is noted that P and ˆ P denote the actual
and the Predicted parities, respectively. The original
16 × 4 S-boxes SS0–SS3 have been modified to 16×
5 ones, i.e., their entries are now 5 b and the added
bit is the modulo-2 addition (XOR) of the input and
the output parities. For instance, as seen in Fig. 3.3,
for SS0 with the input x0 and the output b, Px0 ⊕ ˆ
Pb is added to each S-box entry, where⊕ denotes the
XOR operation. The predicted parity of the 4-b
output vector b, i.e., ˆ Pb, is then derived by adding
the input parity ( ˆ Px0 ) and this stored value (the
lookup table address is x0). Similarly, ˆ Pa is derived
for SS1, where a is the 4-b output of this S-box. The
same procedure is done for SS2 and SS3, as seen in
Fig. 3.3. Finally, the error indication flag of the Sbox, i.e., eS0, is derived as shown in Fig. 3.3. Fault
correction is done by using correction circuit across
ss0, ss1, ss2, ss3 modules this correction circuit will
correct the error in s0 module .If es1=0 then the
circuit is no error The following lemma is presented
for the parity prediction of the linear multiplication
layer of the S-box S0. Throughout this paper, both
single and multiple stuck-at faults are considered.
These models cover both natural faults and malicious
fault attacks. Here fault is introduced in ss3 module.
Ss3 module is predefined output so change the
predefined outputs with other values will differ their
parity across ss3.The predicted parity of ss3 module
and actual output is compared with XOR operation. If
both values are matched error is 0 otherwise error is
1.Error flag bit indicate that the data contains error or
not. If exactly 1-b error occurs at the output of the
linear or nonlinear blocks of the CLEFIA functions,
the presented parity-based error detection approach is
able to detect it
B. IMPLEMENTATION OF FAULT DETECTION
AND CORRECTION IN S0 MODULE: Whenever a
message is transmitted, it may get scrambled by noise
or data may get corrupted. To avoid this, we use
error-detecting codes which are additional data added
to a given digital message to help us detect .if an
ISSN: 2231-5381
http://www.ijettjournal.org
Page 46
International Journal of Engineering Trends and Technology (IJETT) – Volume 34 Number 1- April 2016
Figure 5: Parity-based error detection structure of the
Sbox S0
Figure 6: Parity-based error detection with correction
module structure of the S-box S0
Figure 7. Error detection structures of the two main
functions of the CLEFIA,i.e., F-functions F0/F1.
In this section, error correction schemes for
two nonlinear S-boxes in the F-functions of the
encryption and the decryption of the CLEFIA are
proposed. Error correction schemes for S0 are
proposed through Fig. 3.3. As seen in this figure, the
linear and nonlinear layers of this S-box are depicted.
Here each module in ss0, ss1, ss2, ss3 is connected
with correction circuit. This correction circuit
performs the operation based on condition of error
flag bit and pass the correct output in each sub block.
If es0=1then the s0 module contain error
then it will go to correction circuit and the correction
circuit will check the condition and pass the
predefined output across ss3 module. The correction
circuit will correct the error in ss3 module. The
output across ss3 module is corrected by the
correction module. In correction logic is based on
error value if error bit is 1 it will again connect with
ss3 module again and the predefined output is passed
instead of actual error output. CLEFIA functions, the
presented parity-based error detection approach is
able to detect it and correct it by using correction
module.
ISSN: 2231-5381
Figure 8: encryption and decryption architecture with
fault detection and correction.
IV RESULTS
VERILOG code is written for the encryption and
decryption modules Simulation is done by using
Xilinx ISE simulator and synthesis is done by using
xst synthesizer. Here the inputs to the encryption
module is plain text and key input .The output is
cipher text and this output is given as input to the
decryption block and same key is given as input then
cipher text is the output of decryption module .For
dumping the code on FPGA bit file is generated. The
output is seen on FPGA by assigning inputs to
switches and outputs to LEDS.
http://www.ijettjournal.org
Page 47
International Journal of Engineering Trends and Technology (IJETT) – Volume 34 Number 1- April 2016
SIMULATION
MODULE
RESULT
FOR
ENCRYPTION
The output
Plaintext=128’h000102030405060708090a0b0c0d0e
0f;
V CONCLUSION & FUTURE SCOPE
CONCLUSION
SIMULATION
MODULE
RESULT
FOR
DECRYPTION
The encryption & decryption modules are
designed by using 256 bit cipher key for more
security. These include the nonlinear S-boxes are
generated by using pre and post affine transforms and
multiplicative inverse function and the linear
diffusion matrices of the F-functions. The fault
diagnosis approaches for the standardized lightweight
block cipher CLEFIA have been presented. Which
will detect the errors occurring during transmission of
the data and correct it .The implementing the fault
detection and correction code is done by using parity
based error detection approach. Xilinx ISE 13.2 will
be used for simulation and functional verification.
Xilinx XST will be used for synthesis. Sparten3
Xilinx FPGA board will be used for testing and
demonstration of the implemented system.
FUTURE SCOPE
TEST PLAN FOR SIMULATION:
ENCRYPTION:
Here the VERILOG code is written for the
encryption Module. Here plain text and key are two
inputs
Plaintext=128’h000102030405060708090a0b0c0d0e
0f
Key=256’hffeeddccbbaa99887766554433221100f0e
0d0c0b0a090807060504030201000;
The output cipher
text=128’h36f15823e8cf4d47ca26f6d304521e;
DECRYPTION:
Here the VERILOG code is written for the
decryption Module Here cipher text and key are two
inputs
The main scope of this project involves fault
diagnosis scheme for CLEFIA algorithm used for
encryption and decryption, parity based error
detection approach used to detect the fault in s-box
and. Fault detection and correction approach in
Cryptography Algorithms are implemented for
providing security. Fault diagnosis scheme for clefia256 b block cipher is implemented in this project.
The future scope of this project is to add LFSR
module for key generator. Key generator module
generates the key randomly, So it will increases the
security. In future this technology can be used for
Data security applications by using FPGA board.
ACKNOWLEDGEMENT
The authors express their sincere thanks to
Chairman of Anurag Group of Institutions Dr. P.
Rajeswar Reddy for all his support. They are
indebted to Dr. K. S. Rao, Director Anurag Group of
Institutions,Prof. J.V. Sharma H.O.D ECE Dept.
AGI, for their valuable suggestions.They also express
thanks to their parents,friends and colleagues.
Cipher
text=128’h36f15823e8cf4d47ca26f6d304521e;
Key=256’hffeeddccbbaa99887766554433221100f0e
0d0c0b0a090807060504030201000;
ISSN: 2231-5381
http://www.ijettjournal.org
Page 48
International Journal of Engineering Trends and Technology (IJETT) – Volume 34 Number 1- April 2016
REFERENCES
1)
Edwin NC Mui,”Practical Implementation of Rijndael
S-Box Using Combinational Logic”Custom R & D
Engineer Texco Enterprise Ptd. Ltd
2)
TaizoShirai, KyojiShibutani, Toru Akishita, Shiho
Moriai, and Tetsu Iwata,"Hardware Implementations of
the 128-bit Blockcipher CLEFIA (in Japanese)."IEICE
Technical Report, ISEC2007-49 (2007-07), 2007.
3)
Takeshi Sugawara, Naofumi Homma, Takafumi Aoki,
and Akashi Satoh,"ASIC Implementations of the 128bit Block Cipher CLEFIA".Computer Security
Symposium 2007, CSS 2007, pp. 175-180, 2007.
4)
JyotiTamak,“A Review of Fault Detection Techniques
to Detect Faults and Improve the Reliability in Web
Applications”International Journal of Advanced
Research in Computer Science and Software
Engineering Volume 3, Issue 6, June 2013.
5)
G. Sutter, J. P. Deschamps, and J. Imaña, “Efficient
elliptic curve pointmultiplication using digit serial
binary field operations,” IEEE Trans. Ind.Electron., vol.
60, no. 1, pp. 217–225, Jan. 2013.
6)
M. Mozaffari-Kermani and A. Reyhani- Masoleh, “A
low-power high performance concurrent fault detection
approach for the composite field S-box and inverse Sbox,” IEEE Trans. Comput., vol. 60, no. 9, pp. 1327–
1340, Sep. 2011
7)
EwaIdzikowska, Krzysztof Bucholc,” Paritybased
Detection of Multiple Errors in Sboxes” Proceedings of
the InternationalMulticonference on Computer Science
and Information Technology, pp. 453 – 457 ISSN 18967094 © 2006 PIPS.
8)
“Designing with FPGA and CPLDS” book by Bob
Zeidman
9)
“VERILOG PRIMER “book by BHASKAR.J Test
book.
AUTHORS PROFILES
P. Ramakrishna received his M. Tech degree in
VLSI System Design in the year of 2009 from JNT
University Hyderabad, B. Tech degree in Electronics
and Communication Engineering (ECE), in the year
of 2006 from NIT Warangal, Diploma in Electronics
and communications (DECE) in the year of 2000, and
pursuing Ph.D at K.L. University Vijayawada. He
had 8 years of teaching, research and 2 years of
industrial experience. Presently he is an Assistant
Professor
Anurag
Group
of
Institutions
(Autonomous) Hyderabad. His research interests
include Low power VLSI System Design, Digital
Signal Processing and Image processing.
M. ANUSHA, Received her M.TECH degree (VLSI
System Design) from ANURAG GROUP OF
INSTITUTIONS
(Autonomous),
Ghatkesar,
Hyderabad and B.TECH from AURORA COLLEGE
OF ENGINEERING. Her research interests include
VLSI System Design, Digital integrated circuit
Design.
M. Swathi received her M. Tech degree in VLSI
System Design in the year of 2009 JNT University
Hyderabad, B.Tech degree in Electronics and
Communication Engineering (ECE), in the year of
2007 from Mahaveer college of science and
technology, JNT University, Hyderabad. She has 6
years of teaching and research experience. Presently
she is an Assistant Professor Anurag Engineering
College, Hyderabad. Her research interests include
VLSI System Design, Signal Processing.
ISSN: 2231-5381
http://www.ijettjournal.org
Page 49