ESE566rp2

advertisement
ESE 566 Report 2
Implementation of International Data
Encryption Algorithm
Hui Zhang
Preethi Karthik
7-1
Introduction
In this report, an International Data Encryption Algorithm (IDEA) cipher is specified in
system-level with SystemC. The cipher is simulated and tested.
IDEA (International Data Encryption Algorithm) is an encryption algorithm developed at
ETH in Zurich, Switzerland. It uses a block cipher with a 128-bit key, and is generally
considered to be very secure. It is considered among the best publicly known algorithms.
Description of functionality of the application
IDEA is a 64-bit iterative block cipher with a 128-bit key. The encryption process requires
eight complex rounds. Decryption is carried out in the same manner as encryption once the
decryption subkeys have been calculated from the encryption subkeys. The cipher structure
was designed to be easily implemented in both software and hardware, and the security of
IDEA relies on the use of three incompatible types of arithmetic operations on 16-bit words.
IDEA uses 52 subkeys, each 16 bits long. Two are used during each round proper, and four
are used before every round and after the last round. It has eight rounds.
The plaintext block in IDEA is divided into four quarters, each 16 bits long. Three
operations are used in IDEA to combine two 16 bit values to produce a 16 bit result,
addition, XOR, and multiplication. Addition is normal addition with carries, modulo 65,536.
Multiplication, as used in IDEA, requires some explanation.
Multiplication by zero always produces zero, and is not invertible. Multiplication modulo n
is also not invertible whenever it is by a number which is not relatively prime to n. The way
multiplication is used in IDEA, it is necessary that it be always invertible. This is true of
multiplication IDEA style.
The number 65,537, which is 2^16+1, is a prime number. (Incidentally, 2^8+1, or 257, is
also prime, and so is 2^4+1, or 17, but 2^32+1 is not prime, so IDEA cannot be trivially
scaled up to a 128-bit block size.) Thus, if one forms a multiplication table for the numbers
from 1 through 65,536, each row and column will contain every number once only, forming
a Latin square, and providing an invertible operation. The numbers that 16 bits normally
represent are from 0 to 65,535 (or, perhaps even more commonly, from -32,768 to 32,767).
In IDEA, for purposes of multiplication, a 16 bit word containing all zeroes is considered to
represent the number 65,536; other numbers are represented in conventional unsigned
notation, and multiplication is modulo the prime number 65,537.
Description of IDEA
Let the four quarters of the plaintext be called A, B, C, and D, and the 52 subkeys called K(1)
through K(52).
Before round 1, or as the first part of it, the following is done:
7-2
Multiply A by K(1). Add K(2) to B. Add K(3) to C. Multiply D by K(4).
Round 1 proper consists of the following:
Calculate A xor C (call it E) and B xor D (call it F).
Multiply E by K(5). Add the new value of E to F.
Multiply the new value of F by K(6). Add the result, which is also the new value of F, to E.
Change both A and C by XORing the current value of F with each of them; change both B
and D by XORing the current value of E with each of them.
Swap B and C.
Repeat all of this eight times, or seven more times, using K(7) through K(12) the second
time, up to K(43) through K(48) the eighth time. Note that the swap of B and C is not
performed after round 8.
Then multiply A by K(49). Add K(50) to B. Add K(51) to C. Multiply D by K(52).
The intricacies of IDEA encryption may be made somewhat clearer by examining the
following diagrams:
Details:
Overview:
Figure 1
Decryption
How can the round in IDEA be reversed, since all four quarters of the block are changed at
the same time, based on a function of all four of their old values? Well, the trick to that is that
A xor C isn't changed when both A and C are XORed by the same value, that value cancels
out, no matter what that value might be. And the same applies to B xor D. And since the
values used are functions of (A xor C) and (B xor D), they are still available.
7-3
This cross-footed round, rather than a Feistel round, is the most striking distinguishing factor
of IDEA, although its use of multiplication, addition, and XOR to avoid the use of S-boxes is
also important.
Those that are added are replaced by their two's complement. Those that are multiplied in are
replaced by their multiplicative inverse, modulo 65,537, in IDEA notation when used to
change blocks directly, but those used to calculate the cross-footed F-functions are not
changed. Keys XORed in would not need to be changed, but there aren't any such keys in
IDEA. Due to the placement of the swap, the first four keys for decryption are moved
somewhat differently than the other keys used for the same operation between rounds.
The decryption key schedule is:
The first four subkeys for decryption are:
KD(1)
KD(2)
KD(3)
KD(4)
= 1/K(49)
= -K(50)
= -K(51)
= 1/K(52)
and they do not quite follow the same pattern as the remaining subkeys which follow.
The following is repeated eight times, adding 6 to every decryption key's index and
subtracting 6 from every encryption key's index:
KD(5)
KD(6)
=
=
K(47)
K(48)
KD(7)
KD(8)
KD(9)
KD(10)
= 1/K(43)
= -K(45)
= -K(44)
= 1/K(46)
Subkey generation
This method of subkey generation is regular, and this may be a weakness. However, IDEA is
considered to be highly secure, having stood up to all forms of attack so far tried by the
academic community. Table 1 shows the encryption key sub-blocks and the corresponding
decryption key sub-blocks.
Table 1 IDEA Encryption and Decryption Key Sub-Blocks
ROUND
1:
2:
3:
4:
5:
6:
7:
8:
output
transformation
ENCRYPTION KEY SUB-BLOCKS
Z1(1)
Z1(2)
Z1(3)
Z1(4)
Z1(5)
Z1(6)
Z1(7)
Z1(8)
Z1(9)
Z2(1)
Z2(2)
Z2(3)
Z2(4)
Z2(5)
Z2(6)
Z2(7)
Z2(8)
Z2(9)
Z3(1)
Z3(2)
Z3(3)
Z3(4)
Z3(5)
Z3(6)
Z3(7)
Z3(8)
Z3(9)
Z3(1)
Z3(2)
Z3(3)
Z3(4)
Z3(5)
Z3(6)
Z3(7)
Z3(8)
Z3(9)
Z4(1)
Z4(2)
Z4(3)
Z4(4)
Z4(5)
Z4(6)
Z4(7)
Z4(8)
Z5(1)
Z5(2)
Z5(3)
Z5(4)
Z5(5)
Z5(6)
Z5(7)
Z5(8)
Z6(1)
Z6(2)
Z6(3)
Z6(4)
Z6(5)
Z6(6)
Z6(7)
Z6(8)
DECRYPTION KEY SUB-BLOCKS
[Z1(9)]-1
[Z1(8)]-1
[Z1(7)]-1
[Z1(6)]-1
[Z1(5)]-1
[Z1(4)]-1
[Z1(3)]-1
[Z1(2)]-1
[Z1(1)]-1
-Z2(9)
-Z2(8)
-Z2(7)
-Z2(6)
-Z2(5)
-Z2(4)
-Z2(3)
-Z2(2)
-Z2(1)
-Z3(9)
-Z3(8)
-Z3(7)
-Z3(6)
-Z3(5)
-Z3(4)
-Z3(3)
-Z3(2)
-Z3(1)
[Z4(9)]-1
[Z4(8)]-1
[Z4(7)]-1
[Z4(6)]-1
[Z4(5)]-1
[Z4(4)]-1
[Z4(3)]-1
[Z4(2)]-1
[Z4(1)]-1
Z5(8)
Z5(7)
Z5(6)
Z5(5)
Z5(4)
Z5(3)
Z5(2)
Z5(1)
Z6(8)
Z6(7)
Z6(6)
Z6(5)
Z6(4)
Z6(3)
Z6(2)
Z6(1)
7-4
System Specification
Encrypt
/decrypt
Output-termination
Round 7
Round 1
Round 0
data-in
Key-generator
data-out
Idea_top Module
Figure 2 IDEA cipher
TOP MODULE
idea_top module is the cipher. The ports of it are as following:
sc_in<sc_uint<64> >
sc_in<bool>
sc_in<bool>
sc_in<bool>
sc_in_clk
sc_out<sc_uint<64> >
sc_out<bool>
DATA_IN;
// 64-bit plaintext or ciphertext input
INPUT_VALID;
// to indicate input data is ready
ENCRYPTION;
// to do encryption or decryption
RESET;
// reset the system
CLK;
// clock
DATA_OUT;
// 64-bit ciphertext or plaintext output
OUTPUT_DATA_READY;
// to indicate output data is ready
The idea_top module consists 10 sub-modules. key_gen is a key generator, it outputs 52
16-bit encryption or decryption subkeys to the rest parts of the idea_top module, which are 8
round sub-modules and a output termination sub-module. 8 round sub-modules have the
same structure, so they are all the instances of module round. Output_termination is the last
stage of the computation.
key_gen
round
output_termination
*key_gen0;
*round0, *round1, *round2, *round3,\
*round4, *round5, *round6, *round7;
*output_t0;
Module round is to implement the computation in one round as decrypted in Figure 1. It take
64-bit data and 6 16-bit subkeys as inputs.
SC_MODULE(round){
sc_in<sc_uint<64> >
sc_in<bool>
sc_in<bool>
sc_out<sc_uint<64> >
sc_out<bool>
sc_in_clk
sc_in<sc_uint<16> >
data_in;
// 64-bit input
input_valid;
reset;
data_out;
// 64-bit encrypted block output
output_data_ready;
CLK;
K0,K1,K2,K3,K4,K5;
// 6 16-bit sub-blocks of the key
SC_CTOR(round) {
SC_CTHREAD(entry, CLK.pos());
7-5
watching(reset.delayed() == true);
}
void entry();
};
Module key_gen converts a 128-bit IDEA key to 52 16-bit encryption subkeys. Or for
decryption case, it outputs 52 16-bit decryption subkeys derived from encryption subkeys by
using table 1. In our project, this module is not fully developed. It works well for the
encryption subkeys generation. But for the decryption subkeys generation, because of
temporary absence of an effective method to calculate multiplicative inverse modulo 216+1
of an encryption subkey and short of time, we just set a pair of constant encryption and
decryption subkeys.
Description of Testbench
We use testbench as figure 3 shows. Module stimulus and idea_top and display are in main
routine. Module stimulus generates clock, reset and plaintext or ciphertext for module
idea_top. display module displays the results. The data encrypted or decrypted and 52
subkeys are also displayed for the test purpose.
stimulus
idea_top
display
Main module
Figure 3 IDEA cipher simulation and test
The design is write in C++ with SystemC 2.0 library. The test and simulation are done in MS
Visual C++ 6.0. We use following keys for the test:
ENCRYPTION SUBKEYS
729A
14C9
1A29
5834
B2B0
E1F4
F5C3
B1EB
FB63
27ED
0B43
9216
5324
68A6
5D78
E8BA
87D1
D70F
8F5C
DB1E
86E5
2D0D
485A
4C90
F165
75E2
A2EB
3E8B
B87D
344F
CA68
1B94
B437
60D1
CAC1
C595
AF16
175E
FA2E
9FB6
D13F
29A2
6E53
A299
560D
2CAC
BC59
3D70
6C7A
7ED8
44FD
2168
DECRYPTION SUBKEYS
DE00
C501
3B12
DA6F
6013
AAD3
C231
FD1E
DE59
28F1
8A1E
0E9B
B370
B7A6
D2F3
791B
24E2
D813
5D15
782F
1746
A288
975A
ACDC
6DEA
F4BD
70A4
7D3F
21AC
DA1E
10CC
B1EF
E061
D19B
2C7B
3EC2
A299
6E53
29A2
D13F
9FB6
FA2E
175E
AF16
2168
44FD
7ED8
6C7A
3D70
BC59
2CAC
560D
7-6
Table 2 Test Results
Input 64-bit data
1234 5678 9ABC DEF0
A468 A310 CD64 FB95
Encrypt/Decrypt
Encrypt
Decrypt
Result
A468 A310 CD64 FB95
1234 5678 9ABC DEF0
The table 2 shows the functions of encryption and the decryption work well. The ciphertext
can be decrypted with the same method as encryption but the different subkeys. In order to
check the encryption is really IDEA, we employ the IDEA-SDK-Demo Kit from
MediaCrypt AG (www.mediacrypt.com) to check the correctness of the encryption and
decryption. The results show our IDEA cipher workes in IDEA ECB mode.
Conclusion
1. The IDEA can be designed in system level by using SystemC 2.0
2. In system description, we can ignore details in subblock. Also we possibly can design
and simulate the system when the subblock is not fully understood or implemented. For
example, in our design, the functionality of key_gen module is not fully implemented,
however, we still can finish our system level specification and simulation.
3. In our design experience, SystemC 2.0 has some limitations on data operation. For more
freedom, we will have to go deep into SystemC 2.0 core.
References
[1] M.P.Leong, O.Y.H.Cheung, K.H.Tsoi and P.H.W.Leong, A Bit-Serial Implementation
of the International Data Encryption Algorithm IDEA, IEEE 2000
[2] SystemC Open Source, SystemC Version 2.0 User’s Guide
[3] B.Schneier, Applied Cryptography, John Wiley, 1996
7-7
Download