Research on rc6 algorithm implemented by FPGA

Research on RC6 algorithm implemented by FPGA

[Date: 2008-10-29]

Source: single-chip microcomputer and Embedded System Application Author: Beijing Institute of Electronic Science and Technology Wu Yuhua Li Ligao xiwei YAN Shi ding

[Font:Large Medium Small]

　

 

Introduction

RC6 is a new group password submitted to NIST (US National Institute of Standards) as a candidate Algorithm for AES (Advanced Encryption Standard. It is designed on the basis of RC5 to better meet the requirements of AES and improve security and performance. According to AES requirements, a group password must process 128-bit input/output data. Although RC5 is a very fast grouping password, it uses two 64-bit working registers when processing 128-bit grouping blocks; AES currently does not support 64-bit operations in terms of efficiency and conciseness. Therefore, RC6 uses four 32-bit registers instead of two 64-bit registers to correct this error, to better implement encryption and decryption. Using FPGA to implement the RC6 algorithm can increase the computing speed. The chip is designed as the RC6 algorithm processor, which assists the computer processor in performing encryption and decryption operations, so that you can conveniently analyze and study encryption and decryption. Therefore, this chip can be viewed as a coprocessor.

1 RC6 Algorithm
1.1 RC6 algorithm Overview

RC6 adheres to RC5's simple design and extensive use of data-related circular shift ideas, while enhancing its ability to defend against attacks, this improves the number of bits in RC5 cycle shift, which does not depend on all bits in the register. The new feature of RC6 is that the input plaintext is expanded from the original two blocks to four. In addition, in terms of operation, integer multiplication is used, the use of integer multiplication adds the diffusion behavior in each operation return, and ensures high security even if few rounds are returned. At the same time, the Operations used in RC6 can be efficiently implemented on most processors, improving the encryption speed. RC6 is a secure, complete, and simple block encryption method. It provides great elasticity in terms of test results and parameters. RC6 can resist all known attacks and provide the security required by AES. It can be said that RC6 is an excellent encryption method in recent years.

RC6 no longer uses two 64-bit registers, but uses four 32-bit registers. This requires two cyclic shift operations in each cycle, so that more data bits can be used to determine the number of cycles. RC6 stores four blocks A, B, C, and D respectively in plain text. At the beginning, each block contains the initial values of the plain text, and the output values of the four ciphertext values after encryption.

1.2 How RC6 works
RC6 is a grouping algorithm of parameter variables. It is actually an encryption algorithm family determined by three parameters. A specific RC6 can be expressed as RC6 w/r/B, and the three parameters w, r, and B are respectively the word length, the number of cycles, and the key length. In AES, w = 32, r = 20. In this design, the key length B is 128 bits (16 bytes ). RC6 uses four w-bit registers A, B, C, and D to store the input plaintext and the output ciphertext. The first byte of plaintext and ciphertext is stored in the lowest byte of A. After encryption and decryption, the last byte of plaintext and ciphertext is stored in the highest byte of D.

1.2.1 Basic Calculation of RC6 w/r/B

There are 6 basic operations: 1. Add the 2w formula as "+"; 2. Perform the 2w subtraction operation as "1"; 3. Perform the bitwise XOR operation, indicates "Rotate"; ④ shifts the cycle to the left, and shifts the word a to the left. bits represent "a <B"; ⑤ shifts the loop to the right, the right shift of the character a loop B is represented as "a> B", and the modulo 2w multiplication is represented as "X ".

1.2.2 RC6 w/r/B Encryption Algorithm

Input: the plaintext is stored in four w-bit input registers A, B, C, and D.

Formula: e-2.782 818 284 59... (Natural logarithm)

Phi = 1.618 033 988 749... (Golden Division)

When w is 16, 32, and 64 respectively, the constant Pw and Qw are listed in Table 1. In this design, w = 16 is entered as the 128-bit master key, and 44 32-seat keys are obtained.

2 RC6 encryption and decryption algorithm co-Processor Design
2.1 top-layer structure design of RC6 coprocessor

The RC6 coprocessor consists of the following three modules: encryption and decryption module, encryption and decryption function module, and ROM module. The top-level structure 1 is shown.

Encryption/decryption module: Includes input and output, encryption/Decryption selection, state machine, function call description, and ROM call address. It is used to input 128-bit plaintext or ciphertext, and uses a state machine to define program execution in sequence and ensure cyclic control, to read 44 sub-keys of the ROM and process the data in the input function. Because the input ROM address is controlled by a clock and the output of the sub-key data has a certain delay, a control variable cnt is used to enable the address to input the ROM about one clock in advance, after receiving the sub-key, the ROM outputs the sub-key, so that a prepared sub-key is called during data encryption and decryption.

Encryption and decryption function module: Use the work user-defined function library to define the functions used in the algorithm. Five functions are provided, including rfunct, afunct, cfunct, lshift, and rshift. The top-level file calls this function 21 times in a loop to perform encryption and decryption.

ROM module: Enter the pre-defined sub-key In quartuⅱ into the rc6keyrom. mif file, call MegaWizardPlug-In Manager of quartuⅱ, and generate the ROM automatically for the top-level file to call. You need to use QuartusII to create a. mif file in advance and input the data of the sub-key.

2.2 top-layer schematic of RC6 coprocessor
As shown in figure 2, the FPGA-based RC6 algorithm coprocessor is divided into three modules: the top-layer module, the RC6 encryption and decryption function module, and the ROM module. There are a total of 260 I/0 ports, including 131 input ports and 129 output ports.

2.3 functions and implementations of each module
2.3.1 ROM Module
Figure 3 shows the ROM module automatically generated by quartuⅱ. The encryption and decryption module must provide the address input for ROM address retrieval and then output the sub-key. The input address is address [4. 0], and the output is q [63. 0]. The two subkeys are output to the main program.

The ROM module has a certain latency between the input address and the obtained sub-key data. The total time from reading the sub-key from the address "00" is about one clock cycle. Therefore, when calling the ROM of the main function, you need to advance 1 ~ Two clock input addresses.

The preceding five functions and encryption and decryption control signals can be used to calculate the algorithm at a time. The main function inputs the 128-Bit Data da-tain, two sub-keys keyl and key2 that need to be calculated, and the encryption and decryption control signals to the rfunct function; function rfunct allocates it to four registers a, B, c, and d, and calculates B = (B + 1) × B and d = (d + 1) ×d; then call the Left shift function to calculate templ = B <5 and temp2 = d <5, call afunct and cfunct to calculate a and c, reassemble a, B, c, and d into dataout, and output dataout after the computation is completed.

2.3.3 encryption and decryption Control Module
As shown in figure 4, The RC6 encryption and decryption port is defined:
Input Port

Reset: reset signal, effective at the high level.
Clk: clock.

Zset: select the signal for encryption and decryption. The high level is the encryption operation, and the reverse is the decryption operation.
Keyin [63. O]: subkey input from ROM.

Datain [127. O]: The input end of the data to be encrypted or decrypted.

Output port
Flag: the encryption and decryption end signal, which is valid at a high level.

Keyad output [4. O]: input a 5-bit address signal to the ROM.

Dataout [127.. O]: The 128-bit encrypted/decrypted data output by the RC6 encryption/decryption module.

Module functions

The Rom module receives the data keyin containing two sub-keys, and the first 32-bit and the last 32-bit are respectively a 32-bit key, encrypt and decrypt keys and data based on the zset signal.

In the main program, a state machine is used for encryption and decryption: 1st states are used for initial data processing, divide 128-bit data into four 32-bit data and store it in four registers, namely A, B, C, and D. perform preliminary operations on the data in 2nd states, the results are stored in the 128-bit register data. The 3rd-bit and 4th-bit Status control loop Operations perform 20 interactions with the Rom, while receiving the ROM sub-key data and performing operations on the data, the last State, receives the last two keys, performs the encryption and decryption operation, obtains the new A, B, C, and D, reassembles them into the encrypted/decrypted data
Output.

2.3.4 encryption/Decryption top-level module
The top-level modules of the rc6 encryption and decryption algorithm include the encryption and decryption control module and the ROM module. The input/output signals are described as follows:

Input Signal
Reset: reset signal, effective at the high level.

CLK: clock.

Zset: select the signal for encryption and decryption, and perform high-level encryption. Otherwise, the decryption operation is performed.

DataIn [l27.. 0]: input end of the data to be added/decrypted.

Output Signal
Flag: the encryption and decryption end signal, which is valid at a high level.

Dataout [l27.. 0]: The data obtained after 128-bit encryption and decryption.

The encryption and decryption module requires 260 I/0 ports, the 128-bit input and output signals can be transmitted using the L-bit input port and the 1-bit output port, which is very convenient.

2.4 Simulation Result Analysis
Figure 5 shows the functional simulation of the RC6 encryption and decryption algorithm. The input and output values are 128 bits. When the input plaintext is 128-bit, all zero data is encrypted and the decryption result is 36A5C38F78F781564EDF29C11EA44898. In addition, other data has been tested. According to the official standard, the encryption and decryption module has correct functions.

During simulation, the clock period of the RC6 encryption and decryption module is NS and the frequency is 10 MHz. From the first rising edge (0.45 μs) after the reset low level, to the end of the encryption and decryption operation and the output end signal flag (rising edge, 8.958 μs ), the total time consumption is about 8.5 μs.

Figure 5 simulation of RC6 encryption and decryption algorithm Functions

Knot

This article implements the RC6 Algorithm Based on FPGA technology. The entire design includes the encryption and decryption function module, encryption and decryption control module, ROM module, UART module, input/output control module, etc. Through software simulation, download the program to the FPGA chip for hardware debugging, and verify the correctness and effectiveness of the design.