Project consists of individual modules of encryption and decryption units. Standard T-DES algorithm is implemented. Presently working on to integrate DES with AES to develop stronger crypto algorithm and test the same against Side Channel Attacks and compare different algorithms.
1. Page | 1
Verilog Implementation
of
Triple Data Encryption Standard (T-DES)
Samnit Dua Hardik Manocha
Student, E.C.E Student, E.C.E
G B Pant Engineering College, Delhi G B Pant Engineering College, Delhi
India India
samnitdua@gmail.com manochahardik94@gmail.com
2. Page | 2
Abstract
Abstract We propose a mode of multiple encryption, namely Triple DES . The aim is
to provide strong protection against certain attacks (dictionary attacks and matching
cipher text attacks) which exploit the DES block size of 128 bits(with parity, 112 bits
without parity). We are also using three keys (64 bits each) in the project which are
independent of each other. We are first encrypting the input data (Plain text) with first
key, then decrypting the output with the second key and again encrypting it with the
third key. These make our data three times more stronger than the earlier algorithm
i.e. DES. This algorithm was needed after the crack of DES in mid-90’s.
Introduction to the project
Data encryption is used pervasively in today’s connected society. The two most basic
facts of modern day data encryption are data privacy and authentication. As modern
society becomes more connected, and more information becomes available there is a
need for safeguards which bring data integrity and data secrecy. In addition,
authenticating the source of information gives the recipient, with complete certainty
that the information came from the original source and that it has not been altered
from its original state. Both, the needs for information privacy and data authentication
have motivated cryptography.
• Cryptosystemor cipher system- A method of disguising messages so that only certain
People can see through the disguise.
• Cryptography- The art of creating and using cryptosystems.
• Cryptanalysis- The art of breaking cryptosystems, and seeing through the disguise
even
• Cryptology- The study of both cryptography and cryptanalysis.
• Plaintext- The original message
• Ciphertext - The disguised message
• Encryption- A fundamental security mechanism in which the ordinary data
(plaintext) are
Transformed by the encryption process into ciphertext.
• Decryption- A procedure to convert ciphertext back into plaintext.
3. Page | 3
Encryption techniques are used to safeguard information while it is stored within a
network
Node or while it is in transit across communications media between nodes.A
cryptosystem is
Usually a whole collection of algorithms. The algorithms are labeled; and the labels
are called
keys. The people who are supposed to be able to see through the disguise are called
recipients. Other people are enemies, opponents, interlopers, eavesdroppers, or third
parties.
As an example, for a plaintext message being sent, if every A is replaced with a D,
every B is
replaced with an E, and so on through the alphabet, only someone who knows the
"shift by 3"
rule can decipher the messages. Hence a "shift by n’’encryption technique can be
performed
for several different values of n. Therefore, n is the key here.
Fig 1: T-DES implementation
4. Page | 4
TRIPLE DES
Triple DES (3DES) is the common name for the Triple Data Encryption Algorithm
(TDEA or Triple DEA) symmetric-key block cipher, which applies the Data
Encryption Standard (DES) cipher algorithm three times to each data block.
The original DES cipher’s key size of 56 bits (without parity) was generally sufficient
when that algorithm was designed, but the availability of increasing computational
power made brute-force attacks feasible. Triple DES provides a relatively simple
method of increasing the key size of DES to protect against such attacks, without the
need to design a completely new block cipher algorithm.
Algorithm
Triple DES uses a “key bundle” that comprises three DES keys, K1, K2 and K3, each
of 56 bits (excluding parity bits). The encryption algorithm is:
Cipher text = EK₃(DK₂(EK₁(plaintext)))
I.e., DES encrypts with K1, DES decrypt with K2, then DES encrypt with K3.
Decryption is the reverse:
Plaintext = DK₁(EK₂(DK₃(ciphertext)))
I.e., decrypt with K3, encrypt with K2, and then decrypt with K1.
Each triple encryption encrypts one block of 64 bits of data. In each case the middle
operation is the reverse of the first and last. This improves the strength of the
algorithm when using keying option 2, and provides backward compatibility with
DES with keying option 3.
5. Page | 5
KEYING OPTIONS
The standards define three keying options:
• Keying option 1: All three keys are independent.
• Keying option 2: K1 and K2 are independent, and K3 = K1.
• Keying option 3: All three keys are identical, i.e. K1 = K2 = K3.
Keying option 1 is the strongest, with 3 × 56 = 168 independent key bits.
Keying option 2 provides less security, with 2 × 56 = 112key bits. This option is
stronger than simply DES encrypting twice, e.g. with K1 and K2, because it
protectsagainst meet-in-the-middle attacks.
Keying option 3 is equivalent to DES, with only 56 keybits. This option provides
backward compatibility withDES, because the first and second DES operations
cancelout. It is no longer recommended by the National Institute of Standards and
Technology (NIST), and is notsupported by ISO/IEC 18033-3.
Each DES key is nominally stored or transmitted as 8bytes, each of odd parity,so a
key bundle requires 24,16 or 8 bytes, for keying option 1, 2 or 3 respectively.
6. Page | 6
Block diagram
• encryption
Figure 2: block diagram of DES encryption
7. Page | 7
For T-DES, the above algorithm is applied for key K1, then the reverse steps are
applied with key K2, then once again the above algorithm is applied with key K3.
• Key
Figure 3: block diagram of Key generation function.
SECURITY
In general, Triple DES with three independent keys (keying option 1) has a key length
of 168 bits (three 56-bit DES keys), but due to the meet-in-the-middle attack, the
effective security it provides is only 112 bits. Keying option 2 reduces the effective
key size to 112 bits (because the third key is the same as the first). However, this
option is susceptible to certain chosen-plaintext or known-plaintext attacks, and thus,
it is designated by NIST to have only 80 bits of security.
8. Page | 8
The best attack known on keying option 1 requires around 232
known plaintexts, 2113
steps, 290
single DES encryptions, and 288
memory (the paper presents other tradeoffs
between time and memory). This is not currently practical and NIST considers keying
option 1 to be appropriate through 2030.
If the attacker seeks to discover any one of many cryptographic keys, there is a
memory efficient attack which will discover one of 228
keys, given a handful of
chosen plaintexts per key and around 284
encryption operations.
Waveforms
encryption
Decryption
9. Page | 9
Result and analysis
The above project is executed with Verilog HDL code. The result which is obtained is listed
below.
1. The system is initialized with setting reset button to high bit.
2. The plain text input is encrypted and we get the cipher text as output.
3. The key input is changed according to the key generation function used in the code.
PERFORMNACE
Synthesized on Virtex 7 (XC7VX330T, FFG1157)
Parameter Value
Time (ns) 1.570
Frequency (MHz) 637.079
Throughput (Gbps) 8.154
Throughput/Slice (Mbps)
557.500
10. Page | 10
Future implementation of modules in the project
The following modules are still remained to be implemented in the project which is listed
below.
1. Implementation of the code with the Advanced Encryption Standard to make it hybrid
encryption.
2. Verification of overall functionality using SystemVerilog.
Applications
The DES and TDES devices are used by the federal department and other government
agencies for cryptographic protection of classified information. The federal government
standardizes DES and specifies interoperability and security-related requirements for using
encryption at the Physical Layer of the ISO Open Systems Interconnection (OSI) Reference
Model in telecommunications systems conveying digital information. In addition to
preserving
confidentiality, cryptography can be used for:
• Authentication: the receiver of the message can ascertain its origin
• Integrity: the receiver can verify if the message was modified during the transmission
• Non-repudiation: the sender cannot deny that she sent the message
The DES and TDES cores are very compact cores. Encryption cores are typically
implemented
with data and key buses connected to other modules internal to the FPGA. Data encryption
(and particularly DES) is primarily applied in:
• Electronic financial transactions: Automatic Teller Machines (devices limited to the
issuance of cash or travelers checks, acceptance of deposits, or account balance
reporting)
• Secure data communications, paving the road for e-commerce
• Secure video surveillance systems
• Encrypted data storage and proprietary software protection
• Access control: Software or hardware which protects passwords or Personal Identification
Numbers (PINs) against unauthorized access.
The DES and TDES functionality is usually integrated within embedded systems. Xilinx
11. Page | 11
presents several IP solutions which integrate with the DES/TDES IP. The DCT/IDCT
(discrete cosine transform/inverse DCT) solutions (also provided by Xentec) are applied in
DVDs (JPEG), cable TV, DBS systems, HDTV, graphics, Ultrasound/MRI systems, digital
VCRs, set top boxes, digital cameras, etc. These applications also require the DES algorithm
for dataencryption, thus presenting a smart system-on-a-chip solution. The combination of
the DCT/IDCT and DES cores from Xentec ported on a Xilinx FPGA shortens time to market
(TTM), and also makes Xilinx a one stop shop for data encryption for various applications
like real-timevideo, secure camera systems, etc.
Triple-DES is prevalent in Fax machines. This allows secure data transfer over phone lines
and prevents active interception of one’s faxes at the receiver end, which is prevented by
password entry by the user for fax retrieval. Networking applications use DES and Triple-
DES to provide network protection through data privacy, data integrity, access control and
authentication. Message and file security, user authentication, secure remote system logon,
and multilevel system access require data encryption, and DES and Triple-DES algorithms
are the most prevalent.
Virtual Private Networks (VPN)
There is a need for control and access between different entities in a company’s business
environment, to provide secure communication between remote offices, business partners,
customers, and travelling and telecommuting employees. Transmitting messages over the
existing Internet backbone poses risks. VPNs were introduced to tackle exactly these issues to
provide a company owned and managed network architecture. These networks provide
scalable and comprehensive solutions by utilizing existing Internet backbone with additional
hardware and software solutions. Strong data encryption is necessary to extend security and
control features for which Triple-DES are the most commonly used. This provides
secure network traffic through data privacy, data integrity, access control and authenticating
entities by providing a gateway to each point of access into the business.
12. Page | 12
DES/TDES Applications in ATM Networks
TDES algorithms have been used for cell payload encryption. Key management in
perimeter security systems that provide privacy through high-speed cryptography for
information traversing between private and public ATM (Asynchronous Transfer Mode)
networks. The cryptographic units heighten security interfaces between a secure LAN and a
public network. As data crosses this interface, the system encrypts each ATM cell’s payload
without affecting the header. Encrypted cells pass through the public network infrastructure
and are decrypted upon arriving at the destination LAN. The benefit is that the user can
conduct business as usual within the LAN and can encrypt the data as it enters the non-secure
public network or non-secure area of a LAN. The system provides privacy and access control
guarantees when using public ATM networks.
Data security in e-Commerce applications is required to have secure website, conduct
financial transactions over the Internet, authentication of users to Intranets and Extranets,
secure messaging (including X.400/EDI) and secure storage of digital signature keys for
signature generation and verification for digital documents.
Smartcard Solutions
Smartcard solutions are used in wireless communication, loyalty systems, banking Pay TV
and government ID. These are used to provide strong authentication in e-business. These
solutions are used with standard non-secured PCs. Consumers, vendors and financial
institutions need to know that the transactions, documents and identities are authentic. Triple-
DES algorithms are the most used encryption methods in data security for the Smartcard
solutions.
References
1. Wikipedia https://en.wikipedia.org/wiki/Triple_DES
13. Page | 13
2. White paper 115, Xilinx
www.xilinx.com/support/documentation/white_papers/wp115.pdf