VHDL Modeling Of Scalable Encryption Algorithm Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Abstract-Encryption is the translation of data to a secret code. An encryption algorithm provides confidentiality, authentication, integrity and no repudiation. The hardware mainly consists of Key-scheduling unit, encryption data path unit, encryption control unit. The generation of different keys is achieved by using scalable encryption algorithm. This paper implements the Scalable Encryption Algorithm for hardware performance analysis. It explores the features of low cost FPGA encryption/decryption core for SEA and performance evolutions. The algorithm's scalability can be turned into fully generic VHDL design, so that any key, text and bus size can be straightforwardly re-implemented without any modifications of hardware description language with standard synthesis and implementation tools.

Keywords: Scalability, key, text, bus size, synthesis.


SEA is parametric block cipher for sensor networks and RFIDs. Initially this algorithm was designed for software implementations[1] in micro-controllers, micro-processors and smart cards. For this it requires small code size, memory and limited instruction set i.e. AND, OR, XOR gates, word rotation and modular rotation. Compared to other algorithms like

DES[2],[3] AES Rijendal[4],[5], TEA[6], this algorithm take the plain text, key and bus sizes as a parameters and straightforwardly applied to implementation contexts and security requirements. Compared to other algorithms, this provides stronger security.

SEA has been proven to be an efficient solution for software applications using microcontrollers, but its hardware performances have not be investigated. as a first step towards hardware performance analysis, this paper explores the features of a low cost FPGA encryption/decryption core for SEA. In addition to the performance evaluation, we show that the algorithm's scalability can be turned into a fully generic VHDL design[7],[8], so that any text, key and bus size can be straightforwardly re-implemented without any modification of the hardware description language, with standard synthesis and implementation tools.

In the rest of the paper, we first give a brief description of the algorithm specifications. Then we describe the details of our generic loop architecture and its implementation results.


A. Parameters and definitions

SEAn,b operates on various text, key and word sizes. It is based on a Feistel structure with a variable number of rounds, and is defined with respect to the following parameters:

n: plaintext size, key size

b: word size or bus size

nb=n/2b : number of words per feistel branch

nr: number of block cipher rounds

As only constraint, it is required that n is a multiple of 6b. For example, using an 8-bit processor, we can derive 48,96,144…-bit block cipher respectively denoted as SEA 48,8, SEA 96,8, SEA 144,8,….

B. Block Diagram

Fig1: Block diagram of SEA

Let x be a n/2 -bit vector. We consider two representations:

Bit representation: xb = x(n/2 − 1) . . .

x(2) x(1) x(0).

Word representation: xw = xnb−1 xnb−2 .

. . x2 x1 x0.

Fig2: Encrypt and Decrypt Round

C. Basic operations

Due to its simplicity constraints, SEAn,b is based on a limited number of elementary operations denoted as follows:

(1) Bitwise XOR ,

(2) Word Rotation R,

(3) Substitution box S,

(4). Bit Rotation r,

(5) Addition mod 2b ,

These operations are formally defined as follows:

Bitwise XOR ⊕: The bitwise XOR is defined on n/2-bit vectors:

⊕ : Z2n/2 Ã-Z2n/2→Z2n/2: x, y → z = x ⊕ y

⇔ z(i) = x(i) ⊕ y(i), 0 ≤ i ≤n/2 - 1

Word Rotation R: The word rotation is defined on nb-word vectors:

R : x → y = R(x) ⇔ yi+1 = xi, 0 ≤ i ≤ nb − 2,

y0 = xnb −1

Substitution Box S: SEAn,b uses the following 3-bit substitution table:

S : = {0, 5, 6, 7, 4, 3, 1, 2}

For efficiency purposes, it is applied bitwise to any set of three words of data using the following recursive definition:

S : S(x) ⇔x3i = (x3i+2 ∠x3i+1) ⊕ x3i,

x3i+1 = (x3i+2 ∠x3i) ⊕ x3i+1,

x3i+2 = (x3i ∨ x3i+1) ⊕ x3i+2, 0≤ i ≤ nb/3 − 1,

where ∠and ∨ respectively represent the bitwise AND and OR.

Bit Rotation r: The bit rotation is defined on nb-word vectors:

r : x → y = r(x) ⇔ y3i = x3i≫1,

y3i+1 = x3i+1,

y3i+2 = x3i+2 ≪1, 0 ≤ i ≤ nb/3 − 1,

where ≫and ≪represent the cyclic right and left shifts inside a word.

Addition mod 2b : The mod 2b addition is defined on nb-word vectors:

: x, y → z = x y ⇔ zi = xi yi,

0 ≤ i ≤ nb −1

D. The round and key round

Based on the previous definitions, the encrypt round FE, decrypt round FD and key round FK are pictured in Figure 1 and defined as:

Encrypt round:

[Li+1,Ri+1] = FE(Li,Ri,Ki) ƒ³

Ri+1=R(Li) r (S(Ri Ki))

Li+1 = Ri

Decrypt round:

[Li+1,Ri+1] = FD(Li,Ri,Ki) ƒ³

Ri+1=R−1(Li r(S(Ri Ki)))

Li+1 = Ri

Key round:

[KLi+1, KRi+1]=FK(KLi, KRi ,Ci) ƒ³

KRi+1=KLiR(r(S(KRi Ci)))

KLi+1 = KRi

D. The complete cipher

The cipher iterates an odd number nr of rounds. The following pseudo-C code encrypts a plaintext P under a key K and produces a cipher text C. P, C and K have a parametric bit size n. The operations within the cipher are performed considering parametric b-bit words.

C=SEAn, b (P, K)


% initialization:

L0 &R0=P;

KL0 &KR0=K;

%Key scheduling:

for i in 1 to [nr/2]

[KLi, KRi] = FK(KLi−1, KRi−1,C(i));

Switch KL [nr/2], KR [nr/2];

for i in [nr/2] to [nr -1]

[KLi, KRi] = FK(KLi−1, KRi−1,C(r − i));


for i in 1 to [nr/2]

[Li, Ri] = FE(Li−1, Ri−1, KRi−1);

for i in [nr/2] +1 to nr

[Li, Ri] = FE(Li−1, Ri−1, KLi−1);


C = Rnr&Lnr ;

Switch KLnr−1, KRnr−1;


Where & is the concatenation operator, KR[nr /2] is taken before the switch and C(i) is a nb-word vector of which all the words have value 0 excepted the LSW that equals i. Decryption is exactly the same, using the decrypt round FD.

Fig3: Loop Implementation of SEA


A. Description

The structure of loop architecture for SEA is depicted in figure 3, with the round function on the left part and the key schedule on the right part. Resource-consuming blocks are the Sboxes and the mod2b adder; the Word Rotate and Bit Rotate blocks are implemented by swapping wires. According to the specifications, the key schedule contains two multiplexors allowing to switch the right and left part of the round key at half the execution of the algorithm using the appropriate command signal Switch. The multiplexor controlled by Half Exec provides the round function with the right part of the round key for the first half of the execution and transmits its left part instead after the switch. To

support both encryption and decryption, we finally added two multiplexors controlled by the Encrypt signal. Supplementary area consumption will be caused by the two routing paths.

The algorithm can easily beneficiate of a modular implementation, taking as only mandatory parameters the size of the plaintexts and keys n and the word length b. The number

of rounds nr is an optional input that can be automatically derived from n and b according to the guidelines given in [1]. From the datapath description of Figure 3, a scalable design can then be straightforwardly obtained by using generic VHDL coding. A particular care only has to be devoted to an efficient use of the mod 2b adders in the key scheduling part.

In the round function, the mod 2b adders are realized by using nb b-bits adders working in parallel without carry propagation between them. However, in the key schedule, the signal Const_i (provided by the control part) can only take a value between 0 and nr/2. Therefore, it may not be necessary to use nb adders. If log2(nr /2 ) ≤ b, then a single adder is sufficient. If log2(nr /2 )> b, then [log2(nr /2 )/b] adders will be required.


A. Simulation Results

Key Generation

Fig4: Simulation result for Key Generation


Fig5: Simulation result for Encryption


Fig6: Simulation result for Decryption

B. Synthesis Results

Fig 7: RTL Schematic diagram of Encryption

Fig8: RTL Schematic diagram of Decryption

C. Synthesis Report


Fig9: Synthesis Report for encryption

Timing Summary for encryption

Speed Grade: -4 Min.period:6.892ns(Max.Freq:145MHz)

Min.input arrival time before clock: 8.5ns

Maximum output required time after clock:6.3ns

Maximum combinational path delay: No path found


Fig10: Synthesis Report for Decryption

Timing Summary for decryption

Speed Grade: -4

in.period:6.916ns (Max.Freq:144MHz)

Minimum input arrival time before clock: 6.304ns

Maximum output required time after clock: 6.483ns

Maximum combinational path delay: 2.847ns


This paper presented implementations of a scalable encryption algorithm using FPGA for various sets of parameters. The SEA has been designed, verified functionally in the VHDL simulator, synthesized by the Xilinx Project Navigator and Place and Route of the design is also done. The presented parametric architecture allows keeping the flexibility of the algorithm by taking advantage of generic VHDL coding. It executes one round per clock cycle, computes the round and the key round in parallel and supports both encryption and decryption at a minimal cost. Consequently, it can be considered as an interesting alternative for constrained environments. Scopes for further research include low power ASIC implementations purposed for RFIDs as well as further cryptanalysis efforts and security evaluations.


[1] F.-X. Standaert, G. Piret, N.Gershenfeld, and J.-J.Quisquater, "SEA:A Scalable Encryption Algorithm for Small Embedded Applications," in the Proceedings of CARDIS 2006, ser. LNCS, vol. 3928, Taragona,Spain, 2006, pp. 222-236.

[2] Data Encryption Standard, NIST Federal Information Processing Standard FIPS 46-1, Jan. 1998.

[3] Coppersmith, "The Data Encryption Standard (DES) and its strength against attacks," IBM Journal of Research and Development., vol. 38, no. 3, pp. 243-250,1994.

[4] J. Daemen, V. Rijmen, The Design of Rijndael. Springer-Verlag, 2001.

[5] Advanced Encryption Standard, NIST Federal Information ProcessingStandard FIPS 197, Nov. 2001.

[6] D. Wheeler and R. Needham, "TEA, a Tiny Encryption Algorithm," in the Proceedings of Fast Software Encryption - FSE 1994, ser. LNCS, vol. 1008, Leuven, Belgium, Dec. 1994, pp. 363-366.

[7]. Digital System Design Using VHDL - Charles H. Roth Jr., PWS Publications,1998

[8]. VHDL Primer, Third Edition, Prentice Hall Modern Semiconductor design Series- J.Bhasker