I. INTRODUCTIONII. block versus Stream ciphersIII. Analysis of papersA. Stream Ciphers1) Trivium2) Grain-1283) Mickey-1284) Phelix B. Block Ciphers1) RC62) IDEA3) 3DES4) ICEBERGIV. Results of implementationsA. Target Device B. Area Analysis1) Block CipherTable12) Stream CipherC. Throughput 1) Block Cipher2) Stream CipherD. Throughput to Area Ratio1) Block CipherTable52) Stream CipherV. ConclusionHI-2 1Comparisons of Hardware Implementations between Block and Stream Ciphers Chethan Ananth, Marcello Brito, ECE Department, George Mason University Abstract— FPGA implementations of different Stream Ciphers and Block Ciphers are compared in this paper in terms of Speed, Area and Throughput. Different papers that report results of FPGA implementations of various Stream and Block Ciphers have been analyzed to report the findings. Index Terms – Block Ciphers, FPGA, Hardware, Stream Ciphers I. INTRODUCTION Hardware implementation efficiency is one of the primary requirements for every cipher. FPGAs have proven to be very effective and efficient devices to implement encryption algorithms. They perform at much faster data-rates and provide better data-security than equivalent software implementations. In this paper, we compare FPGA implementations of Block Ciphers – RC6, IDEA, 3DES, ICEBERG and Stream Ciphers – Trivium, Grain-128, Mickey-128, Phelix. The comparison is based on the Speed, Area and Throughput obtained from these FPGA implementations. The characteristics of the chosen Block ciphers even though not similar, help in providing a good understanding of the performance of Block Ciphers. Similar is the case with Stream Ciphers. The ciphers were chosen arbitrarily from performance results detailed in papers published in the past. II. BLOCK VERSUS STREAM CIPHERS A block cipher is a symmetric key cipher which operates on fixed-length groups of bits or blocks with an unvarying transformation. When encrypting, a block-cipher might take a k-bit block of plaintext as input, and output a corresponding k-bit block of ciphertext. The exact transformation is controlled using a secret key as the second input. Decryption is similar: the decryption algorithm takes a k-bit block of cipher text together with the secret key, and yields the original k-bit block of plaintext. A stream cipher is a symmetric cipher where plaintext bits are combined with a pseudorandom cipher bit stream or a keystream, typically by an exclusive-xor operation. In a stream cipher the plaintext digits are encrypted one at a time, and the transformation of successive digits varies during encryption. Figure1 shows a top-level diagram of a typical Stream Cipher. . Figure1: Stream Cipher Stream ciphers represent a different approach to symmetric encryption from block ciphers. Block ciphers operate on large blocks of digits with a fixed, unvarying transformation. An important aspect to know about block ciphers is that they act effectively as stream ciphers on certain modes of operation. Both cryptosystems can be implemented to suit a particular need of the designer. Comparing the tradeoffs between these two cryptosystems in terms of performance will provide helpful insight to a particular designer. III. ANALYSIS OF PAPERS A few Technical Papers published in recent times were referred to analyze and decide the ciphers that were chosen to compare in this paper. The papers were mostly IEEE publications that reported details of the hardware implementations of different block and stream ciphers. The details that were used from the papers analyzed are with respect to Area, Latency and Throughput. The devices used to implement each of the ciphers were also used to do the comparisons. Some papers that reported comparisons made between the hardware implementations of a different set of ciphers were also referred. A top-level design overview will be discussed briefly to provide the reader with a basic understanding of the hardware architecture of each cipher. In some cases the type ofHI-2 2architecture chosen for the design will reflect on the performance of the cipher. A. Stream Ciphers 1) Trivium Trivium is a synchronous stream cipher designed to provide a flexible trade-off between speed and gate count. Trivium supports an 80-bit secret key and an 80-bit IV. It generates up to 264 bits of keystream. Trivium’s 288-bit internal state may be seen as a concatenation of three shift registers of different lengths. The state is updated using an iterative process which extracts the values of 15 specific state bits and uses them to both update 3 bits of the state and compute 1 bit of keystream. The state is then updated and the process is repeated until the requested N ≤ 264 bits of keystream have been generated. To initialize the cipher, the key and IV are written into two of the shift registers and the remaining bits are set to a fixed pattern of zeros and ones. The state is then updated over 4 full cycles (meaning 4 × 288 updates), in the same way as explained above, but without generating keystream bits. This initial step guarantees that every bit of the internal state depends on every bit of the key and of the IV in a complex nonlinear way. 2) Grain-128 Grain is a synchronous stream cipher targeted for hardware environments where gate count, power consumption and memory are limited. It supports a key size of 128 bits and IV size of 96 bits. Grain’s 256-bit internal state consists of a 128-bit linear feedback shift register (LFSR) and a 128-bit non-linear feedback shift register (NFSR). The state is updated thanks to a nonlinear filter function that takes two inputs from the NFSR and seven from the LFSR. The NFSR is updated with a nonlinear 19-to-1 boolean function and a 1-bit linear input selected from the LFSR. The LFSR is updated with a 6-to-1 linear function. Before keystream is generated, the cipher must be initialized as follows: the 128- bit key is loaded into the 128-bit NFSR, the 96-bit IV is loaded into the low 96-bits of the LFSR and the remaining 32 high bits of the LFSR are filled with ones. The cipher is then clocked 256 times without producing any keystream. Instead, the output function is fed back and XORed with the input, both to the NFSR and LFSR update functions. 3) Mickey-128 Just like Grain-128 and Trivium, MICKEY-128 2.0 is based on shift registers. The content of the two 160-bit registers defines the state of the cipher. It uses a fixed length 128-bit key and a variable
View Full Document
Unlocking...