ECE 448: Lab 2
Implementing Sequential
Logic in VHDL
ECE 448 – FPGA and ASIC Design with VHDL
George Mason University
Agenda for today
Part 1: Introduction to Experiment 2:
Stream Cipher Trivium
Part 2: Example: Programmable LFSR-based
Pseudorandom Number Generator
Part 3: Hands-on Session:
Simulation using ModelSim
Part 1
Introduction to Experiment 2
Stream Cipher Trivium
Secret-Key Ciphers
key of Alice and Bob - KAB
key of Alice and Bob - KAB
Network
Encryption
Alice
Decryption
Bob
Cipher
Message / Ciphertext
m bits
Cryptographic
Key
Encrypt/Decrypt
k bits
1 bit
m bits
Ciphertext / Message
Block vs. stream ciphers
M1, M2, …, Mn
m1, m2, …, mn
memory
K
Block
cipher
K
Stream
cipher
C1, C2, …, Cn
c1, c2, …, cn
Ci=fK(Mi)
ci = fK(mi, mi-1, …, m2, m1)
Every block of ciphertext
is a function of only one
corresponding block of plaintext
Every block of ciphertext
is a function of the current and
all proceeding blocks of plaintext
Typical stream cipher
Sender
Key - K
Receiver
Initialization
Vector - IV
Key - K
Pseudorandom
Key
Generator
ki
mi
plaintext
Initialization
Vector - IV
Pseudorandom
Key
Generator
keystream
ki
keystream
ci
ci
mi
ciphertext
ciphertext
plaintext
Example
ci = mi  ki
message
keystream
ciphertext
mi
ki
ci
01110110101001010110101
11011101110110101110110
10101011011111111000011
ci
ki
mi
10101011011111111000011
11011101110110101110110
01110110101001010110101
mi = ci  ki
ciphertext
keystream
message
Common Building Blocks of
Pseudorandom Key Generators
• Linear Feedback Shift Register (LFSR)
• Non-linear Feedback Shift Register (NFSR)
LFSR = Linear Feedback Shift Register
Example of a simple 5-stage LFSR
si
si+1
Notation:
si+2
si+3
si+4
si+5
si+5 = si + si+1 + si+3
+ is used to denote XOR
1 register stage = D flip-flop
NFSR = Non-Linear Feedback Shift Register
Example of a simple 5-stage NFSR
bi
bi+1
bi+2
bi+3
bi+4
bi+5 = bibi+1 + bi+3
+ is used to denote XOR
bmbn is used to denote bm AND bn
bi+5
eSTREAM - Contest for a new
stream cipher standard, 2004-2008
PROFILE 1
• Stream cipher suitable for
software implementations optimized for high speed
• Minimum key size - 128 bits
• Initialization vector – 64 bits or 128 bits
PROFILE 2
• Stream cipher suitable for
hardware implementations with limited memory,
number of gates, or power supply
• Minimum key size - 80 bits
• Initialization vector – 32 bits or 64 bits
Trivium Stream Cipher
One of the 3 winners of the contest
 80 Bit Key and IV
 Hardware Oriented
 Very simple (“trivial”) internal structure
 Parallelizable up to 64 bits/clock cycle

Trivium – Internal Structure
s69
s286s287
Shift Register
u3
t3
AND
t1
t2
u1
u2
s264
XOR
s91s92
s171
s175s176
Pseudocode of the Keystream Generation
for i = 1 to N do
t1 ← s66 + s93
t2 ← s162 + s177
t3 ← s243 + s288
zi ← t1 + t2 + t3
u1 ← t1 + s91 · s92 + s171
u2 ← t2 + s175 · s176 + s264
u3 ← t3 + s286 · s287 + s69
(s1, s2, ... , s93) ← (u3, s1, ... , s92)
(s94, s95, ... , s177) ← (u1, s94 , ... , s176)
(s178, s279 , ... , s288) ← (u2, s178 , ... , s287)
end for
Initialization
•
Key is placed in registers s1-s80
•
IV is placed in registers s94-174
•
Remaining bits are 0 except for 286-288
which are 1
•
Run for 4 complete cycles discarding
keystream
Pseudocode of the Initialization
Requested Interface & Control Unit
Extra Credit
Parallelized Architecture of Trivium
Parallelization of Trivium
Goal:
•
Encrypt two (or more) bits of a message per clock
cycle
•
Requires generating two (or more) bits of the
corresponding keystream per clock cycle
Approach:
•
Duplicate logic in feedback loops
(XOR and AND gates)
•
Shift by two (or more) positions per clock cycle
Pseudocode of the Keystream Generation
in a parallelized version of Trivium
A 2-bit output per clock cycle
for i
t1 <t2 <t3 <-
= 1 to
s66 +
s162 +
s243 +
N/2 do
s93
s177
s288
t1_1 <- s65 + s92
t2_1 <- s161 + s176
t3_1 <- s242 + s287
zi <- (t1
u1 <- t1
u2 <- t1
u3 <- t1
+ t2
+ t3) || (t1_1
+ t2_1
+ t3_1)
+ s91 + s92 + s171
+ s175 + s176 + s264
+ s286 + s287 + s69
u1_1 <- t1_1
u2_1 <- t2_1
u3_1 <- t3_1
+ s90 + s91 + s170
+ s174 + s175 + s263
+ s285 + s286 + s68
(s1,s2,...,s93)
(s94,s95,...,s177)
(s178,s279,...,s288)
end for
<- (u3_1,u3,s1,...,s91)
<- (u1_1,u1,s94,...,s175)
<- (u2_1,u2,s178,...,s286)
Part 2
Example:
Programmable LFSR-based
Pseudorandom
Number Generator
LFSR with the Programmable
Feedback Logic
cL-1
cL-2
c1
c0
sin
Current_state
See source codes available on the lab web page
Part 3
Hands-on Session
on Simulation using ModelSim