ISSN (Prnt) : 2320 3765 ISSN (Onlne): 2278 8875 Internatonal Journal of Advanced Research n Electrcal, Electroncs and Instrumentaton Engneerng An ISO 3297: 2007 Certfed Organzaton Vol. 3, Specal Issue 3, Aprl 2014 Internatonal Conference on Sgnal Processng, Embedded System and Communcaton Technologes and ther applcatons for Sustanable and Renewable Energy (ICSECSRE 14) Organzed by Department of ECE, Aarupada Veedu Insttute of Technology, Vnayaka Mssons Unversty, Payanoor-603 104, Taml Nadu, Inda FPGA Implementaton of Cellular Automata Based Stream Cpher: YUGAM-128 K. J. Jegadsh Kumar 1,S.Sudharsan 2, V.Karthck 3 1 Assstant Professor, SSN College of Engneerng, Chenna, Inda 2,3 PG Scholar, Dept. of ECE, SSN College of Engneerng, Chenna, Inda Abstract Ubqutous computng s fetchng a sgnfcant part n everyone's lfe. Few such eamples are the moble communcaton, personal computaton and portable hand held devces. The growth n ultra-low power technology enabled the new development of small autonomous moble devces. For the wreless communcaton systems wth these portable moble devces, securty s a crtcal factor due to ther mpact on prvacy.. Tradtonal cryptographc algorthms are much comple and power consumng thereby unft for ths resource constraned applcatons. In ths paper, a novel stream cpher called YUGAM-128 s desgned usng one dmensonal cellular automata (CA) rule 30 and lnear feedback shft regster (LFSR). The prme aspect of the stream cpher s to generate random 128 bt keystream. The proposed stream cpher s mplemented and syntheszed n Spartan-3 FPGA devce usng Xln 13.2. Keywords Cellular Automata; Random number generator; LFSR; Stream Cpher I. INTRODUCTION PSEUDORANDOM number generaton by cellular automata (CA) has been an actve feld of research n the last decade [1], One of the underlyng motvatons stemmng from the advantage offered by the CAs when consdered from VLSI vewpont: CAs are smple, regular, locally nterconnected, and modular. These characterstc make them easy easer to mplement n hardware than other models, thus makng CAs as an attractve choce for on board applcatons. CA has been tradtonally been used to mplement RNGs n cryptographc devces [2] and n Bult In Self-Test (BIST) crcuts [3]. Random number generators play an mport rule n several computatonal felds such as stochastc optmzaton methods. Wth the advent of massvely parallel scentfc computaton, the parallel generaton of pseudorandom numbers has become essental. Wth the advent massvely parallel scentfc computaton, parallel generaton of pseudorandom number has become essental. The above domans depend crtcally on the qualty of the random numbers as measured by approprate statstcal tests. Moreover, when very long sequences of random numbers are needed, computatonal effcency s often of prme mport,.e., The sequence must be produced as rapdly as possble. CAs provde a good soluton to ths problem, able to produce rapd hghqualty Random-number streams. One-dmensonal CA random number generators have been etensvely studed n the past [1], [3], [4], [5]. These studes have shown convncngly the sutablty of CA-generated pseudorandom numbers and ther superorty wth respect to other wdely used methods, such as lnear feedback shft regsters (LFSRs), especally n the case of delay type faults whch requre pars of patterns n a specfed order [6]. In these works, CA RNGs were essentally handcrafted by studyng the structure of the bt patterns generated over tme, wth theoretcal results servng as a baselne offerng gudance. The mass use of hand-held devces/pda has popularzed the use of stream cphers. Stream cphers are much less power consumng, requres small space for ther operatons and are faster n operaton than other cryptographc algorthms. Generally, n stream cphers a secret key and a publc IV are nput. Key stream bts are generated by the cpher per cycle of operaton. The plan-tet s XORed on the encrypton sde wth the generated key stream to produce the cpher-tet. Decrypton s carred out by smply XORng the cphertet wth the key stream. Copyrght to IJAREEIE www.jareee.com 313 II. CELLULAR AUTOMATA THEORY A cellular automaton (CA) s dynamcal systems n whch space and tme are dscrete. A cellular automaton conssts of an array of cells, each of whch can be n one of a fnte number of possble states, updated
ISSN (Prnt) : 2320 3765 ISSN (Onlne): 2278 8875 Internatonal Journal of Advanced Research n Electrcal, Electroncs and Instrumentaton Engneerng An ISO 3297: 2007 Certfed Organzaton Vol. 3, Specal Issue 3, Aprl 2014 Internatonal Conference on Sgnal Processng, Embedded System and Communcaton Technologes and ther applcatons for Sustanable and Renewable Energy (ICSECSRE 14) Organzed by Department of ECE, Aarupada Veedu Insttute of Technology, Vnayaka Mssons Unversty, synchronously n dscrete tme steps, accordng to a local, dentcal nteracton rule. Here, we wll only consder Boolean automata n whch the cellular state, s, 2 f0; 1g. The state of a cell at the net tme step s determned by the current states of a surroundng neghbourhood of cells. The cellular array (grd) s d- dmensonal, where d. 1; 2; 3 s used n practce; n ths paper, we shall concentrate on d. 2,.e., On twodmensonal grds. The dentcal rule contaned n each cell s essentally a fnte state machne, usually specfed n the form of a rule table (also known as the transton functon), wth an entry for every possble neghbourhood confguraton of states. The cellular neghbourhood of a cell conssts of tself and of the surroundng (adjacent) cells. For one-dmensonal CAs, a cell s connected to r local neghbours (cells) on ether sde, where r s referred to as the radus (thus, each cell has 2r. 1 neghbours). For two-dmensonal CAs, two types of cellular neghbourhoods are usually consdered: fve cells, consstng of the cell along wth ts four mmedate non dagonal neghbours (also known as the von Neumann neghbourhood) and nne cells, consstng of the cell along wth ts eght surroundng neghbours (also known as the Moore neghbourhood). In ths work, we only consder 5-neghbor grds, thus lmtng the already large search-space sze; moreover, results est only for ths neghbourhood type, whch s also more amenable to hardware mplementaton. When consderng a fnte-sze grd, cyclc boundary condtons are frequently appled, resultng n a crcular grd for the one-dmensonal case and n a torodal one for the two-dmensonal case. Fed, or null, boundary condtons can also be used, n whch the grd s surrounded by an outer layer of cells n a fed state of zero. Ths case of confguraton s usually easer to mplement n hardware. Payanoor-603 104, Taml Nadu, Inda III. STREAM CIPHER A stream cpher has a varable message nput length, and t can be vewed as a small but changng secret substtuton table that transforms plantet bts at dfferent postons wth dfferent substtuton tables (the XOR operaton between plantet and key stream can be vewed as one-bt substtuton determned by a key stream bt). A stream cpher conssts of a state update functon and an output functon. The state of a stream cpher s updated contnuously durng encrypton so that bts at dfferent postons n a message are encrypted wth dfferent states. The output functon generates key stream bts from the state and performs encrypton or decrypton. If the ntal state of a stream cpher s not the same as the key, key setup s requred to generate the ntal state from the key. A key s used wth dfferent ntalzaton vectors (IVs) s to generate key streams. The key/iv setup (resynchronzaton) s requred to generate the ntal state from the key and IV. The crtera for good stream cpher are, long perod wth no repettons statstcally random, Large lnear complety (based on the sze of equvalent LFSR), Correlaton mmunty (have the tradeoff wth lnear complety), Confuson (output bts depend on all key bts) Dffuson and Use of hghly non-lnear Boolean functons. Fg. 2 Block dagram of stream cpher Fg. 1 1D Cellular Automata IV. DESIGN APPROACH A. CA Rule Based Functon Rule 30 s a one-dmensonal bnary cellular automaton rule ntroduced by Stephen Wolfram n 1983. Wolfram descrbes t as beng hs "all-tme favourte rule" and detals t n hs book, A New Knd of Scence. Usng Wolfram's classfcaton scheme, Rule 30 s a Class III rule, dsplayng a perodc, chaotc behavour. Ths rule s of partcular nterest because t produces comple, seemngly random patterns from smple, welldefned rules and offers reversble property. Because of ths, Wolfram beleves that Rule 30, and cellular automata n general, are the key to understandng how smple rules produce comple structures and behavour n nature. Rule 30 has also been used as a random Copyrght to IJAREEIE www.jareee.com 314
ISSN (Prnt) : 2320 3765 ISSN (Onlne): 2278 8875 Internatonal Journal of Advanced Research n Electrcal, Electroncs and Instrumentaton Engneerng An ISO 3297: 2007 Certfed Organzaton Vol. 3, Specal Issue 3, Aprl 2014 Internatonal Conference on Sgnal Processng, Embedded System and Communcaton Technologes and ther applcatons for Sustanable and Renewable Energy (ICSECSRE 14) Organzed by Department of ECE, Aarupada Veedu Insttute of Technology, Vnayaka Mssons Unversty, number generator n Wolfram's program mathematcal and has also been proposed as a possble stream cpher for use n cryptography. In all of Wolfram's elementary cellular automata, an nfnte one-dmensonal array of cellular automaton cells wth only two states s consdered, wth each cell n some ntal state. At dscrete tme ntervals, every cell spontaneously changes state based on ts current state and the state of ts two neghbors. For Rule 30, the rule set whch governs the net state of the automaton s gven n table I (6) TABLE I. Rule 30 Neghborhood State The followng pattern emerges from an ntal state n a sngle cell wth state 1 (shown as black) s surrounded by cells wth state 0 (whte). Tme ncreases down the vertcal as. The evaluated functon for CA rule 30 s f () Payanoor-603 104, Taml Nadu, Inda For Rule 45, the rule set whch governs the net state of the automaton s evaluated as the functon, f() For Rule 57, the rule set whch governs the net state of the automaton s evaluated as the functon, f () An LFSR conssts of clocked storage elements (flpflops) and a feedback path. The number of storage elements gves us the sad to be of degree m. The feedback network computes the nput for the last flpflop as XOR-sum of certan flp-flops n the shft regster Smple LFSR We consder an LFSR of degree m = 3 wth flp-flops FF2, FF1, FF0, and a feedback path as shown n Fg. 3. The nternal state bts are denoted by s and are shfted by one to the rght wth each clock tck. The rghtmost state bt s also the current output bt. The leftmost state bt s computed n the feedback path, whch s the XOR sum of some of the flp-flop values n the prevous clock perod. Snce the XOR s a lnear operaton, such crcuts are called lnear feedback shft regsters. If we assume an ntal state of (s 2 = 1, s 1 = 0, s 0 = 0), Table 2.2 gves the complete sequence of states of the LFSR. Note that the rghtmost column s the output of the LFSR. One can see from ths eample that the LFSR There s a smple formula whch determnes the functonng of ths LFSR. Let s look at how the output bts s are computed, assumng the ntal state bts s 0, s 1, s 2 : s 3 s 1 +s 0 mod 2 s 4 s 2 +s 1 mod 2 s 5 s 3 +s 2 mod 2 In general, the output bt s computed as s +3 s +1 +s mod2 Where = 0,1,2,... B. Mathematcal Descrpton of LFSRs The general form of an LFSR of degree m s shown n Fg. 2.4. It shows m flp-flops and m possble feedback locatons, all combned by the XOR operaton. Whether a feedback path s actve or not, s defned by the feedback coeffcent p 0, p 1,..., p m 1 : Copyrght to IJAREEIE www.jareee.com 315 If p = 1 (closed swtch), the feedback s actve. If p = 0 (open swtch), the correspondng flpflop output s not used for the feedback. Wth ths notaton, we obtan an elegant mathematcal descrpton for the feedback path. The mamum sequence length generated by an LFSR of degree m s 2m 1. If we multply the output of flp-flop I by ts coeffcent p, the result s ether the output value f p = 1, whch corresponds to a closed swtch, or the value zero f p =0, whch corresponds to an open swtch. The values of the feedback coeffcents are crucal for the output sequence produced by the LFSR. Fg.3 Block dagram of LFSR wth tappng
ISSN (Prnt) : 2320 3765 ISSN (Onlne): 2278 8875 Internatonal Journal of Advanced Research n Electrcal, Electroncs and Instrumentaton Engneerng An ISO 3297: 2007 Certfed Organzaton Vol. 3, Specal Issue 3, Aprl 2014 Internatonal Conference on Sgnal Processng, Embedded System and Communcaton Technologes and ther applcatons for Sustanable and Renewable Energy (ICSECSRE 14) Organzed by Department of ECE, Aarupada Veedu Insttute of Technology, Vnayaka Mssons Unversty, Let s assume the LFSR s ntally loaded wth the values s 0,..., s m 1. The net output bt of the LFSR s m, whch s also the nput to the leftmost flp-flop, can be computed by the XOR-sum of the products of flp-flop outputs and correspondng feedback coeffcent: s m s m 1 p m 1 + +s 1 p 1 +s 0 p 0 mod 2 The net LFSR output can be computed as: s m+1 s m p m 1 + +s 2 p 1 +s 1 p 0 mod 2 In general, the output sequence can be descrbed as m 1 s +m p j.s j-1 mod2 j 0 Clearly, the output values are gven through a combnaton of some prevous output values. LFSRs are sometmes referred to as umber of recurrng states, the output sequence of an LFSR repeats perodcally. Moreover, an LFSR can produce output sequences of dfferent lengths, dependng on the feedback coeffcents. The followng theorem gves us the mamum length of an LFSR as a functon of ts degree. It s easy to show that ths theorem holds. The state of an LFSR s unquely determned by the mnterm regster bts. Gven a certan state, the LFSR determnstcally assumes ts net state. Because of ths, as soon as an LFSR assumes a prevous state, t starts to repeat. Snce an m-bt state vector can only assume 2 m 1 nonzero states, the mamum sequence length before repetton s 2 m 1. Note that all zero state must be ecluded. If an LFSR assumes ths state, t wll get stuck n t,.e., It wll never be able to leave t agan. Note that only certan confguratons (p 0,..., p m 1 ) yeld mamum length LFSRs. We gve a small eample for ths below. V. PROPOSED STREAM CIPHER ARCHITECTURE Payanoor-603 104, Taml Nadu, Inda VI. Fg. 4 Archtecture of proposed stream cpher HARDWARE IMPLEMENTATION AND SYNTHESIS RESULTS The proposed stream cpher s mplemented n SPARTAN-3 c3vs50-5 pq208 devce usng Xln 13.2. The hardware mplementaton of the algorthm s very smple as the operator used n the desgn of stream cpher s flp-flops based hardware crcuts. The nonlnearty of the algorthm s decded by the rule 30 CA based pseudo random number generator. The results of the Xln Spartan 3 FPGA mplementatons are shown n Table II. TABLE II. RESULTS OF THE XILINX SPARTAN 3 FPGA IMPLEMENTATION Stream Cpher Mamum Clock Frequency (MHz) Mamum Throughput (Mbps) Area (Slc es) Throughput/ Area (Mbps/Slce) YUGAM-128 343 6255 320 19.55 DECIM v2 185 46.25 80 0.58 DECIM 128 174 43.5 89 0.49 Edon 80 130 130 1284 0.10 F-FCSR-H v2 138 1104 342 3.23 F-FCSR-16 134 2144 473 4.53 Gran v1 196 196 44 4.45 Gran v1(x16) 130 2080 348 5.98 Gran128(X32) 133 4256 534 7.97 Mckey 128 2.0 223 223 176 1.27 Moustque 225 225 278 0.81 Pomaranch 49 49 648 0.08 The fgure represents the smple the smplest The Xln statc tmng analyss tool s used to archtecture of the proposed steam cpher usng cellular determne the mamum clock frequency. Bref automata. In ths archtecture, the ntal key 128 bt s overvews of each cpher mplementaton are gven n transformed nto undentfable form by the cellular the followng. The ECIM cphers produced low area automata (CA) rule. The 128 bt n ntalzaton s mplementatons due to the smple LFSR structure; appled to the lnear feedback shft regster (LFSR) and however, the through-put was low due to the decmaton then ts output s ored wth CA rule based update key to factor of four. Edon80 was the largest desgn of the generate a key stream per clock cycle. mplemented cphers. The F-FCSR famly of cphers were farly large (342 slces and 473 slces) compared to the smallest cphers, but due to the hgh data rad (8 bts/cycle and 16 bts/cycle), the throughput and Copyrght to IJAREEIE www.jareee.com 316
ISSN (Prnt) : 2320 3765 ISSN (Onlne): 2278 8875 Internatonal Journal of Advanced Research n Electrcal, Electroncs and Instrumentaton Engneerng An ISO 3297: 2007 Certfed Organzaton Vol. 3, Specal Issue 3, Aprl 2014 Internatonal Conference on Sgnal Processng, Embedded System and Communcaton Technologes and ther applcatons for Sustanable and Renewable Energy (ICSECSRE 14) Organzed by Department of ECE, Aarupada Veedu Insttute of Technology, Vnayaka Mssons Unversty, through-put/area was relatvely hgh. Gran ranks top n terms of small area and good throughput/area rato[19]. It was the smallest cpher and the parallelzed versons of Gran produced hgher throughput/area ratos. Mckey had a medum sze area but a good throughput/area rato; the man dsadvantage Mckey had n Xln FPGAs were that the S and R regsters could not be nferred nto Xln prmtve shft regster blocks; thus Mckey n an ASIC mplementaton may yeld better results when compared to the other small cphers. The same could be sad wth the F-FCSR famly of cphers. Moustque was of medum-to-large area wth a less than one rato of throughput/area from our desgn. Moustque was the only self-synchronzng cpher so ths should be mentoned n the comparson. Pomaranch was the slowest desgn and yelded a hgh area. An mplementaton usng a lookup table of the S-Bo was faster (68 MHz) but also larger (1155 slces)[19]. VII. CONCLUSION Multmeda nformaton transmsson lke hgh qualty vdeos and color stll mages requres hgh speed processor for fast processng and transmsson over the communcaton channels. As a result, desgnng a hgh speed processng securty algorthm has become a challengng ssue for the portable computng applcatons. As a challenge, the proposed YUGAM-128 stream cpher s desgned n a smple manner wth mere shft regsters, whose basc element s flp-flops, XOR and CA functons. Ths promses effcent mplementaton n reconfgurable FPGA wth hgh throughput owng to parallelsm nature. Hence, the algorthm suts well for the portable computng devces that are facltated wth GHz processors. REFERENCES [1] P.P. Chaudhur, D.R. Chowdhury, S. Nand, and S. Chattopadhyay, Addtve Cellular Automata: Theory and Applcatons, vol. 1. Los Alamtos, Calf.: IEEE CS Press, 1997. [2] S. Nand, B.K. Kar, and P.P. Chaudhur, Theory and Applcaton of Cellular Automata n Cryptography, IEEE Trans. Computers, vol. 43, pp. 1,346-1,357, 1994. [3] Bouganm.L and Guo.Y, Database encrypton, n Encyclopeda of Cryptography and Securty. Sprnger, 2010, 2nd Edton. Payanoor-603 104, Taml Nadu, Inda [4] Carlet.C, Dala.D.K, Gupta.K.C and Matra.S, Algebrac Immunty for Cryptographcally Sgnfcant Boolean Functons: Analyss and Constracton, IEEE Trans. Inf. Theory, vol. 52, no. 7, pp. 3105-3121, 2006. [5] Coppersnth D, Halev S, Lutla C.S. Cryptanalyss of stream cpher wth lnear maskng. In Yung M, eds. Advances n Cryptology-Crypto 2002. LNCS 2442, Berln: Sprnger-Verlag, 2002. 515-532. [6] Douglas A. Pucknell and Kamran Eshraghan, Basc VLSI desgn, 3rd Edton, Prentce Hall of Inda, 2004. pp. 118-274. [7] Ekdahl On LFSR Based Stream Cphers (Analyss and Desgn), Ph.D. Thess, Lund Unv. (November 2003). [8] Gammel B.M, Gottfert.R and Knffler.O, An NLFSR-based stream cpher, n ISCAS, 2006. [9] Good.T, and Benassa.M, ASIC hardware performance, New Stream Cpher Desgns: The estream Fnalsts, LNCS 4986, pp. 267 293, 2008. [10] Grocholewska-Czurylo, Random generaton of Boolean Functon wth hgh degree of correlaton mmunty, Journal of Telecommuncaton and Informaton Technology, pp. 14-18, 2006. [11] Ju Young KIM and Hong Yeop SONG A Nonlnear Boolean Functon Wth Good Algebrac Immunty IEEE Proceedng Of IWSDA 07, 2007, pp. 94-98. [12] Ktsos, Sklavos.N, Papadomanolaks.K and Koufopavlou.K, Hardware Implementaton of Bluetooth Securty, IEEE Pervasve Computng, vol. 2, no.1, pp. 21-29, January-March 2003. [13] Mamov, Some Words on Cryptanalyss of Stream Cphers, Ph.D. dssertaton, Lund Unv., Lund, Sweden, 2006. [14] Menezes.A, van Oorschot.P, and S. Vanstone, "Handbook of Appled Cryptography", CRC Press, 1996. pp. 482-504. [15] Pars Ktsos, OntheHardwareImplementatonofthe MICKEY- 128 Stream Cpher, estream, ECRYPTStreamCpher Project, Report 2006/059, 2006. [16] Rukhn, Soto, Nechvatal, Smd, Barker, Legh, Levenson, Vangel, Banks, Heckert, Dray, VO, A Statstcal Test Sute for Random and Pseudorandom Number Generators for Cryptographc Applcatons. NIST Specal Publcaton 800-22, May 15, 2001, 1 153. [17] Rzomlots.P, On the Resstance of Boolean Functons Aganst Algebrac Attacks Usng Unvarate Polynomal Representaton, IEEE Trans. Inf. Theory, vol.56, no. 8, pp. 4014-4024, 2010. [18] Rose.G.G and Hawkes.G Turng A Fast Stream Cpher In Fast Software Encrypton FSE 2003, pages 290-306. Sprnger- Verlag, 2003. [19] Hwang, Davd, Mark Chaney, Shash Karanam, Nck Ton, and Krs Gaj. "Comparson of FPGA-targeted hardware mplementatons of estream stream cpher canddates." The State of the Art of Stream Cphers (2008): 151-162. Copyrght to IJAREEIE www.jareee.com 317