Abstract

In todays world most of the

communication is done using
electronic media. Data Security plays a
vital role in such communication.
Hence, there is a need to protect data
from malicious attacks. Cryptography
is the science of secret codes, enabling
the confidentiality of communication
through an insecure channel. It protects
against unauthoried parties by
preventing unauthoried alteration of
use. !enerally speaking, it uses a
cryptographic system to transform a
plainte"t into a cipher te"t, using most
of the time a key.
#dvanced $ncryption Standard
%#$S&, also known as 'i(ndael, is an
encryption standard used for securing
information. #$S was published by
)IS* %)ational Institute of Standards
and *echnology&. #$S is a block
cipher algorithm that has been
analyed e"tensively and is now used
widely. #$S is a symmetric block
cipher that is intended to replace D$S
as the approved standard for a wide
range of applications. *he block cipher
'i(nddael was designed by Dr. +oan
Daemen and Dr. ,incent 'i(men and
the name of the algorithm is a
combination of the names of its two
creators. 'i(ndael is very secure and
has no known weakness. 'i(ndael is
conventional %symmetric key& system
and is relatively simple cipher in many
respects. It takes an input block of a
certain sie, usually -./, and produces
a corresponding output block of the
same sie. *he transformation re0uires
a second input, which is the secret key.
It is important to know that the secret
key.
In this work, both encryption
and decryption will be carried out with
the key length of -./ bits, that is, both
#$S encrypter and the #$S decrypter
were integrated. Hence the input block
and secret key will be provided for
encryption and the cipher block and
same secret key will be provided to the
decryption to get the proper block as
output. #ll the transformations of both
$ncryption and Decryption will be
developed using ,HD1 language and
will be verified with the help of its
simulation result.
*he #$S $ncryption and
Decryption is synthesied on 23!#
family of ,irte"4. using 5ilin" IS$
tool and hence the design operates at a
ma"imum clock fre0uency of -/.678
9H with a minimum period of
:..7-;ns.

CHAPTER 1 CHAPTER 1

INTRODUCTION
1.1 INTRODUCTION
Data that can be read and
understood without any special
measures is called plaintext or
cleartext. *he method of disguising
plainte"t in such a way as to hide its
substance is called encryption.
$ncrypting plainte"t results in
unreadable gibberish called ciphertext.
<ou use encryption to ensure that
information is hidden from anyone for
whom it is not intended, even those
who can see the encrypted data. *he
process of reverting cipherte"t to its
original plainte"t is called decryption.
2igure -.- illustrates this process.
Figure 1.1 Encryption and decryption
1.1.1 WHAT IS CRYPTOGRAPHY
*o enhance the security of the
data, code language for writing
messages were used. *he branch of
mathematics that investigates the code
languages and methods is called
cryptology. Cryptology consists of two
streams namely cryptography and
cryptanalysis. Cryptography is a
science of coding message secretly
while cryptanalysis is a science of
breaking codes.
CRYPTOLOGY

CRYPTOGRAP
HY
CRYPTANALYSIS
=ur pro(ect is concerned with
cryptography. Cryptography is a
science of using mathematics to
encrypt and decrypt data.
Cryptography enables to store sensitive
information or transmit it across
insecure networks so that it cannot be
read by any one e"cept the intended
recipient.
Cryptography or Cryptology is
derived from !reek kryptos >hidden?
and the verb grafo >write? or legein >to
speak? is the practice and study of
hiding information. In modern times,
Cryptology is considered to be a
branch of both mathematics and
computer science, and is afflicted
closely with information theory,
computer security and engineering.
Cryptography is used in applications
present in technology advanced in
societies@ e"amples include the
security of the #*9 cards, computer
pass words and electronic commerce
which all depend upon Cryptography.
Cryptography embraces both
cryptography and cryptanalysis. Ahile
cryptography is science of securing
data, cryptanalysis is a science of
analying and breaking secure
communication. Classical involves and
interesting combination of analytical
reasoning, application of mathematical
tools, pattern finding, determination,
and luck. Cryptanalysts are also
attackers.
*here are two kinds of
cryptography in this worldB
cryptography that will stop ma(or
governments from reading our files.
3!3 is also about the latter sort of
cryptography. Cryptography can be
strong or weak, as e"plained above.
Cryptography strength is
measured in the time and the resources
it would re0uire to recover plain te"t.
*he result of the strong Cryptography
is cipher te"t that is very difficult to
decipher without possession of the
appropriate decoding tool. How
difficultC !iven all todays computing
power and available time4 even a
billion computers doing a billion
checks a second D it is not possible to
decipher the result of strong
cryptography before the end of the
universe.
=ne would think, then, that
strong Cryptography would hold up
rather well against even an e"tremely
determined cryptanalyst. Ahos really
to sayC )o can prove that the strongest
encryption obtainable today will hold
up under tomorrows computing
power. ,igilance and conservatism will
protect us better, however, than claims
of impenetrability.
1.1.2 HOW DOES
CRYPTOGRAPHY WORK
# cryptographic algorithm, or
cipher, is a mathematical function used
in the encryption and decryption
process. # cryptographic algorithm
works in combination with a keyEa
word, number, or phraseEto encrypt
the plainte"t. *he same plainte"t
encrypts to different cipherte"t with
different keys.
*he security of encrypted data is
entirely dependent on two thingsB the
strength of the cryptographic algorithm
and the secrecy of the key.
# cryptographic algorithm, plus
all possible keys and all the protocols
that make it work comprise a
cryptosystem. 3!3 is a cryptosystem.
Cryptosystem can be divided in to
Software and Hardware.
CRYPTOSYSTEM

SOFTWARE
HARDWARE
1.1. THE PURPOSE OF
CRYPTOGRAPHY
Cryptography is the science of
writing in secret code and is an ancient
art@ the first documented use of
cryptography in writing dates back to
circa -688 F.C. when an $gyptian
scribe used non4standard hieroglyphs
in an inscription. Some e"perts argue
that cryptography appeared
spontaneously sometime after writing
was invented, with applications
ranging from diplomatic missives to
war4time battle plans. It is no surprise,
then, that new forms of cryptography
came soon after the widespread
development of computer
communications.
In data and
telecommunications, cryptography is
necessary when communicating over
any un4trusted medium, which includes
(ust about any network, particularly the
Internet.
Aithin the conte"t of any
application4to4application
communication, there are some
specific security re0uirements
includingB
Authentication: *he process
of proving oneGs identity.
%*he primary forms of host4
to4host authentication on
the Internet today are name4
based or address4based,
both of which are
notoriously weak.&
Privacy/confidentiality:
$nsuring that no one can
read the message e"cept the
intended receiver.
Integrity: #ssuring the
receiver that the received
message has not been
altered in any way from the
original.
Non-repudiation: #
mechanism to prove that
the sender really sent this
message.
Cryptography, then, not only
protects data from theft or alteration,
but can also be used for user
authentication. *here are, in general,
three types of cryptographic schemes
typically used to accomplish these
goalsB secret key %or symmetric&
cryptography, public4key %or
asymmetric& cryptography, and hash
functions, each of which is described
below. In all cases, the initial
unencrypted data is referred to as
plaintext. It is encrypted into
ciphertext, which will in turn %usually&
be decrypted into usable plainte"t.
In many of the descriptions
below, two communicating parties will
be referred to as #lice and Fob@ this is
the common nomenclature in the
crypto field and literature to make it
easier to identify the communicating
parties. If there is a third or fourth
party to the communication, they will
be referred to as Carol and Dave.
9allory is a malicious party, $ve is an
eavesdropper, and *rent is a trusted
third party.
1.2 METHODS OF
ENCRYPTION
#lthough there can be several
pieces to an encryption method, the
two main pieces are the algorithms and
the keys. #s stated earlier, algorithms
are usually comple" mathematical
formulas that dictate the rules of how
the plainte"t will be turned into cipher
te"t. # key is a string of random bits
that will be inserted into the algorithm.
2or two entities to be able to
communicate via encryption, they must
use the same algorithm and, many
times, the same key. In some
encryption methods, the receiver and
the sender use the same key and in
other encryption methods, they must
use different keys for encryption and
decryption purposes. *he following
sections e"plain the difference between
these two types of encryption methods.
Symmetric versus Asymmetric
Algorithms
Cryptography algorithms use
either symmetric keys, also called
secret keys, or asymmetric keys, also
called public keys. #s encryption was
not complicated enough, the titles that
are used to describe the key types only
make it worse. +ust pay close attention
and we will get through this (ust fine.
1.2.1 SYMMETRIC
CRYPTOGRAPHY
In a cryptosystem that uses
symmetric cryptography, both parties
will be using the same key for
encryption and decryption, as shown in
2igure -... *his provides dual
functionality. #s we said, symmetric
keys are also called secret keys
because this type of encryption relies
on each user to keep the key a secret
and properly protected. If this key got
into an intruders hand, that intruder
would have the ability to decrypt any
intercepted message encrypted with
this key.
$ach pair of users who want to
e"change data using symmetric key
encryption must have their own set of
keys. *his means if Dan and I00i want
to communicate, both need to obtain a
copy of the same key. If Dan also
wants to communicate using
symmetric encryption with )orm and
Dave, he now needs to have three
separate keys, one for each friend.
Fi!"r# 1.2 Usi$! s%&&#tric
a'!(rit)&s* t)# s#$+#r a$+ r#c#i,#r
"s# t)# sa&# -#% .(r #$cr%/ti($ a$+
+#cr%/ti($ ."$cti($s.
*his might not sound like a big
deal until Dan realies that he may
communicate with hundreds of people
over a period of several months, and
keeping track and using the correct key
that corresponds to each specific
receiver can become a very daunting
task. If Dan were going to
communicate with -8 other people,
then he would need to keep track of H:
different keys. If Dan were going to
communicate with -88 other people,
then he would have to maintain and
keep up with H,6:8 symmetric keys.
Dan is a pretty bright guy, but does not
necessarily want to spend his days
looking for the right key to be able to
communicate with Dave.
*he security of the symmetric
encryption method is completely
dependent on how well users protect
the key. *his should raise red flags to
you if you have ever had to depend on
a whole staff of people to keep a
secret. If a key is compromised, then
all messages encrypted with that key
can be decrypted and read by an
intruder.
*his is complicated further by how
symmetric keys are actually shared and
updated when necessary. If Dan wants
to communicate to )orm for the first
time, Dan has to figure out how to get
)orm the right key. It is not safe to (ust
send it in an e4mail message because
the key is not protected and it can be
easily intercepted and used by
attackers. Dan has to get the key to
)orm through an out-of-band method.
Dan can save the key on a floppy disk
and walk over to )orms desk, send it
to him via snail mail, or have a secure
carrier deliver it to )orm. *his is a
huge hassle, and each method is very
clumsy and insecure. Fecause both
users use the same key to encrypt and
decrypt messages, symmetric
cryptosystems can provide
confidentiality, but they cannot provide
authentication or non4repudiation.
*here is no way to prove who actually
sent a message if two people are using
the e"act same key.
Aell, if symmetric
cryptosystems have so many problems
and flaws, why use them at allC *hey
are very fast and can be hard to break.
Compared to asymmetric systems,
symmetric algorithms scream in speed.
*hey can encrypt and decrypt large
amounts of data that would take an
unacceptable amount of time if an
asymmetric algorithm was used
instead. It is also very difficult to
uncover data that is encrypted with a
symmetric algorithm if a large key sie
was used.
*he following list outlines the
strengths and weakness of symmetric
key systemsB
Strengths
9uch faster than asymmetric
systems
Hard to break if using a large
key sie
Aeaknesses
K#% +istrib"ti($ It re0uires a
secure mechanism to deliver
keys properly.
Sca'abi'it% $ach pair of users
needs a uni0ue pair of keys, so
the number of
Ieys grow e"ponentially.
Li&it#+ s#c"rit% It can
provide confidentiality, but not
authenticity or non4repudiation.
*he following are e"amples of
symmetric key cryptography
algorithmsB
Data $ncryption Standard
%D$S&
*riple D$S %JD$S&
#dvanced $ncryption Standard
%#$S&
1.2.2 ASYMMETRIC
CRYPTOGRAPHY
Some things you can tell the
pulic! ut some things you "ust #ant
to keep private.
In symmetric key cryptography,
a single secret key is used between
entities, whereas in public key systems,
each entity has different keys, or
asymmetric keys. *he two different
asymmetric keys are mathematically
related. If a message is encrypted by
one key, the other key is re0uired to
decrypt the message.
In a public key system, the pair
of keys is made up of one public key
and one private key. *he public key
can be known to everyone, and the
private key must only be known to the
owner. 9any times, public keys are
listed in directories and databases of e4
mail addresses so they are available to
anyone who wants to use these keys to
encrypt or decrypt data when
communicating with a particular
person. 2igure -.J illustrates an
asymmetric cryptosystem.
Fi!"r# 1. As%&&#tric
cr%/t(s%st#&
*he public and private keys are
mathematically related, but cannot be
derived from each other. *his means
that if an evildoer gets a copy of Fobs
public key, it does not mean he can
now use some mathematical magic and
find out Fobs private key.
If Fob encrypts a message with
his private key, the receiver must have
a copy of Fobs public key to decrypt
it. *he receiver can decrypt Fobs
message and decide to reply back to
Fob in an encrypted form. #ll she
needs to do is encrypt her reply with
Fobs public key, and then Fob can
decrypt the message with his private
key. It is not possible to encrypt and
decrypt using the e"act same key when
using an asymmetric key encryption
technology.
Fob can encrypt a message
with his private key and the receiver
can then decrypt it with Fobs public
key. Fy decrypting the message with
Fobs public key, the receiver can be
sure that the message really came from
Fob. # message can only be decrypted
with a public key if the message was
encrypted with the corresponding
private key. *his provides
authentication, because Fob is the only
one who is supposed to have his
private key. Ahen the receiver wants
to make sure Fob is the only one that
can read her reply, she will encrypt the
response with his public key. =nly Fob
will be able to decrypt the message
because he is the only one who has the
necessary private key.
)ow the receiver can also
encrypt her response with her private
key instead of using Fobs public key.
Ahy would she do thatC She wants
Fob to know that the message came
from her and no one else. If she
encrypted the response with Fobs
public key, it does not provide
authenticity because anyone can get a
hold of Fobs public key. If she uses
her private key to encrypt the message,
then Fob can be sure that the message
came from her and no one else.
Symmetric keys do not provide
authenticity because the same key is
used on both ends. Ksing one of the
secret keys does not ensure that the
message originated from a specific
entity.
If confidentiality is the most
important security service to a sender,
she would encrypt the file with the
receivers public key. *his is called a
secure message format because it can
only be decrypted by the person who
has the corresponding private key. If
authentication is the most important
security service to the sender, then she
would encrypt the message with her
private key. *his provides assurance to
the receiver that the only person who
could have encrypted the message is
the individual who has possession of
that private key. If the sender
encrypted the message with the
receivers public key, authentication is
not provided because this public key is
available to anyone.
$ncrypting a message with the
senders private key is called an open
message format because anyone with a
copy of the corresponding public key
can decrypt the message@ thus,
confidentiality is not ensured.
2or a message to be in a secure
and signed format, the sender would
encrypt the message with her private
key and then encrypt it again with the
receivers public key. *he receiver
would then need to decrypt the
message with his own private key and
then decrypt it again with the senders
public key. *his provides
confidentiality and authentication for
that delivered message. *he different
encryption methods are shown in
2igure -.H.
Fi!"r# 1.0 T%/# (. s#c"rit% s#r,ic#
t)at 1i'' b# /r(,i+#+.
$ach key type can be used to
encrypt and decrypt, so do not get
confused and think the public key is
only for encryption and the private key
is only for decryption. *hey both have
the capability to encrypt and decrypt
data.
#n asymmetric cryptosystem
works much slower than symmetric
systems, but can provide
confidentiality, authentication, and non
repudiation depending on its
configuration and use. #symmetric
systems also provide for easier and
more manageable key distribution than
symmetric systems and do not have the
scalability issues of symmetric
systems.
*he following outlines the
strengths and weaknesses of
asymmetric key systemsB
Strengths
Fetter key distribution than
symmetric systems
Fetter scalability than
symmetric systems
Can provide confidentiality,
authentication, and non
repudiation
Aeaknesses
Aorks much slower than
symmetric systems
*he following are e"amples of
asymmetric key algorithmsB
'S#
$lliptic Curve Cryptosystem
%$CC&
Diffie4Hellman
$l !amal
Digital Signature Standard
%DSS&
1. TYPES OF
CRYPTOGRAPHIC
ALGORITHMS
*here are several ways of
classifying cryptographic algorithms.
2or purposes of this paper, they will be
categoried based on the number of
keys that are employed for encryption
and decryption, and further defined by
their application and use. *he three
types of algorithms those are discussed
in 2igure -.:.
Secret Iey Cryptography
%SIC&B Kses a single key for
both encryption and decryption
3ublic Iey Cryptography
%3IC&B Kses one key for
encryption and another for
decryption
Hash 2unctionsB Kses a
mathematical transformation to
irreversibly LencryptL
information
Fi!"r# 1.2 T)r## t%/#s (.
cr%/t(!ra/)ic a'!(rit)&s
1.0 INTRODUCTION TO AES
*he #dvanced $ncryption
Standard %#$S& specifies a 2I3S4
approved cryptographic algorithm that
can be used to protect electronic data.
#$S algorithm is a symmetric block
cipher that can encrypt %encipher& and
decrypt %decipher& information.
$ncryption converts data to an
unintelligible form called cipher4te"t@
decrypting the cipher4te"t converts the
data back into its original form, called
plainte"t.
2igure -.; =verall
'epresentations of $ncryption and
Decryption
*he #dvanced $ncryption
Standard, after the Data $ncryption
Standard was found too weak because
of its small key sie and the
technological advancements in
processor power. 2ifteen candidates
were accepted and based on public
comments the pool was reduced to
five. =ne of these five algorithms was
selected as the forthcoming standardB a
slightly modified version of the
'i(ndael.
E$cr%/ti($
A'!(rit)&
D#cr%/ti($
A'!(rit)&
=riginal
9essage
Cipher
9essage
=riginal
9essage
Secret
Iey
-./ -./ -./
-./
*he 'i(ndael, whose name is
based on the names of its two Felgian
inventors, +oan Daemen and ,incent
'i(men is a Flock cipher, which means
that it works on fi"ed length group of
bits, which are called locks. It takes
an input block of a certain sie, usually
-./ bits, and produces a corresponding
output block of the same sie. *he
transformation re0uires a second input,
which is the secret key with lengths of
-./, -6. and .:; bits. Knlike D$S,
which is based on 2eistel network,
#$S is a substitution4permutation
network, which is a series of
mathematical operations that use
substitutions %also called S4Fo"& and
permutations %34Fo"es& and their
careful definition implies that each
output bit depends on every input bit.
1.0.1 3LOCK CIPHER
Ahen a block cipher algorithm
is used for encryption and decryption
purposes, the message is divided into
blocks of bits. *hese blocks are then
put through substitution, transposition,
and other mathematical functions.
*he algorithm dictates all the possible
functions available to be used on the
message, and it is the key that will
determine what order these functions
will take place. Strong algorithms
make reengineering or trying to figure
out all the functions that took place on
the message, basically impossible.
It has been said that the
properties of a cipher should contain
confusion and diffusion. Different
unknown key values cause confusion,
because the attacker does not know
these values, and diffusion is
accomplished by putting the bits within
the plainte"t through many different
functions so that they are dispersed
throughout the algorithm. Flock
ciphers use diffusion and confusion in
their methods.
Advantages of AES:
*hrough #$S, input message of
length -./ bits can be
encrypted which is more than
the D$S and *riple D$S.
#$S has the various secret key
lengths such as -./ bits, -6.
bits and .:; bits, whereas D$S
and *riple D$S have fi"ed
length of ;H bits.
*he cipher key is e"panded into
a larger key, which is later used
for the actual operation.
*he $"panded Iey shall
#1A#<S be derived from the
Cipher Iey and never be
specified directly.
#$S is very hard to attack or
crack when compared to D$S.
#$S will be faster when
compared to the *riple D$S.
1.2 APPLICATION
*his standard may be used by
2ederal departments and
agencies when an agency
determines that sensitive
%unclassified& information %as
defined in 3. 1. -884.J:&
re0uires cryptographic
protection
High speed
#*9M$thernetM2iber4Channel
switches
Secure video teleconferencing
'outers and 'emote #ccess
Servers
In addition, this standard may
be adopted and used by non4
2ederal !overnment
organiations. Such use is
encouraged when it provides
the desired security for
commercial and private
organiations.

CHAPTER 2 CHAPTER 2
AD4ANCED
ENCRYPTION STANDARD
ALGORITHM
2.1 INTRODUCTION
*he main ob(ectives of #$S are
high level security, adoptable to
diverse application, efficient and
e"portable. In this pro(ect work, the
plain te"t of -./ bits is given as input
to encryption block in which
encryption of data is made and the
cipher te"t of -./ bits is throughout as
output. *he key length of -./ bits is
used in process of encryption. *he
#$S algorithm is a block cipher that
uses the same binary key both to
encrypt and decrypt data blocks is
called a symmetric key cipher. #
commonly accepted definition of a
good symmetric key algorithm, such as
the #$S, is that there e"ists no attack
better than key e"haustion to read an
encrypted message.
2.2 TERMINOLOGIES
*he various terminologies and
their definitions used in this pro(ect
were discussed in this section.
S.N(. T#r&
- #$S #dvanced $ncryption Standard
. #rray
#n enumerated collection of identical entities %e.g., an
array of bytes&.
J Fit # binary digit having a value of 8 or -.
H Flock
Se0uence of binary bits that comprise the input, output,
State and 'ound Iey. *he length of a se0uence is the
number of bits it contains. Flocks are also interpreted as
arrays of bytes.
: Fyte
# group of eight bits that is treated either as a single
entity or as an array of / individual bits.
; Cipher
Series of transformations that converts plainte"t to
cipher te"t using the Cipher Iey.
7 Cipher Iey
Secret, cryptographic key that is used by the Iey
$"pansion routine to generate a set of 'ound Ieys@ can
be pictured as a rectangular array of bytes, having four
rows and Nk columns.
/ Cipher te"t
Data output from the Cipher or input to the Inverse
Cipher.
6 Inverse Cipher
Series of transformations that converts cipher te"t to
plainte"t using the Cipher Iey.
-8 Iey $"pansion
'outine used to generate a series of 'ound Ieys from
the Cipher Iey.
-- 3lainte"t Data input to Cipher or output from the Inverse Cipher.
-. 'i(ndael
Cryptographic algorithm specified in this #dvanced
$ncryption Standard %#$S&.
-J 'ound Iey
'ound keys are values derived from the Cipher Iey
using the Iey $"pansion routine@ they are applied to the
State in the Cipher and Inverse Cipher.
-H State
Intermediate Cipher result that can be pictured as a
rectangular array of bytes, having four rows and
columns.
-: S4bo"
)on4linear substitution table used in several byte
substitution transformations and in the Iey $"pansion
routine to perform a one4for4one substitution of a byte
value.
-; Aord
# group of J. bits that is treated either as a single entity
or as an array of H bytes.
Tab'# 2.1 T#r&i$('(!i#s a$+ t)#ir
D#.i$iti($s
2. ALGORITHM
PARAMETERS
*he different parameters and
symbols used in this pro(ect were
discussed in this section.
S.N(.
Para&#t#rs 5
S%&b('s
D#.i$iti($
- #dd'oundIey *ransformation in the Cipher and Inverse Cipher in
which a 'ound Iey is added to the State using an 5='
operation. *he length of a 'ound Iey e0uals the sie of
the State %i.e., for
-./ bitsM-; bytes&.
. Inv9i"Columns
*ransformation in the Inverse Cipher that is the inverse
of 9i"Columns
J InvShift'ows
*ransformation in the Inverse Cipher that is the inverse
of Shift'ows
H InvSubFytes
*ransformation in the Inverse Cipher that is the inverse
of SubFytes
: I Cipher Iey.
; 9i"Columns
*ransformation in the Cipher that takes all of the
columns of the State and mi"es their data
%independently of one another& to produce new
columns.
7 )b
)umber of columns %J.4bit words& comprising the
State. 2or this standard,
/ )k
)umber of J.4bit words comprising the Cipher Iey.
2or this standard,
6 )r
)umber of rounds, which is a function of
%which is fi"ed&. 2or this standard,
-8 'con *he round constant word array.
-- 'otAord
2unction used in the Iey $"pansion routine that takes a
four4byte word and performs a cyclic permutation.
-. Shift'ows
*ransformation in the Cipher that processes the State
by cyclically shifting the last three rows of the State by
different offsets.
-J SubFytes
*ransformation in the Cipher that processes the State
using a nonlinear byte substitution table %S4bo"& that
operates on each of the State bytes independently.
-H SubAord
2unction used in the Iey $"pansion routine that takes a
four4byte input word and applies an S4bo" to each of
the four bytes to produce an output word.
-: 5=' $"clusive4=' operation.
Tab'# 2.2 Para&#t#rs* S%&b('s a$+
t)#ir D#.i$iti($s
2.0 AES ALGORITHM
*he #$S is an iterated
symmetric block cipher, which means
that,
#$S works by repeating the
same defined steps multiple
times.
#$S is a secret key encryption
algorithm.
#$S operates on a fi"ed
number of bytes
#$S as well as most encryption
algorithms is reversible. *his means
that almost the same steps are
performed to complete both encryption
and decryption in reverse order. *he
#$S algorithm operates on bytes,
which makes it simpler to implement.
2.0.1 SPECIFICATION
2or the #$S algorithm* t)#
'#$!t) (. t)# i$/"t b'(c-* t)# ("t/"t
b'(c- a$+ t)# Stat# is 126 bits. *his
is represented by Nb N H, which
reflects the number of J.4bit words
%number of columns& in the State. 2or
the #$S algorithm* t)# '#$!t) (. t)#
Ci/)#r K#%* K* is 126 bits. *he key
length is represented by Nk N H, which
reflects the number of J.4bit words
%number of columns& in the Cipher
Iey.
2or the #$S algorithm, the
number of rounds to be performed
during the e"ecution of the algorithm
is dependent on the key sie. *he
number of rounds is represented by Nr,
where Nr N -8 when Nk N H.
2.0.2 DESCRIPTION
*he #$S is an iterated block
cipher with a fi"ed block sie of -./
and a variable key length. *he different
transformations operate on the
intermediate results, called state. *he
state is a rectangular array of bytes and
since the block sie is -./ bits, which
is -; bytes, the rectangular array is of
dimensions H"H. *he basic unit for
processing in the #$S algorithm is a
b%t#* a se0uence of eight bits treated as
a single entity. *he input, output and
Cipher Iey bit se0uences which are
processed as arrays of bytes that are
formed by dividing these se0uences
into groups of eight contiguous bits to
form arrays of bytes.
In the 'i(ndael version with
variable block sie, the row sie is
fi"ed to four and the number of
columns varies. *he number of
columns is the block sie divided by J.
and denoted )b. *he cipher key is
similarly pictured as a rectangular
array with four rows. *he number of
columns of the cipher key, denoted )k,
is e0ual to the key length divided by
J.. #$S uses a variable number of
rounds, which are fi"edB # key of sie
-./ has -8 rounds.
Fi!"r# 2.1 T(/ L#,#' 3'(c-
Dia!ra& (. AES A'!(rit)&
*he above figure ..- shows the
top level blocks available in the #$S
algorithm. #lso the basic inputs to the
system and the outputs from the
system were clearly represented. #s
per the standard, -8 rounds for -./ bits
key length were carried out in which
the last round will be performed
separately. 2or both its Cipher and
Inverse Cipher, the #$S algorithm uses
a round function that is composed of
four different byte4oriented
transformationsB
Fyte substitution using a
substitution table %S4bo"&
Shifting rows of the State array
by different offsets
DOUT
VALID 0
Inpu
t
Dat
a
Data_Vali
d
Input
Data
DOUT
VALID 09
CLK
ROUND
OUT 0
I$< $53#)SI=) I$< $53#)SI=)
'ound
8-

'ound
86
'ound
1ast
ROUND
OUT 09
ROUND
KEYS
'=K)D
I$< 8
'=K)D
I$< -
'=K)D
I$< 6
'=K)D
I$<
1#S*
Key
Reg
Key _En
Key !"#$
Data
Out
!"#$
D%ut
Valid
AES
9i"ing the data within each
column of the State array
#dding a 'ound Iey to the
State
#bove mentioned functions
were carried out for every individual
round and in the last round the third
function, that is, 9i"ing the data
within each column of the State array
will not be performed. Hence the last
round is carried out separately. Fased
on the key provided, the new set of
keys will be generated in the Iey
$"pansion block and is given to the
each round as input.
2.2 ENCRYPTION
#t the start of the $ncryption or
Cipher, the input data and the input key
were copied to the State array using the
conventions. Initially the 5='
operation should be performed
between each byte of the input data
and the input key and the output will
be given as the input of the 'ound4-.
#fter an initial 'ound Iey addition,
the State array is transformed by
implementing a round function -8
times, with the final round differing
slightly from the first Nr- rounds.
*he final State is then copied to the
output. *he round function is
parameteried using a key schedule
that consists of a one4dimensional
array of four4byte words derived using
the Iey $"pansion routine.
*he individual transformations
that carried out are listed below.
SubFytes
Shift'ows
9i"Columns
#dd'oundIey
*able ..J represents the
operation performed at each round and
its order in which each one is carried
out. #ll Nr rounds are identical with
the e"ception of the final round, which
does not include the Mi7C('"&$s
transformation. *hus the cipher te"t,
that is, encrypted data will be achieved
at the end of the final round.
2.2.1 AES CIPHER FUNCTIONS
*he block diagram shown in
the figure ... represents the functions
carried out in each round and the
functions performed in the last round.
Tab'# 2. AES #$cr%/ti($ ci/)#r "si$! a 18 b%t# -#%
Fi!"r# 2.2 3'(c- Dia!ra& .(r AES R("$+ a$+ AES Last R("$+
2.2.1.1 S"b3%t#s Tra$s.(r&ati($
*he SubFytes operation is a
non4linear byte substitution, operating
on each byte of the state independently.
*he s"bstit"ti($ tab'# 9S:3(7; is
invertible and is constructed by the
composition of two transformationsB
*ake the multiplicative inverse
in 'i(ndaelGs finite field
#pply an affine transformation
Since the S4Fo" is independent
of any input, pre4calculated forms are
used, if enough memory %.:; bytes for
one S4Fo"& is available. $ach byte of
the state is then substituted by the
value in the S4Fo" whose inde"
corresponds to the value in the state.
2igure ..J illustrates the effect of the
S"b3%t#s transformation on the State
clearly.
Fi!"r# 2. S"b3%t#s O/#rati($ (.
t)# Stat#
*he S4Fo" for the $ncryption
is given in the #ppendi"4- for the
reference. *he S4Fo" will be of a
-;5-; matri" in which the row is
represented as >"? and the column is
represented by >y?. *he S4bo" used in
the S"b3%t#s transformation is
presented in he"adecimal form and
hence the substitution value would be
determined by the intersection of the
row and the column.
2or e"ample, if S
-,-
N O:JP,
then the substitution value would be
determined by the intersection of the
row with inde" Q: and the column
with inde" QJ. *his would result in S
-,-
having a value of OedP. *hese values
can be referred in the S4Fo" present in
the #ppendi"4-.
2.2.1.2 S)i.tR(1s Tra$s.(r&ati($
#rranges the state in a matri"
and then performs a circular shift for
each row. *his is not a bit wise shift.
*he circular shift (ust moves each byte
one space over. # byte that was in the
second position may end up in the third
position after the shift.
*he circular part of it specifies that the
byte in the last position shifted one
space will end up in the first position
in the same row. Hence in this
Shift'ows operation, each row of the
state is cyclically shifted to the left,
depending on the row inde". *his has
the effect of moving bytes to >lower?
positions in the row, while the >lowest?
bytes wrap around into the >top? of the
row.
Fi!"r# 2.0 S)i.tR(1s O/#rati($ (.
t)# Stat#
2igure ..H illustrates the
S)i.tR(1s transformation. *he
shifting operation will be carried out
horiontally as follows.
*he -st row is shifted 8
positions to the left.
*he .nd row is shifted -
positions to the left.
*he Jrd row is shifted .
positions to the left.
*he Hth row is shifted J
positions to the left.
2.2.1. Mi7C('"&$s Tra$s.(r&ati($
In 9i"Columns operation,
parts of the state are multiplied against
which parts of the matri". *he
transformation operates on the State
column4by4column. *he sate is
arranged into a H row table %as
described in the Shift 'ow function&.
*he multiplication is performed one
column at a time %H bytes&. $ach value
in the column is eventually multiplied
against every value of the matri" %-;
total multiplications&. *he results of
these multiplications are 5='ed
together to produce only H result bytes
for the ne"t state. *here fore H bytes
input, -; multiplications -. 5='s and
H bytes output. *he multiplication is
performed one matri" row at a time
against each value of a state column.
*he pre4defined H5H matri"
value and the first column of the
Shift'ows state are represented as
follows, for the multiplication.
*he first result byte is
calculated by multiplying H values of
the state column against H values of the
first row of the matri". *he result of
each multiplication is then 5='ed to
produce - Fyte.
*he second result byte is
calculated by multiplying the same H
values of the state column against H
values of the second row of the matri".
*he result of each multiplication is
then 5='ed to produce - Fyte.
*he third result byte is
calculated by multiplying the same H
values of the state column against H
values of the third row of the matri".
*he result of each multiplication is
then 5='ed to produce - Fyte.
*he fourth result byte is
calculated by multiplying the same H
values of the state column against H
values of the fourth row of the matri".
*he result of each multiplication is
then 5='ed to produce - Fyte.
*his procedure is repeated
again with the ne"t column of the state,
until there are no more state columns.
Hence putting it all together, the first
column will include state bytes -4H and
will be multiplied against the matri" in
the following mannerB
2igure ..: illustrates the Mi7C('"&$s
transformation
Fi!"r# 2.2 Mi7C('"&$s
(/#rat#s ($ t)# Stat# c('"&$:b%:
c('"&$
Hence the pictorial
representation of the 9i"Columns
operation represented above gives the
clear view on this transformation.
2.2.1.0 A++R("$+K#%
Tra$s.(r&ati($
In the A++R("$+K#%
transformation, a 'ound Iey is added
to the State by a simple bitwise 5='
operation. $ach of the -; bytes of the
state is 5='ed against each of the -;
bytes of a portion of the e"panded key
for the current round. *he $"panded
Iey bytes are never reused. So once
the first -; bytes are 5='ed against
the first -; bytes of the e"panded key
then the e"panded key bytes -4-; are
never used again. *he ne"t time the
#dd 'ound Iey function is called
bytes -74J. are 5='ed against the
state. *he first time #dd 'ound Iey
gets e"ecuted.
*he second time #dd 'ound Iey is
e"ecuted.
*his process will be continued
until the operation ends. *he graphical
representation of this operation can be
seen below.
Fi!"r# 2.8 A++R("$+K#% O/#rati($
*he above figure ..; represents
the clear view on the #dd'oundIey
transformation which takes place
between the results of 9i"Columns
and Iey$"pansion and gives the
resultant matri" that is used as the
input to the ne"t reound.
2.2.2 KEY E<PANSION
3rior to encryption or
decryption the key must be e"panded.
*he e"panded key is used in the A++
R("$+ Iey function defined above.
$ach time the #dd 'ound Iey
function is called a different part of the
e"panded key is 5='ed against the
state. In order for this to work the
$"panded Iey must be large enough
so that it can provide key material for
every time the #dd 'ound Iey
function is e"ecuted. *he #dd 'ound
Iey function gets called for each
round as well as one e"tra time at
beginning of the algorithm.
*he #$S algorithm takes the
Cipher Iey, K, and performs a Iey
$"pansion routine to generate a key
schedule. *he Iey $"pansion
generates a total of Nb %Nr R -& wordsB
the algorithm re0uires an initial set of
Nb words, and each of the Nr rounds
re0uires Nb words of key data. *he
resulting key schedule consists of a
linear array of H4byte words.
Since the key sie is much
smaller than the sie of the sub keys,
the key is actually >stretched out? to
provide enough key space for the
algorithm. Hence an -./ bit key is
e"panded to an -7; byte key.
*here is a relation between the
cipher key sie, the number of rounds
and the $"pandedIey sie. 2or an -./4
bit key, there is one initial
#dd'oundIey operation plus there are
-8 rounds and each round needs a new
-; byte key, therefor we re0uire -8R-
'oundIeys of -; byte, which e0uals
-7; byte. #n iteration of the above
steps is called a round. *he amount of
rounds of the key e"pansion algorithm
depends on the key sie.
Tab'# 2.0 K#% E7/a$si($
*he first bytes of the e"panded
key are always e0ual to the key. If the
key is -; bytes long the first -; bytes
of the e"panded key will be the same
as the original key. If the key sie is J.
bytes then the first J. bytes of the
e"panded key will be the same as the
original key. $ach round adds H bytes
to the $"panded Iey. Aith the
e"ception of the first rounds each
round also takes the previous rounds H
bytes as input operates and returns H
bytes.
*he key e"pansion routine
e"ecutes a ma"imum of H consecutive
functions. *hese functions areB
'=* A='D
SKF A='D
'C=)
5='
Rot Word (4 bytes)
*his does a circular shift on H
bytes similar to the Shift 'ow
2unction. *he H4byte word is cyclically
shifted - byte to the left.
2or $"ample, lets take a
se0uence -,.,J,H which will be rotated
and obtain the result as .,J,H,-.
Sub Word ! bytes"
*he Iey Schedule uses the
same S4Fo" substitution as the main
algorithm body. *his step applies the
S4bo" value substitution as described
in SubFytes function to each of the H
bytes in the argument. *he S4Fo" is
present in the #ppendi"4- for the
reference.
#con
Fasically this function returns a
H byte value based on the following
table.
R("$+
N"&b#r
Rc($ 4a'"#
- 'con%-& 8-888888
. 'con%.& 8.888888
J 'con%J& 8H888888
H 'con%H& 8/888888
: 'con%:& -8888888
; 'con%;& .8888888
7 'con%7& H8888888
/ 'con%/& /8888888
6 'con%6& -F888888
-8 'con%-8& J;888888
Tab'# 2.2 Rc($ Tab'#
*he result of the SubAords
should be 5='ed with the above
mentioned 'con values with respect to
the corresponding round number. It can
be seen that the first Nk words of the
e"panded key are filled with the
Cipher Iey. $very following word,
wSiT, is e0ual to the 5=' of the
previous word, wSi4-T, and the word
Nk positions earlier, wSi4NkT. 2or
words in positions that are a multiple
of Nk, a transformation is applied to
wSi4-T prior to the 5=', followed by
an 5=' with a round constant,
'conSiT.
Steps in Key E$pansion
*he first n bytes of the
e"panded key are simply the
cipher key %n N the sie of the
encryption key&
*he rcon value i is set to -
Kntil we have enough bytes of
e"panded key, we do the
following to generate n more
bytes of e"panded key %please
note once again that LnL is used
here, this varies depending on
the key sie&
-. we do the following to
generate four bytes
we use a
temporary H4
byte word called
t
we assign the
previous H bytes
to t
we perform the
key schedule
core on t, with i
as 'con value
we increment i
we 5=' t with
the H4byte word
n bytes before in
the
e"pandedIey
%where n is once
-; bytes&
". we do the following "
times to generate the
ne"t "UH bytes of the
e"pandedIey %" N J for
nN-;&
we assign the
previous H4byte
word to t
we 5=' t with
the H4byte word
n bytes before in
the
e"pandedIey
%where n is once
-; bytes&
Hence, for nN-;, we generateB H R JUH
bytes N -; bytes per iteration.
2.8 DECRYPTION
*he cipher te"t of -./ bits and
the same key of -./ bits will be given
as the input to the decryption block.
*he encrypted data will be decrypted
and the original plain message will be
achieved as the output of the
decryption block. *he Cipher
transformations can be inverted and
then implemented in reverse order to
produce a straightforward Inverse
Cipher for the #$S algorithm. *he
individual transformations used in the
Inverse Cipher were listed as follows.
InvShift'ows
InvSubFytes
Inv9i"Columns
#dd'oundIey
Here also -8 rounds will be
carried out and the only difference in
the decryption block with respect to
the algorithm flow is that the result of
the Iey$"pansion of each round will
also be given to the 9i"Coulmns
operation after which the
#dd'oundIey transformation should
be carried out.
%nv&i$'olumns state ()# #ound
Key" * %nv&i$'olumns state" ()#
%nv&i$'olumns #ound Key"
*he above e0uation represents
the basic difference in the process of
the #$S $ncryption and Decryption
algorithm.
2.8.1 AES IN4ERSE CIPHER
FUNCTIONS
*he #$S Inverse Cipher
2unction has the same set of
transformations as in the encryption
but in the inverse form, that is, the
predefined values which used for the
each transformation will be different.
In this section we can discuss about
each transformations in detail.
2.8.1.1 I$,S"b3%t#s Tra$s.(r&ati($
InvSubFytes is the inverse of
the byte substitution transformation, in
which the inverse S4Fo" is applied to
each byte of the State. *he inverse S4
Fo" is present in the #ppendi"4- for
the reference. *he transformation of
this process will be carried out in the
similar way as in the SubFytes in the
encryption such as the substitution
value would be determined by the
intersection of the row and the column.
2or e"ample, if S
-,-
N O:JP,
then the substitution value would be
determined by the intersection of the
row with inde" Q: and the column
with inde" QJ. *his would result in S
-,-
having a value of O:8P. *hese values
can be referred in the S4Fo" present in
the #ppendi"4-.
2.8.1.2 I$,S)i.tR(1s
Tra$s.(r&ati($
*he InvShift'ows is the
inverse of the Shift'ows
transformation. *he bytes in the last
three rows of the State are cyclically
shifted over different numbers of bytes
%offsets&. *he first row, r N 8, is not
shifted. *he bottom three rows are
cyclically shifted by Nb 4 shift%r,N&
bytes, where the shift value shift$r!N%
depends on the row number.
Specifically, the InvShift'ows
transformation proceeds as follows.
Fi!"r# 2.= I$,S)i.tR(1s O/#rati($
(. t)# Stat#
*he illustration figure will
gives the clear view on this
InvShift'ows transformation.
2.8.1. I$,Mi7C('"&$s
Tra$s.(r&ati($
*he Inv9i"Columns is the
inverse of the 9i"Columns
transformation. Inv9i"Columns
operates on the State considering
column4by4column. *he pre4defined
H5H matri" value and the first column
of the InvShift'ows state are
represented as follows, for the
multiplication.
#s a result of this
multiplication, the four bytes in a
column are replaced by the following.
*hus the H5H matri" will be
obtained which will be given as the
input to the ne"t transformation.
2.8.1.0 I$,#rs# (. t)# A++R("$+K#%
Tra$s.(r&ati($
*he Inverse of the
#dd'oundIey is similar to the
#dd'oundIey in the encryption
process. $ach element in the resultant
matri" of 9i"Columns and resultant
matri" of Iey$"pansion will be
5='ed and the resultant matri" of
#dd'oundIey will be given as the
input to the ne"t round.
Hence all the inverse cipher
transformations were discussed above
and finally, the only thing left to do is
putting it all together in one inversed
main algorithm. Similarly the forward
cipher transformations were combined
together to form a 'ound and
combining all the -8 'ounds will
constitute a complete #$S $ncryption
and Decryption algorithm.
2.= SUMMARY
Fasic *erminologies and the
3arameters used in this
#lgorithm have been discussed
at the earlier section.
Fasic introduction and
description on the #$S
#lgorithm and its *op 1evel
Flock Diagram was discussed.
Discussed on #$S $ncryption
3rocess which includes #$S
Cipher 2unctions and its
transformation procedure.
Steps involved in the Iey
$"pansion process were given.
#$S Decryption 3rocess which
includes #$S Inverse Cipher
2unctions was e"plained.

CHAPTER CHAPTER
AES
ALGORITHM
IMPLEMENTATION
.1 INTRODUCTION
*he #$S is a block cipher. *his
means that the number of bytes that it
encrypts is fi"ed. #$S can currently
encrypt blocks of -; bytes at a time@ no
other block sies are presently a part of
the #$S standard. If the bytes being
encrypted are larger than the specified
block then #$S is e"ecuted
concurrently. *his also means that #$S
has to encrypt a minimum of -; bytes.
If the plain te"t is smaller than -;
bytes then it must be padded. Simply
said the block is a reference to the
bytes that are processed by the
algorithm.
*he current condition of the
lock will be defined by the State. *hat
is the block of bytes that are currently
being worked on. *he state starts off
being e0ual to the block, however it
changes as each round of the
algorithms e"ecutes. 3lainly we can
say that this is the block in progress.
*he #dvanced $ncryption Standard
#lgorithm which includes both
$ncryption and Decryption are
implemented using ,HD1 and their
functionality will be verified in the
9odelSim *ool with proper test cases.
.2 IMPLEMENTATION
RE>UIREMENTS
During the implementation,
there are different parameters are
re0uired which are discussed as
follows.
%nput +ata ,ength #e-uirements
#n implementation of the #$S
algorithm should have the input data
%3lain *e"t& length of -./ bits which
acts as the primary input to the both
$ncryption and Decryption block.
Key ,ength #e-uirements
In this #$S implementation the
input key chosen to be as -./ bits from
the various key lengths available. *his
also acts as the primary input to the
both $ncryption and Decryption block.
Keying #estrictions
)o weak or semi4weak keys
have been identified for the #$S
algorithm and there is no restriction on
key selection.
.arameteri/ation of 0lock Si/e and
#ound Number
Here since the input data and
the input key lengths are -./ bits, the
block sie will be of )b N H and the
'ound )umber will be of )r N -8. *he
'ound )umber will be taken with
respect to the #$S #lgorithm
Standard.
. NOTATION AND
CON4ENTIONS
*he different notations and
conventions were used in this
implementation of #$S #lgorithm.
1E(
He"adecimal defines a notation
of numbers in base -;. *his simply
means that the highest number that can
be represented in a single digit is -:,
rather than the usual 6 in the decimal
%base -8& system. Hence all the values
were represented in the He"adecimal
number system.
%nputs and )utputs
*he input and output for the
#$S algorithm each consist of
se0uences of -./ bits %digits with
values of 8 or -&. *hese se0uences will
sometimes be referred to as blocks and
the number of bits they contain will be
referred to as their length. *he Cipher
Iey for the #$S algorithm is a
se0uence of -./ bits. =ther input and
output lengths are not permitted by this
standard.
*he bits within such se0uences
will be numbered starting at ero and
ending at one less than the se0uence
length %block length or key length&.
*he number i attached to a bit is
known as its inde" and will be in one
of the ranges 0 i < 128 depending on
the block length and key length
%specified above&.
0ytes
*he basic unit for processing in
the #$S algorithm is a byte, a
se0uence of eight bits treated as a
single entity. *he input, output and
Cipher Iey bit se0uences are
processed as arrays of bytes that are
formed by dividing these se0uences
into groups of eight contiguous bits to
form arrays of bytes. 2or an input,
output or Cipher Iey denoted by a, the
bytes in the resulting array will be
referenced using one of the two forms,
>an& or aSnT, where n will be in one of
the following ranges.
Iey length N -./ bits, 8 n V
-;
Flock length N -./ bits, 8 n V
-;
State
Internally, the #$S algorithms
operations are performed on a two4
dimensional array of bytes called the
State. *he State consists of four rows
of bytes, each containing N bytes,
where N is the block length divided
by J.. In the State array denoted by the
symbol s, each individual byte has two
indices, with its row number r in the
range 8 W r V H and its column number
c in the range 8 W c V N. *his allows
an individual byte of the State to be
referred to as either sr,c or sSr,cT. 2or
this standard, N NH, i.e., 8 W c V H.
#t the start of the Cipher and
Inverse Cipher, the input %the array of
bytes in8, in-, X in-:& will be copied
into the State array. *he Cipher or
Inverse Cipher operations are then
conducted on this State array, after
which its final value is copied to the
output will be the array of bytes out8,
out-, X out-:.
Fi!"r# .1 Stat# Arra% I$/"t a$+
O"t/"t
Hence, at the beginning of the
Cipher or Inverse Cipher, the input
array, in, is copied to the State array
according to the schemeB
s?r* c@ A i$?r B 0c@
.(r C D r E 0 a$+ C D c E Nb*
#nd at the end of the Cipher and
Inverse Cipher, the State is copied to
the output array out as followsB
("t?r B 0c@ A s?r* c@ .(r C D r
E 0 a$+ C D c E Nb.
State as an Array of 'olumns
*he four bytes in each column
of the State array form J.4bit words,
where the row number r provides an
inde" for the four bytes within each
word. *he state can hence be
interpreted as a one4dimensional array
of J. bit words %columns&, #8...#J,
where the column number c provides
an inde" into this array. Hence the
State can be considered as an array of
four words, as followsB
2C A sC*C s1*C s2*C s*C
22 A sC*2 s1*2 s2*2 s*2
21 A sC*1 s1*1 s2*1 s*1
2 A sC* s1* s2* s*
.0 MATHEMATICAL
PRELIMINARIES
#ll bytes in the #$S algorithm
are interpreted as finite field elements
that can be added and multiplied, but
these operations are different from
those used for numbers.
Addition
*he addition of two elements in
a finite field is achieved by >adding?
the coefficients for the corresponding
powers in the polynomials for the two
elements. *he addition is performed
with the 5=' operation %denoted by
&. 2or e"ample, two he"adecimal
numbers have been taken and the
addition, that is, 5=' operation has
performed.
O57P O83P N Od4P
&ultiplication
*he modular product of a%x&
and %x&, denoted by a%x& %x&, is
given by d%x& which are given as
follow.
*he matri" of H5H is taken and
is multiplied with the single column,
that is, matri" multiplication has to be
performed.
*he multiplication of the above
matri" can be performed in the
following manner.
.2 GENERAL
IMPLEMENTATION FLOW
*he generalied
implementation flow diagram of the
pro(ect is represented as follows.
Fi!"r# .2 G#$#ra' I&/'#&#$tati($
F'(1 Dia!ra&
Initially the market research
should be carried out which covers the
previous version of the design and the
current re0uirements on the design.
Fased on this survey, the specification
and the architecture must be identified.
*hen the '*1 modeling should be
carried out in ,HD1 with respect to
the identified architecture. =nce the
'*1 modeling is done, it should be
simulated and verified for all the cases.
*he functional verification should
meet the intended architecture and
should pass all the test cases.
=nce the functional verification
is clear, the '*1 model will be taken to
the synthesis process. *hree operations
will be carried out in the synthesis
process such as
*ranslate
9ap
3lace and 'oute
*he developed '*1 model will
be translated to the mathematical
e0uation format which will be in the
understandable format of the tool.
*hese translated e0uations will be then
mapped to the library that is, mapped
to the hardware. =nce the mapping is
done, the gates were placed and routed.
Fefore these processes, the constraints
can be given in order to optimie the
design. 2inally the FI* 9#3 file will
be generated that has the design
information in the binary format which
will be dumped in the 23!# board.
.8 IMPLEMENTATION
*he pro(ect deals with both the
$ncryption and Decryption algorithm
and its operation.
#3, &odeling
*he implementation of the
encryption and decryption
should be differentiated and the
system must know which one it
should perform. So a signal
>$ncYDec? is declared which
will represents the operation of
the system, that is, system is
either in encryption or
decryption.
*he given input data and key
will be converted to a State and
Aord for the further
transformation.
2or accessing the State, that is,
H5H array, two loops have been
used with the naming
convention of Qi and Q(.
KeyE$pansion
*he implementation of #$S
with the Cipher Iey e"pansion,
that is to enlarge our input
cipher key, whose sie is -./
bits into a larger key, from
which different 'oundIeys can
be derived.
*he S4Fo" values can either be
calculated on4the4fly to save
memory or the pre4calculated
values can be stored in an array.
*here are . S4Fo"es, one for
the encryption and one for the
decryption whose values will
store the values in an array.
#dditionally, instead of
accessing the values
immediately from the program,
it got wrap a little function
around which makes for a more
readable code and would allow
us to add additional code later
on. In the implementation of
the . S4Fo"es, itGs only a table4
lookup that returns the value in
the array whose inde" is
specified as a parameter of the
function.
2rom the theoretical part, it is
known already that 'otate
takes a word %a H4byte array&
and rotates it / bit to the left.
Since / bit correspond to one
byte and the array type is
character %whose sie is one
byte&, rotating / bit to the left
corresponds to shifting
cyclically the array values one
to the left.
*he implementation of 'con is
done with respect to the
counter. *he counter is set with
respect to round number and
the 'con value will be
calculated by performing the
multiplication operation
between the input value and
constant value.
*he Iey $"pansion is where it
all comes together. #s you can
see in the pretty big list in the
theory about the 'i(ndael Iey
$"pansion, we need to apply
several operations a number of
times, depending on they key
sie. Iey$"pansion function
basically needs only two
thingsB
o Input cipher key
o =utput e"panded key
#ll the operations should be
applied one after the other on
the H4byte word which does the
complete operation. *he
parameters are the H4byte word
and the iteration counter, on
which 'con depends. Hence
this Iey$"pansion will be
calculated and each -; bytes
will be given to each 'ound.
AES Encryption
*o implement the #$S
encryption algorithm, we
proceed e"actly the same way
as for the key e"pansion, that
is, we first implement the basic
helper functions and then move
up to the main loop. *he
functions take as parameter a
state, which is, as already
e"plained, a rectangular H"H
array of bytes.
*he shift'ows function iterates
over all the rows and then call
shift'ow with the correct
offset. shift'ow does nothing
but to shift a H4byte array by
the given offset.
*his is the part that involves
the roundIey was generated
during each iteration. Here
simply 5=' each byte of the
key to the respective byte of the
state
*he 9i"Columns
implementation was carried out
by first one would generate a
column and then call
mi"Column, which would then
apply the matri" multiplication.
#s you can see in the theory,
one #$S round is the one
which has to apply all four
operations on the state
consecutively. #ll we have to
do is take the state, the
$"pandedIey and the number
of rounds as parameters and
then call the operations one
after the other.
2inally, all we have to do is put
it all together. =ur parameters
are the input plainte"t, the key
of sie keySie and the output.
2irst, we calculate the number
of rounds based on they
keySie and then the
e"pandedIeySie based on the
number of rounds. *hen we
have to map the -; byte input
plainte"t in the correct order to
the H"H byte state %as e"plained
above&, e"pand the key using
our key schedule, encrypt the
state using our main #$S body
and finally un4map the state
again in the correct order in
order to get the -; byte output
cipherte"t.
AES +ecryption
2or the #$S Decryption, the
key schedule stays the same,
the only operations we need to
implement are the inversed
subFytes, shift'ows and
mi"Columns, while
add'oundIey stays the same.
#s you can see, they are nearly
identical to their encryption
e"cept that the rotation this
time is to the right and that we
use the inversed S4Fo" for the
substitution. #s for the inversed
mi"Columns operation, the
only difference is the
multiplication matri" is
different.
2inally, the only thing left to do
is putting it all together in one
inversed main algorithm.
3lease note that we use our
e"panded key backwards,
starting with the last -; bytes
and then moving towards the
start.
*he separate modules were
written for the 1ast 'ound and
other 'ounds. 2rom first round
to ninth round the same module
can be instantiated and for the
last round, a separate module
was used since it doesnt have
the 9i"Columns operation.
*he functional verification was
carried out for all the test cases and
hence the '*1 modeling is taken to the
synthesis process using the 5ilin" tool.
Synthesis .rocess
*he synthesis process will be
carried out by giving the '*1
model as the input to the tool.
*his '*1 modeling re0uires
,irte"4. board for the
implementation.
Hence the ,irte"4. board is
selected and the whole process
flow will be carried out in the
5ilin" tool and finally the FI*
2I1$ is generated which is
used for dumping on the board.
.= SUMMARY
*he implementation
re0uirement which includes the
primary input and primary
output of the design and the
proper notation and
conventions were discussed.
!eneral implementation flow
of the design were represented
and e"plained in order to
understand the proper flow.
Implementation details have
been discussed which includes
implementation style of each
process.
2inally the synthesis process
was discussed which gives that
in which 23!# family, the
design has been implemented.

CHAPTER 0 CHAPTER 0

RESULTS AND DISCUSSION
0.1 INTRODUCTION
*he #$S $ncryption and
Decryption algorithm and the
implementation were discussed in the
previous chapters. )ow this chapter
deals with the simulation and synthesis
results of the implemented #$S
algorithm. Here 9odelsim tool is used
in order to simulate the design and
checks the functionality of the design.
=nce the functional verification is
done, the design will be taken to the
5ilin" tool for Synthesis process and
the netlist generation.
*he #ppropriate test cases have
been identified in order to test this
modeled #$S $ncryption and
Decryption algorithm. Fased on the
identified values as the reference the
plain te"t and the key of -./ bits will
be given as the input to the design and
the obtained cipher te"t should match
the reference result. *his proves that
the modeled design works properly as
per the algorithm.
0.2 SIMULATION RESULTS
*he test bench is developed in
order to test the modeled design. *his
developed test bench will
automatically force the inputs, which
were taken from the reference, and will
make the operations of algorithm to
perform. *he simulated waveforms for
the various cases have been discussed
in this section.
'ASE-4:
Fi!"r# 0.1 Si&"'ati($ R#s"'t (. AES
E$cr%/ti($ a$+ D#cr%/ti($ .(r S#t:1
I$/"ts
*his case deals with the both
encryption and decryption for first set
of plain te"t and a key of -./ bits. *he
basic and common inputs for both
encryption and decryption stage were
clock %clk&, chip enable %ce& and reset
%rst&. *he reset signal is active high,
that is, when the reset signal is set to
high, the system will be in reset state
and hence all the values will be Q8.
=nce the reset signal is set to low, the
system will start its process.
*here is signal >encYdec?
which represents that the system is in
which operation either in encryption or
decryption. Ahen this >encYdec? is set
to high, the encryption process will be
carried out with the given inputs and
when this signal is set to low, the
decryption process will be carried out.
*he two inputs named as >dataYin? and
>keyYin? which takes the given plain
te"t and the key.
Encryption
Here the first sets of inputs are
taken from the reference as follows.
Input N J. HJ f; a/ // :a J8 /d J- J-
6/ a. e8 J7 87 JH
Cipher Iey N .b 7e -: -; ./ ae d. a;
ab f7 -: // 86 cf Hf Jc
*he above inputs were
represented in the he"adecimal format
which contains -; bytes, that is, -./
bits. So when the proper inputs were
given as the input to the system,
>dinYvalid? and >kYen? signals will go
high. *hese signals represents that the
valid data and the proper key is given
to the system. Hence the output of the
encryption process, that is, the cipher
te"t for the given set of inputs is
obtained as follows.
Cipher *e"t N J6 .: /H -d 8. dc 86 fb
dc -- /: 67 -6 ;a 8b J.
+ecryption
*he above cipher te"t, that is,
encrypted data will be given as the
input to the decryption stage and the
same key should be provided.
Input N J6 .: /H -d 8. dc 86 fb dc --
/: 67 -6 ;a 8b J.
Cipher Iey N .b 7e -: -; ./ ae d. a;
ab f7 -: // 86 cf Hf Jc
Here the >dinYvalid? signal will
goes high only after the encryption
process. Hence the decryption process
will be carried out and the final output,
that is, the same plain te"t which is
given as the input to the encryption
stage will be achieved.
2inal =utput N J. HJ f; a/ // :a J8 /d
J- J- 6/ a. e8 J7 87 JH
*hus the simulation result
which is shown in the figure H.- gives
the clear view on the #$S operation
which was e"plained above.
'ASE-5:
In this case, the same operation
as the case4- will be carried out with
other different sets of inputs. Here also
both encryption and decryption process
were clearly represented in the
simulation waveform shown in the
figure H...
Fi!"r# 0.2 Si&"'ati($ R#s"'t (. AES
E$cr%/ti($ a$+ D#cr%/ti($ .(r S#t:2
I$/"ts
Here the inputs such as plain
te"t and the key for the encryption
process were given as follows.
3lain *e"t N 88 -- .. JJ HH :: ;; 77
// 66 aa bb cc dd ee ff
Iey N 88 8- 8. 8J 8H 8: 8; 87 8/ 86
8a 8b 8c 8d 8e 8f
*he signals shown in the
waveform were represents the same
operation as e"plained in the case4-.
Hence the plain te"t and key were
given as inputs to the encryption stage
and the cipher te"t will be obtained as
output which is represented as follows.
Cipher *e"t N ;6 cH e8 d/ ;a 7b 8H J8
d/ cd b7 /8 78 bH c: :a
*he above encrypted data in
turn will be given as the input to the
decryption stage with the same key
which produces the as plain te"t as the
final output.
2inal =utput N 88 -- .. JJ HH :: ;;
77 // 66 aa bb cc dd ee ff
Hence this represents that the
developed #$S $ncryption and
Decryption #lgorithm works with
different set of inputs.
'ASE-6:
*his case deals with the
internal operation of the #$S
$ncryption process and its results at
each stage which has been clearly
represented in the simulation
waveform shown in the figure H.J.
Fi!"r# 0. Si&"'ati($ R#s"'t (.
E$cr%/ti($ 1it) I$t#r$a' O/#rati($
.(r S#t:1 I$/"ts
*he #$S $ncryption algorithm
internally performs the operation such
as substitution, shifting and mi"ing of
columns. #s discussed in the previous
chapter, the operation of each process
will be carried out and hence the
output calculated values will be seen
clearly in the above waveform. So each
round, all the internal operations will
be carried out and finally the
9i"Column value and the key input of
each round will be 5='ed. Hence the
output of the round will be taken as the
input for the ne"t round. In above
waveform, all the internal operation of
round4- and round4. were shown.
Similarly for all the rounds, the same
operations will be carried out with the
evaluated values. Hence at the last
round, that is, round4-8 the final values
will be evaluated and the cipher te"t
will be given out.
'ASE-!:
*he internal operations
involved during the decryption side
were clearly shown in the figure H.H.
*he cipher te"t generated from
encryption will be given as input to the
decryption block and the same kind of
operation as in the encryption process
will be carried out with the different
pre4defined values. In the waveform
round4- and round4. were shown in
which its internal operation and their
results are shown clearly. *he key will
be given as the inverse of the generated
one from the encryption process.

Fi!"r# 0.0 Si&"'ati($ R#s"'t (.
D#cr%/ti($ 1it) I$t#r$a' O/#rati($
.(r S#t:1 I$/"ts
2inally the last round without
9i"Column operation will be carried
out in order to produce the final output,
that is, plain te"t.
'ASE-7:
*his case deals with the
internal operations involved in the both
encryption and decryption with other
set of inputs. *he operation as
e"plained in the case4J and case4H
were same as here, the only difference
is that the input set is modified. Here
we are checking the operations are
carried out properly with different
inputs and the obtained outputs were
matches with the reference values.
Hence the figure H.: shows the
internal operation of the #$S
$ncryption process and the figure H.;
shows that the internal operations
carried out in the #$S Decryption
process. *he waveform clearly
represents the output values of the each
stage which were fed as input to the
ne"t process.
Fi!"r# 0.2 Si&"'ati($ R#s"'t (.
E$cr%/ti($ 1it) I$t#r$a' O/#rati($
.(r S#t:2 I$/"ts
Fi!"r# 0.8 Si&"'ati($ R#s"'t (.
D#cr%/ti($ 1it) I$t#r$a' O/#rati($
.(r S#t:2 I$/"ts
'ASE-8:
In this case, the first set of
inputs is taken and the whole -8
rounds have been carried out.
Fi!"r# 0.= Si&"'ati($ R#s"'t (.
E$cr%/ti($ .(r S#t:1 I$/"ts
2igure H.7 clearly represents all
the rounds and inputs and outputs of
each round. *hus the data at the every
round output will be acting as the input
to the ne"t round. *hese values can be
cross verified with the reference
values.
Fi!"r# 0.6 Si&"'ati($ R#s"'t (.
D#cr%/ti($ .(r S#t:1 I$/"ts
'ase-9:
In this case, the inputs and
outputs of each round for the other set
of inputs were clearly represented in
the figure H.6 and figure H.-8 for the
both encryption and decryption
process.
Fi!"r# 0.F Si&"'ati($ R#s"'t (.
E$cr%/ti($ .(r S#t:2 I$/"ts
Fi!"r# 0.1C Si&"'ati($ R#s"'t (.
D#cr%/ti($ .(r S#t:2 I$/"ts
*hus the simulation result of
the #$S algorithm for both encryption
and decryption were discussed above
in different cases.
0. INTRODUCTION TO
FPGA
23!# stands for 2ield
3rogrammable !ate #rray which has
the array of logic module, I M= module
and routing tracks %programmable
interconnect&. 23!# can be configured
by end user to implement specific
circuitry. Speed is up to -88 9H but
at present speed is in !H.
9ain applications are DS3,
23!# based computers, logic
emulation, #SIC and #SS3. 23!# can
be programmed mainly on S'#9
%Static 'andom #ccess 9emory&. It is
,olatile and main advantage of using
S'#9 programming technology is re4
configurability. Issues in 23!#
technology are comple"ity of logic
element, clock support, I= support and
interconnections %'outing&.
In this work, design of an #$S
$ncryption and Decryption #lgorithm
is made using ,HD1 is synthesied on
23!# family through 5I1I)5 IS$
*ool. *his process includes followingB
*ranslate
9ap
3lace and 'oute
0..1 FPGA FLOW
*he basic implementation of
design on 23!# has the following
steps.
Design $ntry
1ogic
=ptimiation
*echnology
9apping
3lacement
'outing
3rogramming
Knit
Configured
23!#
#bove shows the basic steps
involved in implementation. *he initial
design entry of may be ,HD1,
schematic or Foolean e"pression. *he
optimiation of the Foolean e"pression
will be carried out by considering area
or speed.
Fi!"r# 0.11 L(!ic 3'(c-
In technology mapping, the
transformation of optimied Foolean
e"pression to 23!# logic blocks, that
is said to be as Slices. Here area and
delay optimiation will be taken place.
During placement the algorithms are
used to place each block in 23!#
array. #ssigning the 23!# wire
segments, which are programmable, to
establish connections among 23!#
blocks through routing. *he
configuration of final chip is made in
programming unit.
0.0 SYNTHESIS RESULT
*he developed #$S $ncryption
and Decryption #lgorithm are
simulated and verified their
functionality. =nce the functional
verification is done, the '*1 model is
taken to the synthesis process using the
5ilin" IS$ tool. In synthesis process,
the '*1 model will be converted to the
gate level netlist mapped to a specific
technology library. *his #$S algorithm
design can be implemented on 23!#
%2ield 3rogrammable !ate #rray&
family of ,irte"4.. Here in this ,irte"4
. family, many different devices were
available in the 5ilin" IS$ tool. In
order to implement this #$S design the
device named as >5C.,/888? has
been chosen and the package as
>22-:-7? with the device speed as >4
:?.
*he design of #$S $ncryption
and Decryption #lgorithm is
synthesied and its results are analyed
as follows.
#3, Schematic
*he '*1 %'egister *ransfer
1ogic& can be viewed as black bo"
after synthesie of design is made. It
shows the inputs and outputs of the
system. Fy double4clicking on the
diagram we can see gates, flip4flops
and 9K5.
Fi!"r# 0.12 RTL Sc)#&atic
*he above figure H.-. shows
the top level block diagram that
contains the primary inputs and outputs
of the design.
+evice utili/ation summary:
*his device utiliation includes
the following.
1ogic Ktiliation
1ogic Distribution
*otal !ate count for the Design

*he device utiliation summery
is shown above in which its gives the
details of number of devices used from
the available devices and also
represented in Z. Hence as the result
of the synthesis process, the device
utiliation in the used device and
package is shown above.
3iming Summary:
Speed 'rade: -(
)inimum period: (*.+,-ns
$)aximum .re/uency: ,0.1+2)34%
IN
&
U
T
S
O
U
T&
U
T
S
)inimum input arrival time efore
clock: *2.,25ns
)aximum output re/uired time after
clock: 6.062ns
)aximum cominational path delay:
No path found
In timing summery, details
regarding time period and fre0uency is
shown are appro"imate while
synthesie. #fter place and routing is
over, we get the e"act timing summery.
Hence the ma"imum operating
fre0uency of this synthesied design is
given as -/.678 9H and the
minimum period as :..7-6 ns.
=22S$* I) is the minimum input
arrival time before clock and =22S$*
=K* is ma"imum output re0uired time
after clock.
0.2 SUMMARY
*he developed #$S algorithm
is modeled and is simulated
using the 9odelsim tool.
*he simulation results are
discussed by considering
different cases.
*he '*1 model is synthesied
using the 5ilin" tool in ,irte"4
. and their synthesis results are
discussed with the help of
generated reports.

CHAPTER 2 CHAPTER 2

CONCLUSION AND FUTURE
SCOPE
2.1 CONCLUSION
2irstly, understanding the
concept of cryptology and flow of #$S
algorithm is done. Successful
implementation of #$S algorithm,
make to know one of the encryption
and decryption standard available in
market and it helps to e"plore the path
to implement such an algorithm using
,HD1. 9ainly, the concept of
instantiation and arrays plays a ma(or
part in implementation. *his is a -./4
bit Iey dependent algorithm which has
control over the -./4bit input data or
plainte"t. *he original message is
taken to -8 round operations which
produces the cipherte"t. *his resultant
encrypted data is fed as the input to the
decryption and -8 rounds operations
were carried out and hence the same
plain te"t is achieved. !iven the same
input key and data %plainte"t or
cipherte"t& any implementation that
produces the same output %cipherte"t
or plainte"t& as the algorithm specified
in this standard is an acceptable
implementation of the #$S.
*he simulation results have
been verified for the different
appropriate test cases. 2inally the
developed model is taken to the 5ilin"
tool and done the implementation
using the 23!# family of ,irte"4.
board.
2.2 FUTURE SCOPE
In recent days, #$S %#dvanced
$ncryption Standard& is used which
has increased level of security. *his
work on the #$S $ncryption and
Decryption #lgorithm of -./ bits can
be e"tended in the future in the
following ways.
#s this algorithm supports the
key length of -6. bits and .:;
bits, the work can be e"tended
by increasing the key length
which increases both the
security level to high and also
the difficulties in hacking level.
#lso this work can be e"tended
by developing a switch. *his
switch will be used to switch
the system of key lengths to
either of -./ bits, -6. bits and
.:; bits. *his will be handling
all the three key lengths and the
re0uired process can be carried
out by with respect to the
switch.
APPENDI<:1 APPENDI<:1

STANDARD TA3LES FOR
AES ALGORITHM
K#%:3'(c-:R("$+ C(&bi$ati($s
S:3(7G S"bstit"ti($ 4a'"#s "s#+ i$
E$cr%/ti($ Pr(c#ss
Matri7 4a'"# "s#+ i$ Mi7C('"&$
O/#rati($ i$ E$cr%/ti($ Pr(c#ss
S:3(7G S"bstit"ti($ 4a'"#s "s#+ i$
D#cr%/ti($ Pr(c#ss
Matri7 4a'"# "s#+ i$ Mi7C('"&$
O/#rati($ i$ D#cr%/ti($ Pr(c#ss