Actel COREDES-AN Corede Datasheet

CoreDES
Product Summary
Core Deliverables
•
–
Intended Use
•
Whenever Data is Transmitted across an Accessible
Medium (Wires, Wireless, etc.)
•
E-Commerce Transactions, where Dedicated
Encryption/Decryption Hardware Can Ease the
Load on Servers
•
Personal Security Devices
•
Bank Transactions, where Financial Security is
Mandatory
•
•
Key Features
•
56-bit Cipher Key (with 8 Additional Parity Bits)
•
Parity Checking Logic for Cipher Key
•
Encryption and Decryption Possible with Same
Core
•
16-Clock Cycle Operation to Encrypt or Decrypt 64
Bits of Data
•
Pause/Resume
Functionality
Encryption or Decryption at Will
•
Compliant with FIPS PUB 46-3
•
ECB (Electronic Codebook) Implementation per
FIPS PUB 81
•
Example Source Code Provided for CBC, CFB and
OFB Modes
•
Provides Data Security within a Secure Actel FPGA
•
All Major Actel Device Families Supported
to
•
Fusion
•
ProASIC3/E
•
ProASICPLUS
•
Axcelerator
•
RTAX-S
•
SX-A
•
RTSX-S
December 2005
© 2005 Actel Corporation
Compiled RTL Simulation Model Fully
Supported in the Actel Libero® Integrated
Design Environment (IDE)
Netlist Version
–
Structural Verilog and VHDL Netlists (with and
without I/O pads) Compatible with the Actel
Designer Place-and-Route Software Tool
–
Compiled RTL Simulation Model
Supported in the Actel Libero IDE
Fully
RTL Version
–
Verilog or VHDL Core Source Code
–
Core Synthesis Scripts
Actel-Developed Testbench (Verilog and VHDL)
Synthesis and Simulation Support
Continue
•
Synthesis:
Synplicity®,
Synopsys®
(Design
®
Compiler / FPGA Compiler™ / FPGA Express™),
Exemplar™
•
Simulation: OVI-Compliant Verilog Simulators and
Vital-Compliant VHDL Simulators
Core Verification
Supported Families
•
Evaluation Version
v 4 .0
•
Actel-Developed Simulation Testbench Verifies
CoreDES against Tests Listed in the National
Institute of Standards and Technology (NIST)
Special Publication 800-17, Modes of Operation
Validation System (MOVS): Requirements and
Procedures
•
Users Can Easily Modify Testbench Using Existing
Format to Add More Tests Listed in NIST Special
Publication 800-17 or Custom Tests
1
CoreDES
General Description
Contents
The CoreDES macro implements the Data Encryption
Standard (DES), which provides a means of securing data.
The DES algorithm is described in Federal Information
Processing Standards (FIPS) Publication (PUB) 46-3. The
algorithm takes as input 64 bits of plaintext data and 64
bits of a cipher key (only 56 of the 64 bits of the key are
used in the calculations, as the least significant bit of
each byte of the cipher key is used to provide odd-parity
for the key bytes) and after 16 cycles, produces a 64-bit
ciphered version of the original plaintext data as output.
During the 16 cycles or iterations of the algorithm, the
data bits are subjected to permutation and addition
functions, which consist of key schedules, calculated by
rotations and permutations applied to the original 56-bit
cipher key. Figure 1 illustrates the 16-iteration DES
algorithm, as described in detail in FIPS PUB 46-3.
General Description .................................................... 2
CoreDES Device Requirements .................................. 4
CoreDES Verification .................................................. 4
I/O Signal Descriptions ............................................... 5
CoreDES Operation .................................................... 5
Encryption ................................................................... 6
Decryption .................................................................. 7
Pause/Resume ............................................................. 8
Clear/Abort ................................................................. 9
Modes of Operation ................................................... 9
Ordering Information .............................................. 10
Export Restrictions .................................................... 10
List of Changes ......................................................... 11
Datasheet Categories ............................................... 11
L0
Left and Right
Data Halves after
Initial Permutation
R0
K1
+
Key
Key Schedule 1
f
Input
Initial
Permutation
Left and Right
Data Halves after
Round 1
R1 = L0
f(R0,K1)
L1 = R0
K2
16 Rounds
of Computation
+
Key Schedule 2
f
Inverse Initial
Permutation
Output
L2 = R1
R2 = L1
f(R1,K2)
Left and Right
Data Halves
after Round 2
R16 = L15
f(R15,K16)
L16 = R15
Left and Right
Data Halves
after Round 16
Figure 1 • DES Algorithm
2
v4.0
CoreDES
CoreDES consists of four main blocks (shown in Figure 2).
3. Key schedule logic – computes the intermediate
keys at each round of the DES algorithm.
1. Data schedule logic – computes the intermediate
data values at each round of the DES algorithm.
4. Parity check logic – checks for odd-parity
compliance of the 56 bits of cipher key and issues
an error signal if parity is not correct.
2. Iteration state machine logic – keeps track of
which round of the DES algorithm is currently in
progress.
Data In
Data
schedule
logic
Data Out
Iteration
state
machine
Cipher Key
Parity Enable
Key
schedule
logic
Parity
check
logic
Parity Error
Figure 2 • CoreDes Block Diagram
RT54SX-S) employ FuseLockTM technology, each of which
provides a means to keep the cipher key and the rest of
the logic secure. The output of the CoreDES macro
should be connected to registers or FIFOs, as it is only
valid for one clock cycle, as shown in the
sections"Encryption" on page 6 and "Decryption" on
page 7, respectively.
Design Security
Figure 3 shows a typical system diagram. Note
that the cipher key, which is the "secret" key, can be
made up of FPGA logic cells thereby preventing the
possibility of design or data theft. Actel Flash-based
devices (ProASICPLUS) employ FlashLockTM technology,
and Actel antifuse-based devices (Axcelerator, SX-A,
Actel FPGA
Registers or
FIFO
Local Device
Plaintext
(Unencrypted)
Data
Source
To other logic or
global distribution,
e.g., Internet, etc.
Other
Logic
Other
Logic
CoreDES
Encrypted
Data
Output
Cipher
Key
Figure 3 • CoreDES in Typical System
v4.0
3
CoreDES
CoreDES Device Requirements
The CoreDES macro has been implemented in several of the Actel device families. A summary of the implementation
data is listed in Table 1.
Table 1 • CoreDes Device Utilization and Performance
Cells or Tiles
Family
Utilization
Sequential
Combinatorial
Total
Device
Total
Performance
Throughput
148
1123
1271
AFS600
10%
80 MHz
320 Mbps
148
1123
1271
A3PE600-2
10%
80 MHz
320 Mbps
ProASIC
142
1328
1470
APA075-STD
48%
50 MHz
200 Mbps
Axcelerator
141
601
742
AX125-3
37%
125 MHz
500 Mbps
RTAX-S
141
601
742
RTAX1000S-1
4%
74 MHz
296 Mbps
SX-A
141
628
769
A54SX16A-3
53%
100 MHz
400 Mbps
RTSX-S
141
628
769
RT54SX32S-2
27%
55 MHz
220 Mbps
Fusion
ProASIC3/E
PLUS
Note:
Data in this table achieved using typical synthesis and layout settings.
Data throughput is computed by taking the bit width of the data (64 bits), dividing by the number of cycles (16), and
multiplying by the clock rate (performance); the result is listed in Mbps (millions of bits per second).
CoreDES Verification
The comprehensive simulation testbench (included with
Netlist and RTL versions of the core) verifies the CoreDES
macro against several of the tests listed in NIST Special
Publication 800-17, Modes of Operation Validation
System (MOVS): Requirements and Procedures. The
testbench applies several tests to the CoreDES macro,
including: sample round output tests, variable plaintext
4
v4.0
tests, variable cipher key tests, permutation operation
tests, and substitution table tests. Using the supplied
testbench as a guide, the user can easily customize the
verification of the core by adding or removing any of the
tests listed in NIST Special Publication 800-17 or by
adding any custom test cases.
CoreDES
I/O Signal Descriptions
The port signals for the CoreDES macro are defined in
Table 2 and illustrated in Figure 4. CoreDES has 200 I/O
signals that are described in Table 2. All arrayed ports are
labeled with indices that begin with the number 1 (most
significant bit) and ascend up to the width of the arrayed
port (least significant bit, which happens to be 64 for all
arrayed ports in this core). The arrayed ports are labeled
in this fashion to correspond with the nomenclature
described in Federal Information Processing Standards
Publication 46-3 (FIPS PUB 46-3).
Table 2 • CoreDES I/O Signal Descriptions
Name
Type
Description
NRESET
Input
Active-low asynchronous reset
CLK
Input
System clock: reference clock for all internal DES logic
EN
Input
Enable signal: set to '1' for normal continuous operation, set to '0' to pause
CLR
Input
Synchronous clear signal: set to '1' to clear logic at any time
ED
Input
Encrypt/Decrypt: '1' to Encrypt, '0' to Decrypt
PCHK
Input
Parity Check: set to '1' to enable parity checking of cipher key bits
K[1:64]
Input
Key: 64-bit (56 bits + 8 parity bits) cipher key input bus
D[1:64]
Input
Data in: 64-bit data input bus
Q[1:64]
Output
Data out: 64-bit ciphertext (for Encrypt operation, plaintext for Decrypt operation)
QVAL
Output
Q Valid: '1' indicates that valid Encrypt/Decrypt data is available on Q
PERR
Output
Parity Error: '1' indicates that a parity error has occurred on the K cipher key input bits
CoreDES Operation
NRESET
CLK
Parity Checking
EN
CLR
ED
If parity checking is desired for the cipher key K[1:64]
inputs, the PCHK input should be held at logic '1'. The
parity checking logic will determine whether or not an
odd number of logic '1' values are present in each byte
of the cipher key. This function can be disabled at any
time by setting the PCHK input to logic '0'.
Q[1:64]
CoreDES
QVAL
PCHK
PERR
K[1:64]
D[1:64]
Note that if parity checking is disabled by setting the
PCHK input to logic '0,' the least significant bits of each
byte of the cipher key (K[8], K[16], K[24], K[32], K[40],
K[48], K[56], and K[64]) can each be statically connected
to either a logic '1' or logic '0' value, since they are the
parity bits and will not be used (Figure 5).
Figure 4 • CoreDES I/O Signal Diagram
8
16
PCHK
24
K[1:64]
32
Parity Check
Logic
40
48
56
64
PERR
Figure 5 • Key Parity Check
v4.0
5
CoreDES
Encryption
To begin the process of encrypting data, the following
inputs are set:
1. K[1:64] is set to the cipher key (ck1 in Figure 6) to
encrypt the data.
2. D[1:64] is set to the plaintext data (d1 in Figure 6)
to be encrypted.
After 16 clock cycles of the EN input being held
continuously at a logic '1' value, the QVAL signal will
transition from logic '0' to logic '1' and remain valid for
one clock cycle, indicating that valid ciphered
(encrypted) data (shown as q1 in Figure 6) is available on
the Q[1:64] outputs.
3. ED is set to logic '1'.
4. EN is set to logic '1'.
1
cycle
2
3
4
5
6
7
8
9 10 11 12 13 14 15 16
CLK
K[1:64]
ck1
D[1:64]
d1
ED
EN
q1
Q[1:64]
QVAL
Don't care
Figure 6 • Example Encryption Sequence
6
v4.0
Undefined
CoreDES
Decryption
After 16 clock cycles of the EN input being held
continuously at a logic '1' value, the QVAL signal will
transition from logic '0' to logic '1' and remain valid for
one clock cycle, indicating that valid plaintext
(unencrypted data shown as q1 Figure 7) is available on
the Q[1:64] outputs.
To begin the process of decrypting data, the following
inputs are set:
1. K[1:64] is set to the cipher key (ck1 in Figure 7) to
decrypt the data.
2. D[1:64] is set to the ciphertext data (d1 in Figure 7)
to be decrypted.
3. ED is set to logic '0'.
4. EN is set to logic '1'.
1
cycle
2
3
4
5
6
7
8
9 10 11 12 13 14 15 16
CLK
K[1:64]
ck1
D[1:64]
d1
ED
EN
q1
Q[1:64]
QVAL
Don't care
Undefined
Figure 7 • Example Decryption Sequence
v4.0
7
CoreDES
Pause/Resume
For normal operation, the EN input is held at a logic '1'
value. The core can be paused by holding the EN input at
a logic '0' value, indefinitely, as shown in Figure 8. To
resume operation, the EN input should be brought back
to a logic '1' value. This functionality applies to either
encryption or decryption. Note that the ED input must
remain at logic '1' throughout an entire encryption cycle,
or at logic '0' throughout an entire decryption cycle;
otherwise, unpredictable results on the Q[1:64] outputs
will occur.
blocks of data are encrypted, the user would then need
to hold the EN input at a logic '0' value, since if it is left
at a logic '1', data will continue to be encrypted ad
infinitum. When ready for the next blocks of data, the
user can then resume the encryption process by holding
the EN input at a logic '1' value. Another possible use
may be if the user has an elastic buffer (FIFO) connected
to the Q[1:64] outputs. If the FIFO is filling up with
encrypted data faster than the encrypted data is being
read out of the FIFO, the user may want to pause the
CoreDES macro by setting the EN input to a logic '0'
when the full or almost-full flag logic from the FIFO is
active. When the FIFO full or almost-full flag logic clears,
the CoreDES macro can then resume operation by again
setting the EN input to a logic '1' value.
The pause/resume functionality is provided as an aid to
the user. One possible use for the pause functionality is
the case where many blocks of data are encrypted one
after another, for which the EN input can be held
statically at a logic '1' value, the data input changing
every 16 clock cycles to encrypt the next block. After all
cycle 3
"paused"
cycle
1
2 3a 3b 3c
4
5
6
7
8
9 10 11 12 13 14 15 16
CLK
K[1:64]
ck1
D[1:64]
d1
ED
EN
q1
Q[1:64]
QVAL
Don't care
Figure 8 • Example Encryption Pause/Resume Sequence
8
v4.0
Undefined
CoreDES
Clear/Abort
At any point in the process of encrypting or decrypting
data, the user can abort the current operation by setting
the CLR input to logic '1'. This will clear all current
calculations with the key schedule and data schedule
logic. The user can then immediately begin to use a
different cipher key and data input on the very next
cycle, as shown in Figure 9.
encryption or decryption sequence. The user is able to
immediately halt the current operation simply by
holding the CLR input at a logic '1' value for at least one
clock cycle, and commence immediately on the following
clock cycle with a new cipher key and/or new data. If the
CoreDES macro is integrated into a system containing a
processor, the processor may want to abort the
encryption or decryption operation for some specific
event (e.g., low or failing power condition).
The clear/abort functionality is provided as another aid
to the user. This is employed when the user wants to
change the cipher key, possibly in the middle of an
1
cycle
2
3
1
2
3
4
5
6
7
8
9 10 11 12 13 14 15 16
CLK
K[1:64]
ck1
ck2
D[1:64]
d1
d2
ED
EN
internal logic cleared/flushed;
cipher key (ck1) and data (d1)
calculations aborted
CLR
Q[1:64]
q2
QVAL
Don't care
encrypted data using cipher
key (ck2) and data (d2)
Undefined
Figure 9 • Example Encryption Abort Sequence
Modes of Operation
CoreDES is implemented using the ECB (Electronic
Codebook) mode of operation, per FIPS PUB 81.
Depending upon the application, other modes of
operation for DES may be desirable. For this reason,
Actel provides example VHDL and Verilog source code
for the CBC (Cipher Block Chaining), CFB (Cipher
Feedback), and OFB (Output Feedback) modes. For
detailed information on specific modes of operation,
refer to FIPS PUB 81.
v4.0
9
CoreDES
Ordering Information
Export Restrictions
CoreDES can be ordered through your local Actel sales
representative. The following number convention should
be used when ordering: CoreDES-XX, where XX is listed
in Table 3.
CoreDES is subject to export controls and is licensable
under the U.S. Department of Commerce's Export
Administration Regulations, the U.S. Department of
State's International Traffic in Arms Regulations, or other
laws, government regulations, or restrictions. Actel is
currently in the process of obtaining additional
permissions to ship CoreDES to a wider audience. The
licensee will not import, export, reexport, divert,
transfer, or disclose CoreDES without complying strictly
with the export control laws and all legal requirements
in the relevant jurisdictions, including and without
limitation, obtaining the prior approval of the U.S.
Department of Commerce or the U.S. Department of
State, as applicable.
Table 3 • Ordering Codes
XX Description
EV
Evaluation Version
SN
Netlist for single-use on Actel devices
AN Netlist for unlimited use on Actel devices
SR
RTL for single-use on Actel devices
AR
RTL for unlimited use on Actel devices
UR
RTL for unlimited use and not restricted to Actel devices
10
v4.0
CoreDES
List of Changes
The following table lists critical changes that were made in the current version of the document.
Previous Version Changes in Current Version (v 4 .0 )
v3.0
v2.0
Page
The "Supported Families" section was updated to include Fusion.
1
Table 1 was updated to include Fusion data.
4
The "Supported Families" section was updated to include ProASIC3/E.
1
Table 1 was updated to include ProASIC3/E data.
4
The "Modes of Operation" section was added.
9
Datasheet Categories
In order to provide the latest information to designers, some datasheets are published before data has been fully
characterized. Datasheets are designated as "Product Brief," "Advanced," and "Production." The definitions of these
categories are as follows:
Product Brief
The product brief is a summarized version of an advanced or production datasheet containing general product
information. This brief summarizes specific device and family information for unreleased products.
Advanced
This datasheet version contains initial estimated information based on simulation, other products, devices, or speed
grades. This information can be used as estimates, but not for production.
Unmarked (production)
This datasheet version contains information that is considered to be final.
v4.0
11
Actel and the Actel logo are registered trademarks of Actel Corporation.
All other trademarks are the property of their owners.
www.actel.com
Actel Corporation
Actel Europe Ltd.
Actel Japan
www.jp.actel.com
Actel Hong Kong
www.actel.com.cn
2061 Stierlin Court
Mountain View, CA
94043-4655 USA
Phone 650.318.4200
Fax 650.318.4600
Dunlop House, Riverside Way
Camberley, Surrey GU15 3YL
United Kingdom
Phone +44 (0) 1276 401 450
Fax +44 (0) 1276 401 490
EXOS Ebisu Bldg. 4F
1-24-14 Ebisu Shibuya-ku
Tokyo 150 Japan
Phone +81.03.3445.7671
Fax +81.03.3445.7668
Suite 2114, Two Pacific Place
88 Queensway, Admiralty
Hong Kong
Phone +852 2185 6460
Fax +852 2185 6488
5172172-2/12.05
Similar pages