Multi-Operation Cryptographic Engine: VLSI Design and Implementation George Selimis and Odysseas Koufopavlou VLSI Design Lab, Electrical and Computer Engineering Department, University of Patras, Rio 26500, Patras, Greece E-mail: [email protected] Abstract. The environment of smart card lacks of system resources but the commercial and economic transactions via smart cards demand the use of certificated and secure cryptographic methods. In this paper a cryptographic approach in hardware for smart cards is proposed. The proposed system supports two basic operations of cryptography, authentication and encryption. The basic component of system is the one round of DES algorithm which supports the DES, Triple DES and the ANSI X9.17 standards. The proposed system is efficient in terms of area resources and techniques for low power consumption have applied. Due to the fact that the system is for smart card applications the overall throughput outperforms the typical smart card throughput standards.

1. Introduction Smart cards are used in many application fields [1]. Telecommunications provide SIM cards for mobile telephony and prepaid public telephone cards. Multimedia and pay-TV Cards are significant representatives of smart cards. There are also several uses of smart cards in transportations. An attempt for more secure financial services cards (banking, shopping) enforces the conversion of magnetic stripe and credit cards to smart cards. The industry vendors forecast that in the future smart card would be a multiplication card which will communicate via air with internet gates. 2. DES, Triple DES and ANSI X 9.17 Standards DES encryption algorithm converts 64-bit plaintext to 64-bit ciphertext using a 64-bit key in both encryption and decryption processes [2, 3]. The same algorithm is reused with the same initial key to convert ciphertext back to plaintext, in the decryption process. This encryption algorithm performs 16 rounds of operations, which mix the data and the key using the fundamental operations of permutation and substitution. The goal is to completely scramble the data and the key so that every bit of the ciphertext depends on every bit of the data plus every bit of the key. Triple DES processing is generated by the use of three blocks of DES, in serial order. Triple-DES architecture can use one, two or three secret keys. The standard method of encryption for triple-DES is TDES-EDE2, Encrypt-Decrypt-Encrypt, using only two keys, k1 and k2 The ANSI X9.17 standard specifies a method of key generation. This does not generate easy to remember keys, it is more suitable for generating session keys or pseudo-random numbers within a system [4]. The cryptographic algorithm used to generate keys is triple-DES, but it could just easily be any algorithm [5]. Let E k (X ) be triple-DES Encryption of X with key K . This is a special key reserved for secret key generation. Vo is a secret 64-bit seed. T is a timestamp. To generate the random key Ri , calculate:

Ri = E K ( E K (Ti ) Å Vi ) , to generate Vi +1 calculate: Vi +1 =E K ( E K (Ti ) Å Ri )

3. The proposed cryptographic scheme 3.1 The Proposed CryptographicTransaction Scheme Two components of the smart card hardware system, Digital Encryption Standard (DES) engine and Random Number Generator can provide secure transactions. Smart card and reader share a common secret key .The scenario of a secure transaction is the following: First smart card sends to reader a 64-bit random number. Reader encrypts the 64-bit stream with the secret key and sends it to smart card. Smart card decrypts with the secret key the received 64-bit stream and then verifies reader. The reverse process is required for reader to verify smart card. In this manner, each can verify that the other knows the key value without the key itself ever being communicated and the authentication process is completed. Afterwards a session key is generated for the following encryption/decryption process. 3.2 Efficient Hardware Design In order to implement the proposed cryptographic system for a limited resources system as smart card the design follows the above rules: · The system has to be area efficient. So there is a need for a cautious use of hardware components. Design rules as the feedback and common sharing should be applied. · The system has to be power efficient. Especially for the smart cards that they do not enclose battery and they extract power from the electromagnetic field. · The throughput is a parameter that can be sacrificed because smart card standards provide low bit rates. For these reasons the following design techniques should be adopted: · The Des, Triple DES and the RNG are based in the one transformation round of DES algorithm.The result is three cryptographic procedures to share only one circuit. · The cryptographic procedures are based in the feedback method. From these two above design aspects the area reduction of the system is very significant. · The use of power management: One technique for power minimization is the use of gated clock. Gated clocks are used in power management to shut down the components of the chip that are inactive. The clock to each component is gated so that the clock to a given component can be disabled upon demand. The above technique is a switching activity reduction technique. · Glitch reduction:If a register can be positioned before the output of a component then some spurious transitions are filtered by the register. The above technique is also a switching activity reduction technique. · Minimize Capacitance: Due to the fact that the system is based on one transformation round (feedback method) the covered area resources and the overall system wiring are limited. Then the overall capacitance of the system is reduced. · One of the most effective ways of energy reduction of a circuit is to reduce the supply voltage, because the energy consumption drops quadratically with the supply voltage. For example reducing the voltage from 5.0 to 3.3 Volts reduces power consumption by about 56%. The above four methodologies are applied in the proposed system for power reduction since it is known that the power consumption value is given by the formula: Pd =C eff .V 2 . f (1), where Pd is the power in Watts, C eff is the switch capacitance in Farads, V is the supply Voltage in Volts and f the frequency of operations in Hertz. 3.3 The Proposed System Architecture The basic component of the system is DES transformation round. The control unit changes the operation of the system to work as DES, Triple DES encryption system or as Pseudo Random Number Generation Unit. Three registers (Register R, Register S and Register V) store the internal values during the operation of pseudo random number generator. The XOR units are used also as the standard ANSI X9.17 specifies.

DES operation: The control unit turns off the three registers and the Triple Des and RNG sub systems of control. The DES round has as inputs a 64-bit plaintext, a 64-bit key and the result (ciphertext) is created after 16 clock cycles. TDES operation: This operation is same like DES operation. The only difference is that the ciphertext is created after 48 (3*16) clock cycles and in this case the TDES control subsystem is on. Pseudo Random Number Generator: The system has as input the 64-bit key and the T time seed which is encrypted by the Triple DES system operation. The result is stored in the Register S and Xored with the value Vi which is temporally stored in the register V. The result which is produced from the XOR operation is now the second (2) input of the system. After a Triple DES operation the result is stored in the Register R. The Contents of registers S and R Xored and the result is the third (3) input of the system. The last procedure is needed to update the value of register V for security reasons. When the Des round operates the clock of the three registers is switched off and when the Triple DES operation is completed the clock of DES round is switched off and the clock of registers running. In the Figure 3 the DES transformation round is presented. As it is disgusted above this is the most significant unit of the proposed architecture. The DES operation uses this unit 16 times, the triple-des operation 48 times and finally the Random Number Generator 144 times. If the power consumption is reduced in this unit then the overall power savings will be significant. As it is shown the XOR component has as inputs the expansion output and an input which produced from the key generation unit. Due to the fact that the Expansion unit is very simple (just wiring) and the key generation unit much more complicated the input 1 produces glitch generation to the system. To reduce the switching activity of the system a register can be introduced before the XOR unit.

Figure 1. DES transformation Round and the additional register

4. Experimental results The proposed architectures have been captured by using VHDL. The system have been synthesized, placed, and routed using a sub micron ASIC library. The synthesis results for both implementations are illustrated in Table 1.

Table 1. Experimental Results proposed System ASIC Gates Frequency Throughput Throughput (glitch reduction)

DES

280 Mbps

TDES 18,000 70 MHz 93Mbps

RNG

31Mbps

140 Mbps

46,5Mbps

16 Mbps

As it is presented in Table 1 the value of achieved hardware implementation throughput satisfies the low rate standards of smart cards (102 kbps-1Mbps). The variables voltage and frequency have a trade-off between delay versus energy consumption. Reducing clock frequency f alone does not reduce energy, since to do the same work the system must run longer. As the voltage is reduced, the delay increases. A common approach to power reduction is first increase the performance of the module and then reduces the voltage as much as possible so the required performance is still reached. By introducing an embedded hardware Crypto-Processor in the smart card, the required encryption/decryption processing time is decreased dramatically. If it is supposed that the required throughput is 1Mbps for the DES operation the power reduction for the proposed system reducing the voltage supply will be about 99%. 6. Conclusions Custom crypto processors containing tens of thousands of gates can be embedded in smartcard CPUs. A count of approximately 70,000 cells is not extraordinary [7]. This cell count will easily fit on all chips, including smart cards. This small size provides the algorithm with great flexibility and the ability to be utilized in many varied applications. This in particular, we know of smart card containing a crypto ASIC for symmetric key cryptography with more than 10,000 gates [6]. 7. References [1] RESET ROADMAP 5.0 2003 Roadmap for European Research on Smartcard related technologies Version 5, www.ercim.org/reset/ [2] Data Encryption Standard 1977 Federal Information Processing Standard (GIPS) 46 National Bureau of Standards. [3] Federal Information Processing Standards 140-1 1994 Security Requirements for Cryptographic Modules U.S. Department of Commerce/NIST, Springfield. [4] Federal Information Processing Standards 171 1992 Key Management Using ANSI X9.17.. [5] Scneier B. 1996 Applied Cryptography: Protocols,Algorithms, and Source in C published by John Willey & Sons, Inc. [6] Anderson R., Biham E., and Knudsen L. Serpent and Smart Cards Third Smart Card Research and Advanced Applications Conference Proceedings. [7] Burwick C., Coppersmith D, D’ Avignon E., et al 1998 MARS- a candidate cipher for AES 1st AES Conference, Ventura, CA, August 20-22, 1998.