Encryption Transaction with Encryption Transaction with 3DES3DES

Team W2Team W2Yervant DermenjianYervant Dermenjian (W21)(W21)Taewan Kim Taewan Kim (W22)(W22)Evan MengstabEvan Mengstab (W23)(W23)Xiaochun ZhuXiaochun Zhu (W24)(W24)

Objective:Objective: To implement a To implement a secure credit card transaction secure credit card transaction using 3DES encryption using using 3DES encryption using Kerberos-style authentication.Kerberos-style authentication.

Current Stage: Short Final PresentationCurrent Stage: Short Final Presentation 04/12/200404/12/2004

Design Manager: Rebecca MillerDesign Manager: Rebecca Miller

Status UpdateStatus Update

Have not found source of voltage drop on Vdd problemHave not found source of voltage drop on Vdd problem

Debugging AttemptsDebugging Attempts 1) Simulate PC alone with long Vdd & Gnd rails: Works1) Simulate PC alone with long Vdd & Gnd rails: Works 2) Simulate (1) with min sized buffers on input AND output: Works2) Simulate (1) with min sized buffers on input AND output: Works 3) Simulate PCROM alone with long Vdd & Gnd rails: Works3) Simulate PCROM alone with long Vdd & Gnd rails: Works 4) Simulate (3) with min sized buffers on input AND output: Works4) Simulate (3) with min sized buffers on input AND output: Works 5) Simulate PC & PCROM together without resistances: Works5) Simulate PC & PCROM together without resistances: Works 6) Simulate PC & PCROM together with resistances: Doesn't Work6) Simulate PC & PCROM together with resistances: Doesn't Work 7) Remove excess M1 to Gnd contacts in ROM and decoder in (6): 7) Remove excess M1 to Gnd contacts in ROM and decoder in (6):

Doesn't WorkDoesn't Work 8) Do (7) with NWell and contacts along long Vdd rail: Works8) Do (7) with NWell and contacts along long Vdd rail: Works They’re connected by a few microns of wire: Shouldn’t be a problemThey’re connected by a few microns of wire: Shouldn’t be a problem

Workaround: Layed Vdd and Gnd rails everywhere possibleWorkaround: Layed Vdd and Gnd rails everywhere possible

Runs at 150MHzRuns at 150MHz

Project DescriptionProject Description Implement Triple DES Encryption using 0.18μImplement Triple DES Encryption using 0.18μ CMOS technologyCMOS technology

Attain speeds appropriate for application in Automated Teller Machines (200MHz)Attain speeds appropriate for application in Automated Teller Machines (200MHz)

Integrate Encryption into ATM transationIntegrate Encryption into ATM transation

Use Kerberos-style authenticationUse Kerberos-style authentication Encrypt User Information as data using CC# and Pin as KeysEncrypt User Information as data using CC# and Pin as Keys Transaction Authorizer decrypts using CC# and Pin (which they know)Transaction Authorizer decrypts using CC# and Pin (which they know)

Credit Card Number and PIN are never transmitted, but are essential to Credit Card Number and PIN are never transmitted, but are essential to authenticateauthenticate

MarketabilityMarketability

Point-of-sale terminals transmit your name, credit card Point-of-sale terminals transmit your name, credit card number, and expiration dates ‘in the clear.’number, and expiration dates ‘in the clear.’

Credit and charge card fraud costs cardholders and Credit and charge card fraud costs cardholders and issuers hundreds of millions of dollars each yearissuers hundreds of millions of dollars each year

Using Kerberos-style authentication, we transmit Using Kerberos-style authentication, we transmit encrypted information that can be verified by the card encrypted information that can be verified by the card authorizer without actually containing sensitive authorizer without actually containing sensitive information.information.

Uses existing cards and phone networkUses existing cards and phone network

Finalist for the 2001 Advanced Encryption StandardFinalist for the 2001 Advanced Encryption Standard

April 1, 2005 – MasterCard requires all ATMs April 1, 2005 – MasterCard requires all ATMs be 3DES compliantbe 3DES compliant

System IntegrationSystem Integration

Triple DES Compliant

Encrypted Card# + PINEncrypted Card# + PIN

Verified Verified

Unencrypted Card# + PIN

Triple DES Encryption

The 3DES AlgorithmThe 3DES Algorithm OverviewOverview

Block Cipher - acts on a 64-bit block of plaintextBlock Cipher - acts on a 64-bit block of plaintext Converts it into a 64-bit block of cipher text using a 56-bit keyConverts it into a 64-bit block of cipher text using a 56-bit key Specified in FIPS Pub 46-3Specified in FIPS Pub 46-3 Symmetric Key Cipher – encryption & decryption use same keySymmetric Key Cipher – encryption & decryption use same key

DES vs. 3DESDES vs. 3DES 3DES applies 3 stages of DES with a separate key for each stage3DES applies 3 stages of DES with a separate key for each stage Total key length in 3DES is 56 bits x 3 key = 168 bitsTotal key length in 3DES is 56 bits x 3 key = 168 bits

StagesStages Stage 1: Encrypt plaintext with Key 1Stage 1: Encrypt plaintext with Key 1 Stage 2: Decrypt cipher text from Stage 1 with Key 2 (produces Stage 2: Decrypt cipher text from Stage 1 with Key 2 (produces

new cipher text)new cipher text) Stage 2: Encrypt cipher text from Stage 2 with Key 3Stage 2: Encrypt cipher text from Stage 2 with Key 3

3DES Algorithm Flowchart (I)3DES Algorithm Flowchart (I)

DESDES DESDES-1-1 DESDES

Plain TextPlain Text

DESDES-1-1 DESDES DESDES-1-1

Cipher TextCipher TextKK11 KK22KK33

EncryptionEncryption

DecryptionDecryption

3DES Algorithm Flowchart (II)3DES Algorithm Flowchart (II)

64 bit plain Text64 bit plain Text

cipher Textcipher Text

Initial PermutationInitial Permutation

Final PermutationFinal Permutation

16 Rounds16 Rounds EncryptionEncryption

ExtensionExtension32 bit 48 bit32 bit 48 bit

48 Bit XOR48 Bit XOR

S BoxS Box

32 Bit XOR32 Bit XOR

Right HalfRight Half

Left HalfLeft Half

SubSubkeykey

SingleSingleRoundRound

3DES Algorithm Flowchart (III)3DES Algorithm Flowchart (III)

Final Permutation

48 bit Sub-key [ I ]

I=16?

Key Schedule56bit Key

I=1

Left/Right Half 28 bitsLeft Barrel Shift

Initial Permutation

I=I+1

Ready

Y

N

Original Floorplan

PC

(w

irin

g)

64

->

56

64’b

2:1

dem

ux

56’b

Ke

y La

tch

56’b

2:1

mux

56’b

2:1

mux

Key

Su

b 5

6’b

Reg

iste

r

Des

_Shi

ftR

Enc

_Shi

ftL

32’b

2:1

dem

ux

64’b

2:1

mux

IP (

wiri

ng)

Tex

t 64

’b R

eg

IP-1 W

irin

g

Exp

and

48’b

XO

R

56’b

2:1

mux

PC

-2 w

iring

56b

->

48b

S-b

ox

512

x 4

’b

P Wiring32’b XOR

Pro

gra

m C

ontr

ol(I

nst

ruct

ion

RO

M)

InputOutput

377.44 um

334.37 um

64’b

2:1 mux

125,534 um2

=

.126 mm2

Density.09 Trans/um2

Revised FloorplanRevised Floorplan

Total Area:111947 um2 = 0.112mm2

Transistor Density: 0.136 trans/ um2

269 um

PC

(w

irin

g)

64

->

56

64’b

2:1

dem

ux

56’b

Ke

y La

tch

56’b

2:1

mux

56’b

2:1

mux

Ke

ySu

b 5

6’b

Re

gis

ter

Enc

_Shi

ftL

32

’b 2

:1 d

em

ux

64’b

2:1

mux

IP (

wiri

ng

)

Dat

a R

eg (

L) 3

2’b

IP-1 W

irin

g

Exp

and

48’b

XO

RP

C-2

wiri

ng 5

6b -

> 4

8b

S-b

ox

512

x 4

’b

P W

irin

g32

’b X

OR

Pro

gra

m C

ontr

ol(I

nst

ruct

ion

RO

M)

InputOutput

Dec

_Shi

ftL

Dat

a R

eg (

R)

32’b

32

’b 2

:1 m

ux

32

’b 2

:1 m

ux

32’b

2:1

mux

41

5 u

m

Final FloorplanFinal Floorplan32

’b L

atc

h32

’b L

atc

h

PC

1

Rig

ht B

arre

l Shi

fter

56’

b

Mux

56’b

Ke

y R

eg

PC

2

IP Mux

IP-1

32’b

Tex

t R

egis

ter

(L)

32’b

Tex

t R

egis

ter

(R)

32’b

Mux

32’b

XO

R

Exp

and

48’b

XO

R

P

32’b

Mux

All large functional blocks use Metal 1 and Metal 2.

M1

M2

M3

M4

Inpu

t

Mux

Out

put

Program Controlclock 379μm

367μm

Left

Bar

rel S

hift

er 5

6’b

VerifyVerify C SimulationC Simulation BehavioralBehavioral SchematicSchematic LayoutLayout

VerificationVerificationExpected Output :

2f 81 a8 bf 3c 6b df b4

C code Verification

Behavioral VerificationStructural Verification

Spice VerificationSpice Verification

Problems EncounteredProblems Encountered

Spice SimulationSpice Simulation

Vdd Strength drops along conductor wiresVdd Strength drops along conductor wires

No DC path to ground from nodeNo DC path to ground from node

LayoutLayout

Interconnections between components back and forth due Interconnections between components back and forth due to complicated algorithmto complicated algorithm

Permutations take too much spacePermutations take too much space

Module SpecificationsModule Specifications

BlockName Transistors Area Density

(tr/um^2) 32'b Latch 512 2129.76 0.240402674 56'b Mux 336 2265.554 0.148308096 56'b Left Barrel Shifter 392 3696.1 0.106057737 56'b Right Barrel Shifter 392 3696.1 0.106057737 56'b Key Register 1344 6818.04 0.1971241 32'b Mux 192 1297.628 0.147962282 32'b XOR 256 1687.284 0.151723124 48'b XOR 384 2526.336 0.151998784 Expand Permutation 160 3621.4479 0.044181224 Control Logic Buffers 36 239.512 0.150305621 64'b Text Register 1536 7864.5672 0.195306361 64'b Mux 384 2606.9526 0.14729842 SBOX (each) 592 2357.343 0.251130192 Inverse IP Permutation 256 16609.0176 0.015413314 IP Permutation 256 16609.0176 0.015413314 PC2 Permutation 192 5815.4391 0.033015564 P Permutation 128 6410.331 0.019967768 PCROM 798 2593.08 0.307742144 Program Counter (PC) 186 1201.2831 0.154834443 PC1 Permutation 240 10824.0363 0.022172875

Input PinsInput Pins 32 Data Pins (used for input text and keys)32 Data Pins (used for input text and keys) 1 Clock Pin1 Clock Pin 1 Reset Pin (asserted high)1 Reset Pin (asserted high) 1 Vdd Pin1 Vdd Pin 1 Ground Pin1 Ground Pin

Output PinsOutput Pins 32 Cipher Text Pins (64’b cipher text delivered over 2 clocks)32 Cipher Text Pins (64’b cipher text delivered over 2 clocks) 1 Valid Output Pin1 Valid Output Pin 1 Get Next Key Pin1 Get Next Key Pin

Total Pin Count: Total Pin Count: 7070 Chip Aspect Ratio:Chip Aspect Ratio: 1.03 1.03 Chip Area: Chip Area: 139093 μm139093 μm22 = 0.139093 mm = 0.139093 mm22

Total Transistor Count: Total Transistor Count: 13,697 (PMOS: 4,324 NMOS: 9,373)13,697 (PMOS: 4,324 NMOS: 9,373) Transistor Density: Transistor Density: 0.09847 transistors/μm0.09847 transistors/μm22 = 10.155 μm = 10.155 μm22/transistor/transistor Operation: Operation: 256’b Input 64’b Output over 54 clock cycles256’b Input 64’b Output over 54 clock cycles Faster Clock Speed: Faster Clock Speed: 150MHz150MHz Total Throughput: Total Throughput: 169.54 Mbits / second169.54 Mbits / second

Overall Chip SpecificationsOverall Chip Specifications

Layer MasksLayer Masks

Full Chip LayoutFull Chip Layout

Init

ial

Per

mu

tati

on

Bar

rel

Sh

ifti

ng

Init

ial

Per

mu

tati

on

Fin

al

Per

mu

tati

on

Tex

t

Reg

iste

r

P

Per

mu

tati

on

S B

OX

RO

M a

nd

D

eco

der

s

Pro

gra

m

Co

ntr

ol

Inp

ut

Lat

ch

Key

R

egis

ter

PC

2 P

eru

mta

tio

n

XO R

Exp

and

Per

mu

tati

on

Final Presentation BreakdownFinal Presentation Breakdown MarketingMarketing EvanEvan Algorithm DescriptionAlgorithm DescriptionXiaochunXiaochun Design ProcessDesign Process EvanEvan Floorplan EvolutionFloorplan Evolution TaewanTaewan VerificationVerification TaewanTaewan IssuesIssues YervantYervant SpecificationsSpecifications XiaochunXiaochun LayoutLayout YervantYervant ConclusionsConclusions YervantYervant