International Journal of Video & Image Processing and Network Security IJVIPNS-IJENS Vol: 11 No: 01 30

118301-4242 IJVIPNS-IJENS © February 2011 IJENS

I J E N S

Design and Implementation of Encryption Unit

Based on Customized AES Algorithm Nabil Hamdy

#1, Khaled Shehata

#2, Haitham Eldemerdash

#2

#1 Electronics and communication Department, MIU, Cairo, Egypt.

#2 Electronics and communication Department, AAST, Cairo, Egypt.

eng_haitham80@yahoo.com

Abstract — This encryption unit adopts the AES (Advanced Encryption Standard) as the encryption algorithm because it has been extensively challenged, evaluated, and, i t is the most popularly used symmetric key algorithm. In this paper, we propose a customized version of the “AES” block cipher to suit proprietary data encryption applications. We designed the customization of the AES to cover three main AES cryptographic functions, these are: S -box Generation, Mix Column Transformation, and Key Expansion Function. The S -Box generation process results in a new S -Box. The new S -Box is tested to be sure of satisfying the required cryptographic features: algebraic degree, non linearity, propagation criteria, correlation immunity, and balancedness. The customized AES is tested also against statistical randomness properties. The encryption unit is finally designed, implemented, and tested using FPGA technology.

Index Term — Advanced Encryption Standard (AES), S -Box generation, S -Box testing, Field programmable gate arrays (FPGA).

I. INTRODUCTION

Customizing the AES algorithm attracted attention of

researchers to provide proprietary security. In this work, we

propose a customized version of the “AES” block cipher to

suit proprietary data encryption applications. More over, the

customized AES is incorporated in an encryption unit that is

implemented using FPGA. The structure of the original AES

algorithm is built in four main cryptographic functions [1], [2].

We design the customization of the AES to cover the following

three main AES cryptographic functions:

(1) S-box Generation.

(2) Mix Column Transformation.

(3) Key Expansion Function.

Using FPGA, the architecture of the encryption unit is

composed of four main functional block, these are the loop

controller module, the encryption and decryption round

module, key expansion function module, and the ram module.

In the next sections we discuss the customized algorithm

structure and performance testing the building blocks of the

architecture of the encryption unit. We also provide the details

of the simulation results. The results of statistical randomness

tests for the customized algorithm are provided in the

appendix.

II. THE CUSTOMIZED ALGORITHM

In the customized AES algorithm we keep the same sequence

of the standard encryption and decryption procedures shown

below in Fig. 1 [3], but we introduced major modifications into

three main cryptographic functions by generating and testing a

brand new S-Box instead of the one described in the standard

AES version, and modify the standard primitive polynomial

which used for mix column transformation and key expansion

function.

Fig. 1. AES Encryption and Decryption

International Journal of Video & Image Processing and Network Security IJVIPNS-IJENS Vol: 11 No: 01 31

118301-4242 IJVIPNS-IJENS © February 2011 IJENS

I J E N S

A. The Proposed Design for the New S-box

A.1 Generation of the new S-box

Substitution is a nonlinear transformation which performs

confusion of bits. A nonlinear transformation is essential for

every modern encryption algorithm and is proved to be a

strong cryptographic primitive against linear and differential

cryptanalysis [4]. The first question arises as to the best

method of selecting the S-box (SB) entries there is four

approaches of S-box design [3],[15]. These methods are

Random method, Random with testing method, Human-made

method, and Math-made method. We selected the second

technique by using (RC4) algorithm as stream random

generation for customized S-boxes; RC4 algorithm is variable

key size stream cipher with byte oriented operation. RC4

algorithm is based on the use of a random permutation of 256

bit state [3], [10]. Variation on the second technique is to use

S-boxes with random process, which starts with S-boxes filled

with pseudorandom digits from (RC4) generation and alters the

contents using the key. Tables I and Table II represent an

example, of new S-box and its inverse, generated by RC4 when

the key of RC4 is: 7FC023A814B5D69E. T ABLE I

AES-RC4 S-box

T ABLE II

The Inverse S-box

A.2 Testing the new S-box

Testing the contents of the new S-box is essential to insure

that all required parameters of S-box in AES design are

achieved by this design. For testing the S-box parameters we

used the S-box Evaluation Software Package [5], which

measures the following S-box cryptographic parameters:

algebraic degree (AD), non linearity (NL), propagation criteria

(PC), correlation immunity (CI), and balancedness (BL) [6]. The

output results of these tests on the generated new S-boxes

(using the RC4) are illustrated in the following Table III:

T ABLE III

Test results for 10 samples of new S-Boxes generated by RC4

No.

Parameters

Key Sequence

AD NL PC CI BL

1 0123456789ABCDEF 6 92 0 0 1

2 C60D3A781BE2F495 7 88 0 0 1

3 D195AF73E028B46C 6 96 0 0 1

4 50D1C783EA29BF46 6 94 0 0 1

5 9FCD45EA172AC8FB 6 88 0 0 1

6 B5D1428AE73C69F0 6 92 0 0 1

7 AE73C69F0B5D1428 6 94 0 0 1

8 D391E60CA4257B8F 6 92 0 0 1

9 A4257B8FD391E60C 6 96 0 0 1

10 7FC023A814B5D69E 7 94 0 0 1

Consequently, we selected the new S-Box that is generated

by the key sequence number (10), because it has the highest

Algebraic Degree between all tested samples and it has the

same Algebraic Degree as Standard AES S-Box which is 7, all

the projections of each S-Box are balanced, and the result for

propagation criteria and Correlation immunity for the S-Boxes

generated by RC4 are the same as standard AES S-Box,

moreover the nonlinearity is very close to the standard AES S-

Box which is 112.

B. Standard Shift Rows Transformation

Shift Rows Transformation is a linear diffusion process,

operating on individual rows. Depending on the row location,

offset of left shift varies from zero to three bytes. The forward

shift row transformation, called Shift Rows (SR) [3], is depicted

in Fig. 2. The (SR) is a cyclic shift of each row by different byte

offsets. Row 0 is not changed. Row 1 is left rotated by one

time. Row 2 is left rotated twice, and row 3 three times.

Fig. 2. Standard Shift Row Transformation.

The inverse shift row transformation, called Inv Shift Rows,

performs the circular shifts in the opposite direction [3], for

International Journal of Video & Image Processing and Network Security IJVIPNS-IJENS Vol: 11 No: 01 32

118301-4242 IJVIPNS-IJENS © February 2011 IJENS

I J E N S

each of the second, third and fourth rows with a one-byte

circular right shift for the second row, and so on.

C. Proposed Mix Column Transformation

Mix Column Transformation is Matrix multiplication over GF

(2^8). Column vector is multiplied with a fixed matrix where the

bytes are treated as polynomials rather than numbers [7], [8],

the standard polynomial of the AES; A (x) is given as:

A (x) = {03} x3 + {01} x2 + {01} x + {02} (1)

Mix Column operates on the State of the data to be encrypted

column by column. Each column is considered as a polynomial

over GF (2^8) which is given by:

M (x) = X 8 + X 4 + X 3 + X + 1 (2)

multiplication of a value by x (i.e., by {02}) can be implemented

as a 1-bit left shift followed by a conditional bitwise XOR with

{1B} for standard polynomial if the leftmost bit of the original

value (prior to the shift) is 1 [3]. Proposed MixColumn

transformation: Consider the customized polynomial B(x) is

given as:

B (x) = {02} x3

+ {03} x2

+ {01} x + {01} (3)

This polynomial has self-inverse with respect to (x4

+1) [14].

The transformation based on this polynomial is the following

proposed MixColumn transformation in a matrix form, this is

written as:

Cb

Cb

Cb

Cb

,3'

,2'

,1'

,0'

01010302

02010103

03020101

01030201

Cb

Cb

Cb

Cb

,3

,2

,1

,0

(4)

These variations are designed over the Galois field GF (2^8)

generated by the selected irreducible primitive polynomial that

tested by Matlab 7 package tool to check its permittivity and

irreducibility, this polynomial N(x) is:

N (x) = X 8 + X 4 + X 3 + X 2 + 1 (5)

And it is multiplied with modified polynomial B(x) modulo

(X4

+1), a conditional bitwise XOR with {1D} for customized

polynomial if the leftmost bit of the original value is 1.The new

Mix Column transformation has self-inverse and uses the

coefficients 01, 02, and 03. Multiplication by these coefficients

involves at most a shift and an XOR. Therefore proposed Mix

column transformation is invertible and constructed with the

polynomial D (x) which given by:

D (x) = {0D} x3

+ {09} x2

+ {0E} x + {0B} (6)

D. Proposed Key Expansion Function

The AES key expansion algorithm takes as input a 4 words

(16 bytes) key and produces a linear array of 44 words (176

bytes). This is sufficient to provide a 4 words round key for the

initial Add Round Key stage and each of the 10 rounds of the

cipher. The round constant is a word in which the three

rightmost bytes are always 0. Thus the effect of an XOR of a

word with Rcon is to perform an XOR on the leftmost byte of

the word. The round constant is different for each round and is

defined as Rcon (j) = (RC (j), 0, 0, 0), with RC (1) = 1 [3].

RC(j) = 2 • RC(j - 1) (7)

Rcon for customized AES given by the newly proposed

irreducible polynomials with multiplication defined over the

field GF (2^8):

N (x) = X 8 + X 4 + X 3 + X 2 + 1 (8)

The values of Rcon (9) and Rcon (10) are changed from its

standard values according the variations of irreducible

polynomial [2].Table IV gives the Rcon values in hexadecimal

related to standard and customized polynomials.

T ABLE IV

Rcon values

Rcon (J) RC

(1)

RC

(2)

RC

(3)

RC

(4)

RC

(5)

RC

(6)

RC

(7)

RC

(8)

RC

(9)

RC

(10)

Standard

Polynomial 01 02 04 08 10 20 40 80 1B 36

Customized

Polynomial 01 02 04 08 10 20 40 80 1D 3A

E. Software Simulation

The customized algorithm was implemented in Microsoft visual

basic 6.0 as software simulation for verifying the encryption

and decryption process. The graphical user interface (GUI)

helps the user to select between encryption and decryption

process easily, and also file processing by clarifying the

source and destination paths and also file length. There are

two text boxes for both AES seed key and S-box initialization

which is RC4 seed key. Software interface can deal with any

type of files formats (text, picture, audio and video) as shown

in Fig. 3.

International Journal of Video & Image Processing and Network Security IJVIPNS-IJENS Vol: 11 No: 01 33

118301-4242 IJVIPNS-IJENS © February 2011 IJENS

I J E N S

Fig. 3. Software Simulation Interface

F. Statistical Randomness Tests

For testing the algorithm output (the ciphertext) a specialized

software package called "The Exhaustive Statistical Test

Package” is used. This test package exists at "The

Communications and Encryption Lab" in "Science and

Technology Center of Excellence (STCE)" of the Ministry of

Military Production. The snapshots from these test results are

included in appendix A. The following Table V provides the

conclusive results from all statistical randomness tests which

were performed on 28 plaintext files with different formats (text,

picture, audio and video). These tests help detecting any

deviation from the assumed randomness property of

ciphertexts generated by the customized AES.

T ABLE V

Conclusion Test Results

No. of

Tested

Files

Overall

No. Of

Tests

No. of

Tests

(Passed)

No. of

Tests

(Failed)

Result

(%)

28 388 374 14 96.4

This is done by taking samples out of encryption unit and

subjecting it to the following statistical tests:

1) Frequency Test.

2) Serial Test.

3) Poker Test.

4) Runs Test.

5) Longest Run of Ones Test.

6) Binary Matrix Rank Test.

7) Auto-correlation Test.

8) Maurer's Universal Test.

9) Lempel-Ziv Compression Test.

10) Approximate Entropy Test.

11) Cumulative Sums Test.

12) Random Excursions Variant Test.

13) Random Excursions Test.

14) Non Overlapping Template Matching Test.

15) OVERLAPPING TEMPLATE MATCHING TEST .

III. FPGA DESIGN ARCHITECTURE

In this section, we provide a detailed description of our

proposed FPGA architecture for the Customized AES

Algorithm [9], [11]. The design consists of four main units; the

first unit is loop controller module which responsible for

controlling the encryption and decryption processes by

receiving an external interrupt and mode select signals which

are used to control the data processing during the round

operations in the second module, the second unit is AES

Encryption & Decryption Round module this module performs

the encryption and decryption operations during the round

functions by receiving data, round keys, and control signals

from other modules. It consists of four main components, four

mix column units to perform mix column function, 32 Rom units

which contain S-box and inverse S-box values. Four inverse

mix column units to perform inverse operation of mix column

function and the last component is the add _round _key to

make XOR operation of data and round key.

Fig. 4. Top Level of a Customized Unit

The third main unit is Key Expansion Function module which

used to generate the sub-keys (round keys) from the original

seed key (128 bits) based on the AES key expansion algorithm.

It produces a linear array of 44 words (176 bytes) [3] by

expanding the four words (16 bytes) key input. Key Expansion

Function module consists of three components, the key

controller unit which is used for fully controlling the round

keys generation function, 4 units of Rom unit which contain S-

box values, the third component is Rcon unit which used to

make XOR operation between round constant and substituted

International Journal of Video & Image Processing and Network Security IJVIPNS-IJENS Vol: 11 No: 01 34

118301-4242 IJVIPNS-IJENS © February 2011 IJENS

I J E N S

word. The last main unit is Ram module; it is responsible for

generating the output sequence of (128) output round key. All

the four basic units are illustrated in Fig. 4. All modules are

designed using VHDL design Entry .The used tools is FPGA

advantage 5.2 from Mentor Graphics [12].

IV. SIMULATION

The simulation tool, used to verify the validity of the design,

is the ModelSim SE PLUS 5.5e which is a downstream tool in

the FPGA advantage 5.2 package. The simulation result of the

top design of AES encryption process is shown in Fig. 5. The

data with length of 128-bit is received on port (aes_ip) in AES

controller module and then encrypted using the (seed_key)

with its sub rounds keys to get the ciphered data output 128-

bit denoted as (round_out). The fig. shows the main 5 control

signals produced by the loop controller module and key

controller module. The enc_dec signal is used for mode

selection between encryption and decryption process, both

(ip_intr) and (key_intr) interrupt signals are used to apply

input data and seed key data, (key_rdy) and (output_rdy) that

give the information that both key generation in key expansion

function and encryption operation are completed.

Fig. 6, shows the simulation waveforms for decryption process

to be confirm that the plain data will be recovered again from

ciphered data. From simulation results we find that the key

expansion process finished and generated all round keys in

(112 m sec) and also the encryption process take (8300 n sec)

till the cipher output is ready. For decryption process, the

overall operation takes (20200 n sec). The clock speed used is

50 MHz this mean that the design clock duration is 50 n sec

[13]. From Fig. 6 we observe that the value of enc_dec control

signal changed according to the process selection between

encryption and decryption operations.

V. CONCLUSION

Implementation of new encryption unit based on customized

AES Algorithm is introduced. This customization depends on

variations of three main functions in the standard AES. The

customized S-Box is generated using the random output of the

Key Interrupt

Key Ready

Input Interrupt

Seed Key

Reset Output Ready

Cipher Data

Plain Data

Clock

Mode Select Enc/Dec

Fig. 5. Simulation of the encryption process

Cipher Data Plain Data

Seed Key Mode Select Enc/Dec

Fig. 6. Simulation of the decryption process

International Journal of Video & Image Processing and Network Security IJVIPNS-IJENS Vol: 11 No: 01 35

118301-4242 IJVIPNS-IJENS © February 2011 IJENS

I J E N S

RC4 algorithm , testing the new S-Box is carried out to insure

that the new S-boxes contents satisfy the required

cryptographic features ; Nonlinearity, Algebraic Degree,

Correlation immunity, Propagation criteria, and Balancedness .

The proposed Mix Column Transformation and Key Expansion

function was implemented using different primitive polynomial.

The proposed encryption unit is implemented using FPGA.

The ciphered output was tested using exhaustive statistical

test package, and other National Institute of Standards and

Technology (NIST) tests [2]. Using customized algorithm

increase the complexity and also makes the differential and

linear cryptanalysis more difficult

APPENDIX

▪ Snapshots from Randomness Test Results :

Fig. 7. Final Result of Frequency Test

Fig. 8. Final Result of Runs Test

Fig. 9. Final Result of Serial Test

Fig. 10. Final Result of Cumulative Sums Test

Fig. 11. Final Result of Auto Correlation Test

International Journal of Video & Image Processing and Network Security IJVIPNS-IJENS Vol: 11 No: 01 36

118301-4242 IJVIPNS-IJENS © February 2011 IJENS

I J E N S

Fig. 12. Final Result of Poker Test

Fig. 13. Final Result of Maurer’s Test

Fig. 14. Final Result of Lempel-Ziv Compression Test

Fig. 15. Final Result of Approximate Entropy Test

Fig. 16. Final Result of Random Excursions Variant Test

Fig. 17. Final Result of NonOverlapping Template Test

International Journal of Video & Image Processing and Network Security IJVIPNS-IJENS Vol: 11 No: 01 37

118301-4242 IJVIPNS-IJENS © February 2011 IJENS

I J E N S

REFERENCES [1] J. Daemen, V. Rijmen, AES proposal: Rijndael Document version 2,

1999.

[2] National Institute of Standards and Technology (NIST), Advanced

Encryption Standard (AES), Federal Information Processing

Standards Publications (FIPS) PUBS #197, 2001.

[3] William Stallings, "Cryptography and Network Security Principles

and Practices", Fourth Edition, 2005.

[4] Kazys KAZLAUSKAS, Jaunius KAZLAUSKAS "Key-Dependent S-

Box Generation in AES Block Cipher System", paper 2009.

[5] Adham Elhosary, Evaluation software package on platform Linux

Ubuntu, Kernel 2.6.32-25 used in "Wireless Computer

Communication Network" , a Ph.D. Dissertation, Registered at

MTC, 2008, (in Progress).

[6] Claude Carlet, "Boolean Functions for Cryptography and Error

Correcting Codes”, University of Paris, France, 2008.

[7] V.CH.Venkaiah, K, Srinathanan Bruhadeshwar, “Variations to S-

box and MixColumn Transformations of AES", international

institute of information technology, paper 2005.

[8] Hua Li ,Zac Friggstad, "An Efficient Architecture for the AES Mix

Columns Operation" ,Department of Mathematics and Computer

Science University of Lethbridge. Canada, 2005.

[9] Douglas L. Perry, "VHDL: Programming by Example", Fourth

Edition, 2002.

[10] Bruce Schneier, “Applied Cryptography”, Second Edition,1996.

[11] Volnei A. Pedroni, “Circuit Design with VHDL” Fourth Edition,

2004.

[12] Clive “Max” Maxfield, “The Design Warrior’s Guide to FPGAs”

2004.

[13] Xilinx, “Spartan-3 Starter Kit Board User Guide” V1.0, 2004.

[14] Brian Carter, Ari Kassin, and Tanja Magoc, “Advanced Encryption

Standard”, 2007.

[15] Eltayeb Salih Abuelyman, and Mohamed Ahmed El- Affendi"An

Optimized Real T ime Generation of S-Box Inverses Using

Arithmetic Modulo Powers of Two", IJCSNS International Journal

of Computer Science and Network Security, VOL.7 No.12,

December 2007