CHAPTER 1

INTRODUCTION
1.1 INTRODUCTION TO AES:
AES is short for Advanced Encryption Standard and is a United States encryption
standard defined in Federal Information Processing Standard (FIPS) 192 p!"lished in #ovem"er
2$$1% It &as ratified as a federal standard in 'ay 2$$2% AES is the most recent of the fo!r
c!rrent algorithms approved for federal !s in the United States% (ne sho!ld not compare AES
&ith )SA another standard algorithm as )SA is a different category of algorithm% *!l+
encryption of information itself is seldom performed &ith )SA%)SA is !sed to transfer other
encryption +eys for !se "y AES for e,ample and for digital signat!res%
AES is a symmetric encryption algorithm processing data in "loc+ of 12- "its% A "it can
ta+e the val!es .ero and one in effect a "inary digit &ith t&o possi"le val!es as opposed to
decimal digits &hich can ta+e one of 1$ val!es% Under the infl!ence of a +ey a 12-/"it "loc+ is
encrypted "y transforming it in a !ni0!e &ay into a ne& "loc+ of the same si.e% AES is
symmetric since the same +ey is !sed for encryption and the reverse transformation decryption%
1he only secret necessary to +eep for sec!rity is the +ey% AES may config!red to !se different
+ey/lengths the standard defines 2 lengths and the res!lting algorithms are named AES/12-
AES/192 and AES/234 respectively to indicate the length in "its of the +ey% Each additional "it
in the +ey effectively do!"les the strength of the algorithm &hen defined as the time necessary
for an attac+er to stage a "r!te force attac+ i%e% an e,ha!stive search of all possi"le +ey
com"inations in order to find the right one
1.2 Some background on AES :
In 1995 the US #ational Instit!te of Standards and 1echnology p!t o!t a call for candidates
for a replacement for the ageing 6ata Encryption Standard 6ES% 13 candidates &ere accepted
for f!rther consideration and after a f!lly p!"lic process and three open international
conferences the n!m"er of candidates &as red!ced to five% In Fe"r!ary 2$$1 the final candidate
&as anno!nced and comments &ere solicited% 21 organi.ations and individ!als s!"mitted
comments% #one had any reservations a"o!t the s!ggested algorithm%
AES is fo!nded on solid and &ell/p!"lished mathematical gro!nd and appears to resist all
+no&n attac+s &ell% 1here7s a strong indication that in fact no "ac+/door or +no&n &ea+ness
e,ists since it has "een p!"lished for a long time has "een the s!"8ect of intense scr!tiny "y
researchers all over the &orld and s!ch enormo!s amo!nts of economic val!e and information is
already s!ccessf!lly protected "y AES% 1here are no !n+no&n factors in its design and it &as
developed "y *elgian researchers in *elgi!m therefore voiding the conspiracy theories
sometimes voiced concerning an encryption standard developed "y a United States government
agency% A strong encryption algorithm need only meet only single main criteria9
1here m!st "e no &ay to find the !nencrypted clear te,t if the +ey is !n+no&n e,cept
"r!te force i%e% to try all possi"le +eys !ntil the right one is fo!nd%
A secondary criterion m!st also "e met9
1he n!m"er of possi"le +eys m!st "e so large that it is comp!tationally infeasi"le to
act!ally stage a s!ccessf!l "r!te force attac+ in short eno!gh a time%
1he older standard 6ES or 6ata Encryption Standard meets the first criterion "!t no longer the
secondary one : comp!ter speeds have ca!ght !p &ith it or soon &ill% AES meets "oth criteria in
all of its variants9 AES/12- AES/192 and AES/234%
1.3 Encr!"#on mu$" be done !ro!er% :
AES may as all algorithms "e !sed in different &ays to perform encryption% 6ifferent
methods are s!ita"le for different sit!ations% It is vital that the correct method is applied in the
correct manner for each and every sit!ation or the res!lt may &ell "e insec!re even if AES as
s!ch is sec!re% It is very easy to implement a system !sing AES as its encryption algorithm "!t
m!ch more s+ill and e,perience is re0!ired to do it in the right &ay for a given sit!ation% #o
more than a hammer and a sa& &ill ma+e anyone a good carpenter &ill AES ma+e a system
sec!re "y itself% 1o descri"e e,actly ho& to apply AES for varying p!rposes is very m!ch o!t of
scope for this short introd!ction%
1.& S"rong ke$ :
Encryption &ith AES is "ased on a secret +ey &ith 12- 192 or 234 "its% *!t if the +ey is
easy to g!ess it doesn7t matter if AES is sec!re so it is as critically vital to !se good and strong
+eys as it is to apply AES properly% ;reating1 good and strong +eys is a s!rprisingly diffic!lt
pro"lem and re0!ires caref!l design &hen done &ith a comp!ter% 1he challenge is that comp!ters
are notorio!sly deterministic "!t &hat is re0!ired of a good and strong +ey is the opposite :
!npredicta"ility and randomness% <eys derived into a fi,ed length s!ita"le for the encryption
algorithm from pass&ords or pass phrases typed "y a h!man &ill seldom correspond to 12- "its
m!ch less 234% 1o even approach 12-//"it e0!ivalence in a pass phrase at least 1$ typical
pass&ords of the +ind fre0!ently !sed in day/to/day &or+ are needed% =ea+ +eys can "e
some&hat strengthened "y special techni0!es "y adding comp!tationally intensive steps &hich
increase the amo!nt of comp!tation necessary to "rea+ it% 1he ris+s of incorrect !sage
implementation and &ea+ +eys are in no &ay !ni0!e for AES> these are shared "y all encryption
algorithms% Provided that the implementation is correct the sec!rity provided red!ces to a
relatively simple 0!estion a"o!t ho& many "its the chosen +ey pass&ord or pass phrase really
corresponds to% Unfort!nately this estimate is some&hat diffic!lt to calc!late &hen the +ey is
not generated "y a tr!e random generator%
1.' Secur#" #$ re%a"#(e :
Sec!rity is not an a"sol!te> it7s a relation "et&een time and cost% Any 0!estion a"o!t the
sec!rity of encryption sho!ld "e posed in terms of ho& long time and ho& high cost &ill it ta+e
an attac+er to find a +ey? ;!rrently there are spec!lations that military intelligence services
possi"ly have the technical and economic means to attac+ +eys e0!ivalent to a"o!t 9$ "its
altho!gh no civilian researcher has act!ally seen or reported of s!ch a capa"ility% Act!al and
demonstrated systems today &ithin the "o!nds of a commercial "!dget of a"o!t 1 million
dollars can handle +ey lengths of a"o!t 5$ "its% An aggressive estimate on the rate of
technological progress is to ass!me that technology &ill do!"le the speed of comp!ting devices
every year at an !nchanged cost% If correct 12-/"it +eys &o!ld "e in theory "e in range of a
military "!dget &ithin 2$/@$ years% An ill!stration of the c!rrent stat!s for AES is given "y the
follo&ing e,ample &here &e ass!me an attac+er &ith the capa"ility to "!ild or p!rchase a
system that tries +eys at the rate of one "illion +eys per second% 1his is at least 1 $$$ times faster
than the fasted personal comp!ter in 2$$@% Under this ass!mption the attac+er &ill need a"o!t
1$ $$$ $$$ $$$ $$$ $$$ $$$ $$$ years to try all possi"le +eys for the &ea+est version AES/12-%
1he +ey length sho!ld th!s "e chosen after deciding for ho& long sec!rity is re0!ired and &hat
the cost m!st "e to "r!te force a secret +ey% In some military circ!mstances a fe& ho!rs or days
sec!rity is s!fficient : after that the &ar or the mission is completed and the information
!ninteresting and &itho!t val!e% In other cases a lifetime may not "e long eno!gh%
CHAPTER 2
E)ISTIN* +ODE,
2.1 Ad(anced Encr!"#on S"andard -AES.:
AES is a specification for the encryption of electronic data% It has "een adopted "y
the U%S% government and is no& !sed &orld&ide% 1he algorithm descri"ed "y AES is
a symmetric/+ey algorithm meaning the same +ey is !sed for "oth encrypting and decrypting the
data%
In the United States AES &as anno!nced "y #ational Instit!te of Standards and
1echnology (#IS1) as U%S% FIPS PU* 195 (FIPS 195) on #ovem"er 24 2$$1 after a five/year
standardi.ation process in &hich fifteen competing designs &ere presented and eval!ated "efore
it &as selected as the most s!ita"le (see Advanced Encryption Standard process for more
details)% It "ecame effective as a Federal government standard on 'ay 24 2$$2 after approval "y
the Secretary of ;ommerce% It is availa"le in many different encryption pac+ages% AES is the
first p!"licly accessi"le and open cipher approved "y the #ational Sec!rity Agency (#SA)
for top secret information (see Sec!rity of AES "elo&)%
(riginally called R#/ndae% the cipher &as developed "yt&o *elgian cryptographers Aoan
6aemen and Bincent )i8men and s!"mitted "y them to the AES selection
processt&o *elgian cryptographers Aoan 6aemen and Bincent )i8men and s!"mitted "y them to
the AES selection process% 1he name Rijndael (6!tch pron!nciation9 C r inda lD
C3D
) is a play on
the names of the t&o inventors%
Strictly spea+ing AES is the name of the standard and the algorithm descri"ed is a (restricted)
variant of )i8ndael% Eo&ever in practice the algorithm is also referred to as FAESF (a case
of tot!m pro parte)%
2.2 De$cr#!"#on o0 "1e c#!1er:
AES is "ased on a design principle +no&n as a s!"stit!tion/perm!tation net&or+% It is
fast in "oth soft&are and hard&are%
C4D
Unli+e its predecessor 6ES AES does not !se a Feistel
net&or+%
AES has a fi,ed "loc+ si.e of 12- "its and a +ey si.e of 12- 192 or 234 "its &hereas
)i8ndael can "e specified &ith "loc+ and +ey si.es in any m!ltiple of 22 "its &ith a minim!m of
12- "its% 1he "loc+si.e has a ma,im!m of 234 "its "!t the +eysi.e has no theoretical ma,im!m%
AES operates on a @G@ col!mn/ma8or order matri, of "ytes termed the state (versions of
)i8ndael &ith a larger "loc+ si.e have additional col!mns in the state)% 'ost AES calc!lations
are done in a special finite field%
1he AES cipher is specified as a n!m"er of repetitions of transformation ro!nds that
convert the inp!t plainte,t into the final o!tp!t of cipherte,t% Each ro!nd consists of several
processing steps incl!ding one that depends on the encryption +ey% A set of reverse ro!nds are
applied to transform cipherte,t "ac+ into the original plainte,t !sing the same encryption +ey%
2.3 H#g12%e(e% de$cr#!"#on o0 "1e a%gor#"1m:
1. <eyE,pansionHro!nd +eys are derived from the cipher +ey !sing )i8ndaelIs +ey
sched!le
2% Initial )o!nd
1. Add)o!nd<eyHeach "yte of the state is com"ined &ith the ro!nd +ey !sing
"it&ise ,or
3#gure 2.1: A%gor#"1m 0or AES Encr!"#on
2% )o!nds
1. S!"*ytesHa non/linear s!"stit!tion step &here each "yte is replaced &ith another
according to a loo+!p ta"le%
2. Shift)o&sHa transposition step &here each ro& of the state is shifted cyclically a
certain n!m"er of steps%
3. 'i,;ol!mnsHa mi,ing operation &hich operates on the col!mns of the state
com"ining the fo!r "ytes in each col!mn%
4. Add)o!nd<ey
@% Final )o!nd (no MixColumns)
1. S!"*ytes
2. Shift)o&s
3. Add)o!nd<ey.
2.& T1e Sub bBytes $"e!:
In the SubBytes step each "yte in the matri, is !pdated !sing an -/"it s!"stit!tion "o,
the )i8ndael S/"o,% 1his operation provides the non/linearity in the cipher% 1he S/"o, !sed is
derived from the m!ltiplicative inverse over *3(2
8
) +no&n to have good non/linearity
properties% 1o avoid attac+s "ased on simple alge"raic properties the S/"o, is constr!cted "y
com"ining the inverse f!nction &ith an inverti"le affine transformation% 1he S/"o, is also
chosen 1he S/"o, is also chosen to avoid any fi,ed points (and so is a derangement) and also
any opposite fi,ed points%

3#g 2.2 Sub b"e$ #n0orma"#on
2.' T1e ShiftRows $"e!:
1he ShiftRows step operates on the ro&s of the state> it cyclically shifts the "ytes in each
ro& "y a certain offset% For AES the first ro& is left !nchanged% Each "yte of the second ro& is
shifted one to the left% Similarly the third and fo!rth ro&s are shifted "y offsets of t&o and three
respectively% For the "loc+ of si.e 12- "its and 192 "its the shifting pattern is the same% In this
&ay each col!mn of the o!tp!t state of the ShiftRows step is composed of "ytes from each
col!mn of the inp!t state% ()i8ndael variants &ith a larger "loc+ si.e have slightly different
offsets)% In the case of the 234/"it "loc+ the first ro& is !nchanged and the shifting for second
third and fo!rth ro& is 1 "yte 2 "ytes and @ "ytes respectivelyHthis change only applies for the
)i8ndael cipher &hen !sed &ith a 234/"it "loc+ as AES does not !se 234/"it "loc+s%
3#g 2.3 S1#0" ro4$ #n0orma"#on
2.5 T1e Mix Columns $"e!:
In the 'i,;ol!mns step the fo!r "ytes of each col!mn of the state are com"ined !sing
an inverti"le linear transformation% 1he'i,;ol!mns f!nction ta+es fo!r "ytes as inp!t and
o!tp!ts fo!r "ytes &here each inp!t "yte affects all fo!r o!tp!t "ytes% 1ogether
&ithShift)o&s 'i,;ol!mns provides diff!sion in the cipher%
6!ring this operation each col!mn is m!ltiplied "y the +no&n matri, that for the 12- "it +ey is
1he m!ltiplication operation is defined as9 m!ltiplication "y 1 means leaving !nchanged
m!ltiplication "y 2 means shifting "yte to the left and m!ltiplication "y 2 means shifting to
the left and then performing ,or &ith the initial !nshifted val!e% After shifting a
conditional ,or &ith $,1* sho!ld "e performed if the shifted val!e is larger than $,FF%
In more general sense each col!mn is treated as a polynomial over *3(2
8
) and is then
m!ltiplied mod!lo ,
@
J1 &ith a fi,ed polynomial c(,) K $,$2 L ,
2
J ,
2
J , J $,$2% 1he
coefficients are displayed in their he,adecimal e0!ivalent of the "inary representation of "it
polynomials from *3(2)C,D% 1he 'i,;ol!mns step can also "e vie&ed as a m!ltiplication "y
a partic!lar '6S matri, in a finite field% 1his process is descri"ed f!rther in the
article )i8ndael mi, col!mns%
3#g 2.& +#6 Co%umn$ #n0orma"#on
2.7 T1e Add RoundKey $"e!:
In the AddRoundKey step the s!"+ey is com"ined &ith the state% For each ro!nd a s!"+ey
is derived from the main +ey !sing )i8ndaelIs +ey sched!le> each s!"+ey is the same si.e as the
state% 1he s!"+ey is added "y com"ining each "yte of the state &ith the corresponding "yte of the
s!"+ey !sing "it&ise M()%
3#g 2.' add around ke #n0orma"#on
2.8 O!"#m#9a"#on o0 "1e c#!1er:
(n systems &ith 22/"it or larger &ords it is possi"le to speed !p e,ec!tion of this cipher
"y com"ining S!"*ytes and Shift)o&s &ith'i,;ol!mns and transforming them into a se0!ence of
ta"le loo+!ps% 1his re0!ires fo!r 234/entry 22/"it ta"les &hich !tili.es a total of fo!r +ilo"ytes
(@$94 "ytes) of memoryHone +ilo"yte for each ta"le% A ro!nd can no& "e done &ith 14 ta"le
loo+!ps and 12 22/"it e,cl!sive/or operations follo&ed "y fo!r 22/"it e,cl!sive/or operations in
the Add)o!nd<ey step%
If the res!lting fo!r +ilo"yte ta"le si.e is too large for a given target platform the ta"le
loo+!p operation can "e performed &ith a single 234/entry 22/"it (i%e% 1 +ilo"yte) ta"le "y the
!se of circ!lar rotates%
Using a "yte/oriented approach it is possi"le to com"ine the S!"*ytes Shift)o&s
and 'i,;ol!mns steps into a single ro!nd operation
2.: Secur#":
Until 'ay 2$$9 the only s!ccessf!l p!"lished attac+s against the f!ll AES &ere side/
channel attac+s on some specific implementations% 1he #ational Sec!rity Agency (#SA)
revie&ed all the AES finalists incl!ding )i8ndael and stated that all of them &ere sec!re eno!gh
for U%S% Novernment non/classified data% In A!ne 2$$2 the U%S% Novernment anno!nced that
AES may "e !sed to protect classified information9
1he design and strength of all +ey lengths of the AES algorithm (i%e% 12- 192 and 234)
are s!fficient to protect classified information !p to the SE;)E1 level% 1(P SE;)E1
information &ill re0!ire !se of either the 192 or 234 +ey lengths% 1he implementation of AES in
prod!cts intended to protect national sec!rity systems andOor information m!st "e revie&ed and
certified "y #SA prior to their ac0!isition and !se%F
AES has 1$ ro!nds for 12-/"it +eys 12 ro!nds for 192/"it +eys and 1@ ro!nds for 234/
"it +eys% *y 2$$4 the "est +no&n attac+s &ere on 5 ro!nds for 12-/"it +eys - ro!nds for 192/"it
+eys and 9 ro!nds for 234/"it +eys%
2.1; <no4n a""ack$:
For cryptographers a cryptographic F"rea+F is anything faster than a "r!te forceH
performing one trial decryption for each +ey (see ;ryptanalysis)% 1h!s an attac+ against a 234/
"it/+ey AES re0!iring 2
2$$
operations (compared to 2
234
possi"le +eys) &o!ld "e considered a
"rea+ even tho!gh 2
2$$
operations &o!ld still ta+e far longer than the age of the !niverse to
complete% 1he largest s!ccessf!l p!"licly/+no&n "r!te force attac+ against any "loc+/cipher
encryption has "een against a 4@/"it );3 +ey "y distri"!ted%net%
AES has a fairly simple alge"raic description% In 2$$2 a theoretical attac+ termed the
FMSP attac+F &as anno!nced "y #icolas ;o!rtois and Aosef Piepr.y+ p!rporting to sho& a
&ea+ness in the AES algorithm d!e to its simple description% Since then other papers have
sho&n that the attac+ as originally presented is !n&or+a"le> see MSP attac+ on "loc+ ciphers%
6!ring the AES process developers of competing algorithms &rote of )i8ndael F%%%&e
are concerned a"o!t CitsD !se%%%in sec!rity/critical applications%F Eo&ever at the end of the AES
process *r!ce Schneier a developer of the competing algorithm 1&ofish &rote that &hile he
tho!ght s!ccessf!l academic attac+s on )i8ndael &o!ld "e developed someday FI do not "elieve
that anyone &ill ever discover an attac+ that &ill allo& someone to read )i8ndael traffic%
(n A!ly 1 2$$9 *r!ce Schneier "logged

a"o!t a related/+ey attac+ on the 192/"it and
234/"it versions of AES discovered "y Ale, *iry!+ov and 6mitry <hovratovich &hich e,ploits
AESIs some&hat simple +ey sched!le and has a comple,ity of 2
119
% In 6ecem"er 2$$9 it &as
improved to 2
99%3
% 1his is a follo&/!p to an attac+ discovered earlier in 2$$9 "y Ale, *iry!+ov
6mitry <hovratovich and Ivica #i+oliQ &ith a comple,ity of 2
94
for one o!t of every 2
23
+eys%
Another attac+ &as "logged "y *r!ce Schneier on A!ly 2$ 2$$9 and released as a preprint
C19D
on
A!g!st 2 2$$9% 1his ne& attac+ "y Ale, *iry!+ov (rr 6!n+elman #athan <eller 6mitry
<hovratovich and Adi Shamir is against AES/234 that !ses only t&o related +eys and 2
29
time
to recover the complete 234/"it +ey of a 9/ro!nd version or 2
@3
time for a 1$/ro!nd version &ith
a stronger type of related s!"+ey attac+ or 2
5$
time for an 11/ro!nd version% 234/"it AES !ses 1@
ro!nds so these attac+s arenIt effective against f!ll AES%
In #ovem"er 2$$9 the first +no&n/+ey disting!ishing attac+ against a red!ced -/ro!nd
version of AES/12- &as released as a preprint% 1his +no&n/+ey disting!ishing attac+ is an
improvement of the re"o!nd or the start/from/the/middle attac+s for AES/li+e perm!tations
&hich vie& t&o consec!tive ro!nds of perm!tation as the application of a so/called S!per/S"o,%
It &or+s on the -/ro!nd version of AES/12- &ith a time comple,ity of 2
@-
and a memory
comple,ity of 2
22
%
In A!ly 2$1$ Bincent )i8men p!"lished an ironic paper on Fchosen/+ey/relations/in/the/
middleF attac+s on AES/12-%
C21D
1he first +ey/recovery attac+s on f!ll AES d!e to Andrey *ogdanov 6mitry
<hovratovich and ;hristian )ech"erger &ere p!"lished in 2$11%
C22D
1he attac+ is "ased on
"icli0!es and is faster than "r!te force "y a factor of a"o!t fo!r% 1he +ey is recovered from AES/
12- in 2
124%1
operations% For AES/192 and AES/234 2
1-9%5
and 2
23@%@
operations are needed
respectively%
2.11 S#de2c1anne% a""ack$:
Side/channel attac+s do not attac+ the !nderlying cipher and so have nothing to do &ith its
sec!rity as descri"ed here "!t attac+ implementations of the cipher on systems &hich
inadvertently lea+ data% 1here are several s!ch +no&n attac+s on certain implementations of
AES%
In April 2$$3 6%A% *ernstein anno!nced a cache/timing attac+ that he !sed to "rea+ a
c!stom server that !sed (penSSPIs AES encryption%
C22D
1he attac+ re0!ired over 2$$ million
chosen plainte,ts% 1he c!stom server &as designed to give o!t as m!ch timing information as
possi"le (the server reports "ac+ the n!m"er of machine cycles ta+en "y the encryption
operation)> ho&ever as *ernstein pointed o!t Fred!cing the precision of the server7s
timestamps or eliminating them from the server7s responses does not stop the attac+9 the client
simply !ses ro!nd/trip timings "ased on its local cloc+ and compensates for the increased noise
"y averaging over a larger n!m"er of samples%F
In (cto"er 2$$3 6ag Arne (svi+ Adi Shamir and Eran 1romer presented a paper
demonstrating several cache/timing attac+s against AES% (ne attac+ &as a"le to o"tain an entire
AES +ey after only -$$ operations triggering encryptions in a total of 43 milliseconds% 1his
attac+ re0!ires the attac+er to "e a"le to r!n programs on the same system or platform that is
performing AES%
In 6ecem"er 2$$9 an attac+ on some hard&are implementations &as p!"lished that
!sed differential fa!lt analysis and allo&s recovery of +ey &ith comple,ity of %
In #ovem"er 2$1$ Endre *angerter 6avid N!llasch and Stephan <renn p!"lished a
paper &hich descri"ed a practical approach to a Fnear real timeF recovery of secret +eys from
AES/12- &itho!t the need for either cipher te,t or plainte,t% 1he approach also &or+s on AES/
12- implementations that !se compression ta"les s!ch as (penSSP% Pi+e some earlier attac+s
this one re0!ires the a"ility to r!n ar"itrary code on the system performing the AES encryption
2.12 NIST=CSEC (a%#da"#on:
1he ;ryptographic 'od!le Balidation Program (;'BP) is operated 8ointly "y the
United States NovernmentIs #ational Instit!te of Standards and 1echnology (#IS1) ;omp!ter
Sec!rity 6ivision and the;omm!nications Sec!rity Esta"lishment (;SE) of the Novernment of
;anada% 1he !se of validated cryptographic mod!les is not re0!ired "y the United States
Novernment for !nclassified !ses of cryptography% 1he Novernment of ;anada also recommends
the !se of FIPS 1@$ validated cryptographic mod!les in !nclassified applications of its
departments%
Altho!gh #IS1 p!"lication 195 (FFIPS 195F) is the !ni0!e doc!ment that covers the
AES algorithm vendors typically approach the ;'BP !nder FIPS 1@$ and as+ to have several
algorithms (s!ch as1riple 6ES or SEA1) validated at the same time% 1herefore it is rare to find
cryptographic mod!les that are !ni0!ely FIPS 195 validated and #IS1 itself does not generally
ta+e the time to list FIPS 195 validated mod!les separately on its p!"lic &e" site% Instead FIPS
195 validation is typically 8!st listed as an FFIPS approved9 AESF notation (&ith a specific FIPS
195 certificate n!m"er) in the c!rrent list of FIPS 1@$ validated cryptographic mod!les%
1he ;ryptographic Algorithm Balidation Program (;ABP)C@D allo&s for independent
validation of the correct implementation of the AES algorithm at a reasona"le cost
Ccitation neededD
%
S!ccessf!l validation res!lts in "eing listed on the #IS1 validations page% 1his testing is a pre/
re0!isite for the FIPS 1@$/2 mod!le validation descri"ed "elo&%
FIPS 1@$/2 validation is challenging to achieve "oth technically and fiscally%
C2-D
1here is a
standardi.ed "attery of tests as &ell as an element of so!rce code revie& that m!st "e passed
over a period of a fe& &ee+s% 1he cost to perform these tests thro!gh an approved la"oratory can
"e significant (e%g% &ell over R2$$$$ US)
C2-D
and does not incl!de the time it ta+es to &rite test
doc!ment and prepare a mod!le for validation% After validation mod!les m!st "e re/s!"mitted
and re/eval!ated if they are changed in any &ay% 1his can vary from simple paper&or+ !pdates if
the sec!rity f!nctionality did not change to a more s!"stantial set of re/testing if the sec!rity
f!nctionality &as impacted "y the change%
CHAPTER 3
PROPOSED +ODE,
1he proposed architect!re is designed to get ma,im!m speed and lesser area "y mapping
all the fo!r Pogical f!nctions of AES to PU1s )('s and *loc+ )A's% 1he proposed
architect!re has three parts
1% <ey Neneration 'od!le
2% Encryption 'od!le
2% 6ecryption 'od!le%
1he AES encryption and decryption core !nit contains +ey generation mod!le as a
common !nit% 1his mod!le gives necessary +ey e,pansion for "oth encryption and decryption
f!nctions% Fig%2 presents the "loc+ diagram of AES )i8ndael encryption and decryption &ith <ey
Neneration 'od!le as a common !nit% 1he +ey generation mod!le consists of +ey register of 12-
"its S/*o, and M() gates for "it&ise M() operation%
3#g 3.1: AES Encr!"#on and Decr!"#on Un#" >%ock D#agram
It is designed to prod!ce ro!nd +eys on each positive edge of the cloc+ &hen it is
ena"led% Eo&ever in the proposed &or+ the +ey generation architect!re does not re0!ire any
hard&are for shift operation and the port mapping "et&een +ey register and S/*o, is done
according to the re0!ired shift% Eence the proposed &or+ offers the advantage in area% Also in the
proposed &or+ the "its are rearranged on data path from register to S/*o, and the ro!nd constant
re0!ired for each ro!nds are stored in )(' and retrieved on each cloc+% Fig%2%2 represents
proposed architect!re of +ey generation !nit%
Fig% 2%2% Architect!re of <ey Neneration 'od!le.
3.1 Encr!"#on:
1he encryption mod!le ta+es 12- "it te,t to "e encrypted and receives ro!nd +ey from
+ey generation mod!le to do each ro!nd of encryption% Fig% 3 presents the proposed encryption
mod!le%
Start stopSmi, terminate are control signal prod!ced "y the control !nit% 1he Tdone7
signal is provided to indicate that encryption is done% Architect!re is as sho&n in Fig% 2%@%
In the proposed &or+ for red!cing the hard&are of entire architect!re the control !nit of
encryption mod!le is not designed separately% 1he control !nit of +ey generation mod!le &hich
is a @/"it co!nter is designed to control the entire f!nctioning of encryption mod!le% 1he sharing
of control !nit "y "oth encryption and ro!nd +ey generation gives !ni0!e advantage of red!ction
in hard&are as compared to other implementations%
3#g 3.3 Encr!"#on +odu%e
3#g 3.&: Pro!o$ed arc1#"ec"ure o0 encr!"#on modu%e
In the last ro!nd )i8andael algorithm s+ips 'i, ;ol!mn (peration% 1o incorporate this
f!nctionality proposed design !se a '!ltiple,er and #A#6 gate as sho&n in Fig% 2%3%
3#g 3.': Hard4are "o Sk#! +#6 Co%umn O!era"#on 0or ,a$" Round
#A#6 gate and the @/"it co!nter (;ontroller) are !sed to set and reset selection line of
'!ltiple,er% For co!nt one to ten the selection line &ill "e in set condition and m!ltiple,er &ill
pass 'i, ;ol!mn o!tp!t% Eo&ever on last ro!nd co!nt &ill "e eleven so selection line &ill reset
and pass S!" *yte o!tp!t%
Shift )o& operation is designed in s!ch a &ay that it does not ta+e any hard&are% After
)o!nd <ey operation data is given to S/*o, &ith re0!ired shift "y port mapping the signal
according to re0!ired shift% Since there is no hard&are for Shift )o& operation design gets the
advantage of area po&er and speed%
In the proposed &or+ the S/*o, is implemented "y a PU1 having - "it address (234
addresses) and a data &idth of - "it% 1his implementation gives higher thro!ghp!t for the design
"y significantly decreasing delay in data path% As a res!lt the proposed design ta+es lesser
n!m"er of slices &hen compared &ith other com"inational techni0!e proposed%
1he 'i, ;ol!mn operation of AES consists of Nalois m!ltiplication and fo!r inp!t M()
operation% *!t !nli+e com"inational implementation of Nalois field m!ltiplication the proposed
design !ses )(' "ased implementation of Nalois m!ltiplication &hich ma+es Nalois
m!ltiplication significantly faster avoiding com"inational delays% For an -/"it data there are 234
m!ltiplication conditions and all the conditions are stored in (234 , -) )('%
3.2 Decr!"#on:
In the proposed &or+ the 'i, ;ol!mn encryption hard&are !ses t&o of s!ch )(' for
Nalois m!ltiplication of U27 and U27 and for performing @/Inp!t M() operation in 'i, ;ol!mn
operation the proposed design !se 14 , 1 )(' &ith the res!lt that 'i, ;ol!mn operation offers
higher speed and !ses minim!m n!m"er of slices in the hard&are (FPNA)%
3#g 3.5: Pro!o$ed arc1#"ec"ure o0 Decr!"#on modu%e
1he decryption !nit also !ses same design approach for the entire architect!re and ta+es
2$ cloc+ cycles to decrypt the given cipher "ac+ to original te,t% Inverse S/*o, architect!re !ses
the same design of S/*o,% Entry of PU1 is changed according to Inverse S!" *yte
transformation% 'i, ;ol!mn operation is implemented !sing 234M- )('% Fo!r s!ch )('s are
designed for the Nalois m!ltiplication of 9 11 12 and 1@% @/Inp!t M() operation is designed "y
14,1 )('% Architect!re of 6ecryption mod!le is same as encryption mod!le &ith all
complimentary f!nctions of encryption% 6ecryption !nit contains an e,tra register for storing
)o!nd <eys% Storing +ey is important since first ro!nd decryption !se tenth ro!nd +ey and
second ro!nd !se ninth ro!nd +ey and so on% ;o!nt register is synthesi.ed as */)am to save
n!m"er of slices% U;o!nt7 inp!t provides the address of +ey register location to "e accessed% 1he
Architect!re of decryption mod!le is sho&n in Fig% 2%4%
APP,ICATIONS:
=idely !sed for comp!ter and comm!nication net&or+%

Information sec!rity has aro!sed high attention%

Used in military political and diplomatic fields%

Also applied to common fields of people7s daily lives%
+ERITS:
)e0!ire7s lo& space%

Speed of operation is high%

)e0!ire7s lo& po&er cons!mption%

Easy to implement%

'. INTRODUCTION TO ?,SI
Bery/large/scale integration (BPSI) is the process of creating integrated circ!its "y
com"ining tho!sands of transistor/"ased circ!its into a single chip% BPSI "egan in the 195$s
&hen comple, semicond!ctor and comm!nication technologies &ere "eing developed% 1he
microprocessor is a BPSI device% 1he term is no longer as common as it once &as as chips have
increased in comple,ity into the h!ndreds of millions of transistors%
'.1 O(er(#e4:
1he first semicond!ctor chips held one transistor each% S!"se0!ent advances added more
and more transistors and as a conse0!ence more individ!al f!nctions or systems &ere
integrated over time% 1he first integrated circ!its held only a fe& devices perhaps as many as ten
diodes transistors resistors and capacitors ma+ing it possi"le to fa"ricate one or more logic
gates on a single device% #o& +no&n retrospectively as Fsmall/scale integrationF (SSI)
improvements in techni0!e led to devices &ith h!ndreds of logic gates +no&n as large/scale
integration (PSI) i%e% systems &ith at least a tho!sand logic gates% ;!rrent technology has moved
far past this mar+ and todayIs microprocessors have many millions of gates and h!ndreds of
millions of individ!al transistors%
At one time there &as an effort to name and cali"rate vario!s levels of large/scale
integration a"ove BPSI% 1erms li+e Ultra/large/scale Integration (UPSI) &ere !sed% *!t the h!ge
n!m"er of gates and transistors availa"le on common devices has rendered s!ch fine distinctions
moot%
1erms s!ggesting greater than BPSI levels of integration are no longer in
&idespread !se% Even BPSI is no& some&hat 0!aint given the common ass!mption that all
microprocessors are BPSI or "etter%
As of early 2$$- "illion/transistor processors are commercially availa"le an
e,ample of &hich is IntelIs 'ontecito Itani!m chip% 1his is e,pected to "ecome more
commonplace as semicond!ctor fa"rication moves from the c!rrent generation of 43 nm
processes to the ne,t @3 nm generations (&hile e,periencing ne& challenges s!ch as increased
variation across process corners)% Another nota"le e,ample is #BI6IA7s 2-$ series NPU%
1his microprocessor is !ni0!e in the fact that its 1%@ *illion transistor co!nt
capa"le of a teraflop of performance is almost entirely dedicated to logic (Itani!mIs transistor
co!nt is largely d!e to the 2@'* P2 cache)% ;!rrent designs as opposed to the earliest devices
!se e,tensive design a!tomation and a!tomated logic synthesis to lay o!t the transistors
ena"ling higher levels of comple,ity in the res!lting logic f!nctionality% ;ertain high/
performance logic "loc+s li+e the S)A' cell ho&ever are still designed "y hand to ens!re the
highest efficiency (sometimes "y "ending or "rea+ing esta"lished design r!les to o"tain the last
"it of performance "y trading sta"ility)%
'.2 @1a" #$ ?,SIA
VLSI stands for "Very Large Scale Integration". This is the field which involves packing
more and more logic devices into smaller and smaller areas.
VLSI
1. Simply we say Integrated circuit is many transistors on one chip.
2. esign!manufacturing of e"tremely small# comple" circuitry using modified
semiconductor material
$. Integrated circuit %I&' may contain millions of transistors# each a few mm in si(e
). *pplications wide ranging+ most electronic logic devices
'.3 H#$"or o0 Sca%e In"egra"#on:
late @$s 1ransistor invented at *ell Pa"s
late 3$s First I; (A</FF "y Aac+ <il"y at 1I)
early 4$s Small Scale Integration (SSI)
1$s of transistors on a chip
late 4$s 'edi!m Scale Integration ('SI)
1$$s of transistors on a chip
early 5$s Parge Scale Integration (PSI)
1$$$s of transistor on a chip
early -$s BPSI 1$$$$s of transistors on a
chip (later 1$$$$$s V no& 1$$$$$$s)
Ultra PSI is sometimes !sed for 1$$$$$$s
SSI / Small/Scale Integration ($/1$2)
'SI / 'edi!m/Scale Integration (1$2/1$2)
PSI / Parge/Scale Integration (1$2/1$3)
BPSI / Bery Parge/Scale Integration (1$3/1$5)
UPSI / Ultra Parge/Scale Integration (WK1$5)
'.& Ad(an"age$ o0 IC$ o(er d#$cre"e com!onen"$:
=hile &e &ill concentrate on integrated circ!its the properties of
integrated circ!its/&hat &e can and cannot efficiently p!t in an integrated circ!it/largely
determine the architect!re of the entire system% Integrated circ!its improve system characteristics
in several critical &ays% I;s have three +ey advantages over digital circ!its "!ilt from discrete
components9
Si.e% Integrated circ!its are m!ch smaller/"oth transistors and &ires are shr!n+ to
micrometer si.es compared to the millimeter or centimeter scales of discrete
components% Small si.e leads to advantages in speed and po&er cons!mption since
smaller components have smaller parasitic resistances capacitances and ind!ctances%
Speed% Signals can "e s&itched "et&een logic $ and logic 1 m!ch 0!ic+er &ithin a chip
than they can "et&een chips% ;omm!nication &ithin a chip can occ!r h!ndreds of times
faster than comm!nication "et&een chips on a printed circ!it "oard% 1he high speed of
circ!its on/chip is d!e to their small si.e/smaller components and &ires have smaller
parasitic capacitances to slo& do&n the signal%
Po&er cons!mption% Pogic operations &ithin a chip also ta+e m!ch less po&er% (nce
again lo&er po&er cons!mption is largely d!e to the small si.e of circ!its on the chip/
smaller parasitic capacitances and resistances re0!ire less po&er to drive them%
'.' ?,SI and $$"em$:
1hese advantages of integrated circ!its translate into advantages at the system level9
Smaller physical si.e% Smallness is often an advantage in itself/consider porta"le
televisions or handheld cell!lar telephones%
Po&er po&er cons!mption% )eplacing a handf!l of standard parts &ith a single chip
red!ces total po&er cons!mption% )ed!cing po&er cons!mption has a ripple effect on the
rest of the system9 a smaller cheaper po&er s!pply can "e !sed> since less po&er
cons!mption means less heat a fan may no longer "e necessary> a simpler ca"inet &ith
less shielding for electromagnetic shielding may "e feasi"le too%
)ed!ced cost% )ed!cing the n!m"er of components the po&er s!pply re0!irements
ca"inet costs and so on &ill inevita"ly red!ce system cost% 1he ripple effect of
integration is s!ch that the cost of a system "!ilt from c!stom I;s can "e less even
tho!gh the individ!al I;s cost more than the standard parts they replace%
Understanding &hy integrated circ!it technology has s!ch profo!nd infl!ence on the design
of digital systems re0!ires !nderstanding "oth the technology of I; man!fact!ring and the
economics of I;s and digital systems%
Applications
Electronic system in cars%
6igital electronics control B;)s
1ransaction processing system A1'
Personal comp!ters and =or+stations
'edical electronic systems%
EtcX%
'.5 A!!%#ca"#on$ o0 ?,SI:
Electronic systems no& perform a &ide variety of tas+s in daily life% Electronic
systems in some cases have replaced mechanisms that operated mechanically hydra!lically or
"y other means> electronics are !s!ally smaller more fle,i"le and easier to service% In other
cases electronic systems have created totally ne& applications% Electronic systems perform a
variety of tas+s some of them visi"le some more hidden9
Personal entertainment systems s!ch as porta"le 'P2 players and 6B6
players perform sophisticated algorithms &ith remar+a"ly little energy%
Electronic systems in cars operate stereo systems and displays> they also
control f!el in8ection systems ad8!st s!spensions to varying terrain and
perform the control f!nctions re0!ired for anti/loc+ "ra+ing (A*S) systems%
6igital electronics compress and decompress video even at high/definition
data rates on/the/fly in cons!mer electronics%
Po&/cost terminals for =e" "ro&sing still re0!ire sophisticated electronics
despite their dedicated f!nction%
Personal comp!ters and &or+stations provide &ord/processing financial
analysis and games% ;omp!ters incl!de "oth central processing !nits (;PUs)
and special/p!rpose hard&are for dis+ access faster screen display etc%
'edical electronic systems meas!re "odily f!nctions and perform comple,
processing algorithms to &arn a"o!t !n!s!al conditions% 1he availa"ility of
these comple, systems far from over&helming cons!mers only creates
demand for even more comple, systems%
1he gro&ing sophistication of applications contin!ally p!shes the design and
man!fact!ring of integrated circ!its and electronic systems to ne& levels of comple,ity% And
perhaps the most ama.ing characteristic of this collection of systems is its variety/as systems
"ecome more comple, &e "!ild not a fe& general/p!rpose comp!ters "!t an ever &ider range of
special/p!rpose systems% (!r a"ility to do so is a testament to o!r gro&ing mastery of "oth
integrated circ!it man!fact!ring and design "!t the increasing demands of c!stomers contin!e to
test the limits of design and man!fact!ring
'.7 ASIC:
An Application/Specific Integrated ;irc!it (ASI;) is an integrated circ!it (I;)
c!stomi.ed for a partic!lar !se rather than intended for general/p!rpose !se% For e,ample a chip
designed solely to r!n a cell phone is an ASI;% Intermediate "et&een ASI;s and ind!stry
standard integrated circ!its li+e the 5@$$ or the @$$$ series are application specific standard
prod!cts (ASSPs)%
As feat!re si.es have shr!n+ and design tools improved over the years the ma,im!m
comple,ity (and hence f!nctionality) possi"le in an ASI; has gro&n from 3$$$ gates to over
1$$ million% 'odern ASI;s often incl!de entire 22/"it processors memory "loc+s incl!ding
)(' )A' EEP)(' Flash and other large "!ilding "loc+s% S!ch an ASI; is often termed a
So; (system/on/a/chip)% 6esigners of digital ASI;s !se a hard&are description lang!age (E6P)
s!ch as Berilog or BE6P to descri"e the f!nctionality of ASI;s%
Field/programma"le gate arrays (FPNA) are the modern/day technology for "!ilding a
"read"oard or prototype from standard parts> programma"le logic "loc+s and programma"le
interconnects allo& the same FPNA to "e !sed in many different applications% For smaller
designs andOor lo&er prod!ction vol!mes FPNAs may "e more cost effective than an ASI;
design even in prod!ction%
An application/specific integrated circ!it (ASI;) is an integrated circ!it (I;) c!stomi.ed
for a partic!lar !se rather than intended for general/p!rpose !se%
1. * Structured *SI& falls ,etween an -./* and a Standard &ell0,ased *SI&
2. Structured *SI&1s are used mainly for mid0volume level design. The design task for
structured *SI&1s is to map the circuit into a fi"ed arrangement of known cells.
5. INTRODUCTION TO )I,IN)
5.1 +#gra"#ng Pro/ec"$ 0rom Pre(#ou$ ISE So0"4are Re%ea$e$:
=hen yo! open a pro8ect file from a previo!s release the ISEY soft&are prompts yo! to
migrate yo!r pro8ect% If yo! clic+ *ac+!p and 'igrate or 'igrate (nly the soft&are
a!tomatically converts yo!r pro8ect file to the c!rrent release% If yo! clic+ ;ancel the soft&are
does not convert yo!r pro8ect and instead opens Pro8ect #avigator &ith no pro8ect loaded%
No"e: After yo! convert yo!r pro8ect yo! cannot open it in previo!s versions of the ISE
soft&are s!ch as the ISE 11 soft&are% Eo&ever yo! can optionally create a "ac+!p of the
original pro8ect as part of pro8ect migration as descri"ed "elo&%
To +#gra"e a Pro/ec"
1% In the ISE 12 Pro8ect #avigator select 3#%e B O!en Pro/ec"%
2% In the (pen Pro8ect dialog "o, select the %,ise file to migrate%
No"e Zo! may need to change the e,tension in the Files of type field to display %npl
(ISE 3 and ISE 4 soft&are) or %ise (ISE 5 thro!gh ISE 1$ soft&are) pro8ect files%
2% In the dialog "o, that appears select >acku! and +#gra"e or +#gra"e On%%
@% 1he ISE soft&are a!tomatically converts yo!r pro8ect to an ISE 12 pro8ect%
No"e If yo! chose to *ac+!p and 'igrate a "ac+!p of the original pro8ect is created at
project_name_ise12migration%.ip%
3% Implement the design !sing the ne& version of the soft&are%
No"e Implementation stat!s is not maintained after migration%
5.2 Pro!er"#e$:
For information on properties that have changed in the ISE 12 soft&are see ISE 11 to
ISE 12 Properties ;onversion%
5.3 IP +odu%e$:
If yo!r design incl!des IP mod!les that &ere created !sing ;()E Nenerator[ soft&are
or Milin,Y Platform St!dio (MPS) and yo! need to modify these mod!les yo! may "e re0!ired
to !pdate the core% Eo&ever if the core netlist is present and yo! do not need to modify the
core !pdates are not re0!ired and the e,isting netlist is !sed d!ring implementation%
5.& Ob$o%e"e Source 3#%e T!e$:
1he ISE 12 soft&are s!pports all of the so!rce types that &ere s!pported in the ISE 11
soft&are%
If yo! are &or+ing &ith pro8ects from previo!s releases state diagram so!rce files (%dia)
A*EP so!rce files (%a"l) and test "ench &aveform so!rce files (%t"&) are no longer s!pported%
For state diagram and A*EP so!rce files the soft&are finds an associated E6P file and adds it
to the pro8ect if possi"le% For test "ench &aveform files the soft&are a!tomatically converts the
1*= file to an E6P test "ench and adds it to the pro8ect% 1o convert a 1*= file after pro8ect
migration see ;onverting a 1*= File to an E6P 1est *ench
4%3 U$#ng ISE E6am!%e Pro/ec"$:
1o help familiari.e yo! &ith the ISEY soft&are and &ith FPNA and ;PP6 designs a set
of e,ample designs is provided &ith Pro8ect #avigator% 1he e,amples sho& different design
techni0!es and so!rce types s!ch as BE6P Berilog schematic or E6IF and incl!de different
constraints and IP%
To O!en an E6am!%e
1% Select 3#%e B O!en E6am!%e%
2% In the (pen E,ample dialog "o, select the Sample Pro8ect #ame%
No"e 1o help yo! choose an e,ample pro8ect the Pro8ect 6escription field descri"es
each pro8ect% In addition yo! can scroll to the right to see additional fields &hich
provide details a"o!t the pro8ect%
2% In the 6estination 6irectory field enter a directory name or "ro&se to the
directory%
@% ;lic+ O<%
1he e,ample pro8ect is e,tracted to the directory yo! specified in the 6estination
6irectory field and is a!tomatically opened in Pro8ect #avigator% Zo! can then r!n processes
on the e,ample pro8ect and save any changes%
No"e If yo! modified an e,ample pro8ect and &ant to over&rite it &ith the original
e,ample pro8ect select 3#%e B O!en E6am!%e select the Sample Pro8ect #ame and specify the
same 6estination 6irectory yo! originally !sed% In the dialog "o, that appears select O(er4r#"e
"1e e6#$"#ng !ro/ec" and clic+ O<%
5.5 Crea"#ng a Pro/ec":
Pro8ect #avigator allo&s yo! to manage yo!r FPNA and ;PP6 designs !sing an ISEY
pro8ect &hich contains all the so!rce files and settings specific to yo!r design% First yo! m!st
create a pro8ect and then add so!rce files and set process properties% After yo! create a pro8ect
yo! can r!n processes to implement constrain and analy.e yo!r design% Pro8ect #avigator
provides a &i.ard to help yo! create a pro8ect as follo&s%
No"e If yo! prefer yo! can create a pro8ect !sing the Ne4 Pro/ec" d#a%og bo6 instead of
the #e& Pro8ect =i.ard% 1o !se the #e& Pro8ect dialog "o, deselect the U$e Ne4 Pro/ec"
4#9ard option in the ISE *enera% !age of the Preferences dialog "o,%
To Crea"e a Pro/ec"
1% Select 3#%e B Ne4 Pro/ec" to la!nch the #e& Pro8ect =i.ard%
2% In the Crea"e Ne4 Pro/ec" !ageC set the name location and pro8ect type and
clic+ Ne6"%
3. For EDIF or NGC/NGO projects only9 In the Im!or" EDI3=N*C Pro/ec" !age
select the inp!t and constraint file for the pro8ect and clic+ Ne6"%
4. In the Pro/ec" Se""#ng$ !age set the device and pro8ect properties and clic+
Ne6"%
3% In the Pro/ec" Summar !age revie& the information and clic+ 3#n#$1 to
create the pro8ect
Pro8ect #avigator creates the pro8ect file (project_name%,ise) in the directory yo!
specified% After yo! add so!rce files to the pro8ect the files appear in the Eierarchy pane of the
4%5 De$#gn !ane%9
Pro8ect #avigator manages yo!r pro8ect "ased on the design properties (top/level mod!le
type device type synthesis tool and lang!age) yo! selected &hen yo! created the pro8ect% It
organi.es all the parts of yo!r design and +eeps trac+ of the processes necessary to move the
design from design entry thro!gh implementation to programming the targeted Milin,Y device%
No"e For information on changing design properties see C1ang#ng De$#gn Pro!er"#e$.
Zo! can no& perform any of the follo&ing9
;reate ne& so!rce files for yo!r pro8ect%
Add e,isting so!rce files to yo!r pro8ect%
)!n processes on yo!r so!rce files%
'odify process properties%
5.8 Crea"#ng a Co! o0 a Pro/ec":
Zo! can create a copy of a pro8ect to e,periment &ith different so!rce options and
implementations% 6epending on yo!r needs the design so!rce files for the copied pro8ect and
their location can vary as follo&s9
6esign so!rce files are left in their e,isting location and the copied pro8ect
points to these files%
6esign so!rce files incl!ding generated files are copied and placed in a
specified directory%
6esign so!rce files e,cl!ding generated files are copied and placed in a
specified directory%
;opied pro8ects are the same as other pro8ects in "oth form and f!nction% For e,ample yo! can
do the follo&ing &ith copied pro8ects9
(pen the copied pro8ect !sing the File W (pen Pro8ect men! command%
Bie& modify and implement the copied pro8ect%
Use the Pro8ect *ro&ser to vie& +ey s!mmary data for the copied pro8ect and
then open the copied pro8ect for f!rther analysis and implementation as descri"ed in
6.9 U$#ng "1e Pro/ec" >ro4$er 9
Alternatively yo! can create an archive of yo!r pro8ect &hich p!ts all of the pro8ect
contents into a \IP file% Archived pro8ects m!st "e !n.ipped "efore "eing opened in Pro8ect
#avigator% For information on archiving see Crea"#ng a Pro/ec" Arc1#(e.
To Crea"e a Co! o0 a Pro/ec"
1% Select 3#%e B Co! Pro/ec"%
2% In the ;opy Pro8ect dialog "o, enter the Name for the copy%
No"e 1he name for the copy can "e the same as the name for the pro8ect as long as yo!
specify a different location%
2% Enter a directory ,oca"#on to store the copied pro8ect%
@% (ptionally enter a @ork#ng d#rec"or%
*y defa!lt this is "lan+ and the &or+ing directory is the same as the pro8ect directory%
Eo&ever yo! can specify a &or+ing directory if yo! &ant to +eep yo!r ISEY pro8ect
file (%,ise e,tension) separate from yo!r &or+ing area%
3% (ptionally enter a De$cr#!"#on for the copy%
1he description can "e !sef!l in identifying +ey traits of the pro8ect for reference later%
4% In the So!rce options area do the follo&ing9
Select one of the follo&ing options9
<ee! $ource$ #n "1e#r curren" %oca"#on$ 2 to leave the design so!rce files in their
e,isting location%
If yo! select this option the copied pro8ect points to the files in their e,isting location% If
yo! edit the files in the copied pro8ect the changes also appear in the original pro8ect "eca!se
the so!rce files are shared "et&een the t&o pro8ects%
Co! $ource$ "o "1e ne4 %oca"#on 2 to ma+e a copy of all the design so!rce files and
place them in the specified Pocation directory%
If yo! select this option the copied pro8ect points to the files in the specified directory% If yo!
edit the files in the copied pro8ect the changes do not appear in the original pro8ect "eca!se the
so!rce files are not shared "et&een the t&o pro8ects%
(ptionally select Co! 0#%e$ 0rom +acro Searc1 Pa"1 d#rec"or#e$ to copy files from
the directories yo! specify in the 'acro Search Path property in the Tran$%a"e Pro!er"#e$ dialog
"o,% All files from the specified directories are copied not 8!st the files !sed "y the design%
No"e: If yo! added a net list so!rce file directly to the pro8ect as descri"ed in @ork#ng
4#"1 Ne" %#$"2>a$ed IP the file is a!tomatically copied as part of ;opy Pro8ect "eca!se it is a
pro8ect so!rce file% Adding net list so!rce files to the pro8ect is the preferred method for
incorporating net list mod!les into yo!r design "eca!se the files are managed a!tomatically "y
Pro8ect #avigator%
(ptionally clic+ Co! Add#"#ona% 3#%e$ to copy files that &ere not incl!ded in the
original pro8ect% In the ;opy Additional Files dialog "o, !se the Add 3#%e$ and Remo(e 3#%e$
"!ttons to !pdate the list of additional files to copy% Additional files are copied to the copied
pro8ect location after all other files are copied%1o e,cl!de generated files from the copy s!ch as
implementation res!lts and reports select
5.1; E6c%ude genera"ed 0#%e$ 0rom "1e co!9
=hen yo! select this option the copied pro8ect opens in a state in &hich processes have
not yet "een r!n%
5% 1o a!tomatically open the copy after creating it select O!en "1e co!#ed !ro/ec"%
No"e *y defa!lt this option is disa"led% If yo! leave this option disa"led the original
pro8ect remains open after the copy is made%
;lic+ O<%
5.11 Crea"#ng a Pro/ec" Arc1#(e:
A pro8ect archive is a single compressed \IP file &ith a %.ip e,tension% *y defa!lt it
contains all pro8ect files so!rce files and generated files incl!ding the follo&ing9
User/added so!rces and associated files
)emote so!rces
Berilog ]incl!de files
Files in the macro search path
Nenerated files
#on/pro8ect files
5.12 To Arc1#(e a Pro/ec":
1% Select Pro/ec" B Arc1#(e%
2% In the Pro8ect Archive dialog "o, specify a file name and directory for the \IP
file%
2% (ptionally select E6c%ude genera"ed 0#%e$ 0rom "1e arc1#(e to e,cl!de
generated files and non/pro8ect files from the archive%
@% ;lic+ O<%
A \IP file is created in the specified directory% 1o open the archived pro8ect yo! m!st
first !n.ip the \IP file and then yo! can open the pro8ect%
No"e So!rces that reside o!tside of the pro8ect directory are copied into a remoteSso!rces
s!"directory in the pro8ect archive% =hen the archive is !n.ipped and opened yo! m!st either
specify the location of these files in the remoteSso!rces s!"directory for the !n.ipped pro8ect or
man!ally copy the so!rces into their original location%
7. INTRODUCTION TO ?ERI,O*
In the semicond!ctor and electronic design ind!stry ?er#%og is a hard&are description
lang!age(E6P) !sed to model electronic systems% Verilo !D" not to "e conf!sed
&ith BE6P (a competing lang!age) is most commonly !sed in the design verification and
implementation ofdigital logic chips at the register/transfer level of a"straction% It is also !sed in
the verification ofanalog and mi,ed/signal circ!its%
O(er(#e4
Eard&are description lang!ages s!ch as Berilog differ from soft&are programming
lang!ages "eca!se they incl!de &ays of descri"ing the propagation of time and signal
dependencies (sensitivity)% 1here are t&o assignment operators a "loc+ing assignment (K) and a
non/"loc+ing (^K) assignment% 1he non/"loc+ing assignment allo&s designers to descri"e a
state/machine !pdate &itho!t needing to declare and !se temporary storage varia"les (in any
general programming lang!age &e need to define some temporary storage spaces for the
operands to "e operated on s!"se0!ently> those are temporary storage varia"les)% Since these
concepts are part of BerilogIs lang!age semantics designers co!ld 0!ic+ly &rite descriptions of
large circ!its in a relatively compact and concise form% At the time of BerilogIs introd!ction
(19-@) Berilog represented a tremendo!s prod!ctivity improvement for circ!it designers &ho
&ere already !sing graphical schematic capt!resoft&are and specially/&ritten soft&are programs
to doc!ment and sim!late electronic circ!its%
1he designers of Berilog &anted a lang!age &ith synta, similar to the ; programming
lang!age &hich &as already &idely !sed in engineering soft&are development% Berilog is case/
sensitive has a "asic preprocessor (tho!gh less sophisticated than that of A#SI ;O;JJ) and
e0!ivalent control flo& +ey&ords (ifOelse for &hile case etc%) and compati"le operator
precedence% Syntactic differences incl!de varia"le declaration (Berilog re0!ires "it/&idths on
netOreg types
Cclarification neededD
) demarcation of proced!ral "loc+s ("eginOend instead of c!rly "races
_`) and many other minor differences%
A Berilog design consists of a hierarchy of mod!les% 'od!les encaps!late desin
#ierarc#y and comm!nicate &ith other mod!les thro!gh a set of declared inp!t o!tp!t and
"idirectional ports% Internally a mod!le can contain any com"ination of the follo&ing9
netOvaria"le declarations (&ire reg integer etc%) conc!rrent and se0!ential statement "loc+s
and instances of other mod!les (s!"/hierarchies)% Se0!ential statements are placed inside a
"eginOend "loc+ and e,ec!ted in se0!ential order &ithin the "loc+% *!t the "loc+s themselves are
e,ec!ted conc!rrently 0!alifying Berilog as a dataflo& lang!age%
BerilogIs concept of I&ireI consists of "oth signal val!es (@/state9 F1 $ floating
!ndefinedF) and strengths (strong &ea+ etc%)% 1his system allo&s a"stract modeling of shared
signal lines &here m!ltiple so!rces drive a common net% =hen a &ire has m!ltiple drivers the
&ireIs (reada"le) val!e is resolved "y a f!nction of the so!rce drivers and their strengths%
A s!"set of statements in the Berilog lang!age is synthesi.a"le% Berilog mod!les that
conform to a synthesi.a"le coding style +no&n as )1P (register/transfer level) can "e
physically reali.ed "y synthesis soft&are% Synthesis soft&are algorithmically transforms the
(a"stract) Berilog so!rce into a net list a logically e0!ivalent description consisting only of
elementary logic primitives (A#6 () #(1 flip/flops etc%) that are availa"le in a
specific FPNA or BPSI technology% F!rther manip!lations to the net list !ltimately lead to a
circ!it fa"rication "l!eprint (s!ch as a photo mas+ set for an ASI; or a "it stream file for
an FPNA)%
H#$"or
>eg#nn#ng
Berilog &as the first modern hard&are description lang!age to "e invented% It &as created
"y Phil 'oor"y and Pra"h! Noel d!ring the &inter of 19-2O19-@% 1he &ording for this process
&as FA!tomated Integrated 6esign SystemsF (later renamed to Nate&ay 6esign A!tomation in
19-3) as a hard&are modeling lang!age% Nate&ay 6esign A!tomation &as p!rchased
"y ;adence 6esign Systems in 199$% ;adence no& has f!ll proprietary rights to Nate&ayIs
Berilog and the Berilog/MP the E6P/sim!lator that &o!ld "ecome the de/facto standard (of
Berilog logic sim!lators) for the ne,t decade% (riginally Berilog &as intended to descri"e and
allo& sim!lation> only after&ards &as s!pport for synthesis added%
?er#%og2:'
=ith the increasing s!ccess of BE6P at the time ;adence decided to ma+e the lang!age
availa"le for open standardi.ation% ;adence transferred Berilog into the p!"lic domain !nder
the (pen Berilog International ((BI) (no& +no&n as Accellera) organi.ation% Berilog &as later
s!"mitted to IEEE and "ecame IEEE Standard 124@/1993 commonly referred to as Berilog/93%
In the same time frame ;adence initiated the creation of Berilog/A to p!t standards
s!pport "ehind its analog sim!lator Spectre% Berilog/A &as never intended to "e a standalone
lang!age and is a s!"set of Berilog/A'S &hich encompassed Berilog/93%
?er#%og 2;;1
E,tensions to Berilog/93 &ere s!"mitted "ac+ to IEEE to cover the deficiencies that
!sers had fo!nd in the original Berilog standard% 1hese e,tensions "ecame IEEE Standard 124@/
2$$1 +no&n as Berilog/2$$1%
Berilog/2$$1 is a significant !pgrade from Berilog/93% First it adds e,plicit s!pport for
(2Is complement) signed nets and varia"les% Previo!sly code a!thors had to perform signed
operations !sing a&+&ard "it/level manip!lations (for e,ample the carry/o!t "it of a simple -/
"it addition re0!ired an e,plicit description of the *oolean alge"ra to determine its correct
val!e)% 1he same f!nction !nder Berilog/2$$1 can "e more s!ccinctly descri"ed "y one of the
"!ilt/in operators9 J / O a WWW% A generateOendgenerate constr!ct (similar to BE6PIs
generateOendgenerate) allo&s Berilog/2$$1 to control instance and statement instantiation
thro!gh normal decision operators (caseOifOelse)% Using generateOendgenerate Berilog/2$$1 can
instantiate an array of instances &ith control over the connectivity of the individ!al instances%
File IO( has "een improved "y several ne& system tas+s% And finally a fe& synta, additions
&ere introd!ced to improve code reada"ility (e%g% al&ays ba named parameter override ;/style
f!nctionOtas+Omod!le header declaration)%
Berilog/2$$1 is the dominant flavor of Berilog s!pported "y the ma8ority of
commercial E6A soft&are pac+ages%
?er#%og 2;;'
#ot to "e conf!sed &ith SystemBerilog Verilo 2$$% (IEEE Standard 124@/2$$3) consists of
minor corrections spec clarifications and a fe& ne& lang!age feat!res (s!ch as the !&ire
+ey&ord)%
A separate part of the Berilog standard Berilog/A'S attempts to integrate analog and mi,ed
signal modeling &ith traditional Berilog%
S$"em?er#%og
SystemBerilog is a s!perset of Berilog/2$$3 &ith many ne& feat!res and capa"ilities to aid
design verification and design modeling% As of 2$$9 the SystemBerilog and Berilog lang!age
standards &ere merged into SystemBerilog 2$$9 (IEEE Standard 1-$$/2$$9)%
1he advent of hard&are verification lang!ages s!ch as (penBera and BerisityIs e
lang!age enco!raged the development of S!perlog "y ;o/6esign A!tomation Inc% ;o/6esign
A!tomation Inc &as later p!rchased "y Synopsys% 1he fo!ndations of S!perlog and Bera &ere
donated to Accellera &hich later "ecame the IEEE standard P1-$$/2$$39 SystemBerilog%
In the late 199$s the Berilog Eard&are 6escription Pang!age (E6P) "ecame the most
&idely !sed lang!age for descri"ing hard&are for sim!lation and synthesis% Eo&ever the first
t&o versions standardi.ed "y the IEEE (124@/1993 and 124@/2$$1) had only simple constr!cts
for creating tests% As design si.es o!tgre& the verification capa"ilities of the lang!age
commercial Eard&are Berification Pang!ages (EBP) s!ch as (pen Bera and e &ere created%
;ompanies that did not &ant to pay for these tools instead spent h!ndreds of man/years creating
their o&n c!stom tools% 1his prod!ctivity crisis (along &ith a similar one on the design side) led
to the creation of Accellera a consorti!m of E6A companies and !sers &ho &anted to create the
ne,t generation of Berilog% 1he donation of the (pen/Bera lang!age formed the "asis for the
EBP feat!res of SystemBerilog%Accellera7s goal &as met in #ovem"er 2$$3 &ith the adoption
of the IEEE standard P1-$$/2$$3 for SystemBerilog IEEE (2$$3)%
1he most val!a"le "enefit of SystemBerilog is that it allo&s the !ser to constr!ct relia"le
repeata"le verification environments in a consistent synta, that can "e !sed across m!ltiple
pro8ects
Some of the typical feat!res of an EBP that disting!ish it from a Eard&are 6escription
Pang!age s!ch as Berilog or BE6P are
;onstrained/random stim!l!s generation
F!nctional coverage
Eigher/level str!ct!res especially ("8ect (riented Programming
'!lti/threading and interprocess comm!nication
S!pport for E6P types s!ch as Berilog7s @/state val!es
1ight integration &ith event/sim!lator for control of the design
1here are many other !sef!l feat!res "!t these allo& yo! to create test "enches at a
higher level of a"straction than yo! are a"le to achieve &ith an E6P or a programming lang!age
s!ch as ;%
System Berilog provides the "est frame&or+ to achieve coverage/driven verification (;6B)%
;6B com"ines a!tomatic test generation self/chec+ing test"enches and coverage metrics to
significantly red!ce the time spent verifying a design% 1he p!rpose of ;6B is to9
Eliminate the effort and time spent creating h!ndreds of tests%
Ens!re thoro!gh verification !sing !p/front goal setting%
)eceive early error notifications and deploy r!n/time chec+ing and error analysis to
simplify de"!gging%
E6am!%e$
E,19 A hello &orld program loo+s li+e this9
modu%e main>
#n#"#a%
beg#n
Rdisplay(FEello &orldcF)>
Rfinish>
end
endmodu%e
E,29 A simple e,ample of t&o flip/flops follo&s9
modu%e toplevel(cloc+reset)>
#n!u" cloc+>
#n!u" reset>

reg flop1>
reg flop2>

a%4a$ b (!o$edge reset or !o$edge cloc+)
#0 (reset)
beg#n
flop1 ^K $>
flop2 ^K 1>
end
e%$e
beg#n
flop1 ^K flop2>
flop2 ^K flop1>
end
endmodu%e
1he F^KF operator in Berilog is another aspect of its "eing a hard&are description
lang!age as opposed to a normal proced!ral lang!age% 1his is +no&n as a Fnon/"loc+ingF
assignment% Its action doesnIt register !ntil the ne,t cloc+ cycle% 1his means that the order of the
assignments are irrelevant and &ill prod!ce the same res!lt9 flop1 and flop2 &ill s&ap val!es
every cloc+%
1he other assignment operator FKF is referred to as a "loc+ing assignment% =hen FKF
assignment is !sed for the p!rposes of logic the target varia"le is !pdated immediately% In the
a"ove e,ample had the statements !sed the FKF "loc+ing operator instead of F^KF flop1 and
flop2 &o!ld not have "een s&apped% Instead as in traditional programming the compiler &o!ld
!nderstand to simply set flop1 e0!al to flop2 (and s!"se0!ently ignore the red!ndant logic to set
flop2 e0!al to flop1%)
E,29 An e,ample co!nter circ!it follo&s9
modu%e 6iv2$, (rst cl+ cet cep co!nt tc)>
// &I&"E 'Di(ide)*y)2$ Co+nter ,it# ena*les'
// ena*le CE- is a cloc. ena*le only
// ena*le CE& is a cloc. ena*le and
// ena*les t#e &C o+tp+t
// a co+nter +sin t#e Verilo lan+ae

!arame"er si.e K 3>
!arame"er length K 2$>

#n!u" rst> // &#ese inp+ts/o+tp+ts represent
#n!u" cl+> // connections to t#e mod+le/
#n!u" cet>
#n!u" cep>

ou"!u" Csi.e/19$D co!nt>
ou"!u" tc>

reg Csi.e/19$D co!nt> // 0inals assined
// ,it#in an al,ays
// 1or initial2*loc.
// m+st *e of type re

4#re tc> // Ot#er sinals are of type ,ire

// &#e al,ays statement *elo, is a parallel
// e3ec+tion statement t#at
// e3ec+tes any time t#e sinals
// rst or cl. transition from lo, to #i#

a%4a$ b (!o$edge cl+ or !o$edge rst)
#0 (rst) // &#is ca+ses reset of t#e cntr
co!nt ^K _si.e_1I"$``>
e%$e
#0 (cet VV cep) // Ena*les *ot# tr+e
beg#n
#0 (co!nt KK length/1)
co!nt ^K _si.e_1I"$``>
e%$e
co!nt ^K co!nt J 1I"1>
end

// t#e (al+e of tc is contin+o+sly assined
// t#e (al+e of t#e e3pression
a$$#gn tc K (cet VV (co!nt KK length/1))>

endmodu%e
E6&: An e6am!%e o0 de%a$:
%%%
reg a " c d>
4#re e>
%%%
a%4a$ b(" or e)
beg#n
a K " V e>
" K a d ">
e3 c K ">
d K e4 c f e>
end
1he al&ays cla!se a"ove ill!strates the other type of method of !se i%e% the al&ays cla!se
e,ec!tes any time any of the entities in the list change i%e% the " or e change% =hen one of these
changes immediately a is assigned a ne& val!e and d!e to the "loc+ing assignment " is
assigned a ne& val!e after&ard (ta+ing into acco!nt the ne& val!e of a%) After a delay of 3 time
!nits c is assigned the val!e of " and the val!e of c f e is t!c+ed a&ay in an invisi"le store% 1hen
after 4 more time !nits d is assigned the val!e that &as t!c+ed a&ay%
Signals that are driven from &ithin a process (an initial or al&ays "loc+) m!st "e of type reg%
Signals that are driven from o!tside a process m!st "e of type &ire% 1he +ey&ord reg does not
necessarily imply a hard&are register%
7.3 Con$"an"$
1he definition of constants in Berilog s!pports the addition of a &idth parameter% 1he "asic
synta, is9
^4idt# in *itsWI^*ase letterW^n+m*erW
E,amples9
12Ih122 / Ee,adecimal 122 (!sing 12 "its)
2$Id@@ / 6ecimal @@ (!sing 2$ "its / $ e,tension is a!tomatic)
@I"1$1$ / *inary 1$1$ (!sing @ "its)
4Io55 / (ctal 55 (!sing 4 "its)
7.& Sn"1e$#9ab%e Con$"ruc"$
1here are several statements in Berilog that have no analog in real hard&are e%g%
Rdisplay% ;onse0!ently m!ch of the lang!age can not "e !sed to descri"e hard&are% 1he
e,amples presented here are the classic s!"set of the lang!age that has a direct mapping to real
gates%
// 5+3 e3amples ) &#ree ,ays to do t#e same t#in/
// &#e first e3ample +ses contin+o+s assinment
4#re o!t>
a$$#gn o!t K sel ? a 9 ">
// t#e second e3ample +ses a proced+re
// to accomplis# t#e same t#in/
reg o!t>
a%4a$ b(a or " or sel)
beg#n
ca$e(sel)
1I"$9 o!t K ">
1I"19 o!t K a>
endca$e
end
// Finally ) yo+ can +se if/else in a
// proced+ral str+ct+re/
reg o!t>
a%4a$ b(a or " or sel)
#0 (sel)
o!t K a>
e%$e
o!t K ">
1he ne,t interesting str!ct!re is a transparent latch> it &ill pass the inp!t to the o!tp!t
&hen the gate signal is set for Fpass/thro!ghF and capt!res the inp!t and stores it !pon transition
of the gate signal to FholdF% 1he o!tp!t &ill remain sta"le regardless of the inp!t signal &hile the
gate is set to FholdF% In the e,ample "elo& the Fpass/thro!ghF level of the gate &o!ld "e &hen
the val!e of the if cla!se is tr!e i%e% gate K 1% 1his is read Fif gate is tr!e the din is fed to
latchSo!t contin!o!sly%F (nce the if cla!se is false the last val!e at latchSo!t &ill remain and is
independent of the val!e of din%
E678 // &ransparent latc# e3ample
reg o!t>
a%4a$ b(gate or din)
#0(gate)
o!t K din> // -ass t#ro+# state
// Note t#at t#e else isn't re9+ired #ere/ &#e (aria*le
// o+t ,ill follo, t#e (al+e of din ,#ile ate is #i#/
// 4#en ate oes lo,: o+t ,ill remain constant/
1he flip/flop is the ne,t significant template> in Berilog the 6/flop is the simplest and it can "e
modeled as9
reg 0>
a%4a$ b(!o$edge cl+)
0 ^K d>
1he significant thing to notice in the e,ample is the !se of the non/"loc+ing assignment%
A "asic r!le of th!m" is to !se DE &hen there is a !o$edge or negedge statement &ithin the
al&ays cla!se%
A variant of the 6/flop is one &ith an asynchrono!s reset> there is a convention that the
reset state &ill "e the first if cla!se &ithin the statement%
reg 0>
a%4a$ b(!o$edge cl+ or !o$edge reset)
#0(reset)
0 ^K $>
e%$e
0 ^K d>
1he ne,t variant is incl!ding "oth an asynchrono!s reset and asynchrono!s set condition> again
the convention comes into play i%e% the reset term is follo&ed "y the set term%
reg 0>
a%4a$ b(!o$edge cl+ or !o$edge reset or !o$edge set)
#0(reset)
0 ^K $>
e%$e
#0(set)
0 ^K 1>
e%$e
0 ^K d>
#ote9 If this model is !sed to model a SetO)eset flip flop then sim!lation errors can res!lt%
;onsider the follo&ing test se0!ence of events% 1) reset goes high 2) cl+ goes high 2) set goes
high @) cl+ goes high again 3) reset goes lo& follo&ed "y 4) set going lo&% Ass!me no set!p and
hold violations%
In this e,ample the al&ays b statement &o!ld first e,ec!te &hen the rising edge of reset
occ!rs &hich &o!ld place 0 to a val!e of $% 1he ne,t time the al&ays "loc+ e,ec!tes &o!ld "e
the rising edge of cl+ &hich again &o!ld +eep 0 at a val!e of $% 1he al&ays "loc+ then e,ec!tes
&hen set goes high &hich "eca!se reset is high forces 0 to remain at $% 1his condition may or
may not "e correct depending on the act!al flip flop% Eo&ever this is not the main pro"lem &ith
this model% #otice that &hen reset goes lo& that set is still high% In a real flip flop this &ill ca!se
the o!tp!t to go to a 1% Eo&ever in this model it &ill not occ!r "eca!se the al&ays "loc+ is
triggered "y rising edges of set and reset / not levels% A different approach may "e necessary for
setOreset flip flops%
#ote that there are no FinitialF "loc+s mentioned in this description% 1here is a split
"et&een FPNA and ASI; synthesis tools on this str!ct!re% FPNA tools allo& initial "loc+s
&here reg val!es are esta"lished instead of !sing a FresetF signal% ASI; synthesis tools donIt
s!pport s!ch a statement% 1he reason is that an FPNAIs initial state is something that is
do&nloaded into the memory ta"les of the FPNA% An ASI; is an act!al hard&are
implementation%
7.5 Initial Vs Always:
1here are t&o separate &ays of declaring a Berilog process% 1hese are the a%4a$ and
the #n#"#a% +ey&ords% 1he a%4a$ +ey&ord indicates a free/r!nning process% 1he #n#"#a% +ey&ord
indicates a process e,ec!tes e,actly once% *oth constr!cts "egin e,ec!tion at sim!lator time $
and "oth e,ec!te !ntil the end of the "loc+% (nce an a%4a$ "loc+ has reached its end it is
resched!led (again)% It is a common misconception to "elieve that an initial "loc+ &ill e,ec!te
"efore an al&ays "loc+% In fact it is "etter to thin+ of the #n#"#a%/"loc+ as a special/case of
the a%4a$/"loc+ one &hich terminates after it completes for the first time%
//E3amples8
#n#"#a%
beg#n
a K 1> // ;ssin a (al+e to re a at time $
e1> // 4ait < time +nit
" K a> // ;ssin t#e (al+e of re a to re *
end

a%4a$ b(a or ") // ;ny time a or * C!;NGE: r+n t#e process
beg#n
#0 (a)
c K ">
e%$e
d K g">
end // Done ,it# t#is *loc.: no, ret+rn to t#e top 1i/e/ t#e = e(ent)control2

a%4a$ b(!o$edge a)// R+n ,#ene(er re a #as a lo, to #i# c#ane
a ^K ">
1hese are the classic !ses for these t&o +ey&ords "!t there are t&o significant additional
!ses% 1he most common of these is an a%4a$+ey&ord &itho!t the F-.... sensitivity list% It is
possi"le to !se al&ays as sho&n "elo&9
a%4a$
beg#n // ;l,ays *eins e3ec+tin at time $ and NEVER stops
cl+ K $> // 0et cl. to $
e1> // 4ait for < time +nit
cl+ K 1> // 0et cl. to <
e1> // 4ait < time +nit
end // >eeps e3ec+tin ) so contin+e *ac. at t#e top of t#e *ein
1he a%4a$ +ey&ord acts similar to the F;F constr!ct 41#%e-1. G..H in the sense that it &ill
e,ec!te forever%
1he other interesting e,ception is the !se of the #n#"#a% +ey&ord &ith the addition of
the 0ore(er +ey&ord%
7.6 Race Condition
1he order of e,ec!tion isnIt al&ays g!aranteed &ithin Berilog% 1his can "est "e
ill!strated "y a classic e,ample% ;onsider the code snippet "elo&9
#n#"#a%
a K $>
#n#"#a%
" K a>
#n#"#a%
beg#n
e1>
Rdisplay(FBal!e aKh" Bal!e of "Kh"Fa")>
end
=hat &ill "e printed o!t for the val!es of a and "? 6epending on the order of e,ec!tion of the
initial "loc+s it co!ld "e .ero and .ero or alternately .ero and some other ar"itrary !ninitiali.ed
val!e% 1he Rdisplay statement &ill al&ays e,ec!te after "oth assignment "loc+s have completed
d!e to the e1 delay%
5%5 O!era"or$
#ote9 1hese operators are not sho&n in order of precedence%
*it&ise
Pogical
)ed!ction
Arithmetic
)elational
Shift
7.8 System Tasks:
System tas+s are availa"le to handle simple IO( and vario!s design meas!rement f!nctions% All
system tas+s are prefi,ed &ith I to disting!ish them from !ser tas+s and f!nctions% 1his section
presents a short list of the most often !sed tas+s% It is "y no means a comprehensive list%
Rdisplay / Print to screen a line follo&ed "y an a!tomatic ne&line%
R&rite / =rite to screen a line &itho!t the ne&line%
Rs&rite / Print to varia"le a line &itho!t the ne&line%
Rsscanf / )ead from varia"le a format/specified string% (aBerilog/2$$1)
Rfopen / (pen a handle to a file (read or &rite)
Rfdisplay / =rite to file a line follo&ed "y an a!tomatic ne&line%
Rf&rite / =rite to file a line &itho!t the ne&line%
Rfscanf / )ead from file a format/specified string% (aBerilog/2$$1)
Rfclose / ;lose and release an open file handle%
Rreadmemh / )ead he, file content into a memory array%
Rreadmem" / )ead "inary file content into a memory array%
Rmonitor / Print o!t all the listed varia"les &hen any change val!e%
Rtime / Bal!e of c!rrent sim!lation time%
Rd!mpfile / 6eclare the B;6 (Bal!e ;hange 6!mp) format o!tp!t file name%
Rd!mpvars / 1!rn on and d!mp the varia"les%
Rd!mpports / 1!rn on and d!mp the varia"les in E,tended/B;6 format%
Rrandom / )et!rn a random val!e%
CONC,USION
An implementation of area/optimi.ed AES and 6ES algorithm &hich meets the act!al
application is proposed in this paper% 'ean&hile this design red!ces po&er cons!mption to
some e,tent for the po&er cons!mption is directly related to the chip area% 1herefore the
encryption device implemented in this method can meet some practical applications% AES/12-
algorithm for encryption and decryption is implemented% 1he proposed design serves as the "est
high speed encryption algorithm and is th!s s!ita"le for vario!s applications% 'oreover &ith less
area !tili.ation the proposed design can "e em"edded &ith other larger designs as &ell%
RE3ERENCES
C1D A%Zang A%6ing #%Pi and Z%M%N!oTFPNA/"ased design and implementation of red!ced
AES algorithmi IEEE Inter%;onf% ;hal Envir Sci ;om Engin(;ES;E)%Bol%$2 Iss!e%3/4 pp%45/
5$ A!n 2$1$%
C2D A%'%6eshpande '%S%6eshpande and 6%#%<ayatanavarTFPNA Implementation of AES
Encryption and 6ecryptioniIEEE Inter%;onf%;ontA!to;omand Ener% vol%$1iss!e$@ pp%1/
4A!n%2$$9%
C2D Eiremath%S% and S!ma%'%S%TAdvanced Encryption Standard Implemented on FPNAi IEEE
Inter%;onf% ;omp Elec Engin%(IE;EE)vol%$2iss!e%2-pp%434/44$6ec%2$$9%
C@D A"del/hafee.%S%Sa&almeh%A% and *ataineh%S%TEigh Performance AES 6esign !sing
Pipelining Str!ct!re over NF(2-)i IEEE Inter ;onf%Signal Proc and ;om%vol%2@/25 pp%514/
519#ov% 2$$5%
C3D )i.+%'%)%'% and 'orsy '% T(ptimi.ed Area and (ptimi.ed Speed Eard&are
Implementations of AES on FPNAi IEEE Inter ;onf% 6esig 1es =or%vol%1iss!e%14pp%2$5/
215 6ec% 2$$5%
C4D Pi"eratori%'%(tero%F%*onadero%A%;% and ;astineira%A% TAES/12- ;ipher%Eigh Speed Po&
;ost FPNA Implementationi IEEE ;onf% So!thern Programma"le
Pogic(SPP)vol%$@iss!e%$5pp%193/19-A!n% 2$$5%
C5D A"delhalim%'%*% Aslan%E%<% and Faro!+%E% TA design for an FPNA"ased implementation
of )i8ndael cipheriI1I;1% Ena 1echSoc%(E1#<S) vol%3iss!e%4pp%-95/9126ec%2$$3%