Beruflich Dokumente
Kultur Dokumente
')-%-12&*
*
+3*14567896:*.3*;7<=8>:*?3*;@>AB9:*#3'>5C>8:*-3*,988=DD=45=:*E3*;>A=>F:*#3*'9AA48>6>*G.C=B4A9FH*I*JKLM*!?#)"
04C4F*84F*C9A9DN4F*A9F9A<>C4F
Orellana, Rafael
Lacruz, Jess
rafael.orellana@ula.ve
jlacruz@ula.ve
Departamento de Electrnica y Comunicaciones, Universidad de Los Andes. Mrida-Venezuela
Coronel, Mara
maria.coronel@ula.ve
Departamento de Circuitos y Medidas, Universidad de Los Andes. Mrida-Venezuela
Abstract. The art of keeping messages secure is cryptography. The R.S.A algorithm is a high
quality, secure and asymmetric key algorithm used to provide data protection services. This
algorithm requires two different keys, one for encryption (public key) and the other for
decryption (private key). The computational load depends on the keys bits size and typically is
implemented using software-based programs. This paper presents the design and logic synthesis
of a module for keys generation of the R.S.A algorithm using hardware description language,
particularly, Verilog. The design includes functional and structural specification. Functional
specification shows the port list description and functional core in order to attend basic
functionality of the module. Structural description shows the proposed architecture for R.S.A
keys generation module. The data-path shows the implemented sub-modules and the
interconnection between them. Modular exponentiation submodule is designed to compute prime
numbers using Fermat test. The keys of R.S.A algorithm are computed using Euclidean Extended
Algorithm and stored in two registers. Random numbers used in the algorithm are generated
with linear feedback shift registers. The module is parametrized to generate 16, 64 and 128 bits
keys size. The correct data flow is checked by the control unit implemented as a finite state
machine. Test bench is designed to check the functionality of R.S.A generation keys module,
simulated using Verilog and Xilinx ISE 14.7. Test shows public key and private key computed
and the correct encryption and decryption task for different keys size. For the logic synthesis a
FPGA kit board Spartan-3E is used setting a clock frequency of 50 MHz. The final results show
singular improvements in the proposed architecture in terms of timing and area, and the
advantages of using a parameterizable design.
1. INTRODUCTION
2. R.S.A ALGORITHM
R.S.A is an encryption algorithm based on blocks. This means that both the plain text and
the cipher text are given number between 0 and (n-1). A message larger that log2(n) is divided
into segments of appropriate length, called blocks, which are encrypted one by one. Besides, as a
public key cryptographic algorithm, it is based on a mathematic related key pairs between public
key and a private key [7]. R.S.A algorithm is summarized in three main steps: keys generation,
encryption and decryption.
Keys generation for RSA starts with the selection of two prime numbers (p and q) which are
then multiplied to produce the publicly visible modulus n. The strength of R.S.A algorithm is
based on the difficulty of factoring n to discover the original prime numbers. Hence the larger
the value of these primes, the harder the factorization problem becomes. Then, is calculated
Euler function (n).
Next an integer, E, that is relatively prime to !"#, is randomly chosen as the public key. It
must satisfy that the Greater Common Divisor (GCD?&7$#'$$0&#)$%&(!&$@4.8&#,&;=>A&.0/&-478(*&
key is between the ranges from 1 to !"#. Private key, D, is generated finding the multiplicative
inverse using Euclidean extended algorithm (EEA).
2.2 Encryption
In R.S.A algorithm both, plain text (M) and cipher text (C), are blocks with length less than
log2(n) [7]. In encryption, the cipher text is genera#$/&7"&;B@5&C=?>5
C = M E mod n (1)
Where mod is the modulus operator between exponential operation ME and the number n.
2.3 Decryption
In R.S.A algorithm the clear message is recovered using the private key D 7"&.--8"(0:&;B@5&
CD?>A&')$+$&mod is the modulus operator between CD and the number n.
M = C D mod n (2)
.'!OYJ*#9P4A=>F*C98*'45QA9F4*"5B9A5>D=45>8*C9*#RB4C4F*)@PRA=D4F*95*"5Q95=9AS>*T*'=95D=>F*&U8=D>C>F:*'"#.)"'!
Now, next section shows the design of a hardware module to implement the step of keys
generation in R.S.A algorithm.
The R.S.A keys generation module is designed to obtain public key and private key. It is
parametrized for key sizes ,3&;E>&7(#!&C=F&7(#!A&FG&7(#!&.0/&=DH&7(#!?5&I)$&/$!*+(-#(,0 of the port
interface is shown (0&;I.78$&=>5
Two LFSR modules are used in the design to generate random numbers. The first one
generates random numbers in order to find if it is a prime number. A Modular Exponentiation
module is used to implement Fermat test [8]. When two prime numbers are calculated they are
stored in two registers (p_number and q_number). Then, Euler function and product of prime
numbers are calculated and stored in registers (fi_number and n_number). The second LFSR is
used to generate random public keys for Euclidean Extended module. When random public key
satisfies conditions of Euclides algorithm, public and private key are calculated and stored in
registers (public_key and private_key). Flag valid_eu is used to indicate that the public key
(n_number and public_key) and private key are computed satisfactorily.
LFSR modules design. Linear feedback shift register is used to generate random numbers.
In theory, an N-bit LFSR can generate 2N-1 bit long random sequence before repeating [9].
These module is parametrized to implement N-bit LFSR for random public key and (N/2)-bit for
the generation of prime numbers. Combinational logic using exclusive OR gates, AND gates and
shift operator are implemented in a feedback loop of LFSR. The structure of the N-bit LFSR is
!),'0&(0&;<(:5&J>5
Modular exponentiation module. ;<(:4+$ G>& !),'!& #)$& ).+/'.+$& !#+4*#4+$& used for
modular exponentiation module.
a x + b z = GCD(a,b) (3)
This module takes as input Euler function and a random public key generated by the LFSR.
When the conditions shown (0& ;<(:5& =>& .+$& !.#(!3($/A& -+(2.#$& 9$"& (!& *,%-4#$/& .!& (02$+!$&
multiplicative of random public key and it is stored in registers. ;<(:4+$& V>& !),'!& #)$& -!$4/,&
code of Euclidean extended algorithm implemented in hardware.
Control unit is implemented as a finite state machine (FSM) to control the data flow shown
(0&;<(:5&D>5&Q&!#.#$ diagram of FSM is shown (0&;<(:5&F>5 ;I.78$&D>&!),'!&#)$&-,+#&(0#$+3.*$&,3&
the FSM designed.
When input reset_i is enabled, all registers and modules of data-path go to initial conditions,
and FSM stayed in IDLE state. If reset_i signal is unable, the input start_i starts the operation of
the module. The GENERATE_PRIMES state is used to calculate two prime numbers. An internal
counter is implemented to check if two prime numbers are generated using Fermat test in the
data-path and then store the product of them in registers. Next, in CALCULATE_EULER state
#9P4A=>F*C98*'45QA9F4*"5B9A5>D=45>8*C9*#RB4C4F*)@PRA=D4F*95*"5Q95=9AS>*T*'=95D=>F*&U8=D>C>F:*'"#.)"'!*.'!OYX
the Euler function is stored and then used to calculate the public and private keys.
ENABLE_LFSR_KEY state is used to generate a random number to be use as a possible public
key, CHECK_KEY state is verified if the random number meets the range of possible values for
the public key. Next, GENERATE_KEYS state is responsible to enable the module to calculate
public and private keys using Euclidean extended algorithm. Finally, in END state the keys are
stored in registers and activate a high flag to indicate the task is ended.
4. RESULTS
This section shows prime numbers computed using Fermat test, Euler function number and
Euclidean extended module performance to calculate public key and private key. The data-path
of all modules, control unit and test bench are described using Verilog language and simulated
using Xilinx ISE 14.7. A Spartan-3E board is used to synthesize the code. Results are shown in
hexadecimal numbers.
;<(:4+$& H>& !),'! the test bench for 128-bits public key and private key using Euclidean
extended algorithm. When GCD of fi_n_reg and random_key +$:(!#$+!& (!& ;=>, a private key is
calculated and valid_eu flag is high. Flag done_eu is high to indicate that the task of Euclidean
extended module is finished. ;I.78$&G>&!),'!&16-bits and 64-bits keys calculated.
Figure 8- Time diagram for test bench to calculate public and private key
#9P4A=>F*C98*'45QA9F4*"5B9A5>D=45>8*C9*#RB4C4F*)@PRA=D4F*95*"5Q95=9AS>*T*'=95D=>F*&U8=D>C>F:*'"#.)"'!*.'!OYY
Table 4. Public and private key calculated for 16-bits and 64-bits size
;I.78$& V>& !),'!& #)$ area (slices) and timing (maximum clock frequency) summary with
synthesis estimated values for R.S.A keys generation module. The FPGA chip used is a Xilinx
Spartan-3E xc3s500e-5fg320 with 50 MHz of clock frequency.
Table 5. Summary with estimated values for R.S.A keys generation module
It is clear that when the number of bits is increased, the maximum frequency achievable is
decreased, because it is more complicated to obtain prime numbers and encryption/ decryption
keys with the hardware architecture proposed. For 16-bits and 64-bits keys size the number of
slices allows the implementation of this module using the Xilinx FPGA, perhaps, 128-bits keys
size the slices used are over available, therefore, it is necessary to select other FPGA chip.
5. CONCLUSIONS
In this paper hardware architecture to generate public and private keys of R.S.A algorithm is
presented. Fast modular exponentiation module is used to implement a primality test to get two
prime numbers, Fermat test is used in this case. Euclidean extended algorithm is implemented in
hardware to solve a Diophantine equation with GCD of Euler function number and public key,
where its inverse multiplicative represents the private key. R.S.A generation keys module is
parametrized for 16, 64 and 128-bits keys size.
The proposed hardware architecture is implemented using Verilog targeting Xilinx Spartan-
3E xc3s500e-5fg320. The whole design is tested using Xilinx ISE 14.7 tool, showing the correct
functionality to obtain prime numbers, Euler function number and R.S.A keys. Synthesis result
shows that 128-bits size implementation require more than 100% resources of FPGA board
selected, so another FPGA chip board with best performance is necessary for hardware
implementation, however, 64-bits and 16-bits keys size are implemented satisfactorily using the
kit board selected.
Nowadays, for security reasons, commercial implementations requires 1024-bits and 2048-
bits keys size, so it is possible to employ the parameterizable characteristic of the proposed
hardware architecture to implement them, using advanced FPGA kit boards with specialized
blocks to reduce area and improve maximum frequency.
.'!OYZ*#9P4A=>F*C98*'45QA9F4*"5B9A5>D=45>8*C9*#RB4C4F*)@PRA=D4F*95*"5Q95=9AS>*T*'=95D=>F*&U8=D>C>F:*'"#.)"'!
Acknowledgements
We would like to express our special thank and appreciation to the Electronic and
Communications department of Electrical Engineering School at University of Los Andes for
their support throughout this work.
REFERENCES
[1].Huffmire, T., Irvine, C., Nguyen, T., Levin, T., Kastner, R., & Sherwood, T., FPGA
Updates and Programmability, pp. 87-96. Springer Science - Basicness Media, 2010.
[2].Schneier, B., Applied Cryptography: Protocols, Algorithms, and Source Code in C, pp.
200-210. John Wiley & Sons, 1996.
[3].Rivest, R., Shamir, A., & Adleman, L., Method for Obtaining Digital Signatures and
Public-Key Cryptosystems. Communications of the ACM, vol. 21, n. 2, pp. 120X126,
1978.
[4].Deng Y., Mao Z., & Ye Y., Implementation of RSA Crypto-Processor Based on
Montgomery Algorithm. Fifth International Conference on Solid-State and Integrated
Circuit Technology, pp. 524-526, 1998.
[5].Zhang, C., Xu, Y., & Wu, C., A Bit-Serial Systolic Algorithm and VLSI Implementation
for RSA. IEEE Communications, Computers and Signal Processing, vol. 2, pp. 523-
526, 1997.
[6].Sushanta, K., & Manoranjan, P., FPGA Implementation of RSA Encryption System.
International Journal of Computer Applications, vol. 19, n. 9, pp. 10-12, 2011.
[7].Prasu, G., Malabika, B., & Biswas, M., Hardware Implementation of TDES Crypto
System with On Chip Verification in FPGA. Journal of Telecommunications, vol. 1, n.
1, pp. 113-117, 2010.
[8].Henk, C., & Sushil, J., Encyclopedia of Cryptography and Security, pp. 455-456.
Springer, 2011.
[9].Chiranth, E., Chakravarthy, H., Nagamohanareddy, P., Umesh, T., & Chethan, M.,
Implementation of RSA Cryptosystem Using Verilog. International Journal of
Scientific & Engineering Research, vol. 2, n. 5, pp. 1-7, 2011.
[10].Muhammad, I., Mamun, B., Reaz, H., & Sazzad, H., FPGA Implementation of RSA
Encryption Engine with Flexible Key Size. International journal of communication, vol.
1, n. 3, pp. 107-113, 2007.
[11].Vibhor, G., Aruna, V., Architectural analysis of RSA crypto system on FPGA.
International Journal of Computer Applications, vol. 26, n. 8, pp. 30-34, 2011.
#9P4A=>F*C98*'45QA9F4*"5B9A5>D=45>8*C9*#RB4C4F*)@PRA=D4F*95*"5Q95=9AS>*T*'=95D=>F*&U8=D>C>F:*'"#.)"'!*.'!OY[
[12].Soderquist, P. & Leeser, M., Division and square root: choosing the right
implementation. IEEE Micro, vol. 17, n. 4, pp. 56-66, 1997.
[13]. Cormen, T., Leiserson, C., Rivest, R., & Stein, C., Introduction to Algorithms, pp. 859-
861. MIT Press and McGraw-Hill, 2001.