Page | 1

Verilog Implementation

of

Triple Data Encryption Standard (T-DES)

Samnit Dua Hardik Manocha

Student, E.C.E Student, E.C.E

G B Pant Engineering College, Delhi G B Pant Engineering College, Delhi

India India

samnitdua@gmail.com manochahardik94@gmail.com

Page | 2

Abstract

Abstract We propose a mode of multiple encryption, namely Triple DES . The aim is

to provide strong protection against certain attacks (dictionary attacks and matching

cipher text attacks) which exploit the DES block size of 128 bits(with parity, 112 bits

without parity). We are also using three keys (64 bits each) in the project which are

independent of each other. We are first encrypting the input data (Plain text) with first

key, then decrypting the output with the second key and again encrypting it with the

third key. These make our data three times more stronger than the earlier algorithm

i.e. DES. This algorithm was needed after the crack of DES in mid-90’s.

Introduction to the project

Data encryption is used pervasively in today’s connected society. The two most basic

facts of modern day data encryption are data privacy and authentication. As modern

society becomes more connected, and more information becomes available there is a

need for safeguards which bring data integrity and data secrecy. In addition,

authenticating the source of information gives the recipient, with complete certainty

that the information came from the original source and that it has not been altered

from its original state. Both, the needs for information privacy and data authentication

have motivated cryptography.

• Cryptosystemor cipher system- A method of disguising messages so that only certain

People can see through the disguise.

• Cryptography- The art of creating and using cryptosystems.

• Cryptanalysis- The art of breaking cryptosystems, and seeing through the disguise

even

• Cryptology- The study of both cryptography and cryptanalysis.

• Plaintext- The original message

• Ciphertext - The disguised message

• Encryption- A fundamental security mechanism in which the ordinary data

(plaintext) are

Transformed by the encryption process into ciphertext.

• Decryption- A procedure to convert ciphertext back into plaintext.

Page | 3

Encryption techniques are used to safeguard information while it is stored within a

network

Node or while it is in transit across communications media between nodes.A

cryptosystem is

Usually a whole collection of algorithms. The algorithms are labeled; and the labels

are called

keys. The people who are supposed to be able to see through the disguise are called

recipients. Other people are enemies, opponents, interlopers, eavesdroppers, or third

parties.

As an example, for a plaintext message being sent, if every A is replaced with a D,

every B is

replaced with an E, and so on through the alphabet, only someone who knows the

"shift by 3"

rule can decipher the messages. Hence a "shift by n’’encryption technique can be

performed

for several different values of n. Therefore, n is the key here.

Fig 1: T-DES implementation

Page | 4

TRIPLE DES

Triple DES (3DES) is the common name for the Triple Data Encryption Algorithm

(TDEA or Triple DEA) symmetric-key block cipher, which applies the Data

Encryption Standard (DES) cipher algorithm three times to each data block.

The original DES cipher’s key size of 56 bits (without parity) was generally sufficient

when that algorithm was designed, but the availability of increasing computational

power made brute-force attacks feasible. Triple DES provides a relatively simple

method of increasing the key size of DES to protect against such attacks, without the

need to design a completely new block cipher algorithm.

Algorithm

Triple DES uses a “key bundle” that comprises three DES keys, K1, K2 and K3, each

of 56 bits (excluding parity bits). The encryption algorithm is:

Cipher text = EK₃(DK₂(EK₁(plaintext)))

I.e., DES encrypts with K1, DES decrypt with K2, then DES encrypt with K3.

Decryption is the reverse:

Plaintext = DK₁(EK₂(DK₃(ciphertext)))

I.e., decrypt with K3, encrypt with K2, and then decrypt with K1.

Each triple encryption encrypts one block of 64 bits of data. In each case the middle

operation is the reverse of the first and last. This improves the strength of the

algorithm when using keying option 2, and provides backward compatibility with

DES with keying option 3.

Page | 5

KEYING OPTIONS

The standards define three keying options:

• Keying option 1: All three keys are independent.

• Keying option 2: K1 and K2 are independent, and K3 = K1.

• Keying option 3: All three keys are identical, i.e. K1 = K2 = K3.

Keying option 1 is the strongest, with 3 × 56 = 168 independent key bits.

Keying option 2 provides less security, with 2 × 56 = 112key bits. This option is

stronger than simply DES encrypting twice, e.g. with K1 and K2, because it

protectsagainst meet-in-the-middle attacks.

Keying option 3 is equivalent to DES, with only 56 keybits. This option provides

backward compatibility withDES, because the first and second DES operations

cancelout. It is no longer recommended by the National Institute of Standards and

Technology (NIST), and is notsupported by ISO/IEC 18033-3.

Each DES key is nominally stored or transmitted as 8bytes, each of odd parity,so a

key bundle requires 24,16 or 8 bytes, for keying option 1, 2 or 3 respectively.

Page | 6

Block diagram

• encryption

Figure 2: block diagram of DES encryption

Page | 7

For T-DES, the above algorithm is applied for key K1, then the reverse steps are

applied with key K2, then once again the above algorithm is applied with key K3.

• Key

Figure 3: block diagram of Key generation function.

SECURITY

In general, Triple DES with three independent keys (keying option 1) has a key length

of 168 bits (three 56-bit DES keys), but due to the meet-in-the-middle attack, the

effective security it provides is only 112 bits. Keying option 2 reduces the effective

key size to 112 bits (because the third key is the same as the first). However, this

option is susceptible to certain chosen-plaintext or known-plaintext attacks, and thus,

it is designated by NIST to have only 80 bits of security.

Page | 8

The best attack known on keying option 1 requires around 232

known plaintexts, 2113

steps, 290

single DES encryptions, and 288

memory (the paper presents other tradeoffs

between time and memory). This is not currently practical and NIST considers keying

option 1 to be appropriate through 2030.

If the attacker seeks to discover any one of many cryptographic keys, there is a

memory efficient attack which will discover one of 228

keys, given a handful of

chosen plaintexts per key and around 284

encryption operations.

Waveforms

encryption

Decryption

Page | 9

Result and analysis

The above project is executed with Verilog HDL code. The result which is obtained is listed

below.

1. The system is initialized with setting reset button to high bit.

2. The plain text input is encrypted and we get the cipher text as output.

3. The key input is changed according to the key generation function used in the code.

PERFORMNACE

Synthesized on Virtex 7 (XC7VX330T, FFG1157)

Parameter

Value

Time (ns)

1.570

Frequency (MHz)

637.079

Throughput (Gbps)

8.154

Throughput/Slice (Mbps)

557.500

Page | 10

Future implementation of modules in the project

The following modules are still remained to be implemented in the project which is listed

below.

1. Implementation of the code with the Advanced Encryption Standard to make it hybrid

encryption.

2. Verification of overall functionality using SystemVerilog.

Applications

The DES and TDES devices are used by the federal department and other government

agencies for cryptographic protection of classified information. The federal government

standardizes DES and specifies interoperability and security-related requirements for using

encryption at the Physical Layer of the ISO Open Systems Interconnection (OSI) Reference

Model in telecommunications systems conveying digital information. In addition to

preserving

confidentiality, cryptography can be used for:

• Authentication: the receiver of the message can ascertain its origin

• Integrity: the receiver can verify if the message was modified during the transmission

• Non-repudiation: the sender cannot deny that she sent the message

The DES and TDES cores are very compact cores. Encryption cores are typically

implemented

with data and key buses connected to other modules internal to the FPGA. Data encryption

(and particularly DES) is primarily applied in:

• Electronic financial transactions: Automatic Teller Machines (devices limited to the

issuance of cash or travelers checks, acceptance of deposits, or account balance

reporting)

• Secure data communications, paving the road for e-commerce

• Secure video surveillance systems

• Encrypted data storage and proprietary software protection

• Access control: Software or hardware which protects passwords or Personal Identification

Numbers (PINs) against unauthorized access.

The DES and TDES functionality is usually integrated within embedded systems. Xilinx

Page | 11

presents several IP solutions which integrate with the DES/TDES IP. The DCT/IDCT

(discrete cosine transform/inverse DCT) solutions (also provided by Xentec) are applied in

DVDs (JPEG), cable TV, DBS systems, HDTV, graphics, Ultrasound/MRI systems, digital

VCRs, set top boxes, digital cameras, etc. These applications also require the DES algorithm

for dataencryption, thus presenting a smart system-on-a-chip solution. The combination of

the DCT/IDCT and DES cores from Xentec ported on a Xilinx FPGA shortens time to market

(TTM), and also makes Xilinx a one stop shop for data encryption for various applications

like real-timevideo, secure camera systems, etc.

Triple-DES is prevalent in Fax machines. This allows secure data transfer over phone lines

and prevents active interception of one’s faxes at the receiver end, which is prevented by

password entry by the user for fax retrieval. Networking applications use DES and Triple-

DES to provide network protection through data privacy, data integrity, access control and

authentication. Message and file security, user authentication, secure remote system logon,

and multilevel system access require data encryption, and DES and Triple-DES algorithms

are the most prevalent.

Virtual Private Networks (VPN)

There is a need for control and access between different entities in a company’s business

environment, to provide secure communication between remote offices, business partners,

customers, and travelling and telecommuting employees. Transmitting messages over the

existing Internet backbone poses risks. VPNs were introduced to tackle exactly these issues to

provide a company owned and managed network architecture. These networks provide

scalable and comprehensive solutions by utilizing existing Internet backbone with additional

hardware and software solutions. Strong data encryption is necessary to extend security and

control features for which Triple-DES are the most commonly used. This provides

secure network traffic through data privacy, data integrity, access control and authenticating

entities by providing a gateway to each point of access into the business.

Page | 12

DES/TDES Applications in ATM Networks

TDES algorithms have been used for cell payload encryption. Key management in

perimeter security systems that provide privacy through high-speed cryptography for

information traversing between private and public ATM (Asynchronous Transfer Mode)

networks. The cryptographic units heighten security interfaces between a secure LAN and a

public network. As data crosses this interface, the system encrypts each ATM cell’s payload

without affecting the header. Encrypted cells pass through the public network infrastructure

and are decrypted upon arriving at the destination LAN. The benefit is that the user can

conduct business as usual within the LAN and can encrypt the data as it enters the non-secure

public network or non-secure area of a LAN. The system provides privacy and access control

guarantees when using public ATM networks.

Data security in e-Commerce applications is required to have secure website, conduct

financial transactions over the Internet, authentication of users to Intranets and Extranets,

secure messaging (including X.400/EDI) and secure storage of digital signature keys for

signature generation and verification for digital documents.

Smartcard Solutions

Smartcard solutions are used in wireless communication, loyalty systems, banking Pay TV

and government ID. These are used to provide strong authentication in e-business. These

solutions are used with standard non-secured PCs. Consumers, vendors and financial

institutions need to know that the transactions, documents and identities are authentic. Triple-

DES algorithms are the most used encryption methods in data security for the Smartcard

solutions.

References

1. Wikipedia https://en.wikipedia.org/wiki/Triple_DES

Page | 13

2. White paper 115, Xilinx www.xilinx.com/support/documentation/white_papers/wp115.pdf