Prof. P. Magesh Kannan et al.
/ (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES
VLSI Architecture and ASIC Implementation of ICE Encryption
Algorithm
Prof. P. Magesh Kannan
VLSI Division, School of Electronics Engineering,
VIT University, Vellore, India
E-mail: mageshkannan.p@vit.ac.in
Abstract— In modern security, the need for safe cryptographic
algorithms that are hardware implemental is mandatory. A
hardware architecture is proposed in this paper, for the
implementation of the Information Concealment Engine
encryption algorithm. The Information Concealment Engine
algorithm was designed for use in software applications. Those
applications are slow due to the use of modular arithmetic. So the
need for faster implementations becomes mandatory. That can be
achieved through hardware implementations. The system
operates for the encryption processes and has been optimized for
low hardware resources and for high-speed. In this paper we are
going to discuss about the ICE, DES and Triple DES, also we
compare the performance of all. The proposed architecture has
been implemented as ASIC in 180 nm technology.
Keywords-ICE, Montgomery
multiplication, Systolic architecture
I. INTRODUCTION
ES
Multiplication, Modular
Security is a primary requirement of any wireless
cryptographic protocol. In order to find a solution to this
always up to date problem, cryptographic algorithms are
constructed to provide secure communication applications.
There are many good algorithms with different usages and
characteristics, not all of them can be characterized fully
secure [1], [2]. In cryptography, ICE (Information
A
Concealment Engine) is a block cipher published by Kwan in
1997. The algorithm is similar in structure to DES, but with
the addition of a key-dependent bit permutation in the round
function. The key-dependent bit permutation is implemented
efficiently in software. The ICE algorithm is not subject to
patents, and the source code has been placed into the public
domain.
IJ
The ICE algorithm was designed for use in software
applications. Those applications however are slow due to the
use of modular arithmetic [3]. So the need for faster
implementations is great. That can be achieved through
hardware implementations. Considering the fact that hardware
implementations are generally faster and more Ease of Use
reliable than software implementations the outcome of a
hardware design is even more interesting.
In this paper, the architecture and the VLSI
implementation of the ICE encryption algorithm are proposed.
The system operates for the both encryption and decryption
processes and has been optimized for low hardware resources
ISSN: 2230-7818 @ 2011 http://www.ijaest.iserp.org. All rights Reserved.
Vol No. 5, Issue No. 2, 310 - 314
Venkatesan Sellappan
PG Student – VLSI Design, SENSE
VIT University, Vellore, India
E-mail: venkatesan.srec@gmail.com
and for high–speed performance. The proposed architecture
has very encouraging performance result in terms of speed and
throughput. This makes the design very useful in current
applications that use DES as the base of a cryptographic
protocol [2]. ICE is a Feistel network with a block size of 64
bits. The standard ICE algorithm takes a 64-bit key and has 16
rounds. A fast variant, Thin-ICE, uses only 8 rounds. An
T
open-ended variant ICE-n, uses 16n rounds with 64n bit key.
They described an attack on Thin-ICE which recovers the
secret key using 2 23 chosen plaintexts with a 25% success
probability. If 2 27 chosen plaintexts are used, the probability
can be improved to 95%. For the standard version of ICE, an
attack on 15 out of 16 rounds was found, requiring 2 56 work
and at most 2 56 chosen plaintexts.
In this paper we are going to discuss about the ICE, DES
and Triple DES, also we compare the performance of all.
A. DES
The Data Encryption Standard or DES algorithm is a 64-
bit block cipher that can use key size of 64 bits. Both ICE and
DES uses standard Feistel block cipher but one of the
differences from DES is that after the expansion function E,
key permutation is used in ICE. This secret key encryption
algorithm uses a key that is 56 bits, or seven characters long.
At the time it was believed that trying out all
72,057,594,037,927,936 possible keys (a seven with 16 zeros)
would be impossible because computers could not possibly
ever become fast enough. In 1998 the Electronic Frontier
Foundation (EFF) built a special-purpose machine that could
decrypt a message by trying out all possible keys in less than
three days. The machine cost less than $250,000 and searched
over 88 billion keys per second.
B. Triple DES
The Triple-DES variant was developed after it became
clear that DES by itself was too easy to crack. It uses three 56-
bit DES keys, giving a total key length of 168 bits. Encryption
using Triple-DES is simply
cipher text = EK3(DK2(EK1(plaintext)))
DES encrypt with K1, DES decrypt with K2, then DES
encrypt with K3.Because Triple-DES applies the DES
algorithm three times (hence the name), Triple-DES takes
Page 310
Prof. P. Magesh Kannan et al. / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES
Vol No. 5, Issue No. 2, 310 - 314

three times as long as standard DES. Decryption using Triple-

DES is the same as the encryption, except it is executed in
reverse.

Decryption is the reverse:

plaintext = DK1(EK2(DK3(cipher text)))

The paper is organized as follows. In section 2 the ICE

encryption algorithm is introduced. In section 3 the F function
is described. In section 4, a thorough analysis of the
architecture and the VLSI implementation is made. In section
5 Montgomery multiplication is described. In section 6 the
performance is presented and some conclusions are presented
in section 7.
II. THE ICE ENCRYPTION ALGORITHM
ICE is a standard Feistel block cipher [2], [3] with a
structure similar to DES. It takes a 64-bit plaintext, which is
split into two 32-bit halves. In each round of the algorithm the

right half and a 60-bit subkeys are fed into the function F. The
output of F is XORed with the left half, and then the halves
are swapped. This is the Transformation Round of the ICE
algorithm. This process is repeated for 16 rounds [2],
[3].However the final swap is left out. The decryption process
is the same, except that the subkeys are used in reverse order.
ES
The advantages of Feistel structure are one-to- one
mapping between plaintext and cipher text, which is necessary
for a cipher to be decryptable. Secondly, Feistel ciphers have
been publicly cryptanalysed for more than two decades, and
no systematic weakness has been uncovered. And finally,
Feistel ciphers are reasonably fast and simple to implement in
software. Speed and simplicity were two important design
aims for ICE [3].
III. THE F FUNCTION
The ICE F function is similar in structure to the one used
A
in DES, with the exception of keyed permutation described
below [2]. The function as a whole is illustrated in Figure. 1
IJ
T
Figure 1. ICE F Function
A. The Expansion Function E
The 32-bit plaintext half is expanded to four 10-bit values,
E1, E2, E3, E4, in the following manner [2], [3].
E1=P1P0P31P30P29P28P27P26P25P24
E2=P25P24P23P22P21P20P19P18P17P16
E3=P17P16P15P14P13P12P11P10P9P8
E4=P9P8P7P6P5P4P3P2P1P0
This expansion function was chosen because four 10-bit
values were needed for the S-boxes, and it was reasonably fast
to implement in software [3].
B. Keyed Permutation
After expansion, keyed permutation is used. The
permutation subkeys is 20 bits long, and is used to swap bits
between E1 and E3, and between E2 and E4. When the odd
bits of the permutation key are set they swap El relative bits
with E3 bits else they swap E2 relative bits with E4 bits. For
example, if bit 1 of the subkey is set, bit 0 of E1 and E3 will
be swapped. If bit 2 of the subkey is set, bit 1 of E2 and E4
will be swapped [2],[3].

The values E1, E2, E3, and E4, after being permuted, are
XORed with 40 bits of subkeys, then used as input to the four
S-boxes, S1, S2, S3, and S4. Each S-box takes a 10 bit input
and produces an 8 bit output [3].

C. The Permutation Function P

The four 8 bit S-box outputs are combined via a P-box into
a 32-bit value, which become the output of the F function. The
P-box, which is specified in table 1, was designed to maximize
diffusion from each S-box, and ensure that bits which are
separated by 16 places never come from the same S-box, nor
from S-boxes separated by two places(S1 and S3) [3].

ISSN: 2230-7818 @ 2011 http://www.ijaest.iserp.org. All rights Reserved. Page 311

Prof. P. Magesh Kannan et al. / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES
Vol No. 5, Issue No. 2, 310 - 314

D. The S-Boxes
The S-boxes in ICE are similar in structure to those used in
LOKI [4] in their use of Galois field exponentiation. Each S-
box takes a 10-bits input X. Bits X9 and X 0are concatenated to
form the row selector R. Bits X8.....X1 are concatenated to
form the 8-bit column selector C. For each row R, there is an
XOR offset value OR, and a Galois field prime PR [2], [3]. The
8-bit output of an S-box for an input X is given by (C XOR
OR)7 mod PR under 8-bit Galois field arithmetic. The exponent
7 was chosen because it is a one-to-one function [2], [3]. The
XOR offsets for each row in each S-box are given in table 1,
while the prime numbers are specified in table 2.
Table 1. The S-Box offset values

Figure 2. The Proposed Feedback Architecture

Table 2 . The S-Box Galois Field Prime values From the analysis of ICE, main design function lies in the ICE

T
transformation round. Especially, in the implementation of the
F function, shown in Figure 3. The F function has four parts.
The Expansion function E, the key permutation, the S-boxes
and the permutation function P [2].

Key permutation can be easily implemented using two

IV. THE PROPOSED ARCHITECTURE

ES
The proposed architecture is shown in Figure 2.This
architecture performs both encryption and decryption with
input plaintext and 64-bit input keys. It uses an input and an
output register. Each of them stores the values of left and right
part of every round and swaps the two parts if needed [2]. The
Key Expansion Unit creates the round keys, using the 64-bit
Input Key following the specifications of ICE. The Keys are
stored inside the RAM for every round [2].
The encryption process is simple. In each clock cycle, the
A
data stored in the input register are inserted in the ICE
Transformation Round along with the subkeys stored in the
RAM. This process is repeated for 16 rounds. However at the
final round, the Output Register is used in order to swap the
left and right part of the ICE Transformation Round Output.
That value of the Output Register is the cipher text. The
decryption process follows the same process. However the
IJ
multiplexers 2-1, while the Expansion and permutation
functions are just rearrangement of wires. So the main
implementation cost of the F function lies in the design of the
S-boxes [2].
Considering that each S-box uses modular exponentiation
in order to calculate its output, a VLSI architecture based on
Montgomery Multiplication algorithm is proposed [2]. This
component is finding the mathematical function A7mod P. The
architecture of this component is pipelined, with 6 stages, and
it is based on the following algorithm:
FUNCTION A7mod P(X, P)
1. A=MM(X, R’, P)
2. B=MM(A, A, P)
3. C=MM(B, A, P)
4. D=MM(C, C ,P)

5. E=MM(D, A, P)
subkeys are used in reverse order [2].
6. Out=MM(E, 1, P)

ISSN: 2230-7818 @ 2011 http://www.ijaest.iserp.org. All rights Reserved. Page 312

Prof. P. Magesh Kannan et al. / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES
Vol No. 5, Issue No. 2, 310 - 314

Let A, B, and M be the multiplicand and multiplier and

modulus respectively and let n be the length of operands [9].
The pre-condition of the Montgomery algorithm are as
follows.
1) 0 < A, B < M
2) 2n-1 < M <2n and gcd(M, 2)=1. So M must be odd
number.

Function MM (A, B, M)
1. R=0
2. For k=o to n-1 do begin
3. q=(a0+xky0)mod b
4. R=R+ xkB +qM
5. R=R/b end
6. Return R
End
This algorithm is a modified version of original
Montgomery Multiplication algorithm. The base b is

T
considered Radix 2 (b=2) and R=2n where n is the bit length of
operand A, B [2].
ES
Figure 3. The ICE Transformation Round

MM is the Montgomery Multiplication function [5-15] and

R’= R2mod p is precalculated, fixed number. Step 1 is needed
to transform the input value X into Montgomery format and
step 6 to change the Montgomery formatted result E into a
normal number value. The Montgomery Multiplication
algorithm was implemented using a systolic architecture,
shown in Figure 4 and Figure 5 [2].
A
Figure 4. The Processing Element (a) and the PE for the calculation of q (b)
V. MONTGOMERY MULTIPLICATION of the Conventional Architecture
The operation of modular multiplication consists of two
steps: one generates the product P= A×B and the other reduces Introducing carry save redundant logic, the modified
this product P modulo M [5-16]. The implement a Montgomery multiplication can be transformed to [8]
multiplication is based on an iterative adder-accumulator for
IJ

the generated partial product. This solution is quite slow as the Function MMcs (A, B, M)
final result is only available after n clock cycles; n is the size 1. C2in=0, C1in=0, Sin=0
of operands [9]. 2. For k=0 to n-1 do begin
3. Q=(Sin0+C1in0+C2in0+Akb0)mod 2
The advantage of Montgomery calculation is that we do
not need subtractions in order to reduce the intermediate 4. C1+C2+S=C2in+C1in+Sin+AkY+qM
results. The disadvantage is the fact that the Montgomery’s 5. C2in=(C2)/2, C1in=(C1)/2, Sin=S/2 End
modular multiplication calculates A.B2 mod M instead of
-n
6. Return C2in/2, C1in/2 and Sin/2
A.B mod M and two Montgomery’s modular multiplications
are required for one modular multiplication [6]. This algorithm
computes the product of two integers modulo a third one The Carry2 signal of a PE is connected with the next PE of
without performing division by M. It yields the reduced the next row of PE, Carry1 signal is connected with the same
product using a series of additions [9]. PE of the next row of PE (the same column) while the Sum

ISSN: 2230-7818 @ 2011 http://www.ijaest.iserp.org. All rights Reserved. Page 313

Prof. P. Magesh Kannan et al. / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES
Vol No. 5, Issue No. 2, 310 - 314

signal is connected with the previous PE of the next row VII. CONCLUSIONS
starting from bit 0 [8]. ICE is a symmetric key block cipher designed for software
applications. An efficient architecture for the VLSI
implementation is proposed in this paper. It is designed for
high clock speed - performance and minimized area resources
using Montgomery multiplication method. It is proven that the
ICE algorithm, used for this architecture, is able to be
implemented on hardware applications. The implementation on
ASIC is a system that has an external clock of 3 GHz and a
throughput of 12 Gbits/sec. Compared to other popular
encryption algorithms it is concluded that the ICE
implementation’s performance is better than most block
encryption algorithms implementations.

REFERENCES
[1] Bruce schneier, Applied Cryptography –Protocols, Algorithms and Source
Code in C, John Wiley & Sons, Seconded. New York, 1996.
[2] A. P. Fournaris, N. Sklavos and O. Koufopavlou,―VLSI Architecture and
FPGA Implementation of ICE Encryption Algorithm,‖

Figure 5. The Systolic Conventional Architecture
T
[3] M Kwan, ― The Design of the ICE Encryption Algorithm‖, in proc. Of Fast
software Encryption workshop, 1997.
[4] L. Brown, J. Pieprzyk and J. Seberry, LOKI: A cryptographic primitive for
Authentication and Secrecy Applications, Advance in cryptology-
AUSCRYPT, 90 Proceedings, Springer-verlag, pp. 229-236, 1990
[5] Peter L. Montgomery, ―Modular multiplication without trial division,‖
Mathematics of Computation, vol. 44, no.170, pp. 519-521, 1985
[6] David Narh Amanor, Christof Paar, Jan Pelzl and Viktor Bunimov,

VI. PERFORMANCE
ES
The proposed architecture has been captured by using
Manfred Schimmler, ― Efficient hardware architectures for Modular
Multiplication on FPGAS‖,
[7] C. T. Koc, T. Acar and B.S Kaliski, ―Analysing and Comparing
Montgomery Multiplication Algorithm,‖ IEEE micro, vol. 16, no. 3 pp.26-33,
June 1996.
Verilog HDL. All the internal components of the design were [8] A. P. Fournaris and O. Koufopavlou, ― Montgomery Modular
Multiplication Architectures and hardware implementations for an RSA
Synthesized placed and routed using cadence tools using cryptosystem,‖
ASIC. The VLSI synthesis results are shown in Table 3 [9] Nadia Nedjah and Luiza De Macedo Mourelle, ―Systolic hardware
contain the Frequency, Area and Power comparisons Implementation for the Montgomery Modular Multiplication‖,
[10] S. E. Eldridge and C. D. Walter, Hardware implementation of
Table 3 . Covered Frequency, Area and Power comparisons Montgomery’s Modular Multiplication Algorithm‖, IEEE Transaction on
Computers, 42(6):619-624, 1993.
Encryption Freq Power Area [11] C. D Walter,―Montgomery Exponentiation Needs No Final Subtraction‖,
A
Electronics Letters, vol. 35 no. 21, October 1999, pp 1831-1832.
Algorithm (GHz) (pW) [12] D. J Guan, ― Montgomery Algorithm for Modular Multiplication,‖
Lecture notes, National Sun Yat Sen University, 2001.
ICE 3 68631.1 571191 [13] T. H. Cormen, C. E. Leiserson, and R. L. Rivest, Introduction to
algorithms, The MIT Press, Cambridge, 1990.
DES 1 76236.8 293458 [14] Shay Gueron, ―Enhanced Montgomery Multiplication,‖ in proc. Of
Workshop on Cryptographic Hardware and Embedded System, San Francisco,
TRIPLE DES 1 251144.4 223921 August 13-15 2002.
[15] Taek-Won Kwan, Chang-Seok you, Won-seok Heo, Yong-kyu Kang, and
IJ

Jun-Rim Choi, ―Two implementation methods of a 1024-bit RSA

cryptoprocessor Based on Modified Montgomery Algorithm‖, proceedings of
In Table 3, the implementations are compared the power, 2001 IEEE ISCAS, 01, May 6-9, Sydney, Australia
Covered area and operating frequency. ICE performance
In operating frequency is better compared to DES and
TRIPLE DES blocks ciphers.

ISSN: 2230-7818 @ 2011 http://www.ijaest.iserp.org. All rights Reserved. Page 314