You are on page 1of 10

Espresso: A Stream Cipher for 5G Wireless Communication Systems and its Application 2017-18

in Image Encryption and Decryption

Chapter 3
KEY GENERATION USING ESPRESSO ALGORITHM

3.1. Introduction

For each new generation of mobile communication networks, the


specifications get updated to meet the evolving technological requirements, set by
society and other technological advances. In the upcoming 5th generation 5G
networks, one of the major focuses is on the Internet of Things (IOT). With the
growth of IOT, more devices will be connected at once, sending more data than ever
before. Because of this, it expected to see data rates increase by a factor of 1000.
Another aspect of IOT is that the type of devices that are connected will vary more
and bring with them new requirements and limiting factors such as internal, limited
power sources, limited resources in terms of size and more [1].
As the development of these technologies progresses, we will therefore not
only see increased demands on data rates but also power efficiency while still
requiring data to be sent securely. This makes it highly relevant to develop safe
encryption technologies that are fast enough to handle the increased data rates while
also being small and energy efficient. Currently, one of the most widely used
encryption algorithm for wireless communication is the industry standard, Advanced
Encryption Standard (AES). As AES might not meet the evolving requirements of the
new 5G networks, it is crucial to compare it to other ciphers in order to find out if
better alternatives exist. Many attempts have been made to find more effective
ciphers. These attempts often focus on only optimizing either size or speed, resulting
in failure to meet the mentioned requirements for different 5G applications. A stream
cipher called Espresso has been proposed as an alternative to today’s encryption
methods, trying to optimize for several of the required parameters

3.2. Problem Definition


With the increasing demands on data rates, reliability and size, today’s
encryption algorithms may not be good enough to keep up with the upcoming 5G
Department of ECE, Dr. AIT, Bengaluru-560056 Page 14
Espresso: A Stream Cipher for 5G Wireless Communication Systems and its Application 2017-18
in Image Encryption and Decryption

networks. Even if they are, the requirements for energy efficiency will also be
increasing as they might need to be implemented in mobile devices with limited,
internal power sources. The new stream cipher Espresso has been proposed to solve
many of these issues, however not much work has been done to see if Espresso can
deliver. More in depth testing needs to be carried out in order to determine its
viability as a new standard. For Espresso to be considered as a new standard, it is
relevant to make fair comparisons against the Industry standard AES. This has been
done to some extent, but need to be evaluated further [1].

3.3. Design Description


This section describes the stream cipher using Espresso algorithm.

3.3.1. Design Details


The two main building blocks of Espresso are a 256-bit NLFSR G in the
Galois configuration and a 20-variable nonlinear output function. To avoid confusion
between the feedback functions of G and the feedback functions of the transformed
NLFSR F introduced later, we denote a feedback function of the stage i of G by g,,
for all i € {0, 1, . . . , 255}. The feedback functions of the NLFSR G are specified as
follows:
g255(x) = x0 ⊕ x41x70
g251(x) = x252 ⊕ x42x83 ⊕ x8
g247(x) = x248 ⊕ x44x102 ⊕ x40
g243(x) = x244 ⊕ x43x118 ⊕ x103
g239(x) = x240 ⊕ x46x141 ⊕ x117
g235(x) = x236 ⊕ x67x90x110x137
g231(x) = x232 ⊕ x50x159 ⊕ x189
g217(x) = x218 ⊕ x3x32
g213(x) = x214 ⊕ x4x45
g209(x) = x210 ⊕ x6x64
g205(x) = x206 ⊕ x5x80
g201(x) = x202 ⊕ x8x103
g197(x) = x198 ⊕ x29x52x72x99
Department of ECE, Dr. AIT, Bengaluru-560056 Page 15
Espresso: A Stream Cipher for 5G Wireless Communication Systems and its Application 2017-18
in Image Encryption and Decryption

g193(x) = x194 ⊕ x12x121

All remaining feedback functions of G are of type gi(x) = x i+1. The output function
z(x) is specified as follows:

z(x) = x80 ⊕ x99 ⊕ x137 ⊕ x227 ⊕ x222 ⊕ x187 ⊕ x243x217 ⊕ x247x231 ⊕ x213x235 ⊕
x255x251 ⊕ x181x239 ⊕ x174x44 ⊕ x164x29 ⊕ x255x247x243x213x181x174

In order to reduce the propagation delay of the circuit implementing the output
function z(x), we can pipeline it as follows:

z1(x) = x80 ⊕ x99 ⊕x137 ⊕ x227


z2(x) = x222 ⊕x187 ⊕ x243x217
z3(x) = x247x231 ⊕ x213x235
z4(x) = x255x251 ⊕ x181x239
z5(x) = x174x44 ⊕x164x29
z6(x) = x255 x247 x243x213x181x174
z7(x) = z1(x) ⊕ z2(x) ⊕ z3(x) ⊕z4(x)
z8(x) = z5(x) ⊕ z6(x)
z(x) = z7(x) ⊕ z8(x)

A circuit diagram implementing the pipelined version of z(x) is shown in


Figure 3.1. As a consequence of the pipelining, the output of the stream cipher is
delayed by two clock cycles, increasing the latency. In addition, the pipelining
increases the area by 8 flip-flops. However, it allows us to increase the throughput by
1.7 times [1].
In order to further reduce the propagation delay of the presented design, we
apply De Morgan rule to re-express the feedback functions g235 and g197 of the
NLFSR G as follows:

g235(x) = x236 ⊕ x67x90x110x137 = x236 ⊕ ((x67x90)′ + (x110x137)′)′


g197(x) = x198 ⊕ x29x52x72x99 = x198 ⊕ ((x29x52)′ + (x72x99)′)′
where x′ denotes the Boolean complement of x (defined as x′ = x ⊕ 1), and”+”
denotes the Boolean OR.

Department of ECE, Dr. AIT, Bengaluru-560056 Page 16


Espresso: A Stream Cipher for 5G Wireless Communication Systems and its Application 2017-18
in Image Encryption and Decryption

256 255 . . . . . . . . . . . . 4 3 2 1

Figure 3.1: A circuit implementing the pipelined version of z(x).

3.3.2. Key and IV Initialization

The cipher Espresso is initialized as follows. Let ki denote the bits of the key
k, 0 ≤ i ≤ 127, and IVi denote the bits of the initialization value IV, 0 ≤ i ≤ 95. The key
and IV bits are loaded into the shift register as follows:
xi = ki , 0 ≤ i ≤ 127
xi = IVi−128 , 128 ≤ i ≤ 223
xi = 1 , 224 ≤ i ≤ 254
xi = 0 , i = 255
The initialization phase consists of clocking the cipher 256 times; XORing the
produced output bit with the stages x255 and x217. Thus, in this phase the feedback
functions g255(x) and g217(x) of the NLFSR G are given by
Department of ECE, Dr. AIT, Bengaluru-560056 Page 17
Espresso: A Stream Cipher for 5G Wireless Communication Systems and its Application 2017-18
in Image Encryption and Decryption

g255(x) = x0 ⊕ x41x70 ⊕ z(x)

g217(x) = x218 ⊕ x3x32 ⊕z(x)

After initialization, the cipher is clocked for three more cycles and then the
key stream is produced.

The period of a pseudorandom number generator (PRNG) is


the number of random numbers generated before the sequence begins to repeat itself.
A good PRNG should have a very long period. The periodicity of the sequence is
given by 2m – 1, where m is the number of stages of Linear Feedback Sift Register.
Periodicity of binary pseudorandom sequence generated using Espresso algorithm is
equal to 2256 – 1.

Hardware implementation of generation of binary sequence using Espresso


algorithm corresponding to 256 bit key is implemented on Xilinx Spartan 2
5V1X0FF324-3 FPGA, ISE simulator using Verilog coding. Design summary is
discussed in the following sections.

3.3.3. Implementation of Espresso Algorithm on Xilinx Spartan 2


5V1X0FF324-3 FPGA
Hardware implementation of generation of binary sequence using Espresso
algorithm corresponding to 256 bit key is implemented on Xilinx Spartan 2
5V1X0FF324-3 FPGA, ISE simulator using Verilog coding.
The RTL Top Level Output File Name, Output Format and Optimization Goal
of the generated sequence are as shown in Table 3.1.

Table 3.1: Final Results

RTL Top Level Output File Name Espresso.ngr

Top Level Output File Name Espresso

Output Format NGC

Optimization Goal Speed

Department of ECE, Dr. AIT, Bengaluru-560056 Page 18


Espresso: A Stream Cipher for 5G Wireless Communication Systems and its Application 2017-18
in Image Encryption and Decryption

3.3.4. Design Statistics

A timing report (design statistics) is created after the Timing Analyzer


launches. The design statistics account for terms such as:

 The maximum frequency of the design(minimum period)


 The maximum combinational path delay
 The maximum net delay

Table 3.2 shows the Design Statics of the generated sequence using espresso
algorithm. It gives the count of cell usage for the corresponding components.

Table 3.2: Design Statistics

Components Quantity

# Input Outputs 3

Cell Usage :

# BELS 8

# 3 bit Look up Table 2

# 4 bit Look up Table 4

# 5 bit Look up Table 1

# 6 bit Look up Table 1

# Flip Flops/ Latches 257

# D Flip Flop with Asynchronous clear(FDC) 131

# D Flip Flop with Asynchronous preset(FDP) 126

# Clock Buffers 1

#Primary Global Buffer for Driving 1


Clocks(BUFGP)
# Input Output Buffers 2

# Input Buffer 1

# Output Buffer 1

Department of ECE, Dr. AIT, Bengaluru-560056 Page 19


Espresso: A Stream Cipher for 5G Wireless Communication Systems and its Application 2017-18
in Image Encryption and Decryption

3.3.5. Device Utilization Summary

The device utilization summary of Spartan 2 5V1X0FF324-3 FPGA


gives Logic cells: 43611, Slices: 6822, Flip-flops:57456. “Logic cells” are not a real
FPGA resource. It is a marketing number; something like “system gates” is used to
describe the device capacity in older FPGA families. Slices are real blocks in FPGA,
but they can be partially use4d in some cases or fully used in other cases. Slice
registers is the number of flip-flops that are implemented in slices.LUT is the number
of lookup tables in the slice. Table 3.3 shows the Device utilization summary of the
generated sequence.

Table 3.3: Device Utilization Summary


Selected Device 5v1x30ff324-3

Slice Logic Utilization:

Number of Slice Registers 257 out of 19200 1%

Number of Slice LUTs 8 out of 19200 0%

Number used as Logic 8 out of 19200 0%

Slice Logic Distribution:

Number of Bit Slice used 264

Number with an unused Flip Flop 7 out of 264 2%

Number with an unused LUT 256 out of 264 96%

Number of fully used Bit Slices 1 out of 264 0%

Input Output Utilization:

Number of Input Outputs 3

Number of Bonded Input Output Buffers 3 out of 220 1%

Specific Feature Utilization:

Department of ECE, Dr. AIT, Bengaluru-560056 Page 20


Espresso: A Stream Cipher for 5G Wireless Communication Systems and its Application 2017-18
in Image Encryption and Decryption

Number of BUFG/ BUFGCTRLs 1 out of 32 3%

3.3.6. Timing Report

Timing report consists of clock information, asynchronous control signals


information, timing summary and timing detail of the generated binary sequence as
shown in Table 3.4. Table 3.5 shows the timing report of gate delay and net delay of
data path out_213 to out_0. Table 3.6 gives the timing summary of the
implementation of binary key generation. Table 3.7 gives the timing report of gate
delay and net delay of data path out_1 ren to out_1. It is observed that the maximum
frequency of operation is 472.255 MHz and device utilization is 257 out of 19200
slices which is approximately 1%.

NOTE: These timing numbers are only a synthesis estimate. For accurate timing
information refer to the trace report generated after place- and- route

Table 3.4: Timing Report


Clock Information:

Clock Signal Clock buffer( FF name)

clk BUFGP

Asynchronous Control Signals Information:

Control Signal Buffer (FF name)

rst IBUF

Timing Summary:

Speed Grade -3

Minimum period 2.117ns

Maximum Frequency 472.255MHz

Department of ECE, Dr. AIT, Bengaluru-560056 Page 21


Espresso: A Stream Cipher for 5G Wireless Communication Systems and its Application 2017-18
in Image Encryption and Decryption

Minimum input arrival time before No path found


clock
Maximum output required time after 2.498ns
clock
Maximum combinational path delay No path found

Timing Detail:

All values displayed in nanoseconds(ns)

Timing constraints Default period analysis for clock


‘clk’
Clock period 2.117ns(frequency: 472.255MHz)

Total number of paths/ destinations 282/ 257


ports
Delay: 2.117ns (Levels of Logic = 3)

Source Out_213

Destination Out_0

Source Clock Clk rising

Destination Clock Clk rising

Table 3.5: Timing Report of Gate Delay and Net Delay of Data Path Out_213 to
Out_0
Data Path Out_213 to out_0

Cell in -> out Fanout Gate Delay Net Delay

FDC C->Q 3 0.346 0.756

LUT3 IO-> O 1 0.080 0.387

LUT6 I4-> O 1 0.080 0.387

Department of ECE, Dr. AIT, Bengaluru-560056 Page 22


Espresso: A Stream Cipher for 5G Wireless Communication Systems and its Application 2017-18
in Image Encryption and Decryption

LUT5 I4-> O 1 0.080 0.000

FDC D -0.024

Total 2.117ns(0.58ns, 1.531 route)


(27.7% logic, 72.3% route)

Table 3.6: Timing Summary


Timing constraint Default OFFSET AFTER for clock ‘clk’

Total number of paths/destination ports 1/ 1

Offset 2.498ns (Levels of Logic = 1)

Source Out_1_ren (FF)

Destination Out_1 (AD)

Source Clock Clk rising

Table 3.7: Timing Report of Gate Delay and Net Delay of Data Path Out_1 ren to
Out_1

Data Path Out_1 ren to out_1

Cell In->out Fanout Gate Delay Net Delay

FDC C->Q 1 0.346 0.213

OBUF 1.939

Total 2.498ns(2.285ns logic, 0.213ns route)


(91.5% logic, 8.5% route)
CPU 35.11/35.42 | Elapsed 35.00/ 35.00s

Total memory used is 324736 kilobytes

Department of ECE, Dr. AIT, Bengaluru-560056 Page 23