You are on page 1of 6

A Hardware-Software Co-designed Low Latency

AES-RC4 Cryptosystem
Rucha Dhumne1 , Raj Vardhan Singh2, Suresh Salankar3
Mtech Research Scholar, Electronics and Communication Engineering Dept., GHRCE, Nagpur
Senior Design Engineer, JDMTech semiconductor PVT LTD, Nagpur
Professor, Department of Electronics And Communication Engineering, GHRCE, Nagpur

Abstract- Security of data is a primary need for all the recipient decrypts the message using a cryptographic
system. The AES-RC4 hybrid cryptosystem gives the decryption algorithm with match key that may or may not be
combine advantages of Advanced Encryption Standard the same as the one used by the sender.
(AES) To data encryption and decryption, to secure the Non-repudiation: Sender or receiver cannot deny a
key used for data encryption-decryption Rivest Cipher 4 transmitting/received message. The sender of a message
RC4 is used. This system is designed using the Co- cannot later claim he/she did not send it
designed approached where AES and RC4 run on the
NIOS II integrated development environment (IDE) soft-
core. The implementation is on Cyclone IV FPGA,
Rijndael algorithm program supported " NIOS II +
FPGA" are able to do better performance in the area of
latency where it comparatively uses low resources. The
results are analysed in the IDE console window of a
personal computer system.
Fig 1. Simple Cryptosystem
A cryptosystem comprises of a major unit called key unit.
A keywords-symmetric key, asymmetric key,
The key in cryptosystem plays the major role because
cryptography algorithms, hybrid cryptography without a key one cannot encrypt or decrypt a piece of data
or a string of data bytes. Keys are divided into two types
symmetric and asymmetric.
I. INTRODUCTION a) Symmetric key cryptography algorithm
b) Asymmetric key cryptography algorithm
The rise of security and safety has risen over these years
resulting in highly authentication protocols and highly secure
a) Symmetric (Secret) Key Cryptography
algorithms where a cryptographic system is a must.
In symmetric key algorithm both the sender and receiver
Cryptographic systems provide privacy to data, image or any
share the same key information and kept it secret from others
information related medium which is authenticated and needs
while in the asymmetric key algorithm the sender gets the
to reach the destination without any variations or disruptions.
public key and receiver got the private key. In terms of
The concept of cryptosystem arises at this point when the
implementation, the asymmetric key is complex yet slow in
source data is being hacked or mislead by an attacker. To
nature while symmetric is complex too with high speed. The
avoid such issues cryptographic protocols comes into the
major motive behind this project is to combine both the
picture. These systems need to be very complex and difficult
system to take the benefits of both. The important aspect of
not only from a design point of view but also from
this design is to make the most efficient and enhanced system
implementation. This is because of more the high-security
which will be used for highly authentication platforms. Both
level, fewer chances of getting hacked.
AES and RC4 are the best choice for such type of
Cryptosystems can be a single device with complex
cryptosystem when the need is high security and more
mathematical algorithms or hybrid systems with twice as
complex to decode or decrypt. In this paper, we will show the
greater complexity[1]. The main aspect or motive behind the
encryption and decryption of raw data from its original
design should be the requirement of the user. Whether it
version to back[1].
needs to protect some data or testing purpose or simulation
checker or any other security uses. In cryptosystem first plain
b) Asymmetric (public) Key Cryptography
text is converted in cipher text by encryption and then that
An asymmetric key is differing from the symmetric key
ciphertext is again converted into original plain text via
algorithm because in this sender and receiver use different
decryption process as shown in figure 1.
keys that cannot be derived from each other. A public key is
Three main requirements of cryptography are
distributed freely where the private keys are kept hidden. A
authentication, confidentiality, and non-repudiation [2].
public key used for encryption has to be shared by both
Authentication: a process in which a user has to provide
sender and recipient. A public key which is used to encrypt
their identity to another who does not have personal
the data can able to change the content in a particular way so
knowledge of their identity.
that only authorised receiver can see the original information.
Confidentiality: Confidentiality refers to keeping the
An asymmetric cryptosystem is also referred to as public key
information secret. The sender encrypts the message using a
cryptographic encryption algorithm with a suitable key. The




AES stands for advanced encryption standard. It is made

by National Institute standard technology (NIST) in 1997 and
invented by Vincent Rijmen. AES replace to DES algorithm
because the size of the secret key of DES is only 56 bit. Due
to the small size of the secret key DES insecure for many
application and unknown person hacks the data easily. AS
compared to DES, AES is stronger because the size of the
secret key of AES is 128, 192, 256 bits are used for
encryption and decryption purpose and block size of AES is
Table 1. Comparison between different Asymmetric-
128 bits, which is higher than DES. The AES flowchart is
Symmetric Algorithms [4].
given in the figure,(2) following are four different rounds:
SubBytes, ShiftRow, MixColumn and AddRoundKey[4].
Some of the Asymmetric and symmetric key cryptographic
algorithms which are trending these days and comparison
SubBytes: The first step of the AES encryption algorithm is
between these algorithms show that AES has law power
S-Box. In this step, each byte of the state is replaced with the
consumption and higher throughput with the extendable key
pre-calculated S-box table. S-box contains 256 bytes present
size of 256 bits in comparison with the other algorithm are
in terms of 16 rows with 16 columns. For decryption
given above in Table 1.
purpose, each byte replaces with another according to pre-
calculated inverse s-box table[4].
Hardware-software co-designed emerged basically like a
new discipline to design complex integrated circuits also
ShiftRow: After completion of sub bytes step, shift row step
knows as ICS in the early 1990s. Hardware-software co-
occurs. In this step first row of the state is the same that is
design is the broad term to capture many different things in
does not change but second, third and fourth row shifted left
the electronic system design. The biggest problem these days
side by one byte, two bytes, and three bytes respectively. The
is to integrate a complex piece of hardware with the complex
inverse S-Box is exactly the same as Shift Row, the only
piece of software, that's the solution that silicon companies,
difference is bytes of row shifted in the opposite direction. In
semiconductor companies are expected provide today, it is
Invshift row step the first row of the state is the same that is
the complete solution to comprise the complex piece of
does not change but second, third and fourth row shifted right
hardware and software. so realising silicon is a very early in
side by one byte, two bytes, and three bytes respectively[4].
the design cycle to make both the software development and
the hardware development go hand-in-hand to deliver this
MixColumn: This operation depends on Galois Field
complete solution is an absolute necessity. The challenge is
augmentation. Every byte of a column of the state is
creating the readily available models for all the types of
supplanted with another esteem that is a component of each
design the models could either be in C or it could be RTL or
of the four bytes in the given segment[4].
some parts of the design could be realised in hardware FPGA
prototyping on emulation and so on. FPGA is the hardware
Add round key is nothing but the XOR operation between
circuit that can be configured in the user-specified netlist of
the current state and round key. An initial round key means
digital gates. The program of FPGA is a bit stream and its
which key that apply before encryption and decryption start.
used to configure the netlist topology. The software is a
After completion of first three steps of AES encryption and
processor implemented in the bit stream of an FPGA
decryption in each round up to the n n -1 round, then come
however the soft-core itself can execute a C program as well.
round key operation but in last round two-step completion of
Characteristics of hardware software co-design in
AES encryption and decryption then round key operation
comparison with conventional design such as in hardware
design for specific purpose, one can usually serve the
Round key generation is the 4 bytes array generated by the
purpose in the most efficient way and do it fast, however
previous array. This is the most important step in the AES
once the design is finished its heard to change the deflection
algorithm where the first round key is the original key
and it is expensive due to customization has been each
defined by the user. On each byte, 4 bytes of original byte,
hardware device on the other hand Co-design approached
rotate word operation, Subbyte transformation and
allow us to keep advantage of both the limiting disadvantages
multiplication generated differently for each round, where
from either side applying this gives opportunity to credit
each round perform sequentially[2].
complex efficient system. The most system today include
both dedicated hardware-software units.
In this paper, an Aes-rc4 hybrid scheme is proposed
where both the system is optimized and implemented on
System On Programmable Chip (SOPC). The full AES-RC4
encryption/decryption is coded in C. the aim of this work is
to build an efficient, low latency hybrid cryptosystem

i. Purpose of hardware /Software Co-design

The major purpose and intentions of hardware-software Co-

design are summarized below these are explained by looking
at different interpretation of the syllable Co of the word Co-
designed is Co-ordination, Co-currency, Correctness,
Complexity is Co-design technique which is used today to
coordinate the design steps of entry disciplinary design
groups including firmware operating system and application
developers on the software side as well as in hardware
developers. Concurrency which is the tied time-to-time
market window force hardware and software developers to
work concurrently. Correctness challenges of complex
hardware are software required technique to not only verify
the correctness of each individual subsystem but also Co-
verify their correct integration after their integration.
Complexity in the Co-design technique which mainly drives
the complexity of today's electronic system design to produce
correctly working and highly optimized system
implementation in respect to cost power and performance.
Fig 4 shows the methodology of hardware-software
designing. There is a total of four tasks performed in the
Fig 2. Flow chart of AES encryption/ decryption process design of integrated hardware/software systems. The first
step is getting Specification to obtain direction on whether a
b) RC4 component should be implemented on software or hardware.
RC4 is a stream cipher which is developed by Ron Rivest. It Next stage is portioning in which there are two elementary
is also known as Rivest Cipher 4 used for ciphertext components are presents i.e. hardware and software, an
generation. Cryptographically it is a very strong yet very easy interfere is provided between hardware and software. In the
to implement both in software as well as in hardware. In RC4 synthesis, logic gates are implemented on hardware and
a bit-wise encryption/decryption is performed where the key machine language primitives are for software. Validation is
length for this is 40-128 bits.RC4 popularly used in transport important before a prototype is produced. Verification,
layer security. As RC4 is a stream cipher, what it actually simulation and emulation are the techniques which are
means it generates streams of bytes one for each byte of the available to validate a design[7].
text u want to encrypt. The key generation is basically done
by the pseudo-random stream (PRS) or a key scheduling
algorithm (KSA). The block diagram is shown in figure 3.
The secret key which is the password for the encryption of
data. The RC4 block is nothing but the encryption engine
which is consist of the PRS and KSA. The user inputs the
plain text file and the secret key and the encryption engine
generates the keystream, this key stream OR’d between byte
by byte to produced the encrypted text. This encrypted text is
sent to the intended receiver who will decrypt and get back to
the original plain text[5].

Fig 4. HW/SW Co-design methodology

ii. The need for a hybrid cryptosystem

Both Symmetric and Asymmetric algorithms have their own

Fig 3. RC4 algorithm block diagram advantages and disadvantages. The main disadvantage of
public key cryptography (asymmetric) is speed; there are
popular secret key encryption methods like AES, DES which
is significantly faster than the any other currently available
asymmetric algorithm on the other hand private key
cryptography has the problem of key transportation. The
secret key is to be transmitted before the actual message is to
be transmitted at the receiving side. The key will be
transmitted via an electronic communication channel,
somehow it is impossible to guaranty that no one will be able
to tap that communication channel. The only secure way of
exchanging key is to exchange personally. To overcome
these disadvantages of symmetric and asymmetric keys
Hybrid Cryptosystem is introduced in which symmetric and
asymmetric both the cryptographic algorithm used over their
advantages. Symmetric key ciphers are faster than
asymmetric. In the hybrid cryptosystem, different types of
multiple ciphers are used. One common approached is
symmetric cipher is used to generate the random secret key
and then encrypt this key via asymmetric cipher using
recipient public key. The original message is encrypted using
the symmetric cipher along with the secret key. Both the
encrypted secret key and an encrypted message are then
sending to the receiver side. Fig 5. The AES-RC4 Hybrid Cryptosystem block diagram
iii. Overview of AES-RC4 Hybrid Cryptosystem
with security analysis
iv. MATLAB/ NIOS II IDE simulation flow for
Fig 5 shows the proposed hybrid architecture of the system,
image encryption /decryption
to make the data transfer more safe and secure. If the sender
would like to send a large amount of data to the recipient so, The simulation flow of image encryption/decryption is given
therefore, asymmetric cryptography would not be appropriate in fig. 6 [2]
because of its overhead and its lack of speed so the sender
decides that they will use symmetric encryption to transmit
the key. The system will use 128-bit data as well as key
length. The sender will generate a 128-bit key which will be
used later for symmetric data encryption process. In this
system, the data encryption and decryption is done by AES
while RC4 is used to encrypt/decrypt the AES key. The RC4
algorithm is used to provide an additional level of security.

Talking about the security analysis there are several ways

to break a cipher or hack it. Brute force attack is one such
technique that applied on the key to breaking the security.
The brute force attack tries all the possible number of keys
and checks which one of them return the correct plain text.
This attack is also called an exhaustive key search method.
an amount of time that is necessary to break a cipher is
proportional to the size of the secret key. The maximum
number of attempts is equal to 2 key size where the key size is
the number of bits in the key. For the key size of 128 bits too
many combinations have to be tried out in order to generate
the right key. The key used in this is two 128 bits keys, one is
used in RC4 and that encrypted key by RC4 is used in AES.
This is a double layer of security makes a total of 256 bits. Fig 6 Processing chain for image Encryption/Decryption
The attacker has to break. Even the cryptanalysis attack can
be considered as a failure. The number of the minimum
equation needed to break the cipher will be equal to the total III Design Architecture of the proposed cryptosystems
sum of the length of keys. Solving these equations is very
lengthy the times till attacker will break the cipher the key In this work, CYCLONE IV (Altera) the FPGA- based
will be dissolved[6]. DE2=115 development board was used. The proposed Sopc
consist of a NIOS II processor, SRAM for storing the data,
internal memory controllers, timing analysis performance
counter is added, JTAG UART for communicating with host
PC through the USB cable. All modules are interconnected
via an Avalon bus as shown in Fig 7.
The implementation results on Cyclone IV are as shown in
Table II. The design uses only 3% of total logic elements, 2
%of total combinational functions with the power dissipation
of 112.51Mw in comparison with the previous work[1].
Fig 7. The SoPC Design of NIOS II Processor and CONCLUSION
In this work, AES-RC4 hybrid cryptosystem is designed and
By using ‘Quartus II’ environment the whole system is implemented on a single core NIOS II system on ALTERA
generated using SOPC builder. The component generated the DE2-115 FPGA. The encryption is tested to overall effective
interconnect logic to integrate the components automatically cryptosystem at execution time, surface occupied and power
in the hardware system as shown in fig, 8 Quartus II software consumption to similar work. This paper discusses how to
is used to create the final FPGA hardware constraints encrypt the image within a short time using the hybrid cipher.
This can be future extended to other forms of data such as
video transmissions which is also require high security.

Specification Proposed Work Previous work

Quartus Version 10.0 (this work) 12.1 SPI [1]
Family Cyclone IV E Cyclone IV E
Device EP4CE115F29I8L EP4CE115F29C7
Total logic 3.658/114,480 3.087
elements (3%)
Total 3.298/114,480 2.785
combination (2%)
Fig 8 SoPC connections view in Quartus II Total pins 18/529 (3%) 65
Dedicated logic 1,758/114,480(2%) 1,882
E. System Implementation and results registers
Total thermal 112.51mW 113.17mW
power dissipation
The AES algorithm for the encryption and decryption
designed separately using C language in NIOS II IDE and Execution Time 3.58 ns 4.08 ns
verified. The grey scale image is first read by using
MATLAB and given as the input to the plain text of the AES
algorithm as shown in the flow chart of fig(). the .C file of
the algorithm is added to the NIOS II IDE. The next step is V REFERENCES.
by using the build the project command, the project has to
build and the code will be implemented on CYCLONE II ()
using run as NIOS II command on hardware. in the NIOS II [1]S. Appaji and D. Acharyulu, "Recent Advancements on symmetric
console window, the output will be shown as in the following cryptography techniques-A comprehensive Case Study", Global Journal
figure(). We can accurately measure the execution time with Of Computer Science And Technology: Graphics & Vision, vol. 14,
the performance counter. [2]A. Hafsa and A. Sghaier, "Image Encryption/Decryption Design Using
NIOS II Soft Core Processor", ICMIS, p. 4, 2017.
[3]V. Shende and M. Kulkarni, "FPGA based hardware implementation of
hybrid cryptographic algorithms for encryption and decryption",
ICEECCOT, p. 8, 2017.
[4]"Advanced Encryption Standard (AES)", Federal Information
Processing Standards Publication 197, November 26, 2001.
[5]A. Okedola and Y. Asafe, "RSA and RC4 Cryptosystem Performance
Evaluation Using Image and Text File", ISSN, vol.6,no.5,p.6,2015.
[6] Kapoor, V. and Yadav, R. (2016). A Hybrid Cryptography Technique
for Improving Network Security. International Journal of Computer
Applications,141(11), p.6.
[7]A. Omar, "A survey on Cryptography Algorithms", International Journal
Fig 10 Decryption output for 128-bit key length of Science and Research Publications,vol.8,no.7,2018.

Fig 9 Encryption output for 128-bit key length