1
Motivation
 State-of-the-art in cryptography
 New trends – IDEA NXT crypto-algorithm
 Hardware Implementation for FPGAs
 Design for Testability
 Testing Architectures for IDEA NXT

2
CryptoAlgorithms
IDEA NXT
speed-up
IDEA NXT
hardware
implementation
Theory
Error-detection
mechanisms for IDEA
NXT
FPGA
Design for
Testability
Injection of Faults in the
testing architectures
Engineering
/
Applications
6 scientific papers, 2 ISI indexed and 2 BDI
3
Design of testing architectures
for IDEA NXT –
Why/ How?
Hardware Implementation for
IDEA NXT –
Why/ How?
IDEA NXT – newest generation
in encryption– Why?
Motivation
5
Cryptography Concepts

Cryptography – securing data stored or or
transmitted through unsecure communication
channels; restricting access to private information
6
6
Cryptography Concepts



Encryption Algorithms
 asymmetric - RSA, Diffie-Hellman, elliptic curve
 symmetric - DES, IDEA, AES
Successful attacks against all known algorithms
Need of a new direction in cryptography: Switzerland,
2001, a new family of symmetric crypto-algorithms IDEA NXT
assures integrity of US government data
assures multimedia streaming encryption
protects data in Home entertainment networks
7
7
Design of testing architectures
for IDEA NXT –
Why/ How?
Hardware Implementation for
IDEA NXT –
Why/ How?
IDEA NXT – newest generation
in encryption– Why?


Speed
Area occupied in
hardware
Disadvantages over AES


Enhanced security
Encryption & decryption are almost
identical (Feistel scheme)
Advantages over AES
IDEA NXT Mathematical structure
Block 1
Block 2
Block 3
Block 4
10
10
IDEA NXT Mathematical structure


Name
Bloc size
Key (bits)
Nr. of rounds
NXT64/k/r
64
0 ≤ k ≤ 256
12 ≤ r ≤ 255
NXT128/k/r
128
0 ≤ k ≤ 256
12 ≤ r ≤ 255
NXT64, k=128bits, r=16
Byte-oriented design – elements and
operations from the Galois Field:
GF(28) = GF(2)[x]/(x8+x7+x6+x5+x4+x3+1)
11
11
IDEA NXT Mathematical structure

Lay-Massey scheme

ortomorphisms

Round functions – SPN
Substitution - Permutation
Networks

Feistel Scheme

Structure of f64:



Substitution (s-box)
Diffusion – liniar multipermutations in GF(28)
Internal structure of elmor128
Round key addition
12
12
IDEA NXT Key Scheduler
 Round key generation
 KS structure:
 padding P
 mixing M
 Diversification D (LFSR)
 Non-liniar NL
13
13
IDEA NXT’s LFSR Structure
Irreductible polynom over GF(28) for round key generation:
PKS(ξ) = ξ24+ξ4+ξ3+ξ+1 (1) => LFSR is on 24 bits
Equation of LFSR’s polynomial representation:
P(x) = a24 X24 + ...+a4X4 + a3X3 + a1X + a0
(2)
14
14
Algorithm speeding by modifying LFSR




NXT64: 128key bits = 24bits per LSFR* 6 + 16rezidual bits
Round key generation: LFSR >>1 poz / cc  P(x) * x
IDEA NXT has 6 LFSRs, each on 24 bits =>1 key in 6 cc
LFSR >> 6 poz / cc  P(x)
Speed-up solution:
Bozesan, Andreea; Opritoiu, Flavius; Vladutiu, Mircea. , “Speed Improvement for the IDEA NXT
Crypto-Algorithm”, AFCEA Europe 6th Student Symposium”, 24 Mar. 2014
15
15
Design of testing architectures
for IDEA NXT –
Why/ How?
Hardware Implementation for
IDEA NXT –
Why/ How?
IDEA NXT – newest generation
in encryption– Why?
IDEA NXT Hardware Implementation
Bozesan, Andreea; Opritoiu, Flavius; Vladutiu, Mircea., “Hardware implementation of the IDEA NXT
crypto-algorithm”, Design and Technology in Electronic Packaging (SIITME), 24-27 Oct. 2013 IEEE
17
19th International Symposium, pag. 35-38 – EXCELLENT POSTER AWARD for Young Scientists
17
18
19
Design of testing
architectures for IDEA NXT –
Why/ How?
Hardware Implementation for
IDEA NXT –
Why/ How?
IDEA NXT – newest generation
in encryption– Why?
Need for testability
Malicious
Attacks
Faults in the
system /
crypto-chip
Incorrect
functioning
/ failure of
the system
Minimize
repair costs
Design or
Implementation
errors
Avoid complete
system failure
Personal Contribution – designing a number of on-line and off-line error-detection
21
architectures customised for IDEA NXT, meant for finding algorithm malfunctions
21
Off-line Error Detection
Architectures for IDEA NXT
 First off-line error-detection
scheme built for IDEA NXT
 Basis – off-line scheme built
for AES in [12]
Bozesan, Andreea; Opritoiu Flavius; Vladutiu, Mircea., “Off-line Error-Detection Strategies for the
IDEA NXT crypto-algorithm”, 18th International Conference on System Theory, Control and 22
Computing (ICSTCC) , 17-19 Oct. 2014, pp. 37-42 – nominalization for BEST PAPER AWARD
22
IDEA NXT Feedback Loop
Interconnection Test Architecture
 Test Pattern Generator
 Output Response Analyzer
->MISR
 Signature evaluation
23
23
IDEA NXT BIST Test Architecture
 Output evaluation –
“gold signature”
 Single encryption round
/ entire algorithm level
 TPG:
 Cellular Automata
 Counter
 LFSR
24
24
IDEA NXT BILBO Test Scheme

Similar with
BIST scheme

New
elements
◦ PRPG
◦ MISR
25
25
Concurrent Error-Detection
Architecture for IDEA NXT
 I designed and implemented in hardware the first testing
architecture based on the output’s parity prediction built
specifically for IDEA NXT
 There is a complete separation between the functional
and the test channels
 Separate Architectures for Datapath and Key Scheduler
Bozesan, Andreea; Opritoiu, Flavius; Vladutiu, Mircea., “Parity-based Concurrent Error-detection
Architecture applied to the IDEA NXT crypto-algorithm”, 6th International Workshop on Soft 26
Computing Applications (SOFA) , 24-26 June 2014
26
Concurrent Parity-based Error
Detection Scheme for Datapath
27
27
Concurrent Parity-based Error
Detection Scheme for Datapath
28
28
Concurrent Parity-based Error
Detection Scheme for Datapath
29
29
Concurrent Parity-based Error
Detection Scheme for Datapath
30
30
Concurrent Parity-based Error
Detection Scheme for Datapath
31
31
Concurrent Error-Detection
Scheme for lmor (Datapath & KS)
32
32
Experimental Environment
 Hardware Implementation : Verilog, Modelsim IDE
 Synthesis: Xilinx ISE14.7, Xilinx Virtex 4
 Metrics:
 Area [slices]
 Critical path [ns]
 Throughput [Mbps] = data block size in bits * maximum
frequency / number of rounds
 Testing Schemas built for IDEA NXT – comparated only
with one another – there is nothing similar until now in
the literature to compare to
33
33
Results for the Concurrent Schemes
34
Results for the Concurrent Schemes
35
Experimental Results for the
Off-line Testing Architectures
36
36
Area and Critical Path Overhead for
the BIST and Feedback Loop
Interconnection Testing Schemes
37
38
38
39
39
Fault Injection
 The effectiveness of error-detection architectures number and/or variety of defects it finds, and the
moment in which those defects are found
 Fault Injection
(error detection rate)
40
Error-Detection Rate for different number of
stuck-at Faults Injected into the Concurrent
Testing Architecture
Error-Detection Rate for different number of
stuck-at Faults Injected into the Off-line Errordetection Schemes
Personal Contributions
 First hardware implementation for FPGAs built for the
IDEA NXT crytpo-algorithm
 Speed-up for IDEA NXT’s Key Scheduler
 First error-detection schemes designed and
implemented in hardware for IDEA NXT
43
43
Published Papers
1) Bozesan, Opritoiu, Vladutiu, “Hardware implementation of the IDEA NXT
crypto-algorithm”, Design and Technology in Electronic Packaging
(SIITME), 24-27 Oct. 2013 IEEE 19th International Symposium, p.35-38
2) Opritoiu, Bozesan, Vladutiu, “Pseudo random self-test architecture for
Advanced Encryption Standard”, Design and Technology in Electronic
Packaging (SIITME), 24-27 Oct. 2013 IEEE 19th International Symposium,
p.35-38
3) Bozesan, Opritoiu, Vladutiu, “Parity-based Concurrent Error-detection
Architecture applied to the IDEA NXT crypto-algorithm”, IEEE 6th
International Workshop on Soft Computing Applications, June 2014
4) Opritoiu, Bozesan, Vladutiu, “Offline Error-Detection Strategies for the
IDEA NXT Crypto-Algorithm”, IEEE International Conference on System
Theory, Control and Computing, October 2014
5) Bozesan, Opritoiu, Vladutiu, “Speed Improvement for the IDEA NXT
Crypto-Algorithm”, AFCEA Europe 6th Student Symposium, 24 March
2014
44
44
Thank you!