fpga implementation of modified blowfish algorithm - IRNet Explore

FPGA IMPLEMENTATION OF MODIFIED BLOWFISH ALGORITHMAKSHATHA.B.R 1 , AMITABHA.K.KUMAR 2 , NEHA CHOUBEY 3 , JAMUNA.S 4 ,RAJA JITENDRA NAYAKA 51,2,3,4 Department of Electronics and Communications, Dayananda Sagar College of Engineering, Bangalore, India5 R&D, ITI Ltd. Bangalore, India.Abstract- This paper focuses on implementing modified blowfish algorithm on FPGA using a hardware descriptionlanguage such as VHDL. Encryption algorithm plays a major role in network application and data security systems. Butsecuring data consumes a major amount of resources such as CPU time and battery power. We also focus on improvising theperformance and security provided by the blowfish encryption algorithm. With advancement in technology, DES is found tobe no longer secure. As a drop-in replacement for DES, blowfish encryption algorithm can be used. The blowfish algorithmwhich was originally 64-bit block cipher is transformed into 128-bit block cipher. This paper also proposes variousmodifications in the blowfish algorithm such as a new logic has been incorporated instead of just replicating the bits in thekey expansion part. In Blowfish algorithm there are four S boxes each with 256 entries which consume a memory space.Hence this paper proposes an alternative to replace these boxes with AES S box and mix column techniques. This alsoreduces the memory consumption as S box is dynamically generated and only multiplicative inverse box is stored.Index Terms- S box, Encryption ,Decryption, Feistel Network.I. INTRODUCTIONCryptography is referred to as study of secret. This isa process where a readable message is converted intoa form which is unreadable to others except for theone it is intended to. Whenever confidentialinformation is sent, there is possibility of anunauthorized third party attack in order to learn theconfidential information [6].Cryptography includes two basic components:-encryption algorithm and keys. If the sender andrecipient use the same key then it is known assymmetric or private key cryptography. It is mostsuitable for long data streams. It is difficult toimplement in practice as it is necessary for bothsender and receiver to know the key. Moreover thekeys must be sent over a secure channel from senderto the receiver. The question behind is that if such asecure channel is already present, why not send thedata directly over the secure channel. On the otherhand if different keys are used then it is known asasymmetric or public key cryptography. It is useful forshort data streams.Blowfish was designed by Bruce Schneider in 1993as a fast, free alternative to existing encryptionalgorithms which was the Federal InformationProcessing Standard Cryptography (FIPS Crypto) [1][2]. The algorithm is safe against unauthorized attackand runs faster than the popular existing algorithm.The concept of blowfish is very simple to understandbut its actual implementation and the use of algorithmin real time is very complex. Blowfish is a symmetricblock cipher which can be used for encrypting andsafeguarding the data effectively. Blowfish has afixed 64-bit block size. Blowfish has variable lengthkey, from 32 bits to 448 bits. Blowfish algorithm is aFeistel Network, iterating a simple encryptionfunction 16 times. It consists of a complexinitialization phase which is required before anyencryption can take place. The actual encryption ofdata is very efficient on large microprocessors. Asblowfish is a variable length key block cipher, it ismost suitable for applications where the key does notoften change such as a communications link or anautomatic file encryptor [7]. Horst Feistel publishedan article on Feistel Network in 1973. Mostsymmetric block ciphers use Feistel Network for theirconstruction. A Feistel Network is said to be aniterative network which consists of an internalfunction called as round function. It is a methodwhere the round function (also called as F-function)is transformed into permutation. The Feistel Networkworking can be summarized as follows:- The input data is split into two equal halves. The right half of input data becomes the newleft half. The round function (F-function) is applied tothe right half of input data and the key. The output of the F-function is then xored withthe left half of input data. The output from the xor operation is the newright half. The new right half and the new left halfbecomes the Feistel Network output [7].Figure 1: Feistel Network.International Conference on Electronics and Communication Engineering, 28 th April-2013, Bengaluru, ISBN: 978-93-83060-04-744

II. LITERATURE SURVEY OF BLOWFISHBASED ALGORITHMSBlowfish algorithm as mentioned earlier is a 64-bitblock cipher. It has variable length key varying from32 to 448 bits. The algorithm consists of two parts:key expansion part and data encryption part. Keyexpansion part converts key which can be maximumof 448 bits into several sub-key arrays of total 4168bytes [1].Data encryption part is executed by a 16 round FeistelNetwork. In each round there is a key dependentpermutation and key and data dependent substitution.The operations are usually xor and modulo additionon 32-bit words. Additional operations include fourindexed array data lookups per round. It has followingelements: P-array (Permutation array which performsshuffling or mixing). S-boxes (Substitution boxes which performsnonlinear functions) [2].FPGA Implementation of Modified Blowfish Algorithmobtained. This output is xored with the righthalf of the data and right half of the data isupdated.Swap the left half and right S-boxes andfinally round function (F) output is obtained.This output is xored with the right half of thedata and right half of the data is updated.Swap the left half and right half of data.Repeat step 2 and 3 for 15 more times.After the sixteenth round, swap the left halfand right half to undo the last swap.The right half is xored with seventeenthelement of P-array and the left half is xoredwith eighteenth element of P-array. Updatethe right half and left half respectively.Finally combine the left half and right half toobtain the cipher text [5].F-function splits the 32-bit into four 8-bits and each 8-bit is applied as input to each S-boxes. The output offirst two S-boxes is xored and the xored output ismodulo added (2^32) with the output of third S-box.This output is then xored with the output from fourthS-box. This is the final F-function 32-bit output.Since blowfish is a Feistel Network, it can be simplyinverted by xoring P17 and P18 with the cipher textblock and then using the entries of P-array in reverseorder. This is decryption of cipher text in order toobtain the original input data.Figure 2: The Blowfish Algorithm.Sub-keys must be pre-computed before dataencryption and decryption. There are 18 32-bit subkeysin P-array from P1, P2….P18 and four 32-bit S-boxes each consisting of 256 elements i.e. S1,0S1,1….S1,256. S2,0 S2,1….S2,256. S3,0S3,1….S3,256. S4,0 S4,1….S4,256.Blowfish has 16 rounds. The algorithm works asdescribed below: The input is a 64-bit data element, x. Dividex into two halves each of 32-bits, the left half(xL) and right half (xR). Xor the left half of the data with the P-arrayand update the left half of the data. The result obtained in step 2 is sent to the S-boxes and finally round function (F) output isFigure 3: F-function in Feistel Network.III. PROPOSED METHOD FOR MODIFIEDALGORITHMThe original blowfish algorithm is proposed to havethe following changes so as to implement the sourcecode on FPGA and also to try and strengthen thealgorithm. The three changes proposed are in,1. Key expansion.2. Extension to 128 bit.3. F-function.International Conference on Electronics and Communication Engineering, 28 th April-2013, Bengaluru, ISBN: 978-93-83060-04-745

A. KEY EXPANSIONIn original blowfish algorithm, the input key wassimply replicated to get a key of 448 bits. Here, in thispaper we propose the replication of bits by using thefollowing logic as mentioned in figure 4. Hence weget a key which is no longer a replica of same bits.The purpose of this is to make the cryptanalysis of thekey to become more difficult.FPGA Implementation of Modified Blowfish Algorithm IP (95-80) = P (111-96) XOR P (31-16). IP (79-64) = P (79-64) XOR P (47-32). IP (63-48) = P (15-0) XOR C (127-112). IP (47-32) = P (63-48) XOR C (111-96). IP (31-16) = P (31-16) XOR C (95-80). IP (15-0) = P (47-32) XOR C (79-64).The output of decryption block is obtained byXORing decrypted text with cipher text as shown. OP (63-0) = D (63-0) XOR C (127-64). OP (127-64) = D (127-64) XOR OP (63-0).The plaintext is then obtained as shown so as to get128 bits of plaintext.Figure 4: Block diagram of proposed key expansion system.B. EXTENSION TO 128 BITSWhenever the length of the plaintext exceeds 64 bits,different modes of operation are used to encrypt theentire plaintext using a single key. The prominentblock cipher modes of operation are electronic codebook (ECB), cipher block chaining (CBC), cipherfeedback (CFB), output feedback (OFB) and counter(CTR). P (127-112) = OP (127-112). P (111-96) = OP (95-80). P (95-80) = OP (111-96). P (79-64) = OP (79-64). P (63-48) = OP (47-32). P (47-32) = OP (15-0). P (31-16) = OP (31-16). P (15-0) = OP (63-48).The simplest mode among these is the ECB mode butit has the disadvantage that identical plaintext blocksare encrypted into identical cipher text blocks. Thus itdoes not hide the data pattern well. The other blockmode commonly used is the CBC mode which uses afeedback mechanism and an initialization vector (IV)in the beginning. The problem associated with the IVis that it needs to be random enough and must neverbe reused under the same key. For CBC and CFB,reusing an IV leaks some information about the firstblock of plaintext, and about any common prefixshared by the two messages. For OFB and CTR,reusing an IV completely destroys security [6]. Thiscan be seen because both modes effectively create bitsthat are XORed with the plaintext, and these bits aredependent on the password and IV only. Reusing thebits destroys security. If an attacker knows the IVbefore he specifies the next plaintext, he can check hisguess about the plaintext of some block that wasencrypted with the same key before.The below scheme demonstrates the use of CBC modewithout the need of IV. The input to the firstencryption block is obtained by performing XORoperations on the 128 bit plaintext. Let the input to theencryption block be IP, output of decryption block beOP, plaintext be P, cipher text be C and decrypted textbe D. The following operations are done as mentionedbelow. IP (127-112) = P (127-112) XOR P (15-0). IP (111-96) = P (95-80) XOR P (63-48).Figure 5: Block diagram of proposed extension to 128 bits.C. F-FUNCTIONBlowfish uses 4 8x32 S-boxes. The total memoryconsumed for storing the 4 S-boxes are 4096 bytesInternational Conference on Electronics and Communication Engineering, 28 th April-2013, Bengaluru, ISBN: 978-93-83060-04-746

and in addition 512 iterations of encryption is requiredto store the values of S-box. An alternative way toreduce the memory and computational time taken bythese S-boxes would be to use the substitution bytesand mix columns concept of AES. The S-box in AESis designed such that the correlation between the inputand output bits is very low and the mix column helpsin mixing the output bytes of the S-box. Sinceblowfish requires 4 S-boxes, the AES s-box is rotatedin cyclical manner to avoid any symmetric patternsbetween the output bytes of S-box.FPGA Implementation of Modified Blowfish Algorithmof dedicated hardware . Since the processing paths canbe executed in parallel speed can be very fast usingthe Field Programmable Gate Arrays.IV. SIMULATION RESULTS AND RTLSCHEMATICThe proposed algorithm is simulated and thesimulation results are as shown in the figure 7.Figure 7: Simulation results for proposed algorithmThe RTL schematic of the proposed algorithm is asshown by the figure 8.Figure 8: RTL schematic of the proposed algorithmFigure 6: Block diagram of proposed F-function.This paper proposes the FPGA implementation of themodified blowfish algorithm using a high leveldescription language VHDL. This provides a lowpower implementation of the modified blowfishalgorithm. For processing the logic FPGAs make useREFERENCES[1] Tingyuan Nie, and Teng Zhang, “A Study of DES andBlowfish Encryption) Algorithm,” 978-1-4244-4547-9/09/IEEE, TENCON 2009.[2] Brian Cody, Justin Madigan,Spencer MacDonald, KennethW. Hsu,”High Speed SOC Design for BlowfishCryptographic Algorithm,” 2007 IFIP InternationalInternational Conference on Electronics and Communication Engineering, 28 th April-2013, Bengaluru, ISBN: 978-93-83060-04-747

Conference on Very Large Scale Integration (VLSI-SoC2007), 978-1-4244-1710-0/07.[3] Jawahar Thakur, Nagesh Kumar, “DES, AES and Blowfish:Symmetric Key Cryptography Algorithms Simulation BasedPerformance Analysis,” International Journal of EmergingTechnology and Advanced Engineering ISSN 2250-2459,Volume 1, Issue 2, December 2011.[4] H. Singpiel, H. Simmler, A. Kugel, R. Manner,A. C.CastaAon Vieia.F, Galvez-Durand, J. M. S . de Alciintara,V. C. Alves, “Implementation of CryptographicFPGA Implementation of Modified Blowfish AlgorithmApplications on the Reconfigurable FPGA CoprocessormicroEnable,” 0-7695-0843-X/00, 2000 IEEE.[5] Irfan.Landge, Burhanuddin Contractor, Aamna Patel andRozina Choudhary,” Image encryption and decryption usingblowfish algorithm,” World Journal of Science andTechnology 2012, 2(3):151-156, ISSN: 2231 – 2587.[6] William Stallings ,”Cryptography and Network Security”,5 thedition ,Pearson Publications.[7] B. Schneier. The Blowfish Encryption Algorithm.http://www.schneier.com/blowfish.htmlInternational Conference on Electronics and Communication Engineering, 28 th April-2013, Bengaluru, ISBN: 978-93-83060-04-748