



# X\_DES Cryptoprocessor

January 10, 2000



# CAST, Inc.

24 White Birch Drive Pomona, New York 10907 USA Phone: +1 914-354-4945 Fax: +1 914-354-0325 E-Mail: info@cast-inc.com URL: www.cast-inc.com

## **Features**

- Supports Spartan<sup>™</sup>-II, Virtex<sup>™</sup>, and Virtex<sup>™</sup>-E devices
- · Fully compliant 56-bit DES implementation
- Both encryption and decryption supported
- Encryption and decryption performed in 16 clock cycles
- No dead cycles for key loading or mode switching
- Suitable for triple DES implementations
- · Suitable for ECB, CBC, CFB and OFB implementations
- Sustained bit rate is 4 x clock speed
- · High clock speed and low gate count achieved
- Fully synchronous design
- Also available as fully functional and synthesizable VHDL or Verilog soft-core at extra cost
- · Test benches provided

## **Export and Usage Restrictions**

Encryption commodities, software, and technology are subject to US Government Export restrictions. The user is advised to check current government policies on the export of these commodities, software, and technology.

## **Applications**

- Electronic financial transactions
- Secure communications
- Secure video surveillance systems
- Encrypted data storage

| AllianceCORE™ Facts                              |                                   |  |
|--------------------------------------------------|-----------------------------------|--|
|                                                  | Core Specifics                    |  |
| Supported Family                                 | Virtex                            |  |
| Device Tested                                    | V150-6                            |  |
| CLB Slices <sup>1</sup>                          | 255                               |  |
| Clock IOBs <sup>2</sup>                          | 1                                 |  |
| IOBs                                             | 188                               |  |
| Performance MHz                                  | 101                               |  |
| Xilinx Tools                                     | M1.5i                             |  |
| Special Features                                 | None                              |  |
| Provided with Core                               |                                   |  |
| Documentation                                    | Core documentation                |  |
| Design File Formats                              | EDIF Netlist,                     |  |
|                                                  | VHDL, Verilog RTL available extra |  |
| Constraints File                                 | des.ucf                           |  |
| Verification Tool                                | VHDL/Verilog test benches,        |  |
|                                                  | test vectors                      |  |
| Instantiation                                    |                                   |  |
| Templates                                        | VHDL, Verilog                     |  |
| Reference Designs &                              | None                              |  |
| Application Notes                                |                                   |  |
| Additional Items                                 | None                              |  |
| Sim                                              | ulation Tool Used                 |  |
| 1076 compliant VHDL simulator, Verilog simulator |                                   |  |
| Support                                          |                                   |  |
| Support provided by CAST, Inc.                   |                                   |  |

Notes:

1. Optimized for speed

2. Assuming all core I/Os are routed off-chip

## **General Description**

The X\_DES core is a fully compliant hardware implementation of the DES encryption algorithm, suitable for a variety of applications.

The DES algorithm is the result of a joint effort between IBM and the NSA and was adopted as a federal standard in November 1974.



Figure 1: X\_DES Cryptoprocessor Block Diagram

# **Functional Description**

Encryption or decryption behavior is selected by the E\_D input port. If this input is high, the core performs encryption, otherwise decryption is performed.

A transition to high on the GO port triggers the beginning of a cryptographic operation on DIN using KEY as key data. The operation can be aborted at any time by turning GO to low. Sixteen clock cycles are required to complete a cryptographic operation.

The X\_DES core is partitioned into modules as shown in Figure 1 and described below.

#### **Initial Permutation**

After an initial permutation, the input data is split into two 32-bit words, left and right. This initial permutation changes the order of the bits of the input data.

#### **Expansion Permutation**

The right word is processed with an expansion permutation and XORed with the key processed by the key processor. This operation is known as expansion permutation as it expands the number of bits from 32 to 48 by changing the order of some bits as well as by repeating the values of others.

#### S Boxes

The S boxes are look up tables with six input bits and four output bits. There are eight S boxes that transform the 48-bit input into a 32-bit output. The content of the S boxes was initially defined by IBM and then modified by the NSA.

#### **P** Permutation

The output of the S boxes is permuted in the P permutation block and then XORed with the left word. The P permutation is a straight permutation. None of the input bits are used twice or ignored.

## Registers (LEFT reg and RIGHT reg)

The right word register is updated on the rising edge of CLK with the results of the P permutation block XORed with the left word. Also, the previous right word is stored in the left word register.

#### **Final Permutation**

At the end of the each encryption or decryption operation (16 clocks), the left and right words are reassembled together and passed through the final permutation. The final permutation is the inverse of the initial permutation.

#### **Key Processor**

The key processor reduces the 64-bit input key to 56 bits by ignoring every eighth bit. At each rising edge of CLK the 56bit key is divided into two 28-bit words. Depending on the current state of encryption, each word is circularly shifted by one or two bits. A 48-bit subkey is extracted at each clock and XORed with the result of the expansion permutation, as explained above.

#### **Controlling State Machine**

The controlling state machine controls all the operations and generates the READY signal.

## **Core Modifications**

Please contact CAST, Inc. directly for any required modifications.

## Availability

Encryption commodities, software, and technology are subject to US Government Export restrictions. The user is advised to check current government policies on the export of these commodities, software, and technology.

The core is available from Australia to the following countries:

| Belgium-Luxembourg | Netherlands |
|--------------------|-------------|
| Brazil             | Norway      |
| Canada             | South Korea |
| China              | Singapore   |
| Denmark            | Spain       |
| Germany            | Sweden      |
| Finland            | Taiwan      |
| France             | UK          |
| Italy              | USA         |
| Japan              |             |

It is the customer's responsibility to check with the relevant authorities regarding the re-export of components containing encryption technology.

## **Pinout**

The pinout of the  $X_DES$  core has not been fixed to specific FPGA I/O, allowing flexibility with a users application. Signal names are shown in the block diagram in Figure 1, and in Table 1.

## **Verification Methods**

The X\_DES core's functionality has been extensively tested with an HDL testbench and a large number of test patterns.

#### **Table 1: Core Signal Pinout**

| Signal     | Signal<br>Direction | Description                             |
|------------|---------------------|-----------------------------------------|
| DIN[63:0]  | Input               | Input data                              |
| DOUT[63:0] | Output              | Output data                             |
| RES_N      | Input               | Reset, active low                       |
| CLK        | Input               | Clock signal                            |
| KEY[63:0]  | Input               | Input key                               |
| GO         | Input               | Activates encryption or de-<br>cryption |
| E_D        | Input               | Selects encryption or de-<br>cryption   |
| READY      | Output              | Ready to operate and output data valid  |

# Recommended Design Experience

The user must be familiar with HDL design methodology as well as instantiation of Xilinx netlists in a hierarchical design environment.

## **Ordering Information**

The X\_DES core is available from CAST, Inc. Please contact CAST, Inc. directly for pricing and information.

The X\_DES core is licensed from Xentec Inc.

## **Related Information**

#### Xilinx Programmable Logic

For information on Xilinx programmable logic or development system software, contact your local Xilinx sales office, or:

Xilinx, Inc. 2100 Logic Drive San Jose, CA 95124 Phone: +1 408-559-7778 Fax: +1 408-559-7114 URL: www.xilinx.com

For general Xilinx literature, contact:

| Phone:  | +1 800-231-3386 (inside the US)  |
|---------|----------------------------------|
|         | +1 408-879-5017 (outside the US) |
| E-mail: | literature@xilinx.com            |

For AllianceCORE<sup>™</sup> specific information, contact:

| Phone:  | +1 408-879-5381                                           |
|---------|-----------------------------------------------------------|
| E-mail: | alliancecore@xilinx.com                                   |
| URL:    | www.xilinx.com/products/logicore/alliance/<br>tblpart.htm |