VHDL implementation of DES algorithm / Emmanvel Kajan Mering by Emmanvel, Kajan Mering
Acknowledgements 
First and foremost, I would like to give my heartfelt thanksgiving to <;Jod 
for His grace and mercy in completing the first two phase of this project. He has 
given me the strength to persevere in finishing this report. I would also like to 
thank both my parents, Mering Jau and Unyang Deng for their continuous prayers 
and support. They both always encourage me and made me believe in myself even 
though at times I am low in confidence. I am eternally grateful for their 
involvement. 
I would also like to thank my supervising lecturer, Mr. Noorzailly for his 
advices and input during the duration of this project. His suggestion on placing a 
state machine on my design has helped me tremendously. My two laboratory 
mates in Mohd Norazmi (Bon) and Zulfikri, for knowledge-sharing while we are 
busy laboring in. our respective projects. Also, to Mr. Y amani , though was not my 
supervising lecturer, was kind enough to help me at times. 
ii 
Un
ive
rsi
ty 
of 
Ma
lay
a
Abstract 
This project is about the development of DES in hardware. DES, and it's 
variants ( tripleDES) are the main encryption methods used in industry today. The 
DES designed should be able to process a 64-bit data block and it's 64-bit key and 
produces a 64-bit encrypted output. It also acts as decryptor, which is done by 
entering the 64-bit encrypted data together with the sub-key (operate in decrypt 
mode, where key is entered in reverse order). In order for our DES to work, 
modules are designed. These modules are controller, RAM, the DES core (initdata) 
and sub-key generator. All these submodules are developed, and then integrated 
as a complete DES cryptosystem. This DES system will be developed using 
VHSIC Hardware Description Language (VHDL). This is a complete report, from 
the designing phase up to the system testing at the end. 
1ll 
Un
ive
rsi
ty 
of 
Ma
lay
a
Contents 
No SUBJECT: PAGES 
1 Introduction 1-3 
2 Literature Review 
1. Cryptography 4 
2. DES 5-24 
3. VHDL 25-39 
4. Why DES in VHDL? 40 
3 Methodology 41-52 
4 DES Analysis 53-55 
5 DES Design 56-72 
6 DES Design Implementation (Tools and Codes) 73-88 
7 DES Verification- Manual Example 89-97 
8 DES Design Verification 98-107 
9 Discussion 108-110 
10 Summary 111-112 
11 Appendix- DES practical example and Source Code 113-125 
12 Reference 126 
IV 
Un
ive
rsi
ty 
of 
Ma
lay
a
Diagrams List 
No FIGURE SUBJECT: PAGES 
1 - Project Schedule 3 
2 2.01 Sub-key Generator 15 
3 2.02 DES Core 16 
4 2.03 Function/ 17 
5 2.04 Triple DES 22 
6 3.01 DES Development Process-flow 42 
7 3.02 Digital Systems Design Process 44 
8 3.03 Architectural Design 45 
9 3.04 Top-down Design/ Bottom-up Implementation 47 
10 3.05 Verifying levels of partitioning 48 
11 3.06 Verifying hardware implementation of SSC 1 and SSC2 49 
12 3.07 Verifying the fmal design 49 
13 3.08 Verifying hardware implementation of SSC3 50 
14 3.09 Verifying the final design, an alternative to setup 3.07 51 
15 4.01 DES functions tree 54 
16 4.02 Non-functional tree 55 
17 4.03 Top-down View of DES 55 
18 5.01 DES overall functional block diagram 56 
19 5.02 State module 57 
20 5.03 Subkeygen module 57 
21 5.04 Fullround module 58 
22 5.05 Control module 59 
23 5.06 PC1 module 60 
24 5.07 Shifter module 60 
25 5.08 PC2 module 61 
26 5.09 IP module 61 
27 5.10 Mux32 module 62 
28 5.11 Initdata module 62 
29 5.12 Ov32 module 63 
30 5.13 FP module 63 
31 5.14 XP module 64 
32 5.15 Desxor 1 module 64 
33 5.16 sboxN module 65 
34 5.17 PP module 65 
35 5.18 Desxor2 module 66 
36 5.19 Reg32 module 67 
37 5.20 Subkeygen RTL diagram 68 
38 5.21 Initdata RTL diagram 68 
39 5.22 Fullround RTL diagram 69 
40 5.23 State module RTL diagram 69 
v 
Un
ive
rsi
ty 
of 
Ma
lay
a
41 5.24 FSMdiagram 70 
42 5.25 Shifter decoder table 72 
43 5.26 Left shifts per iteration 72 
44 6.01 Entry Screen for peakFPGA 73 
45 6.02 Main Application 74 
46 6.03 Simulator Application 76 
47 6.04 Hierarchy Browser 78 
48 6.05 Hierarchy Browser toolbar 79 
49 6.06 Compile Process 80 
50 6.07 Signals selection 82 
51 6.08 VHDL simulator Interface 83 
52 7.01 After pel 89 
53 7.02 After split 90 
54 7.03 Afterip 94 
55 7.04 Afterxp 94 
56 7.05 After desxor 1 94 
57 7.06 After sbox 95 
58 7.07 Afterp 95 
59 7.08 EndofRI 96 
60 7.09 After fp 97 
61 8.01 Compiling state tb.vhd 98 
62 8.02 Select simulation signals 99 
63 8.03 Results from state Init - R6 100 
64 8.04 Results from state R 7 - R 12 101 
65 8.05 Results from state R13 -Key end 102 
66 8.06 Results Init - R6 (decrypt mode) 104 
67 8.07 Results R7- R12 (decrypt mode) 105 
68 8.08 Results R12- Key end (decrypt mode) 106 
69 9.01 Pipelined design for DES 109 
vi 
Un
ive
rsi
ty 
of 
Ma
lay
a
Un
ive
rsi
ty 
of 
Ma
lay
a
1.0 Introduction. 
Cryptography is the most common method used in implementing security in 
data communication networks. Over a period of time, several cryptographic 
algorithms have been developed, such as DES, RSA, Rjindeal and etcetera. DES, 
along with its variant (3DES, AES) is among the most widely used cryptographic 
methods in data and information protection today. The DES algorithm has been 
written and implemented in programming languages such as C, C++, Java, Basic 
and others. But these are software versions. After comparing the performance of its 
hardware implementation, most of it which are implemented on Application 
Specific Integrated Circuits {ASIC), they outperform the software implementation. 
With the advancements that have been made in reconfigurable devices, Field 
Programmable Gated Arrays (FPGA) and Complex Programmable Logic Devices 
{CPLD), brings about the possibility of reconfigurable cryptographic devices into 
the real world. Cryptographic algorithms implemented on FPGA and CPLDs, 
provide a high level of flexibility, though it is in the expense of performance. This 
paper is about the development of hardware based security processor module, the 
DES using Very high speed integrated Hardware Description Language, (VHDL). 
The code will then be implemented on a reconfigurable device, specifically FPGA. 
1.1 Problems to be addressed 
1.1.1 Identifying functions, modules within algorithm. 
The DES algorithm is a sequence of functions that is used to encrypt 
information represented in bits. We are designing a standard 64 bit DES 
chip. In order to develop this chip, we will have to identify the 
1 
Un
ive
rsi
ty 
f M
ala
ya
module/components of this chip. A module comprised of a combination of 
functions in relation to the algorithm. Inputs (in bits) will be passed around 
within these modules, in which are processed by the functions in it. 
By reviewing the literature related to DES, the functions that are used 
in the algorithm can be identified. We can develop the relevant source code 
based on the functions. 
1.1.2 Learning VHDL. 
VHDL is the most common language in developing digital systems. 
So, it is absolutely essential to learn this programming language in order to 
build a DES chip. This also includes getting familiar with a suitable 
development tool. 
1.1.3 Develop a project schedule. 
Develop a workable project schedule to design and complete a DES 
chip. 
1.2 Scope of Research 
The scope of this research just involves cryptography, and the DES 
algorithm in particular. Also about VHDL, and its related development tools. 
1.3 Objective 
The objective is to develop a hardware implementation of DES encryption 
algorithm based on VHDL, in other words, a DES chip. 
1.4 Project Limitation 
This project is limited to developing a simulatable model of DES 
algorithm. The DES algorithm runs on several modes. The design is based 
2 
Un
ive
rsi
ty 
of 
Ma
lay
a
on Electronic Code Book (ECB) mode of operation, which is the direct 
application of the DES algorithm to encrypt and decrypt data. There are 
three other modes of operations, Cipher Block Chaining (CBC) mode, the 
Cipher Feedback (CFB) mode, and the Output Feedback (OFB) mode. The 
characteristics of these modes are explained later in literature review. 
1.5 Project Schedule 
Below is the designated project schedule. 
No. Task 
••• 
•• 
• 
• 
Jun July August September 
1 Early Research 
2 Literature Review 
3 System Analysis 
4 System Design 
5 System 
Development 
•• 6 Testing 
•• 
System Design will be continous throughout the duration of project. The initial 
duration ( March- April) is the design based on system analysis. The following 
duration is in response to system development requirements. 
3 
Un
ive
rsi
ty 
of 
Ma
lay
a
Un
ive
rsi
ty 
of 
Ma
lay
a
2.0 Introduction to Literature Review 
This chapter serves as an introduction to everything that is 
related/needed in developing a DES chip. This review is a critical evaluation 
of the literature, which provides an academic background to the area of 
study. Literature review is important to review on certain information 
resources. These resources were gained through reading of books, magazines, 
journals and also from the Internet. Through careful analysis on the 
information, the pros and cons of this project could be extracted from. AU 
these will contribute to the development of this project, which is the 
hardware implementation of DES algorithm using VHDL. 
The first part of this literature review is on cryptography, and an in-
depth analysis of DES algorithm. Then, a review on the development 
language, VHDL. 
2.1.0 Introduction to Cryptography 
What is cryptology? Cryptography? Plaintext? Ciphertext? Encryption? Key? 
The story begins: When Julius Caesar sent messages to his trusted 
acquaintances, he didn't trust the messengers. So he replaced every A by a D, 
every B by a E, and so on through the alphabet. Only someone who knew 
the ·'shift by 3" rule could decipher his messages. 
A cryptosystem or cipher system is a method of disguising messages 
so that only certain people can see through the disguise. Cryptography is the 
art of creating and using cryptosystems. Cryptanalysis is the art of breaking 
cryptosystems---seeing through the disguise even when 
4 
Un
ive
rsi
ty 
of 
Ma
lay
a
you're not supposed to be able to. Cryptology is the study of both 
cryptography and cryptanalysis. 
The original message is called a plaintext. The disguised message is 
called a ciphertext. Encryption means any procedure to convert plaintext into 
ciphertext. Decryption means any procedure to convert ciphertext into 
plaintext. 
A cryptosystem is usually a whole collection of algorithms. The 
algorithms are labeled; the labels are called keys. For instance, Caesar 
probably used ''shift by n" encryption for several different values of n. It's 
natural to say that n is the key here. 
The people who are supposed to be able to see through the disguise 
are called recipients. Other people are enemies, opponents, interlopers, 
eavesdroppers, or third parties. 
2.2.0 The DES algorithm 
Introduction 
The DES algorithm is based on a 128-bit block algorithm developed 
in the 1960s by IBM. In technical terms, LUCIFER is an iterative block 
cipher, using Feistel rounds - a block of data is encrypted a number of 
several times, each time applying the key to half of the block and then 
XOR'ing with the other half of the block. 
DES was designed to use a 64-bit key to encrypt and decrypt 64-bit 
blocks of data using a cycle of permutations, swaps, and substitutions. 
Encryption and decryption use the same key. 
5 
U
ive
rsi
ty 
of 
Ma
lay
a
A block to be encrypted is subjected to an initial permutation, then to 
a key-dependent computation, and then to a final permutation. The initial 
and final permutations take the 64-bit block and change the position of each 
bit in a pre-determined manner. The fmal permutation is the reverse of the 
initial permutation. 
A DES key consists of 64 binary digits of which 56 bits are randomly 
generated and used directly by the algorithm. The other 8 bits, which are not 
used by the algorithm, are used for error detection. The 8 error detecting bits 
are set to make the parity of each 8-bit byte of the key odd, i.e., there is an 
odd number of" 1 "s in each 8-bit byte. 
2.2.1 History and Issues on DES 
In 1972, the National Institute of Standards and Technology (called 
the National Bureau of Standards at the time) decided that a strong 
cryptographic algorithm was needed to protect non-classified information. 
The algorithm was required to be cheap, widely available, and very secure. 
NIST envisioned something that would be available to the general public 
and could be used in a wide variety of applications. So they asked for public 
proposals for such an algorithm. In 1974 ffiM submitted the Lucifer 
algorithm, which appeared to meet most ofNIST's design requirements. 
NIST enlisted the help of the National Security Agency to evaluate 
the security of Lucifer. At the time many people distrusted the NSA due to 
their extremely secretive activities, so there was initially a certain degree of 
6 
Un
ive
rsi
ty
o  
Ma
lay
a
skepticism regarding the analysis of Lucifer. One of the greatest worries was 
that the key length, originally 128 bits, was reduced to just 56 bits, 
weakening it significantly. The NSA was also accused of changing the 
algorithm to plant a 11back door" in it that would allow agents to decrypt any 
information without having to know the encryption key. But these fears 
proved unjustified and no such back door has ever been found. 
The modified Lucifer algorithm was adopted by NIST as a federal 
standard on November 23, 1976. Its name was changed to the Data 
Encryption Standard (DES). The algorithm specification was published in 
January 1977, and with the official backing of the government it became a 
very widely employed algorithm in a short amount of time. 
Unfortunately, over time various shortcut attacks were found that 
could significantly reduce the amount of time needed to find a DES key by 
brute force. And as computers became progressively faster and more 
powerful, it was recognized that a 56-bit key was simply not large enough 
for high security applications. As a result of these serious flaws, NIST 
abandoned their official endorsement of DES in 1997 and began work on a 
replacement, to be called the Advanced Encryption Standard (AES). Despite 
the growing concerns about its vulnerability, DES is still widely used by 
financial services and other industries worldwide to protect sensitive on-line 
applications. 
7 
Un
ive
rsi
ty 
of 
Ma
lay
a
To highlight the need for stronger security than a 56-bit key can 
offer, RSA Data Security has been sponsoring a series of DES cracking 
contests since early 1997. In 1998 the Electronic Frontier Foundation won 
the RSA DES Challenge II-2 contest by breaking DES in less than 3 days. 
EFF used a specially developed computer called the DES Cracker, which 
was developed for under $250,000. The encryption chip that powered the 
DES Cracker was capable of processing 88 billion keys per second. More 
recently, in early 1999, Distributed. Net used the DES Cracker and a 
worldwide network of nearly 100,000 PCs to win the RSA DES Challenge 
III in a record breaking 22 hours and 15 minutes. The DES Cracker and PCs 
combined were testing 245 billion keys per second when the correct key was 
found. In addition, it has been shown that for a cost of one million dollars a 
dedicated hardware device can be built that can search all possible DES keys 
in about 3.5 hours. This just serves to illustrate that any organization with · 
moderate resources can break through DES with very little effort these days. 
2.2.2 Steps in DES 
1 Process the key. 
1.1 Get a 64-bit key from the user. (Every 8th bit (the least significant bit of 
each byte) is considered a parity bit. For a key to have correct parity, each 
byte should contain an odd nwnber of "1" bits.) This key can be entered 
directly, or it can be the result of hashing something else. There is no 
standard hashing algorithm for this purpose. 
1.2 Calculate the key schedule. 
1.2.1 Perform the following permutation on the 64-bit key. (The parity bits 
are discarded, reducing the key to 56 bits. Bit I (the most significant bit) of 
8 
Un
ive
rsi
ty 
of 
Ma
lay
a
the permuted block is bit 57 of the original key, bit 2 is bit 49, and so on 
with bit 56 being bit 4 of the original key.) 
Permuted Choice 1 (PC-1) 
57 49 41 33 25 17 9 
1 58 50 42 34 26 18 
10 2 59 51 43 35 27 
19 11 3 60 52 44 36 
63 55 47 39 31 23 15 
7 62 54 46 38 30 22 
1466153453729 
21 13 5 28 20 12 4 
1.2.2 Split the permuted key into two halves. The first 28 bits are called C[O] 
and the last 28 bits are called D(O]. 
1.2.3 Calculate the 16 sub keys. Start with i = 1. 
1.2.3.1 Perform one or two circular left shifts on both C[i-1] and D[i-1] to 
get C[i] and D[i], respectively. The number of shifts per iteration are given 
in the table below. 
Iteration # 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 
Left Shifts 1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1 
1.2.3.2 Permute the concatenation C[i]D[i] as indicated below. This will 
yield K[i], which is 48 bits long. 
Permuted Choice 2 (PC-2) 
14 17 11 24 1 5 
3 28 15 6 21 10 
23 19 12 4 26 8 
1672720132 
41 52 31 37 47 55 
304051453348 
44 49 39 56 34 53 
46 42 50 36 29 32 
9 
Un
iv
rsi
ty 
of 
Ma
lay
a
1.2.3.3 Loop back to 1.2.3.1 until K[16] has been calculated. 
2 Process a 64-bit data block. 
2.1 Get a 64-bit data block. If the block is shorter than 64 bits, it should be 
padded as appropriate for the application. 
2.2 Perform the following permutation on the data block. 
Initial Permutation (IP) 
58 5042 342618102 
60 52 44 36 28 20 12 4 
62 54 46 38 30 22 14 6 
64 56 48 40 32 24 16 8 
57 49 41 33 25 17 9 1 
59 51 43 35 27 19 11 3 
61 53 45 37 29 21 13 5 
635547393123157 
2.3 Split the block into two halves. The first 32 bits are called L[O], and the 
last 32 bits are called R[O]. 
2.4 Apply the 16 sub keys to the data block. Start with i = 1. 
2.4.1 Expand the 32-bit R[i-1] into 48 bits according to the bit-selection 
function below. 
Expansion (E) 
32 1 2 3 4 5 
456789 
8 9 10 11 12 13 
12 13 14 15 16 17 
16 17 18 19 20 21 
20 21 22 23 24 25 
24 25 26 27 28 29 
28 29 30 31 32 1 
10 
Un
ive
r i
ty 
of 
Ma
lay
a
2.4.2 Exclusive-or E(R[i-1]) with K[i]. 
2.4.3 Break E(R[i-1]) xor K[i] into eight 6-bit blocks. Bits 1-6 are B[1], bits 
7-12 are B[2], and so on with bits 43-48 being B[8]. 
2.4.4 Substitute the values found in the S-boxes for all B[j]. Start withj = 1. 
All values in the S-boxes should be considered 4 bits wide. 
2.4.4.1 Take the lst and 6th bits ofB[j] together as a 2-bit value (call it m) 
indicating the row in sm to look in for the substitution. 
2.4.4.2 Take the 2nd through 5th bits ofBU] together as a 4-bit value (call it 
n) indicating the column in S(j] to find the substitution. 
2.4.4.3 Replace B[j] with S[j][m][n]. 
Substitution Box I (S[l]) 
14 4 13 1 2 15 11 8 3 10 6 12 59 0 7 
0 15 7 4 14 2 13 1 10 6 12 11 9 53 8 
4 1 14 8 13 6 2 11 15 12 9 7 3 10 50 
15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13 
S[2] 
1518146113497213120510 
3 13 4 7 15 2 8 14 12 0 1 10 6 9 11 5 
0 14 7 11 10 4 13 1 58 12 6 9 3 2 15 
13 8 10 1 3 15 4 2 11 6 7 12 0 5 14 9 
S[3] 
10 0 9 14 6 3 15 51 13 12 7 11 4 2 8 
13 7 0 9 3 4 6 10 2 8 5 14 12 11 15 I 
13 6 4 9 8 15 3 0 11 1 2 12 5 10 14 7 
1 10 13 0 6 9 8 7 4 15 14 3 11 52 12 
S[4] 
7 13 14 3 0 6 9 10 1 2 8 5 11 12 4 15 
13 8 11 56 15 0 3 4 7 2 12 1 10 14 9 
1069012117131513145284 
3 15 0 6 10 1 13 8 9 4 5 11 12 7 2 14 
11 
Un
ive
rsi
ty 
of 
Ma
lay
a
S[5] 
2 I2 4 1 7 IO 11 6 8 53 15 13 0 I4 9 
14 11 2 12 4 7 13 I 50 15 10 3 9 8 6 
4 2 1 1110 13 7 8 IS 9 12 56 3 0 I4 
11 8 12 7 I I4 2 13 6 15 0 9 10 4 53 
S£6] 
12 1 10 15 9 2 6 8 0 13 3 4 14 7 5 11 
10 15 4 2 7 12 9 56 I 13 14 0 11 3 8 
9 14 15 52 8 I2 3 7 0 4 10 I 13 11 6 
4 3 2 12 9 5 IS 10 11 14 1 7 6 0 8 13 
S[7] 
4 11 2 14 15 0 8 13 3 12 9 7 5 10 6 1 
13 0 11 7 4 9 I IO I4 3 5 12 2 15 8 6 
1 4 11 13 12 3 7 14 10 15 6 8 0 59 2 
6 11 13 8 1 4 10 7 9 50 15 14 2 3 12 
S[8] 
13 2 8 4 6 15 II 1 10 9 3 14 50 12 7 
I 15 13 8 10 3 7 4 I2 56 11 0 I4 9 2 
7 11 4 I 9 12 14 2 0 6 IO 13 15 3 58 
2 I 14 7 4 10 8 13 15 12 9 0 3 56 11 
2.4.4.4 Loop back to 2.4.4.1 until all 8 blocks have been replaced. 
2.4.5 Permute the concatenation ofB(1] through B[8] as indicated below. 
Permutation P 
16 7 20 21 
2912 28 17 
1 15 23 26 
5183110 
2 8 24 14 
32 27 3 9 
19 13 30 6 
22 11 4 25 
12 
Un
ive
rsi
ty 
of 
Ma
lay
a
2.4.6 Exclusive-or the resulting value with L[i-.1]. Thus, all together, your 
R[i] = L[i-1] xor P(S[1 ](B[1 ]) .. .S[8](B[8])), where B[j] is a 6-bit block of 
E(R[i-1]) xor K[i]. (The function for R[i] is more concisely written as, R[i] = 
L[i-1] xor f{R[i-1 ], K[i]).) 
2.4.7 L[i] = R[i-1]. 
2.4.8 Loop back to 2.4.1 until K[16] has been applied. 
2.5 Perfonn the following pennutation on the block R[l6]L[l6]. (Note that 
block R precedes block L this time.) 
Final Pennutation (IP**-1) 
40 8 48 16 56 24 64 32 
39 7 47 15 55 23 63 31 
38 64614 54 22 62 30 
37 5 45 13 53 21 61 29 
36 4 44 12 52 20 60 28 
35 3 43 11 51 19 59 27 
342421050185826 
33 1 41 9 49 17 57 25 
This has been a description of how to use the DES algorithm to 
encrypt one 64-bit block. To decrypt, use the same process, but just use the 
keys K[i] in reverse order. That is, instead of applying K[l] for the first 
iteration, apply K[16], and then K[l5] for the second, on down to K[1]. 
13 
Un
ive
rsi
ty 
of 
Ma
lay
a
Summaries: 
Key schedule: 
C[O]D[O] = PCI(key) 
for 1 <= i <= 16 
C(i] = LS[i](C[i-1]) 
D[i] = LS[i](D[i-1]) 
K[i] = PC2(C[i]D[i]) 
Encipherment: 
L[O]R[O] = IP(plain block) 
for 1 <= i <= 16 
L[i] = R[i-1] 
R[i] = L[i-1] xor f(R[i-1 ], K[i]) 
cipher block= FP(R[16]L[16]) 
Decipherment: 
R[16]L[16] = IP( cipher block) 
for 1 <= i <= 16 
R[i-1] = L[i] 
L[i-1] = R[i] xor f(L[i], K[i]) 
plain block = FP(L[O]R[OJ) 
2.2.3 Flow Diagram of DES Algorithm 
The diagrams below summarizes how the DES algorithm works. 
14 
Un
ive
rsi
ty 
of 
Ma
lay
a
PERMUTED 
CHOICE 2 
PERMUTED 
CHOICE 2 
PERMUTED 
CHOICE 2 
Figure 2.01 Sub~key Generator 
15 
Un
ive
rsi
ty 
of 
Ma
lay
a
PERMUTED 
INRJT 
PF£11JTPUT 
INITIAL F£RMUTATION 
0''''''' ....... "" ... '!' ... "."" ... ¥n 
Figure 2.02 DES Core 
16 
Un
ive
rsi
ty 
of 
Ma
lay
a
K(48BITS) 
Figure 2.03 Function/ 
2.2.4 Practical Example of DES Algorithm 
For a practical example of DES algorithm, please turn to Appendix 
A in the Appendix. This example was worked by Adrian Grigoroff. 
2.2.5 Modes of DES Operations 
2.2.5.1 ECB (Electronic Code Book) 
This is the regular DES algorithm, exactly as described above. Data 
is divided into 64-bit blocks and each block is encrypted one at a time. 
Separate encryptions with different blocks are totally independent of each 
other. This means that if data is transmitted over a network or phone line, 
transmission errors will only affect the block containing the error. It also 
means, however, that the blocks can be rearranged, thus scrambling a file 
beyond recognition, and this action would go undetected. ECB is the 
weakest of the various modes because no additional security measures are 
implemented besides the basic DES algorithm. However, ECB is the fastest 
17 
Un
ive
rsi
ty 
of 
Ma
lay
a
and easiest to implement, making it the most common mode of DES seen in 
commercial applications. This is the mode that is used by the DES chip 
designed. 
2.2.5.2 CBC (Cipher Block Chaining) 
In this mode of operation, each block of ECB encrypted ciphertext is 
XORed with the next plaintext block to be encrypted, thus making all the 
blocks dependent on all the previous blocks. This means that in order to find 
the plaintext of a particular block, we need to know the ciphertext, the key, 
and the ciphertext for the previous block. The first block to be encrypted has 
no previous ciphertext, so the plaintext is XORed with a 64-bit number 
called the Initialization Vector, or IV for short. So if data is transmitted over 
a network or phone line and there is a transmission error, the error will be 
carried forward to all subsequent blocks since each block is dependent upon 
the last. This mode of operation is more secure than ECB because the extra 
XOR step adds one more layer to the encryption process. 
2.2.5.3 CFB (Cipher Feedback) 
In this mode, blocks of plaintext that are less than 64 bits long can be 
encrypted. Normally, special processing has to be used to handle files whose 
size is not a perfect multiple of 8 bytes, but this mode removes that necessity 
(Stealth handles this case by adding several dummy bytes to the end of a file 
before encrypting it). The plaintext itself is not actually passed through the 
18 
Un
ive
sit
y o
f M
ala
ya
DES algorithm, but merely XORed with an output block from it, in the 
following manner: A 64-bit block called the Shift Register is used as the 
input plaintext to DES. This is initially set to some arbitrary value, and 
encrypted with the DES algorithm. The ciphertext is then passed through an 
extra component called the M-box, which simply selects the left-most M bits 
of the ciphertext, where M is the number of bits in the block we wish to 
encrypt. This value is XORed with the real plaintext, and the output of that is 
the final ciphertext. Finally, the ciphertext is fed back into the Shift Register, 
and used as the plaintext seed for the next block to be encrypted. As with 
CBC mode, an error in one block affects all subsequent blocks during data 
transmission. This mode of operation is similar to CBC and is very secure, 
but it is slower than ECB due to the added complexity. 
2.2.5.4 OFB (Output Feedback) 
This is similar to CFB mode, except that the ciphertext output of 
DES is fed back into the Shift Register, rather than the actual final 
ciphertext. The Shift Register is set to an arbitrary initial value, and passed 
through the DES algorithm. The output from DES is passed through the M-
box and then fed back into the Shift Register to prepare for the next block. 
This value is then XORed with the real plaintext (which may be less than 64 
bits in length, like CFB mode), and the result is the fmal ciphertext. Note 
that unlike CFB and CBC, a transmission error in one block will not affect 
subsequent blocks because once the recipient has the initial Shift Register 
19 
Un
ive
rsi
ty 
of 
Ma
lay
a
value, it will continue to generate new Shift Register plaintext inputs without 
any further data input. However, this mode of operation is less secure than 
CFB mode because only the real ciphertext and DES ciphertext output is 
needed to find the plaintext of the most recent block. Knowledge of the key 
is not required. 
2.2.6 Variation of DES- Triple DES 
2.2.6.1 Introduction 
Triple DES is a minor variation of this standard. It is three times 
slower than regular DES but can be billions oftimes more secure if used 
properly. Triple DES enjoys much wider use than DES because DES is so 
easy to break with today's rapidly advancing technology. In 1998 the 
Electronic Frontier Foundation, using a specially developed computer called 
the DES Cracker, managed to break DES in less than 3 days. And this was 
done for under $250,000. The encryption chip that powered the DES 
Cracker was capable of processing 88 billion keys per second. In addition, it 
has been shown that for a cost of one million dollars a dedicated hardware 
device can be built that can search all possible DES keys in about 3.5 hours. 
This just serves to illustrate that any organization with moderate resources 
can break through DES with very little effort these days. No sane security 
expert would consider using DES to protect data. 
20 
Un
iv
rsi
ty 
of 
Ma
lay
a
Triple DES was the answer to many of the shortcomings of DES. 
Since it is based on the DES algorithm, it is very easy to modify existing 
software to use Triple DES. It also has the advantage of proven reliability 
and a longer key length that eliminates many of the shortcut attacks that can 
be used to reduce the amount oftime it takes to break DES. However, even 
this more powerful version of DES may not be strong enough to protect data 
for very much longer. The DES algorithm itself has become obsolete and is 
in need of replacement. To this end the National Institute of Standards and 
Technology (NIST) is holding a competition to develop the Advanced 
Encryption Standard (AES) as a replacement for DES. Triple DES has been 
endorsed by NIST as a temporary standard to be used until the AES is 
finished sometime in 2001. 
The AES will be at least as strong as Triple DES and probably much 
faster. Many security systems will probably use both Triple DES and AES 
for at least the next five years. After that, AES may supplant Triple DES as 
the default algorithm on most systems if it lives up to its expectations. But 
Triple DES will be kept around for compatibility reasons for many years 
after that. So the useful lifetime of Triple DES is far from over, even with 
the AES near completion. For the foreseeable future Triple DES is an 
excellent and reliable choice for the security needs of highly sensitive 
information. 
21 
Un
ive
rsi
ty 
f M
ala
y
2.2.6.2 In Depth 
Triple DES is simply another mode of DES operation. It takes three 
64-bit keys, for an overall key length of 192 bits. In Stealth, you simply type 
in the entire 192-bit (24 character) key rather than entering each of the three 
keys individually. The Triple DES DLL then breaks the user provided key 
into three subkeys, padding the keys if necessary so they are each 64 bits 
long. The procedure for encryption is exactly the same as regular DES, but it 
is repeated three times. Hence the name Triple DES. The data is encrypted 
with the first key, decrypted with the second key, and finally encrypted again 
with the third key. 
Plaintext 
I DES Encryption :- Key1 
J, 
I DES Decryption J Key2 
J, I DES Encryption l: Key3 
\ 
Ciphertext 
Figure 2.04 Diagram of Triple DES 
Consequently, Triple DES runs three times slower than standard DES, 
but is much more secure if used properly. The procedure for decrypting 
something is the same as the procedure for encryption, except it is executed 
22 
Un
ive
rsi
ty 
of 
Ma
lay
a
in reverse. Like DES, data is encrypted and decrypted in 64-bit chunks. 
Unfortunately, there are some weak keys that one should be aware of: if all 
three keys, the first and second keys, or the second and third keys are the 
same, then the encryption procedure is essentially the same as standard DES. 
This situation is to be avoided because it is the same as using a really slow 
version of regular DES. 
Note that although the input key for DES is 64 bits long, the actual 
key used by DES is only 56 bits in length. The least significant (right-most) 
bit in each byte is a parity bit, and should be set so that there are always an 
odd number of 1 s in every byte. These parity bits are ignored, so only the 
seven most significant bits of each byte are used, resulting in a key length of 
56 bits. This means that the effective key strength for Triple DES is actually 
168 bits because each of the three keys contains 8 parity bits that are not 
used during the encryption process. 
2.2.6.3 Modes of Operation 
Triple ECB (Electronic Code Book) 
This variant of Triple DES works exactly the same way as the ECB 
mode of DES. This is the most commonly used mode of operation. 
23 
Un
ive
rsi
ty 
of 
Ma
lay
a
Triple CBC (Cipher Block Chaining) 
This method is very similar to the standard DES CBC mode. As with 
Triple ECB, the effective key length is 168 bits and keys are used in the 
same manner, as described above, but the chaining features of CBC mode 
are also employed. The first 64-bit key acts as the Initialization Vector to 
DES. Triple ECB is then executed for a single 64-bit block of plaintext. The 
resulting ciphertext is then XORed with the next plaintext block to be 
encrypted, and the procedure is repeated. This method adds an extra layer of 
security to Triple DES and is therefore more secure than Triple ECB, 
although it is not used as widely as Triple ECB. 
24 
Un
ive
rsi
ty 
of 
Ma
lay
a
2.2 Introduction to VHDL 
VHDL is a language for describing digital electronic systems. It 
arose out of the United States Government's Very High Speed Integrated 
Circuits (VHSIC) program, initiated in 1980. In the course of this program, 
it became clear that there was a need for a standard language for describing 
the structure and function of integrated circuits (ICs). Hence the VHSIC 
Hardware Description Language (VHDL) was developed, and subsequently 
adopted as a standard by the Institute of Electrical and Electronic Engineers 
(IEEE) in the US. 
VHDL is designed to fill a number of needs in the design process. 
Firstly, it allows description of the structure of a design, that is how it is 
decomposed into sub-designs, and how those sub-designs are interconnected. 
Secondly, it allows the specification of the function of designs using familiar 
programming language forms. Thirdly, as a resul4 it allows a design to be 
simulated before being manufactured, so that designers can quickly compare 
alternatives and test for correctness without the delay and expense of 
hardware prototyping. 
For our introduction, I will only touch on the lexical elements and 
main language constructs. I will also touch on a bit on the levels of 
abstraction used in the language. This is based on VHDL '93 specification. 
25 
Un
ive
rsi
ty 
of 
Ma
lay
a
2.2.1 Lexical Elements 
The behaviour of a module may be described in programming 
language form. This chapter describes the facilities in VHDL which are 
drawn from the familiar programming language repertoire. 
2.2.1.1 Comments 
Comments in VHDL start with two adjacent hyphens('--') and 
extend to the end of the line. They have no part in the meaning of a VHDL 
description. 
2.2.1.2 Identifiers 
Identifiers in VHDL are used as reserved words and as programmer 
defined names. They must conform to the rule: 
identifier : := letter { [ underline ] letter_ or_ digit } 
Note that case of letters is not considered significant, so the 
identifiers cat and Cat are the same. Underline characters in identifiers are 
significant, so This _Name and ThisName are different identifiers. 
2.2.1.3 Numbers 
Literal numbers may be expressed either in decimal or in a base 
between two and sixteen. If the literal includes a point, it represents a real 
number, otherwise it represents an integer. Decimal literals are defined by: 
decimal _literal::= integer [.integer] [exponent] 
integer ::= digit { [ underline ] digit } 
exponent : := E [ + ] integer I E - integer 
26 
Un
ive
rsi
ty
of 
Ma
lay
a
Some examples are: 
0 1 123_456_789 987E6 -- integer literals 
0.0 0.5 2.718_28 12.4E-9 - - real literals 
Based literal numbers are defined by: 
based_literal ::=base# based_integer [. based_integer] # [exponent] 
base::= integer 
based_integer ::= extended_digit { [underline] extended_digit} 
extended_digit ::=digit !letter 
The base and the exponent are expressed in decimal. The exponent 
indicates the power of the base by which the literal is multiplied. The letters 
A to F (upper or lower case) are used as extended digits to represent 10 to 15. 
Some examples: 
2#1100_0100# 
196 
16#C4# 4#301#E1 -- the integer 
2#1.1111_llll_lll#E+ll 16#F.FF#E2 --the real number 4095.0 
2.2.1.4 Characters 
Literal characters are formed by enclosing an ASCII character in single-
quote marks. For example: 
'A' '*' 
Ill f t 
2.2.1.5 Strings 
Literal strings of characters are formed by enclosing the characters in 
double-quote marks. To include a double-quote mark itself in a string, a pair 
27 
Un
ive
rsi
ty 
of 
Ma
l y
a
of double-quote marks must be put together. A string can be used as a value 
for an object which is an array of characters. Examples of strings: 
"A string" 
!Ill 
empty string 
"A string in a string: ""A string'"'. " -- contains quote marks 
2.2.1.6 Bit Strings 
VHDL provides a convenient way of specifying literal values for 
arrays of type bit ('O's and 'l's, see Section 2.2.5). The syntax is: 
bit_string_literal ::= base_specifier" bit_ value" 
base_ specifier : := B I 0 I X 
bit_ value::= extended_digit { [underline] extended_digit} 
Base specifier B stands for binary, 0 for octal and X for hexadecimal. 
Some examples: 
B" 1 01 011 0" -- length is 7 
0"126" 
X" 56" 
--length is 9, equivalent to B"OOI_OIO_llO" 
--length is 8, equivalent to B"0101_0110" 
2.2.2 VHDL Language Constructs 
VHDL is made up of these 5 primary constructs. They are: 
• Entities and Architectures 
• Package 
28 
Un
ive
rsi
ty 
of 
Ma
lay
a
• Package Bodies 
• Configuration 
2.2.2.1 Entities and architectures 
Entities and Architectures 
Every VHDL design description consists of at least one 
entity/architecture pair. 
Large design, many entity/architecture pairs and connect them together 
to form a complete circuit. 
entity declaration describes the circuit as it appears from the "outside"-
from the perspective of its input and output interfaces. 
Example:-
entity fulladder is 
port (X: in bit; 
Y: in bit; 
Cin: in bit; 
Cout: out bit; 
Sum: out bit); 
end fulladder; 
A VHDL architecture declaration is a statement (beginning with the 
architecture keyword) that describes the underlying function and/or 
structure of a circuit. 
29 
Un
ive
rsi
ty 
of 
Ma
lay
a
• Package Bodies 
• Configuration 
2.2.2.1 Entities and architectures 
Entities and Architectures 
Every VHDL design description consists of at least one 
entity/architecture pair. 
Large design, many entity/architecture pairs and connect them together 
to form a complete circuit. 
entity declaration describes the circuit as it appears from the "outside"-
from the perspective of its input and output interfaces. 
Example:-
entity fulladder is 
port (X: in bit; 
Y: in bit; 
Cin: in bit; 
Cout: out bit; 
Sum: out bit); 
end fulladder; 
A VHDL architecture declaration is a statement (beginning with the 
architecture keyword) that describes the underlying function and/or 
structure of a circuit. 
29 
Un
ive
rsi
ty 
of 
Ma
lay
a
Example:· 
architecture concurrent of fulladder is 
begin 
Sum <=X xor Y xor Cin; 
Cout <= (X and Y) or (X and Cin) or (Y and Cin); 
end concurrent; 
2.2.2.2 Packages and Package bodies 
A VHDL package declaration is identified by the package keyword, and is 
used to collect commonly-used declarations for use globally among different 
design units. 
A package can consist of two basic parts: a package declaration and an 
optional package body. Package declarations can contain the following types 
of statements: 
• Type and subtype declarations 
• Constant declarations 
• Global signal declarations 
• Function and procedure declarations 
• Attribute specifications 
• File declarations 
• Component declarations 
• Alias declarations 
• Disconnect specifications 
30 
Un
ive
rsi
ty 
of 
Ma
l y
a
• Use clauses 
Example:· 
package conversion is 
function to_ vector (size: integer; num: integer) return std _logic_ vector; 
end conversion; 
package body conversion is 
function to_ vector( size: integer; num: integer) return std _logic_ vector is 
variable ret: std _logic_ vector ( 1 to size); 
variable a: integer; 
begin 
a :=num; 
for i in size downto 1 loop 
if ((a mod 2) = 1) then 
ret(i) := '1 '; 
else 
ret(i) := '0'; 
end if; 
a:= a/ 2; 
end loop; 
return ret; 
end to_ vector; 
end conversion; 
31 
Un
ive
rsi
ty 
of 
Ma
lay
a
2.2.2.3 Configuration 
The fmal type of design unit available in VHDL is called a 
configuration declaration. A configuration declaration (identified with the 
configuration keyword) specifies which architectures are to be bound to 
which entities, and it allows you to change how components are connected 
in your design description at the time of simulation. 
Configuration declarations are always optional, no matter how 
complex a design description you create. In the absence of a configuration 
declaration, the VHDL standard specifies a set of rules that provide you with 
a default configuration. For example, in the case where you have provided 
more than one architecture for an entity, the last architecture compiled will 
take precedence and will be bound to the entity. 
Example:-
configuration this_ build of rcomp is 
for structure 
for COMPl: compare use entity work.compare(comparel); 
for ROTl: rotate use entity work.rotate(rotatel ); 
end for; 
end this_ build; 
32 
Un
iv
sit
y o
f M
ala
ya
2.2.3 Levels of abstraction 
VHDL supports many possible styles of design description. These 
styles differ primarily in how closely they relate to the underlying 
hardware. When we speak of the different styles ofVHDL, we are really 
talking about the differing levels of abstraction possible using the 
language--behavior, dataflow, and structure. 
Suppose the performance specifications for a given project are: "the 
compressed data coming out of the DSP chip needs to be analyzed and 
stored within 70 nanoseconds of the strobe signal being asserted ... " This 
human language specification must be refined into a description that can 
actually be simulated. A test bench written in combination with a 
sequential description is one such expression of the design. These are alJ 
points in the behavior level of abstraction. 
After this initial simulation, the design must be further refined until 
the description is something a VHDL synthesis tool can digest. Synthesis is 
a process of translating an abstract concept into a less-abstract form. The 
highest level of abstraction accepted by today' s synthesis tools is the 
dataflow level. 
The structure level of abstraction comes into play when little chunks 
of circuitry are to be connected together to form bigger circuits. (If the little 
chunks being connected are actually quite large chunks, then the result is 
what we commonly call a block diagram.) Physical information is the most 
basic level of all and is outside the scope ofVHDL. This level involves 
33 
Un
ive
rsi
ty 
of 
Ma
lay
a
actually specifying the interconnects of transistors on a chip, placing and 
routing macrocells within a gate array or FPGA, etc. 
Note: In some formal discussions of synthesis, four levels of abstraction 
are described; behavior, RTL, gate-level and layout. It is our view that the 
three levels of abstraction presented here provide the most useful 
distinctions for today's synthesis user. 
As an example of these three levels of abstraction, it is possible to 
describe a complex controller circuit in a number of ways. At the lowest 
level of abstraction (the structural level), we could use VHDL's hierarchy 
features to connect a sequence of predefined logic gates and flip-flips to 
form the complete circuit. To describe this same circuit at a dataflow level 
of abstraction, we might describe the combinational logic portion of the 
controller (its input decoding and transition logic) using higher-level 
Boolean logic functions and then feed the output of that logic into a set of 
registers that match the registers available in some target technology. At 
the behavioral level of abstraction, we might ignore the target technology 
(and the requirements of synthesis tools) entirely and instead describe how 
the controller operates over time in response to various types of stimulus. 
2.2.3.1 Behavior 
The highest level of abstraction supported in VHDL is called the 
behavioral level of abstraction. When creating a behavioral description of a 
circuit, you will describe your circuit in terms of its operation over time. 
34 
Un
ive
rsi
ty 
of 
M
lay
a
The concept of time is the critical distinction between behavioral 
descriptions of circuits and lower~ level descriptions (specifically 
descriptions created at the dataflow level of abstraction). 
Examples of behavioral fonns of representation might include state 
diagrams, timing diagrams and algorithmic descriptions. 
In a behavioral description, the concept of time may be expressed 
precisely, with actual delays between related events (such as the 
propagation delays within gates and on wires), or it may simply be an 
ordering of operations that are expressed sequentially (such as in a 
functional description of a flip-flop). When you are writing VHDL for 
input to synthesis tools, you may use behavioral statements in VHDL to 
imply that there are registers in your circuit. It is unlikely, however, that 
your synthesis tool will be capable of creating precisely the same behavior 
in actual circuitry as you have defined in the language. (Synthesis tools 
today ignore detailed timing specifications, leaving the actual timing results 
at the mercy of the target device technology.) It is also unlikely that your 
synthesis tool will be capable of accepting and processing a very wide 
range of behavioral description styles. 
If you are familiar with software programming, writing behavior-
level VHDL will not seem like anything new. Just like a programming 
language, you will be writing one or more small programs that operate 
sequentially and communicate with one another through their interfaces. 
The only difference between behavior-level VHDL and a software 
35 
Un
ive
rsi
ty 
of 
Ma
lay
a
programming language is the underlying execution platform: in the case of 
software, it is some operating system running on a CPU; in the case of 
VHDL, it is the simulator and/or the synthesized hardware. 
2.2.3.2 Dataflow 
In the dataflow level of abstraction, you describe your circuit in 
terms of how data moves through the system. At the heart of most digital 
systems today are registers, so in the dataflow level of abstraction you 
describe how information is passed between registers in the circuit. You 
will probably describe the combinational logic portion of your circuit at a 
relatively high level (and let a synthesis tool figure out the detailed 
implementation in logic gates), but you will likely be quite specific about 
the placement and operation of registers in the complete circuit. 
The dataflow level of abstraction is often called register transfer 
logic, or RTL. This level of abstraction is an intermediate level that allows 
the drudgery of combinational logic to be simplified (and, presumably, 
taken care of by logic synthesis tools) whlle the more important parts of the 
circuit, the registers, are more completely specified. 
There are some drawbacks to using a dataflow method of design in 
VHDL. First, there are no built-in registers in VHDL; the language was 
designed to be general-purpose, and the emphasis was placed by VHDL's 
designers on its behavioral aspects. If you are going to write VHDL at the 
dataflow level of abstraction, you must first create (or obtain) behavioral 
descriptions of the register elements you will be using in your design. 
36 
Un
ive
rsi
ty 
of 
Ma
lay
a
These elements must be provided in the form of components (using 
VHDL's hierarchy features) or in the form of subprograms (functions or 
procedures). 
But for hardware designers, it can be difficult to relate the sequential 
descriptions and operation of behavioral VHDL with the hardware being 
described (or modeled). For this reason, many VHDL users, particularly 
those who are using VHDL as an input to synthesis, prefer to stick with 
levels of abstraction that are easier to relate to actual hardware devices 
(such as logic gates and flip-flops). These users are often more comfortable 
using the dataflow level of abstraction. 
2.2.3.3 Structure 
The third level of abstraction, structure, is used to describe a circuit 
in terms of its components. Structure can be used to create a very low-level 
description of a circuit (such as a transistor-level description) or a very 
high-level description (such as a block diagram). 
In a gate-level description of a circuit, for example, components such 
as basic logic gates and flip-flops might be connected in some logical 
structure to create the circuit. This is what is often called a net/ist. For a 
higher-level circuit--one in which the components being connected are 
larger ftmctional blocks-structure might simply be used to segment the 
design description into manageable parts. 
37 
Un
i e
rsi
ty 
of 
Ma
lay
a
Structure-level VHDL features, such as components and 
configurations, are very useful for managing complexity. The use of 
components can dramatically improve your ability to re-use elements of 
your designs, and they can make it possible to work using a top-down 
design approach. 
To give an example of how a structural description of a circuit relates 
to higher levels of abstraction, consider the design of a simple 5-bit 
counter. To describe such a counter using traditional design methods, we 
might connect five T flip-flops with some simple decode logic. 
The following VHDL design description represents this design in the 
form of a netlist of connected components: 
entity andgate is 
port(A,B,C,D: In bit := '1'; Y: out bit); 
end andgate; 
architecture gate of andgate is 
begin 
Y <= A and B and C and D; 
end gate; 
entity tff Is . 
port(Rst,Cik,T: in bit; Q: out bit); 
end tff; 
architecture behavior of tff is 
begin 
process(Rst, Ctk) 
variable Qtmp: bit; 
begin 
If (Rst = '1') then 
Qtmp := '0'; 
elsif Clk = '1' and Clk'event then 
If T = '1' then 
Qtmp := not Qtmp; 
end If; 
end if; 
Q <= Qtmp; 
end process; 
end behavior; 
38 
Un
ive
rsi
ty 
of 
Ma
lay
a
entity TCOUNT Is 
port (Rst,Cik: In bit; 
Count: out bit_vector(4 downto 0)); 
endTCOUNT; 
architecture STRUCTURE of TCOUNT Ia 
component tff 
port(Rst,Cik,T: In bit; Q: out bit); 
end component; 
component andgate 
port(A,B,C,D: In bit:= '1'; Y: out bit); 
end component; 
constant vee: bit := '1 '; 
signal T,Q: bit_vector(4 downto 0); 
begin 
reo><= vee; 
TO: tff port map (Rst=>Rst, elk=> elk, T=> T(O), O=>Q(O)); 
T(1) <= Q(O); 
T1 : tff port map (Rst=>Rst, Clk=>Cik, T=>T(1), Q=>Q(1}); 
A1 : andgate port map(A=>Q(O), 8=>0(1), Y=>T(2)); 
T2: tff port map (Rst=>Rst, eJk=>Cik, T=> T(2), 0=>0(2)); 
A2: andgate port map(A=>O(O), 8=>0(1 ), C=>0(2), Y=> T(3)); 
T3: tff port map (Rst=>Rst, Clk=>Cik, T=> T(3), 0=>0(3)); 
A3: andgate port map(A=>O(O), B=>Q(1), C=>0(2), 0=>0(3), Y=>T(4)); 
T4: tff port map (Rst=>Rst, eJk=>Cik, T=>T(4), 0=>0(4)); 
Count<= 0; 
end STRUCTURE; 
This structural representation seems a straightforward way to describe a 5-
bit counter, and it is certainly easy to relate to hardware since just about any 
imaginable implementation technology will have the features necessary to 
implement the circuit. For larger circuits, however, such descriptions quickly 
become impractical. 
39 
Un
ive
rsi
ty 
of 
Ma
lay
a
2.3 Why DES in VHDL? 
The appropriate question should be, why DES in electronic devices? 
Since VHDL is a development language for digital electronic systems, we 
discuss the benefits of implementing DES in such devices. 
[FIPS 74] Implementation of the DES algorithm in special purpose 
electronic devices provides the following economic and security benefits: 
1. Efficiency of algorithm operation is much higher in specialized electronic 
devices. 
2. Basic implementation of the algorithm in specialized LSI electronic 
devices which can be used in many applications and environments should 
result in cost savings to the user through high volume production. 
3. Functional operation of the device may be tested and validated 
independently of the environment in which it is used. 
4. An encryption key may be entered directly into the device without 
appearing elsewhere in the computer system. 
5. Unauthorized modification of the algorithm is very difficult in such a 
device. 
6. Independent devices may encipher the data simultaneously and the output 
may be tested before the cipher is transmitted. 
7. The control and data paths, to and from the device, may be controlled and 
monitored. 
40 
Un
ive
rsi
ty 
of 
Ma
lay
a
Un
ive
rsi
ty 
of 
Ma
lay
a
3.0 Introduction 
This chapter describes the methodology used in developing our 
cryptosystem. The first part is the definition of methodology (3.1). Then, 
this is followed by the selected project's life-cycle (3.2). The next part (3.3) 
is the explanation of real-world digital systems design process, and the 
methodology used. The final part is this chapter's conclusion. 
3.1 What is methodology? 
methodology noun 
a system of ways of doing, teaching or studying something: 
The methodology and findings of the research team have been criticized 
(from Cambridge Advanced Leamer's Dictionary) 
In the development of computer systems, be it in software, hardware 
or a combination of both, an appropriate methodology must be selected to 
ensure a smooth and systematic running of operation to achieve designated 
goals. 
3.2.0 Project's Life-Cycle Model 
For our project, the appropriate life-cycle would be the "Cascading-
Waterfall" model. It is very straightforward and sequential, with every step 
following the other. Figure 3.01 shows the diagram of"Cascading-
Waterfall" process flow. 
41 
Un
ive
rsi
ty 
of 
Ma
lay
a
Requirements 
Analysis ---
--, 
System's 
Design 
' 
........ , 
.... 
' 
' 
' 
' 
" 
' 
' 
' 
' 
' 
' 
-.......... \ 
' \ 
' \ 
" \ 
" \ 
' \ \ \ 
\ \ 
\ \ 
....-------, \ \ 
\ \ 
Coding 
1 \ Validate System 
I I 
I I \ \ 
I I 
I Varify Design \ 
I Unils 1 
I I 
Unit and 
Integration 
Testing 
I 
I 
I 
I 
' 
' I 
I 
' I 
' 
' 
System's 
Testing 
Figure 3.01 DES Process-flow Diagram 
3 .2.1 Brief explanation for process flow 
We begin with the requirements analysis. Here, we analyze all that 
is needed by the system, like it's intended input, and expected output. This is 
done by understanding the algorithms involved. Then, from the algorithms, 
we extract all the functions used to describe the behavior of DES. 
Next, we proceed to the system design phase. Here, we will design 
the sub modules and data paths for our DES cryptosystem. 
42 
Un
ive
rsi
ty 
of 
Ma
lay
a
Following the system design phase is the coding phase. This is 
where the functions and algorithm are written in VHDL. The penultimate 
phase would be the unit and integration testing phase. Every design unit 
are individually tested to verify if it matches the intended behavior from the 
system design phase. 
The ftnal phase would be the testing of the overall syste~ and the 
system would be considered successful if it does everything from the 
requirements analysis. 
3.3.0 Methodology used: Top-Down Design I Bottom-Up Implementation 
This methodology is commonly used in real-world digital systems 
design. It is adapted from Zainalabedin Navabi's" VHDL: Analysis and 
modeling of Digital Systems, 2"d ed (1998)". First, we have to discuss a 
common digital system design process. 
3.3.1 Digital System Design Process 
Figure 3.02 shows a typical process for the design of digital systems. 
An initial design goes through several transformation before it's hardware 
implementation is obtained. 
43 
Un
ive
rsi
ty 
of 
Ma
lay
a
Design Idea 
Flow graph, Pseudo code 
Logic Design 
Bus and Register 
Structure 
r---i~Gate wirellst. Nellist 
Tran<Hstor LisL Layout 
Chip or Board 
Figure 3.02 Digital Systems Design Process 
Initially, a hardware designer starts with a design idea. A more 
complete definition of the intended hardware must then be developed from 
the designed idea. Therefore, the designer must generate general behavioral 
definition of system under design. It could be represented by pseudocode, 
flow-chart or flow-graph. The designer specifies the overall functionality 
without architectural or hardware details of system under design. 
The next phase is designing system data path. Here, the designer 
specifies registers and logic units necessary for implementation of system. 
Components may be interconnected by uni- or bi-directional busses. Data 
components communicate via busses, while control procedure controls flow 
of data within components. As shown in Fig 3.03, this phase shows 
44 
Un
ive
rsi
ty 
of 
Ma
lay
a
architectural design with specification of the control flow. No information 
about implementation of the controller- e.g. , hard-wired, encoding 
technique, or microprogrammed - is given in this phase. 
Data Control 
I Reg1 I I Reg2 -1 
I I 
I r Procedure for control of 
movement of Data 
Main Logic ~ I between Registers Unit Reg3 and buses 
I 
Logic I I 
Figure 3.03 
Logic design is the next step and this phase involves the use of 
primitive flip-flops and gates for implementation of registers, busses, logic 
units and their controlling hardware. The result of this stage is the netlist of 
gates and flip-flops. Components used and their interconnections are 
specified in this netlist. Gate technology and even gate-level details of flip-
flops are not included in this netlist 
The :pext design stage transforms the netlist into a transistor list or 
layout. This involves the replacement of gates and flip-flops with transistor 
equivalents or library cells. This stage considers loading and timing 
requirements in its cell or transistor selection process. 
45 
Un
ive
rsi
ty 
of 
Ma
lay
a
The final step in the design is manufacturing, which uses transistor 
list or layout specification to burn fuses of field-programmable device to 
generate masks for integrated-circuit fabrication. 
The designer is involved only up to the logic design phase. The other 
two phases is done automatically by vendor-specific development tools. 
3.3.2 Top-Down Design/ Bottom-Up Implementation Methodology 
Instead of trying to implement the design of a large system all at 
once, a divide-and-conquer strategy is taken in a top-down design process. A 
top-down design process is referred to dividing a system into subcomponents, 
and if necessary, repeating the process on its subcomponents until all 
become manageable design parts. Perhaps the word hierarchy should best 
explain the system and its subcomponent. Each level of dividing 
component/subcomponent is referred to as partitioning. Design of a 
component is manageable if the component is available as part of a library, it 
can be implemented by modifying existing design parts, or built from scratch 
by the designer. 
Figure 3.04 shows the original design initially described at 
behavioral level. In the first level of partitioning, two of its subcomponents 
(SSCl and SSC2) are mapped to hardware. Further partitioning for hardware 
implementation is required for SSC3 and SSC4. SSC3 subcomponent is 
partitioned into n numbers of identical subcomponent, and each ofthese is 
realized by SSC3il and SSC3i2 hardware parts. The SSC4 subcomponent is 
46 
U
ive
rsi
ty 
of 
M
lay
a
partitioned into SSC4_1 and SSC4_2 in which hardware implementations 
are available. 
SUD: System under design 
SSC: System Subcomponent 
Shaded areas designate subcomponents with hardware implementations 
Figure 3.04 Top-down design/ Bottom-Up Implementation 
3.3.3 Verification 
At each level oftop-down design, multilevel simulation tool plays an 
important role in the correct implementation of the design. Initially a 
behavioral description of a system under design (SUD) must be simulated to 
verify the designer's understanding of the problem. After the first level of 
partitioning, the behavioral description of each subcomponent must be 
developed, and these descriptions must be wired to form a structural 
hardware model of SUD. Simulation of this new model and comparing the 
results of the original SUD description will verify the correctness of the first 
47 
Un
ive
rsi
ty 
of 
Ma
lay
a
level of partitioning. Figure 3.05 shows simulation of the first level of 
partitioning of the top-down design tree. 
SSCI 
... , 
Behavioral Model 
. ...... , 
SID 
...... ......... 
SSC2 SSC3 
.. . · · .. · · · .......... · .. "lnteroonnection or · ...... ·· .. ...... · .... ·· ...... · 
Behavioral Models 
. .. 
.... 
Figure 3.05 Verifying first level of Partitioning 
After verifying the frrst level of partitioning, the hardware 
... 
implementation ofSCl and SC2 must be verified. Another simulation is run, 
with the behavioral description of SCI and SC2 replaced by a more detailed 
hardware level model. Figure 3.06 shows this phase. Shaded boxes represent 
component models, which are hardware implementation that are functionally 
equivalent to its behavioral counterparts. It has representation for physical 
characteristics of the hardware. Typical physical characteristics are timing, 
power consumption, and temperature dependencies. Such models are 
referred to as hardware-level model. 
48 
Un
ive
rsi
ty 
of 
Ma
lay
a
Behavioral Model 
.... ······ 
SUD 
SSC4 
~---~ .. · 
., ... 
. ...... 
. ...... 
.. , ····· .... .. ......... .................. .... . 
Mixed Level Model 
Figure 3.06 Verifying hardware implementation ofSSCl and SSC2 
The process of partitioning and verification continues throughout the 
design process. At the end, a simulation model, consisting of interconnection 
specification of hardware-level models of the terminals of the partition tree, 
will be formed. The simulation of this model, as shown in Figure 3.07, and 
comparing the results with those of original behavioral description of SUD 
verify the correctness of the complete design. 
Figure 3.07 Verifying the final design 
49 
Un
ive
rsi
ty 
of 
Ma
lay
a
3.3.4 Conclusion 
In a large design where simulation of a complete hardware-level 
model such as shown in 3.07, is too time consuming, subsections of the 
partition will be independently verified. Verified behavioral models of such 
subsections will be used in forming the simulation model for final design 
verification. Figure 3.08 shows simulation and comparison run for verifying 
the behavioral model of SSC3 component. Figure 3.09 shows the final 
design verification using the verified behavioral model of SSC3. 
·· ··· 
-..... . 
Behavioral Model 
.. --·· -· · · -. 
SSC3 
SSC31 SSC3n 
.... ' ············ ..... , ·· ·· ·········· 
·· ·· · 
· · t-i~~C!ware Leva·,·· ···· · · · · · · · · · · · · · 
Model 
Figure 3.08 Verifying hardware implementation ofSSC3. 
50 
Un
ive
rsi
ty 
of 
Ma
lay
a
BehaVlOOII Model 
Mixed level Model 
Figure 3.09 Verifying the final design, an alternative to setup 3.07 
Although the behavioral- and hardware-level models of SSC3 may 
be functionally equivalent, difference may exist in their timing and other 
physical properties. If such characteristics are necessary for design 
verificatio~ the behavioral model of a subcomponent can be adjusted to 
mimic such properties of hardware level models. Adjusting upper-level 
models based on characteristics of actual devices or more detailed models is 
referred to as back annotation. Hardware level models often contain 
sufficient timing properties of a device that can be reliably used for timing-
back annotation of behavioral models. 
3.4. Summary 
The goal of this project is to develop a simulatable VHDL code for 
DES. 
The process flow will be based on the "Cascading Waterfall" model. We 
would use the "divide and conquer'' approach of"Top-down design/Bottom-
up Implementation" methodology. Even though the eventual goal is to 
51 
Un
iv
rsi
ty 
of 
Ma
lay
a
implement all the description in hardware, it is possible for the cryptosystem 
to run well even with the combination of both behavioral and hardware level 
description. The upper levels are usually the ones implemented in behavioral 
description. So there is no guarantee that the final system will be fully 
implemented in hardware level description. 
52 
Un
ive
rsi
ty 
of 
Ma
lay
a
Un
ive
rsi
ty 
of 
Ma
lay
a
4.0 DES Analysis -An Overview 
We begin by having the requirements analysis. Requirements are 
divided into two, which is functional requirements, and non-functional 
requirements. Functional requirements are the requirements needed to make 
the system behave the way it is supposed to behave. These include the 
functions extracted from the algorithm, and also the data flow of input. Non-
functional requirements are requirements needed in support of executing the 
algorithm. This includes clock for timing purposes and also other 
miscellaneous input (reset, control, clear key etc.). Then, these overall 
functional and non-functional requirements are mapped into the sub module 
in our DES design. We will have a top-down view of our DES cryptosystem. 
4.1 Requirements analysis 
For requirements analysis, we should look at the functions used in 
the algorithm. DES functions involve just bit-wise operations. These 
operations are the: 
1. shift left 
u. permutation ( where values in bit positions are swapped ) and 
iii. XOR operations. 
4.1.1 Functions in DES 
There are two main blocks in DES. They are 
i. Sub-key generator and 
ii. The DES core. 
53 
Un
ive
r i
ty 
of 
Ma
lay
a
The functions in the Sub-key generator 
i. Permutation Choice 1 
ii. Shift Left 
m. Permutation Choice 2 
The functions in DES Core 
i. Initial Permutation 
ii. Function/ 
1. Expansion 
2. Selection box 
3. Permutation P 
iii. Final Permutation 
The functions are swnmarized by the figure 4.01 below. 
DES 
I 
Sub-key DES Core Generator 
I I 
Permutation Permutation Initial Inverse/Final 
Choice 1 Shift Left Choice 2 Permutation f Permutation 
(PC-1) (PC-2) (IP) (IP"-1) 
I 
Expanslon(E) Selection P Permutation 
Box(Sbox) (P) 
Figure 4.01 DES functions Tree Diagram 
54 
Un
ive
rsi
ty 
of 
Ma
lay
a
Un
ive
rsi
ty 
of 
Ma
lay
a
5.0 DES Design- An Overview 
In this chapter, each module is seen at its block diagram level and 
look at its input and output. We will define the functions it contained. These 
functions are also in their own respective modules. Before we begin, here is 
a look at our DES design at functional block level. We will see the design 
from top down, then work it way up again for RTL level design. After that, 
we will see how it all works, by looking at the State machine (FSM) diagram 
with its detailed description. 
~-
1 
I 
I 
I 
I 
I 
I 
Pre-clphan.ext ( pt)f 
64 
- ----
I 
reset ell< 
I I 
--1-
IP 
I 
I ~ mux32 I \ 
I 
I 
I 
I 
full riO 
I 
I 
I 
I 
I 
I 
I 
I 
I 
I 
I 
I 
I 
I 
I 
I 
I 
I 
I 
I 
un~ I 
lnitdata 
Control 
1" --
I 
I 
mux3* 
I 
I 
I ~ ov32 ov32 I J I I 
I 
I 
I 
I 
I 
I 
l-
I I 
I FP I -----------i-------------~ 
Ciphertoxt(ct)/64 
Key/64 
Subkey 
generator 
Figure 5.01 DES overall functional block diagram 
56 
Un
ive
rsi
ty 
of 
Ma
lay
a
5.1 DES module top level (Black box) 
dnc 
p1!1141 
k<!yf841 
l'll&lr. 
dk 
State 
Figure 5.02 State module 
ct 
Here is the top-most view of our DES design. Pt stands for pre~ 
cipher-text, while ct stands for cipher-text. This module encapsulates all the 
modules needed in DES. The parameters are 
Inputs:-
1. pt for 64 bit data input 
ii. key for 64 bit key input 
iii. dec for DES to operate in encrypt/decrypt mode (' 1' for 
decrypt) 
iv. reset for reset 
v. elk for active clock used for timing purposes 
Outputs:-
i. Ct for 64 bit cipher-text output. 
5.2 Main sub-modules (Black box) 
5.2.1 Subkeygen 
dnc 
lhc_keyiiJ.41 
<h~t(ll 
<:k 
Subkeygen 
Figure 5.03 Subkeygen module 
kl(48) 
57 
Un
ive
rsi
ty 
of 
Ma
lay
a
The submodules contained are PC 1, shifter and PC2. More on those 
later. The parameters are 
Inputs:-
i. the_key for 64 bit key input 
ii. shift for shift command input 
iii. dec for DES to operate in encrypt/decrypt mode(' 1' for 
decrypt) 
iv. elk for active clock used for timing purposes 
Outputs:-
i. ki for 48 bit subkeys output entered into DES core. 
5.2.2 Fullround 
Pll641 
re~t 
c:k 
load_new _p': 
culpul_d< 
full round ct(64) 
Figure 5.04 Fullround module 
This submodules encapsulates IP, mux32, initdata and FP. The 
parameters are 
Inputs:-
1. pt for 64 bit pre-ciphertext input. 
ii. xkey for 48 bit subkeys input 
iii. reset for reset 
tv. elk for active clock used for timing purposes 
v. load_new_pt for loading new pre-ciphertext command 
58 
Un
ive
rsi
ty 
of 
Ma
lay
a
VI. output_ ok for output verification after 16 rounds of 
permutation. 
Outputs:~ 
1. ct for 64 bit ciphertext output .. 
5.2.3 Control 
........ 
dk control 
Figure 5.05 Control Module 
This subrnodule controls the flow of our DES operation. The 
parameters are 
Inputs:-
i. reset for reset 
u. elk for active clock used for timing purposes 
Outputs:· 
i. load_ new _pt for loading new pre-ciphertext command 
ii. output_ ok for output verification after 16 rounds of 
permutation 
111. shift for shift command instructions 
59 
Un
ive
rsi
ty 
f M
ala
ya
5.3 Submodules 
Subkeygen 
5.3.01 PCl 
pc1 
Figure 5.06 pel module 
dlxt28l 
cf.b(28) 
Inputs:-
1. 64 bit original data input 
ii. dec for DES to function in encrypt/decrypt mode ( 1 for 
decrypt) 
Outputs:-
5.3.02 
Inputs:-
i. cOx is for the 28 bit c-half of subkey into shifter 
n. dOx is for the 28 bit d-half of subkey into shifter 
Shifter 
shifter 
Figure 5.07 shifter module 
1. datac for 28 bit c-half output from pel 
ii. datad for 28 bit d-half output from pc2 
di:IIIOC_cut(28l 
cn.-..,d_oJI(28) 
m. shift for shift control input from controller 
60 
Un
ive
rsi
ty 
of 
Ma
lay
a
iv. elk for clock input 
Outputs:-
1. datac _out is for the 28 bit c-half of subkey into pc2 
n. datad _out is for the 28 bit d-half of subkey into pc2 
5.3.03 PC2 
pc2 
Figure 5.08 pc2 module 
Inputs:-
i. c for 28 bit c-half of subkey 
ii. d for 28 bit d-half of sub key 
Outputs:-
i. cOx is for the 28 bit c-half of subkey 
ii. dOx is for the 28 bit d-half of subkey 
Fullround 
5.3.04 IP 
ip 
Figure 5.09 ip module 
k(48) 
10.132) 
r{b(32) 
61 
Un
ive
rsi
ty 
of 
Ma
lay
a
5.3.05 Mux32 
Inputs:-
ell(32) 
e1(32) 
set mux32 
Figure 5.10 mux32 module 
i. 32 bit eO to keep data for permutation 
ii. 32 bit el to keep data for permutation 
c(32) 
iii. sel to start the first of 16 rounds of permutation 
Outputs:-
i. 32 bit permuted data 
5.3.06 lnitdata 
Inputs:-
dk 
r(32) 
11!~2: 
k(4ft) 
initdata 
Figure 5.11 initdata module 
1. elk for clock input 
ii. reset for reset 
m. ri for right half input of data 
iv. li for left half input of data 
loil2j 
r<l(32) 
62 
Un
ive
rsi
ty 
of 
Ma
lay
a
v. ki for 48 bit key from subkey generator 
Outputs:-
1. lo is for the 32 bit left half of permuted data 
u. ro is for the 32 bit right half of permuted data 
5.3.07 Ov32 
Inputs:-
" sel 
d k 
ov32 
Figure 5.12 ov32 module 
1. e for bit permuted data input 
a1(:12) 
a2(32) 
ii. sel to select if permuted data is the last round, to end 
permutation round. 
iii. Clk for clock input. 
Outputs:-
1. ol is for the 32 bit c-half of subkey 
ii. o2 is for the 28 bit d-half of sub key 
5.3.08 FP 
1132.1 
r\32) fp 
Figure 5.13 fp module 
r.t(M) 
63 
Un
ive
rsi
ty 
of 
Ma
lay
a
Inputs:-
1. li for 32 bit left half of permuted data 
ii. ri for 32 bit right half of permuted data 
Outputs:-
1. ct for 64 bit ciphertext output. 
Initdata (a submodule offullround) 
5.3.09 XP 
ri(321 xp 
Figure 5.14 xp module 
Inputs:-
1. ri for 32 bit right half to be expanded 
Outputs:-
i. e is for the 48 bit expanded data 
5.3.10 desxorl 
desxor1 
k(48) 
e(48) 
bx1J6) 
bx2t6) 
bx3J6) 
h>4J6) 
b•5i6) 
bx6J6) 
bx7J6) 1------------ bxBJ6) 
Figure 5.15 desxor module 
Inputs:-
1. e for 48 bit expanded data from xp module 
ii. ki for 48 bit subkey from subkey generator 
64 
Un
ive
rsi
ty 
of 
Ma
lay
a
Outputs:-
1. bx 1 for 6 bit data to be entered in sbox 1 
n. bx2 for 6 bit data to be entered in sbox2 
iii. bx3 for 6 bit data to be entered in sbox3 
iv. bx4 for 6 bit data to be entered in sbox4 
v. bxS for 6 bit data to be entered in sbox5 
vt. bx6 for 6 bit data to be entered in sbox6 
vii. bx7 for 6 bit data to be entered in sbox7 
viii. bx8 for 6 bit data to be entered in sbox8 
5.3.11 sboxN 
l:u,6) sbox n 
Figure 5.16 sbox module 
Inputs:-
i. b for 6 bit data input. 
Outputs:-
i. so for 4 bit output. 
5.3.12 pp 
::<)1:.(4: 
002>(4: 
ro3><(4: 
Sf.)4)11(4: 
00~(4: 
S<Jf.x\41 
ro7•(41 
&:l!lll(41 
pp 
Figure 5.17 pp module 
!1014) 
65 
Un
ive
rsi
ty 
of 
Ma
lay
a
Inputs:-
I. solx for 4 bit data from sboxl 
ii. so2x for 4 bit data from sbox2 
iii. so3x for 4 bit data from sbox3 
iv. so4x for 4 bit data from sbox4 
v. so5x for 4 bit data from sbox5 
vi. so6x for 4 bit data from sbox6 
Vll. so7x for 4 bit data from sbox7 
viii. so8x for 4 bit data from sbox8 
Outputs:-
u. ppo for 32 bit permuted data after P-pennutated 
5.3.13 desxor2 
desxor2 q(l2) 
Figure 5.18 desxor2 module 
Inputs:-
1. d is for 32 bit input from pp 
11. 1 is for 32 bit input from mux32 
Outputs:-
1. q is for the 32 bit data passed into registers. 
66 
Un
ive
rsi
ty 
of 
Ma
lay
a
5.3.14 reg32 
reg32 Q(32) 
Figure 5.19 reg32 module 
Inputs:-
i. a is for 32 bit input from desxor2 
u. reset is for reset 
iii. elk is for clock input 
Outputs;-
ii. q is for the 32 bit data passed into ov32. 
5.4 How they are connected (RTL) 
The next few pages will show the diagrams on how all functional 
submodules are sub connected. These are the Register Transfer Level 
description (RTL). We will work our way up from each main module, then 
at the DES (State) block module. 
67 
Un
ive
rsi
ty 
of 
Ma
lay
a
'Shifi(Jj 
ck 
5.4.1 Subkeygen 
) pc1 
5.4.2 Indtdata 
Subkeygen 
a' .lie (2S) ltllac c0Ki281 OUI(2I!J 
Jt:lx(261 t ;stld <2B J dr.11d oul_!_2il) ~28) pc2 
shifter di28l 
Figure 5.20 Subkeygen RTL diagram 
lnitdata 
~ee; -1------------------------, 
xp reg32 
kl411 1 -+------; 
Figure 5.21 Indtdata RTL diagram 
k.\4 
111(48) 
68 
Un
ive
rsi
ty 
of 
Ma
lay
a
5.4.3 Fullround 
full round 
pi( Sol) IP I Mux32 Ov32 Tp IRxr ;;.__ c0(:1.2) 
-
n(:\2) loitdat.a lr.(l2) r1)x( L c1(:1.2) ojl2 -
-
lii3~J ~32) 
- Dll32! _ , 
~I 5r.l 
k(48l a2(l2) 
_ , 
- -
r.t(M) 
5al ----..j 
Figure 5.22 fullround RTL diagram 
5.4.4 Top level ( RTL) 
State 
cl~ 
re!le': 
J pl(fl4) full round 
load_ nerN .Jf. 
oul;lrJ_ok r.:l 
r- l00!~(48i 
lt:W_ ~,, IX 
ree 
oulput rJt t~Jw.YI.li4 1 dr.ckii<UI.I ~ 
control 
r.lk 
9hlllf,3 Subkeygen 
Figure 5.23 State module RTL diagram 
69 
Un
ive
rsi
ty 
of 
Ma
lay
a
5.5 Finite State Machine (FSM) 
This part describes the basic operation of our DES design. Data is looped 
and pennuted 16 times, before passed out as ciphertext. Below is the FSM 
diagram. The operation is controiJed in the control module, through the 
changing of values of three main parameters; shift, load_ new _pt and 
output_ok. 
------------
·otnerwlse stated. all input is ·o·. 
Figure 5.24 FSM Diagram 
70 
Un
ive
rsi
ty 
of 
Ma
lay
a
We can imagine that we have a state machine of 16 states ( 16 rounds 
of permutation), but in reality we will have 17 (because we need one state to 
load the key). Shift begins at init state, because the first round of 
permutation already needs a single bit shift for its subkeys. With this 
architecture, we have a throughput divided by 17 (one cipher every 17 clock 
cycles). We also add the key_ end state to end the entry of subkeys into 
subkeygen. So overall, there are 18 states. Below describes the behavior of 
our control component. 
Init: load a new key, shift once 
State 1 : shift once 
State 2: shift twice 
State 3: shift twice 
State 4: shift twice 
State 5: shift twice 
State 6: shift twice 
State 7: shift twice 
State 8: shift once 
State 9: shift twice 
State 10: shift twice 
State 11 : shift twice 
State 12: shift twice 
State 13: shift twice 
State 14: shift twice 
71 
Un
ive
rsi
ty 
of 
Ma
lay
a
State 15: shift once 
State 16: none 
Key_ end: Ends key loading, no shift, give the output ( ct). 
All the related instructions to the state are executed the next state 
(future state). The state "key_end" is necessary, as the name says, to end 
loading of key to end rounds of permutation. 
Below is a table displaying the shifter's decoder. 
Value action 
000 No shift, no new key 
010 Shift once, no new key 
011 Shift once, new key 
100 Shift twice, no new key 
''others" error=no shift 
Table 5.25 shifter decoder 
The least significant bit (bit located in the far right) indicates if a new 
key is needed, while the middle bit tells if we want to shift once (1 =yes, O=no) 
and fmally the most significant bit tells to shift twice. Values like 111, 110 are 
impossible (there aren't states coded with 111 or 110). The signal shift will be 
decoded using a case statement in the VHDL. 
The shift signal tells the machine to shift the 28 bits to left, either one or 
two bits, depending on each round. Below is a table of how each key are shifted. 
Iteration# 
Left Shifts 
Table 5.26 Left Shifts per iteration. 
72 
Un
ive
rsi
ty 
of 
Ma
lay
a
Un
ive
rsi
ty 
of 
Ma
lay
a
Chapter 6.0 Design Implementation 
Tills chapter is divided into two. The first part discusses the tool used to 
develop our DES design. The tool of choice is peakFPGA. Tills will act as a simple 
user guide to our tool. The next part is about the implementation of our DES 
functions in VHDL. 
6.1 peakFPGA 
PeakFPG.4 Desig11er Suite 
FPGA SynChealt Edition 
520c 
c-vollDl.Pioloi_M..,..._ 
Figure 6.01 Entry Screen for peakFPGA 
Our tool of choice is peakFPGA from Accolade. It is chosen because it is 
recommended by the faculty as one of the most user-friendly VHDL designer suite 
available. It is a complete package, allowing our VHDL design to be completed up 
to board level synthesizing process. Below is the definitive guide to the peakFPGA 
software. (taken from User's Manual Booklet) 
73 
Un
ive
rsi
ty 
of 
Ma
lay
a
1 2 3 4 5 6 7 
Fl ·· fNTITYTfSTDH0-1 VHD) 
El fB ARCHIT£cn..RE STCMU.US[TEsrAOO.VHD] 
, ~· fFj COHPOIIENT DUT [TESTAOO.\IHO) 
! i... ffJ f/IIITTY t'UI.l.AOOfR ["U.lACO.IHJ] 
-='!·· tB MOOU.E FUUAOD. YHD 
8 f¥# ENTJTV FULLAI)()EJ:t [FULlAOD. \IHD] 
···· ~ AR.CHITfClt.Rf CONCURRENT [FUllAOD. VHD] 
8 9 
Figure 6.02 Main Application 
6.1.1 Main application 
1. Project file buttons. These buttons are used to create, open and save 
PeakFPGA projects. 
2. Design management buttons. These buttons are used to create new VHDL 
design files, open files for viewing, and add existing VHDL design files to a 
project. 
3. Simulation buttons. These buttons are used to compile, link and execute a 
selected part of your design (or the entire design) for simulation. 
74 
U
ive
rsi
ty 
of 
Ma
lay
a
4. Synthesis button. This button is used to invoke PeakFPGA's powerful FPGA 
synthesis routines to generate an FPGA netlist from one or more of your 
VHDL design files. 
5. Options button. This button allows you to view and modify various program 
and project options, including simulation and synthesis options. 
6. Search button. This button allows you to search for specific text in all project 
files. 
7. Help button. Provides access to PeakFPGA's comprehensive on-line help 
system. 
8. Hierarchy Browser. This window and its associated tool bar give you control 
over design processing (simulation and synthesis) as well as providing you 
with a visual display of your design source file dependencies, and providing 
a convenient place to manage your design files. 
9. Status bar. This area of the PeakFPGA application displays useful 
information such as the current line ofVHDL source code being edited and 
displays a percent complete indicator that is active when certain processes 
are invoked. 
75 
Un
ive
rsi
ty 
of 
M
lay
a
1 2 3 4 5 6 
9 
10 11 
Figure 6.03 Simulator Application 
6.1.2 Simulator application 
I. Print and save buttons. These buttons allow you to print your simulation 
results (as waveforms) or to export them to a file. 
2. Zoom in/out buttons. These buttons allow you to view all or part of your 
simulation waveform. 
3. Simulation control buttons. These buttons are used to reset, start, step (by a 
predetermined amount of time) or stop the current simulation. 
4. Source-level debug buttons. These buttons allow you to step through your 
design one executable line at a time for debugging purposes. 
5. Options button. This button allows you to view and modify various 
simulation options, including waveform data formats and default time steps. 
76 
Un
ive
rsi
ty 
of 
Ma
lay
a
6. Help button. Provides access to simulation-related on-line help. 
7. Waveform display. This window displays a scrollable waveform 
representing simulation results in a logic analyzer format. Selectable cursors 
can be used to precisely measure the time between events. 
8. Signal display. This window shows the currently selected signals and their 
display order in the associated waveform window. The current values of 
signals are also displayed here. 
9. Source level debugging window. This window shows the current line of 
VHDL source statements that is being processed during simulation. 
Breakpoints can be set in this window, and statement execution can be 
observed in detail. 
10. Transcript window. This window displays simulation-related messages, as 
well as displaying any text 1/0 from your VHDL source code. 
11. Status bar. This area of the simulator application displays useful information 
including a percent complete indicator that is active during simulation. 
6.13 How do I create a new project in PeakFPGA Design Suite? 
1. Select the PeakFPGA Design Suite icon in the Programs » PeakFPGA 
Design Suite folder of your Windows Start menu to start the application. 
2. Select File » New Project. 
3. Select File» Save Project As to name the project and select a project 
directory. 
4. Select File » Add Module or File » Create Module to add existing VHDL 
design files to the project or create new VHDL files, respectively. 
77 
Un
ive
rsi
ty 
of 
Ma
lay
a
5. Select File» Rebuild Hierarchy to analyze the VHDL files and generate 
dependency information in the Hierarchy Browser. 
6. Select File » Save Project to save the project. 
7. When you have created a new project in PeakFPGA (or have opened one of 
the sample designs included with theproduct) you will see the VHDL files 
associated with that project listed in the Hierarchy Browser as shown here. 
tl"' ':·.J•.· · ·_.r, ... •:.:"'• .. ••= · :- ... 1:r::: " • t.::~ I !. Jt•.:11 __ ~· !.-
Be tea ..,.,. ~ s~ ~ ~ I::Jitl 
• iQ g CJ .li a c:t. ~ CEJ • 
fl'lfT1 Tn'ESTII OT W.C:•) 
_ rJ N»CKJr£CllA: srMU£ flESl'SHF.'-H)J 
= ra <«"Faelr DUT r~ '1M>) 
" 01111" SHFTER 19-ff'IER.'H:>) 
~ l'J ..:cu.£ SHJFTDI 'M:) 
- rJ ENTJl'I'SHJFTEJI [SHIABI. 'H:>l 
rJ .II'CKfrE:CTl.FI£ ~ ISHFTER 'M:)) 
Figure 6.04 Hierarchy Browser 
6.1.4 Hierarchy Browser toolbar 
1. Rebuild Hierarchy - analyzes source files and updates hierarchy 
2. Show Hierarchy - expands tree display to show alJ levels of hierarchy 
3. Hide Hierarchy- co11apses tree to display only the top level modules 
4. Clean Up Project - deletes various intermediate and dynamically created 
files from the project directory 
78 
Un
iv
rsi
ty 
of 
Ma
lay
a
Figure 6.05 Hierarchy Browser toolbar 
6.1.5 How do I simulate my VHDL project? 
Before simulating your project you must first ensure that it is complete, including 
not only a VHDL description of the FPGA design you are attempting to create but a 
test bench for that design as well. If you are unfamiliar with test benches and test 
bench design you may want to examine one or more of the example projects 
supplied with the product. 
Once your design is ready for simulation, perform the foilowing steps: 
1. Compile each VHDL file, starting with the files that are lowest in the design 
hierarchy. (Alternatively, you can select the top-most VHDL file, which is 
normally the test bench, and let PeakFPGA automatically compile the other 
files based on the dependency information created when the project was last 
rebuilt.) To compile a file, highlight (select) that file by clicking on its name 
once in the Hierarchy Brower, then select Compile from the Simulate menu 
' 
or click the Compile button in the main toolbar. Correct any VHDL errors 
(as indicated in the Compile Transcript window that appears) and recompile 
until all files have been successfully compiled. 
Note: for some projects, depending on your design requirements, you may need 
to specify an alternate library (the default library is "work") in which to compile 
one or more VHDL modules. To specify an alternate library or set other 
79 
Un
ive
rsi
ty 
of 
Ma
lay
a
Compile options, highlight a specific file in the Hierarchy Browser, then open 
the Options dialog by choosing Options from the main menu. Enter the alternate 
library name in the Compile into Library text entry field. 
2. After all files have been successfully compiled, select the top-most VHDL 
file in the design hierarchy (the test bench) and select Link from the 
Simulate menu, or click the Link button. Your compiled design files will be 
combined together to create a special kind of executable file called a 
Simulation Executable. Errors during the Link process (if any) will be 
reported to the Transcript window. 
3. After the design has been successfully linked, click the Load Simulation 
button to invoke PeakFPGA Design Suite's integrated VHDL simulator. 
WDWLE TES l.SHFT8 VHD fJ (NTil'r'lrf" Tf*trn rr,.t>r N•rrthntr,, 
- {'} olfO 
aJ ~ r 
•,, l•t. t"r 4 1no..'~· l' l .ll~uj•q•.J .... ~..._.., ,. : I i'J 1,1'' ,,I',.~ ~ ~ 
. " • 1, 
Figure 6.06 Compile Process 
80 
Un
ive
rsi
ty 
of 
Ma
la
a
6.1.6 How do I use the VHDL simulator? 
To simulate a VHDL design using PeakFPGA Design Suite, you must 
provide a VHDL test bench in addition to your synthesizable VHDL design 
description. Test bench design is beyond the scope of this tutorial, but you can 
examine a variety of sample test benches by opening some of the sample projects 
provided with the PeakFPGA product. 
When you have successfully compiled, linked and loaded your design, 
including its test bench. the integrated VHDL Simulator is launched and a signal 
selection dialog appears. This dialog allows you to select the signals of greatest 
interest to you (for simulation purposes) and arrange them in a useful order for 
display. For your convenience, the Add Primaries button allows you to quickly add 
only those signals that were defmed in the top-most file in your design (the primary 
design inputs and outputs). Once you have selected and ordered the signals to your 
satisfaction (keeping in mind that you will be able to change the selections and 
display order at any time), click the Close button to exit the dialog and view the 
simulation interface. 
The simulation interface consists of four primary windows that can be sized 
using slider bars. The upper left window is the signal display window, in which the 
signals you selected are displayed, along with their simulated values. Immediately 
to the right of the signal selection window is the waveform window. 
This window displays simulation results for all selected signals in a logic analyzer 
format. The waveform window can be scrolled horizontally and vertically, and 
zoom features allow you to get a close· up look at any portion of the waveform. 
81 
Un
ive
rsi
ty 
of
Ma
lay
a
•. - ' l •r t., . ~~ ·" ,..,., •~oV;, \,, . ~lint .... l ''w .. •- •.1\,. ••\'•...t• \..,..,... •"'II •_.. .... 
.. ., • 0 h , I .... ·- 1 -' a • f, f • ..... . t.... 1 .... 10 • 1•" .. ' ·· r _., "' 
Figure 6.07 Signals selection 
Measurement cursors can also be selected (by clicking with the mouse) to 
determine the exact amount of time between any two events. The source code 
display window, which is located directly below the waveform and signal display 
windows, provides you with a source-level view of the design being simulated. This 
window allows you to set breakpoints in your VHDL code and execute your design 
one line at a time to help in debugging. The window located below the source code 
display window is the transcript window. This window contains messages generated 
during simulation. Messages may be generated by the simulator to provide various 
types of status information, or may be generated from your VHDL code through the 
use of assertion statements or text I/0. To start simulation and view the results, click 
the Run To Time button (the large green VCR-styJe arrow). The simulator wiU 
execute your design to the end time that has been previously specified for your 
design, and a set of simulation waveforms will appear. 
82 
Un
ive
rsi
t  
of 
Ma
lay
a
• oo ,, 
0(15/J: 
DD ~ : 
006(11 
OD6l 1 
~t t~c P~I ~~~ . 
el : = not rlt: p; 
I:Jk .:• clll:~:q~ ~ -- ll.t.ta<'h yaut clr>dc M t • 
t. dD.At • t.We tlJ.eo. 
Y!ll ' 
<Ooct.>nv '6t t obL••- •• 
R.,.~ .. 
F<wln:lniJ to Cllll! : xw.JQOD Dll 
Figure 6.08 VHDL Simulator Interface. 
Our design is not up to the synthesis stage because we do not have the 
needed tools for circuit level board (CLB) synthesizing process. Besides, our goal 
since the beginning of this project is just to design a simulatable code for DES in 
VHDL. Therefore, it is not relevant to go further in describing peakFPGA's next 
features (synthesis stage). 
6.2 DES functions in VHDL 
This part shows how all the DES functions are implemented in VHDL. It is 
not the entire source code for the module, but just the excerpt, the one that 
makes the function work. 
6.2.1 PCI 
archltec:tu .. behaviCM' of pc1 Ia 
......, XX : atd_Jogtc:_nctor(f to 50); 
If dec. '1' u..n 
XX(1)<•key(8); 
XX(5)<:okey(40); 
XX(8)<•key(M); 
-eclddecvai-
XX(2)<•key(16); XX(3)<•key(2A); XX(4)<•key(32); 
XX(6)<ookey(48); XX(T)<,.key(56); 
XX(II)<•key(T); XX(10)<•key(15); XX(11)<•key(23); XX(12)<•key(311; 
83 
Un
ive
rsi
ty 
of 
Ma
lay
a
XX(tJ)Cltlkew(H)r 
XX(tl)<ak~P}J 
XX(20)<•'-Y(JO)& 
XX(22)~ ... ,. 
XX(I'J')CIIUJ(21JJ 
XX(28)<a'-Y(2)1 
XX(U)<alkew(G)I 
XX(38)<8'-Y(S8)1 
XX(41)<•1M¥(31)1 
XX(Q)~51)1 
XX(48)<8'-Y(21)a 
JD((IO)<a'-Y( .... ); 
-XX(U)<~a); 
.... 
XX(t)<ak-,(57); 
XX(I)Cltllt~Y(U)f 
JCX41)<ook~1); 
XX(13}<11My(:Mh 
XX(1~0); 
XX(liO)<•k~35)J 
XX(21)<aqy(18); 
XX(27)oc•...,...); 
XX(~ 
XX(U)oC~3); 
XX(Ja~ 
XX(41~3etf 
XX(4Jtc~14); 
XX(48~37)a 
XX(SO)<aMI(21); 
XX(~12); 
...... 
.-...-; 
6.2.2 Shifter 
If (elk'-' ..... elk. '11 ..... 
-slllftla 
-'-"'001 ... 
--MNt,-ur 
XX(t4)Clt'-Y(47)a 
XX(18~e3)1 
XX(21)<8key(J8)1 
XX(2J)<a'-Y(S4)1 
~(ft)f 
XX(30)<•'-Y(10); 
XX(~IO)I 
XX(J7)<a'-Y(3)1 
XX(G)<a'-Y(Q); 
XX("")<a'-Y(H); 
XX(4t)<•'-Y(31)1 
XX(It)<ak-,(ft)l 
XX(M)<~at); 
XX(Z)~-); 
~)CIIk~17)a 
XX(t)Ok~Mk 
XX(14)<11MJ(t8); 
XX(11)~2); 
XXf21~ 
XX(23~11)1 
)0((211~38); 
XXCHt 01M~~(III); 
XX(JS)<•Mr(1S); 
XX(~) I 
XX(G)C8~); 
XX( .... )<aMr(a); 
XX(49)oCaMr(28JI 
XX(S1~1S); 
~4); 
dM8c_out __ oCIIIhlt8cl; 
..... _OIIl_~ ... 
..._-otr•> 
- .... _., ... - "-¥ 
XX(1~8)1 XX(ti)CIIk~14)1 
XX(:M)<a'-Y(82)1 XX(2S)<a'-Y(S)I 
XX(31)<a'-Y(18); XX(U)~); 
XX(38)<-'-Y(t1)1 XX(3t)Clt'-Y(1t); 
xxc•~<-"~"" XX(<M)~12); 
XX(~M); XX(53)CltUy(37)a 
XX(3)oCIIUy(41); XX(4)<alc4oy(33); 
XX(7)oColke,(t); 
XX(tO)<Iill&eJ(SO)I XX(11~); 
XX(1'7)CIIII&eJ(H); XX(te)oC~St); 
XX(M)<•'-Y{3)1 JCX(aS~80)1 
XX(3'1~ ~); 
XX(J8)<....,(lW); XX(Jt)~48); 
XX(~1)1 XX('M)~53); 
XX(~ XX($$)<..,..,; 
utac:_....___-ro_etdLoglcVectDr(to llltwec;tor(ollatec_out..._) rol 'I); 
diiUd_out_~o_S~~ bltYec:tor(.._._out __ ) rol1)1 
wMe"'tt•o 
-....,. -·-..., IIMIIc:_out__.c.To_8tdLotfc:Vector(to llltv..:tor(UU.C:) rol1); 
...... _..._~·-ltiiLellc:~llltvec:tere ...... J rolt)l 
wt..'"100"'a> 
-lllllft twice, - - qy ...__~o_SW.....,cVectw(to_~_. __ )rol 2)1 
......_out..._.IITo_~VMtor(to.JIItVoc:ter(detell_out..._) roi2)J 
wlleft'"10'1•o 
- ...... twice,-~~.,. 
....__out...~•-~YMtor(to_llllwa ta~e.c:) rol a, 
diiUd_..t___.c.To_lltdLatllaVMtor(to_WW.Cterf.._.) ro1 2); 
wlllltotllera-
___ ......, __ 
XX(tt)<•by(U)I 
XX(:M)<alkew(13)1 
XX(33)<•'-Y(U); 
XX(40)<alle¥(17)t 
XX(47)<aklly(20); 
XX(M)Clt~41)1 
XX('I2)-cak~U); 
XX(18)<aqy(Q); 
XX(:M)<a'-Y(IIa)a 
XX(~Jt)l 
XX(40)<•1M¥(3e)J 
XX(47)aoltew(45); 
XX(M~20)1 
84 
Un
ive
rsi
ty 
of 
Ma
lay
a
6.2.3 PC2 
&I chi ......... ......,.._.,pc2 .. 
......,yy, 
.e.t..Jollc_ncllllr(1 te M)f 
....... 
YY(1 to 28)<'8c; YY(Jit to A)C-.1$ 
k(1)-YY(14); 11(2)0YY(1'7); k(3)<WYY(11); 11(4t-YY(M); 
k(IS)<•YY(I)J 
11(7)CaYY(3)1 11(1)-YY(D)s 11(1t)<•YY(11)t ll(10)caYY(a)t 
ll(1lt)<•YY(10); 
11(13)<•YY(D); k(14t-YY(18)J 11(11)<•YY(12)J 11(11S)<aYY(4); 
11(1e)<WYY(I); 
k(18)<•YY(18); 11(20t-YY(7)s ll(21)<•YY(27)s ll(U)<aYY(20); 
k(M)UYY(Z); 
k(IS)<8YY(41); II(H)<aYY(S2); 11(21)<-YY(31 ); k(U)<8YY(3'7); 
11(30)<aYY(IS)J 
k(31)<8YY(30); ll(32)<•YY(40); k(33)<8YY(!I1)f 11(34)CaYY(45); 
ll(M)<aYY(48)1 
ll(37)<8YY(44)1 ll(~YY(48)1 ll(38)<•YY(38)1 k(40)<aYY(A)J 
11(42)<aYY(83); 
~YY(4e)J llf44)<aYY{'U)t ll(4f)OYY«t0); 11(48)<aYY(3ft; 
ll(48)<•YY(32)1 
6.2.4 IP 
..........._.......,...,lp .. 
....... -4011: .... 111ft eat, rOll: for diM Ollt 
10x{1)<apt(l8)1 
IOil(S)<"Pt(lll); 
10x(8)0pt(to); 
10x(13)<'"Pt{U); 
10x(17)<lopt(ez)J 
101l(21)<11pt(3., 
IOX(ZS)CIIpt(M); 
-~ 
t0x(1)<apt(S7); 
IOK(S)<"Pt(2S); 
tOx(e)Opt(H); 
r0x(13)<'"Pt{27)1 
t0x(17)<"Pt(61); 
t0x(21)<"Pt(28); 
r0x(2S)<CIIpt(83); 
.eX{28)<*1Mf31" 
6.2.5 FP 
IOX(2)<"'fii(ICI)I 
10x(C)CIIpt(11S); 
10x(i0)<apt(S2); 
10x(14)Calll4(20); 
10x(18)CIIpl(84); 
10x(22)<apt(22); 
10x(H)<alii4(M)I 
lOx{~ 
t0x(2)capt(G); 
t0x(e).:.pt(17); 
t0x(10)<apt(St); 
t0x(14)<11pt(18)1 
t0x(11)CIO!It(S3); 
r011(22)<8pt(21)1 
tOx(B)<..,.e(SS); 
r011(30)Callt(23)f 
IOX(3)<"1d(42); 
10x(7)<apt(10); 
10x(11)<apt(44); 
10x(11)<apt(12)J 
IOX(18)<apt(48); 
10x(23)<apt(14); 
10x(27)<1tpt(48); 
10x(31)<'"1tt(1et; 
t0x(3)<apt(41); 
r011(7).:.pt(8)1 
r011:(11 )<"Pt(43); 
r011(1 S)Citptt11); 
r011(1e)<apt(41); 
r011(23)<"Pt(13); 
r8x(27)<"Pt(47); 
r0x(31~(11)t 
10x(4)<11pt(34)1 
10x(8~(2); 
10x(12)<"'Pt(H); 
10x(11S)<Wpt(4); 
10x(20)<apt(:sa); 
101l(24)<11pt(IS); 
10x(2a)<apt(40); 
10x(32)<1opt(e)l 
t0x(4)<•pt(33)1 
r011(8)<apt(1); 
10x(12)<"Pt(3!1); 
10x(11S)<"Pt(:S)J 
t0x(20)<apt(3'7); 
tOx(M)<IIpl(S)c 
r011:(2a)<llpt(38); 
t0x(3a~('7); 
k(S)<8YY{1)1 
k(11)<8YY(21)1 
11(17)<•YY(21Jf 
k(23t-YY(13); 
ll(Jit)<8YY(4'7); 
ll(35)<•yyt33)1 
k(41)<8YY(34)1 
kf4'7l-YY(28t; 
ct(1)CIIt(l); ct(2)<101(1);ct(3)<111(1e); ct(4)cal(1e)l ct(S)<III(M); ct(8)<•1(24); 
c:t(7)CIII(U); ct(I)C*I(:SZ); 
ct(8)01('7); ct(10)01(7)s ct(11)<111(11)1 ct(1Z)<ai(1S)I ct(13)car(23); ct(14)ca1(23); 
ot(1S)-..(31)J ct(1.,_r(31)J 
ct(17)CIIt(8)1 ct(18)<al(8)t ct(18)<111(14)1 ct(20)< .. (14)J ct(21)<81'(22); ct(Z2)<81(22)t 
ct(23)C11r(30); ctt24)cal(30); 
ct(2S)Oir(S); ct(Ze)<ai(S)a ct(27)CIIt(13); ct(2a)< .. (13); ct(28)<8r(21); ct(30)C111(21); 
ct(31t<-r(.28J; ct(32)<101{28); 
ct(33)<8r(4)1 ct(34)<81(4); ct(H)<ar(12); ct(H)<al(12); c:t(37)<ar(20); ct(31)<ai(H); 
ct(38)<ar(U)t ct(40)<•1(28)1 
ct(41)<ar(3); ct(42)<al(3); ct(43t-r(11); ct(44)<101(11); ct(41)<""(11); ct(48)<aoi(18)1 
ct(4 J""<l.& r 1i 
85 
Un
ive
rsi
ty 
of
Ma
lay
a
f r: I I I 10 f 00 .. .. 
i f f i I f .. f f I I T .1.:: t • I I i f 1: i i i tt i i i t I 
f f 'i i If .1.:: I I • f .. ...
' 
I ~ I i I f i I 
llllll!i!fli!fli!iiiiiiiiJ 
I , . .. f t ' I f i I i I T i 
f f I f 
i , I .. .. , , .. 
IJJJJJI J!JIIiJJIIJJJJJJ .• I t 
1111111 t illilllliilllfl_ ,,,, i i ; g f ! f f I I f I I I f I I I I I I I I I fiiff(fftf(fflfff(ff~flff( -i.=f li ... 
I I .I i''''~'''g'~'''~l~~~,,~~ii t s if if ' I I I I , I ; I f f f I l >< JJJ;;;J,JJJ~F~jJJJJ;;;;;; ~ I i ' i i I ~ I i i i t I .8 11111111111111111111111111 .=i.=i 00 
I I 10 r--. lti C'i I 1 C'i ,0 ,0 
Un
ive
rsi
ty 
of 
Ma
lay
a
:;. 
f 
~~EEE~tfEE~fEfr~~f~~Eff£~f£r£ff£EE~££! 
JJiJJiiiiJfii1flifJiJJJffiffiiiJIIIIII ~,,, ii~lliii'iiiitiiiliiii~iiiliii~il 
Itt; ttl;;tt; lttttttt;tttt ttttttt!tt 
rrrr1rrrrrrrrrtrrrrrfrrrrrrrrrrrrrrrr 
Pt1tlt~Af1flt'~itC'ifl!ltPtPtllltPtlt1 1 •~i~•~ ~-~~~-~ i ~~~·~t~•~i;'~ii'~i;' ••~~;; ~~~';;~ ••~~;; Iii~~;; ••~·; ~P~ • Booa •~•~~••• o••o~•••••• PPPPPPrrrrrrr rrrrrrrrrrrrrrrrrrrrrrr 
11111111111111111111111111111111111111 
I 
II 
f 
i 
i='JI: f ail! i Iff !! !. ! h '1 iUhi 
ss i i ! l 
t!J: k ~~= J: 
aa I a-il I If ll n ii ~~i ~, e~i J i:;. i ;::-
' ~~ ~ !
1
-iii• , 
' f )C ll! i I i J:=t:~ 1 11 I lllaaa ~ •s lll 
1 it iii 
~ Iff ··~-
... ll ~~if·f~fl.( 
• .. 1 ::-."=~iaaa- a 
a ;s lit !!l l 
~ I t 1 
t--
oo 
Un
ive
rsi
ty 
of 
Ma
lay
a
6.2.9 Non functional requirements description 
• Mux32 
..,.ceA(MI,eO,e1) 
....... 
lfMI•'O'thell 
o<•eOJ 
.... 
o-•1; 
• Reg32 
.............. .,.... flf NtPll .. 
....... ~111td.Jotllc_._._ t1 to Uj f 
IMitlln 
.-ceM'(CIIIl,-.t) 
...... 
.... 
lf(clk. '1' ..... ctk'-..t) ...... 
• Ov32 
ARCHITeCTUIU! .,..at OF OVU 18 
IIEGttt 
procou(MI,clk) 
....... 
If (dll"-' •• dll • '1'} ... 
lf(MI•'1')thell 
o2<t~et 
The complete source codes are in the diskette enclosed. 
88 
Un
ive
rsi
ty 
of 
Ma
lay
a
Un
ive
rsi
ty 
of 
Ma
lay
a
Chapter 7.0 DES results verification 
In order to verify our DES output, we must have a sample data and key 
flowed through all the DES functions. This chapter shows each step of permutation 
with the changes to the data at each step. 
7.1 Generating 16 subkeys through pel, shifter and pc2 (functions from 
subkeygen) 
The suitable key selected is FFOOFFOOFFOOFFOOH. The reason why will be 
explained later. 
After pcl. The y-axis shows the first numbers after a gap of eight bits. The 
eighth bits are stripped (bits on shaded area) because we only need 56 bits. 
1 2 3 4 5 6 7 ! J 
1 1 1 1 1 1 1 1 1 ... 
9 0 0 0 0 0 0 0 0 ' 
' .. ~ ,f : 
17 1 1 1 1 1 1 1 1· •• ;;.· 
25 0 0 0 0 0 0 0 0 ·~ 
33 1 1 1 1 1 1 1 1' -i\. 
41 0 0 0 0 0 0 0 0 
... 
49 1 1 1 1 1 1 1 1 ·..,: 
•. 
·l 
57 0 0 0 0 0 0 0 0 
Table 7.01 After pel 
89 
Un
ive
rsi
ty 
of 
Ma
lay
a
Split into two halves, c and d. 
[c] 
1 to 7 0 1 
8 to 14 1 0 
15 to 21 0 1 
22 to28 1 0 
[d] 
1 to 7 0 1 
8 to14 1 0 
15 to 21 0 1 
22 to 28 1 0 
0 1 0 
1 0 ] 
0 1 0 
1 0 I 
0 I 0 
1 0 I 
0 1 0 
1 0 I 
Table 7.02 After Split 
1 0 
0 1 
1 0 
0 1 
I 0 
0 1 
1 0 
0 1 
This is the reason why this key is selected. As you can see, the two halves 
are identical, so we only have to work once. 
Shift the bits. This stage, we will shift the bits leftward, according to table 
5.26. The most significant bits are then shifted to the right. 
Pseudocode:- i = 0, i ++, i <17 
i = 0 (initial stage) 
c :- 0101 0101 0101 0101 0101 0101 0101 
d:- 010I 010I 010I 0101 0101 010I 0101 
i = 1 (frrst round of permutation) 
c :- 10101010 1010 1010 1010 1010 1010 
d:- 101010101010 1010 1010 1010 1010 
90 
Un
ive
rsi
ty 
of 
Ma
lay
a
i = 2 
c :- 0101 0101 0101 0101 0101 0101 0101 
d:- 0101 0101 0101 0101 0101 0101 0101 
i = 3 
c :- 0101 0101 0101 0101 0101 0101 0101 
d:- 0101 0101 0101 0101 0101 0101 0101 
i = 4 
c :- 0101 0101 0101 0101 0101 0101 0101 
d:- 0101 0101 0101 0101 0101 0101 0101 
i = 5 
c :- 0101 0101 0101 0101 0101 0101 0101 
d:- 0101 0101 0101 0101 0101 0101 0101 
i=6 
c :- 0101 0101 0101 0101 0101 0101 0101 
d:- 0101 0101 0101 0101 0101 0101 0101 
i=7 
c :- 0101 0101 0101 0101 0101 0101 0101 
d:- 0101 0101 0101 0101 0101 0101 0101 
i = 8 
c :- 0101 0101 0101 0101 0101 0101 0101 
d:- 0101 0101 0101 0101 0101 0101 0101 
i = 9 
c :- 1010 1010 1010 1010 1010 1010 1010 
91 
Un
ive
rsi
ty 
of 
Ma
lay
a
d:- 1010 1010 1010 1010 1010 1010 1010 
i = 10 
c :- 1010 1010 1010 1010 1010 1010 1010 
d:- 1010 1010 1010 1010 1010 1010 1010 
i = 11 
c :- 1010 1010 1010 1010 1010 1010 1010 
d:- 1010 1010 1010 1010 1010 1010 1010 
i = 12 
c :- 1010 1010 1010 1010 1010 1010 1010 
d:- 1010 1010 1010 1010 1010 1010 1010 
i = 13 
c :- 1010 1010 1010 1010 1010 1010 1010 
d:- 1010 1010 1010 1010 1010 1010 1010 
i = 14 
c :- 1010 1010 1010 1010 1010 1010 1010 
d:- 1010 1010 1010 1010 1010 1010 1010 
i = 15 
c :- 1010 1010 1010 1010 1010 1010 1010 
d:- 1010 1010 1010 1010 1010 1010 1010 
i = 16 
c :- 0101 0101 0101 0101 0101 0101 0101 
d:- 0101 0101 0101 0101 0101 0101 0101 
92 
Un
ive
rsi
ty 
of 
Ma
lay
a
After pc2.After 16 rounds of iteration, we could see that actually, 
there are only two permutations. Values after permutation 1, 9, 10, 11, 12, 
13, 14 and 15 are the same, while the same also goes to values after 
permutation 2, 3, 4, 5, 6, 7, 8 and 16. We send this value to pc2, and this is 
what we get. 
ia = 1, 9, 10, 11, 12, 13, 14 and 15 
[0110][11 
10] [1010] 
1100] [00 
01] [1010] 
[1011] [11 
00] [1110] 
[0110] [01 
00] [0010] 
ib = 2, 3, 4, 5, 6, 7, 8, 16 
[1001] [00 
01] [0101] 
[0011] [11 
10] [0101] 
[0100] [00 
11] [0001] 
[1001] [10 
11] [1101] 
For all the values in the bracket, it is converted into hexadecimal. Below are 
the processed keys. 
Keys ia = 6EAC1ABCE642 
Keys ib =9153E98319BD 
7.2 16 rounds of data permutation 
Now, we will pass the keys into the DES core. The data will be 
passed through functions ip, function/then finally, fp. The sample data 
selected is OOOOOOOOFFFFFFFFF H· 
93 
Un
ive
rsi
ty 
of 
Ma
lay
a
After IP. After passing through the IP function, the values are split 
into two halves, R for top half, and L for lower half. 
1 2 3 4 5 6 7 8 
1to8 1 1 1 1 0 0 0 0 
9 to 16 1 1 1 1 0 0 0 0 
17 to 24 1 1 1 1 0 0 0 0 
25 to 32 1 1 1 1 0 0 0 0 
33 to 40 1 1 1 1 0 0 0 0 
41 to 48 1 1 1 1 0 0 0 0 
49 to 56 1 1 1 1 0 0 0 0 
57 to 64 I 1 1 1 0 0 0 0 
Table 7.03 After IP 
After XP. Values are entered into ffunctions, and the first function is 
the Expansion (xp) function. 
1 2 3 4 5 6 
1 to 6 0 1 1 1 1 0 
7 to 12 1 0 0 0 0 1 
13 to 18 0 1 1 1 1 0 
19 to 24 1 0 0 0 0 1 
25 to 30 0 1 1 1 1 0 
31 to 36 I 0 0 0 0 1 
37 to 42 0 1 1 1 1 0 
43 to48 1 0 0 0 0 1 
Table 7.04 After XP 
XOR with key. Values passed from XP into the desxor1 function, 
XOR with subkey R1. 
After xp Subkey After R1 Product of xp XOR 
r1 
011110 011011 000101 
100001 101010 001011 
011110 110000 101110 
100001 011010 111011 
011110 I 01111 110001 
100001 001110 101111 
011110 011001 000111 
100001 000010 100011 
Table 7.05 After desxorl 
94 
Un
ive
rsi
ty 
of 
Ma
lay
a
Sbox substitutions. The XOR product ofxp and rl are then split into 
eight equal adjoining parts, and entered into sboxes. (Refer to 2.4.4 for sbox 
guide) Below are the values obtained. For coordinate, it's in (x,y) form. 
sbox Bit value Coordinate Value In binary 
lto6 1 0 0010 1 1,2 7 0111 
7 to 12 2 1 0101 1 1,5 2 0010 
13 to 18 3 1 0111 0 2,7 0 0000 
19 to 24 4 1 1101 1 3,13 7 0111 
25 to 30 5 1 1000 1 3,8 6 0110 
31 to 36 6 1 0111 1 3,7 10 1010 
37 to 42 7 0 0011 1 1,3 7 0111 
43 to 48 8 1 0001 1 3,1 1 0001 
Table 7.06 After sbox 
P Permutation. After the sbox substitutions, the values are once 
again permuted according to P permutation. Here is the result. 
After P 
1101 
0010 
0111 
0100 
1001 
1110 
1000 
0010 
Table 7.07 After P 
95 
Un
ive
rsi
ty 
of 
Ma
lay
a
XOR2. This is the final function before it is passed through as a complete 
round (becoming Li+J, remember, Ri = Li+J ?) 
P values Rl keys Product Value (H) 
1101 1111 0010 2 
0010 0000 0010 2 
0111 1111 1000 8 
0100 0000 0100 4 
1001 1111 0110 6 
1110 0000 1110 E 
1000 1111 0111 7 
0010 0000 0010 2 
Table 7.08 End ofR1 
These steps are repeated another 15 times for 16 rounds of permutation. Due 
to space constraints, I will only display the final values after each round of 
permutation, before sending the values into FP for our final ciphertext. 
R 1 = 22846E72 H R9 = CD2242FE H 
R2 = 65C800B9 H RIO= 251B5698 H 
R3 = E1AD5D5B H Rll = 4DC0735E H 
R4 = 7F86D9C7 H Rl2 = 4EA2005D H 
R5 = CBA86EAB H R13 = F41FEB2F H 
R6 = E4968AE9 H Rl4 = 70074950 H 
R7 = DE8F8B35 H R15 = 9A850263 H 
R8 = 9D4C8B41 H Rl6 = 57816792 H 
R17 = D8645168 H 
The two values to enter FP are R15 and Rl6. Rl5 will become the left half, 
R16 is the right half. R17 is just permuted data that is needed to end the key, and it 
is discarded. 
96 
Un
ive
rsi
ty 
of 
Ma
lay
After FP. Below is the fmal ciphertext output of DES for our sample data 
and key. If the design's output does not tally with what we get here, then the design 
is considered a failure. 
Values 
1 to 16 0111 0110 1010 
17 to 32 0110 0100 1001 
33 to 48 1010 0001 0000 
49 to 64 0100 0110 1011 
Table 7.09 After fp 
Ciphertext= 76CF6480C10646B1 H 
1111 
0000 
0110 
0001 
* Refer to chapter 2 on permutation arrangements of data. 
hexadecimal 
76CF 
6480 
C106 
46Bl 
97 
Un
ive
rsi
ty 
of 
Ma
lay
a
Un
ive
rsi
ty 
of 
Ma
lay
a
Chapter 8.0 DES Design Testing I Verification 
This chapter shows if our design reaches its objective. A sample data 
is entered along with its key, and then we look at its product. If the design is 
able to decrypt our ciphertext, then it is considered successful. Sample data 
is the same as the one example that we worked in chapter 7. 
8.1 Compile All Design 
All finished designs are compiled at the top-most level of design. In 
our case, the State TB module. This is a testbench module, and it is 
autogenerated from an online automatic vhdl testbench generator. The 
website is available in the reference. 
Before that, here are the values entered into the testbench. 
Pt = x"OOOOOOOOFFFFFFFF"; 
Key = x"FFOOFFOOFFOOFFOO"; 
Dec ='0'; 
Reset ='0'; 
Figure 8.01 Compiling state_tb.vhd 
98 
Un
ive
rsi
ty 
of 
Ma
lay
a
8.2 Simulate State TB 
li!i1 
eliiii!JB*•• 
1111: -- i nithh •chile 
1112: --this 1s •~rt •• 
1113: --~d• yp •f np•n 
IISII: --and r-egishr s(n 
1115: 
1116: Ubnry bee; 
1117: 
11•: use il'tt.sttl_lagic 
"": 
1111: I'Atlty biU~t~ is 
1111 : ( 
luiU a,r 1t 1999. 
loading ... 
i nttblizing ... 
llone 
Inithllntion co~~~pll!h ... 
Settiftg nriftles . .. 
Indy . 
( 
-
--
w_oec 
W_AESET 
............ 
, __ , 
Obiecftto~ 
OuT *ILlig 
~ DUTdatapailWLn Dlll~IIULlto_JOI.ftd 
AddAI»j OUT dltapllh..ln.ILLtiLrard OUT dat~CN_lto_fp 
---!.J OUT~OY-lto...J'UC DUT~""'-'-tQ..h:l 
RemoYe~ OUT datapalt\.OIII_I_Io_IIUI DUTdlt~ ...... ., 
DUTdei~Lto_oor 
u, lo-1 DUT d~Upeth.IIDIRt,.r_to_O¥ OUT ~_g~nerlkr c 
DUT~MOt-el 
DUT~~alord 
DUTa.tlkari_gene~atcun 
Srte Obtacb J OUTki_flig OUTCJUtpJ_c:* 
loedObttct• w_ax DUTiood_I'IIMJ!f 
OUTCCriJol_ripre_..,.. 
~ OUTconllol..ri.h.(_ata w_cr 
""'*""""· 
Figure 8.02 Select simulation signals 
.... 
For simulation signals, all signals selected except for reset and dec. 
8.3 Waveform Analysis 
The most important waveforms to be analyzed are the keys and the 
permuted data from each round. These values are checked to see if it tallies 
with our Controlled Result from Chapter 7. Figure 8.03-8.05 shows the 
simulation results (up till Key_ end state) 
99 
Un
ive
rsi
ty 
of 
Ma
lay
a
-!rNITDATA.VHD · I 
bUT.datapath.ov: l_to: muM•E1AD505B 9ns 18ns 27ns 36ns 45ns 54ns 63ns ~,.,.r · 
OUT . d~tapath.ov_r_to_fp-LJUUUUUUU 
OUT.datapath. ov_r_to_mU)(•7F8609C7 UULUUUUL 22846E72 li5C80lJif!f :IAL:>U: / l"t!OU!:fl.. / L~A!jb~A~ 
0 UT. datapath. right_irPFOFOFOFO 
OUT.datapathrOU'ld_l_to_ov•El A05058 uuuuuuuu FUFOFOFO 22B46E72 b~L~~ E:lAlJ505B 7F8609C7 Cl 
OUT.datapathf<X.I'ld_r_to_ov•7F8609C7 UULUUUUL 22B46E72 65COOOB!f E:lAlJ5U~B 7FB609C7 !:!~All t 
OUT.stbkey_generator.c•5555555 
OUT .stbkey_generator.c1·5555555 ll_~~Li I'I'JlAilAA !:>~~~!:> 
OUT .wbkey _generator.d•5555555 
OUT .otbkey_generator.d1•5555555 UUUUL API¥>APA ·~!:l 
OUT .ki_sig=9153ES4319BO IJUUUUIJ. b~ALlA~L~b4< ~l!:l±!:l4Jl0t!U ~ OUT.output_ok='O' W_CLK='O' ,_J r l__j r pur . ~_new_pt='O' J pur. control_ un~.pre_ state•A5 INI H' RZ R3 H4 Hb R6 
DUT.control_unUut_state=A6 H' RZ R3 -m- H!:l R6 ~ 
W_CT=UUUUUUUUUUUUUUUU 
W = KEY-FFO!fHXFFOOFFOO 
W)T ..OOOOOOOOFFFFFFFF v 
< > < il . ~ 
... 
I 
.. 
-
-
- -
-
- '· 
loading .•• r.-.·, 
initializing ... ::....1 
done 
Initialization coAplete ... 
Getting uariables ... 
Ready. f] 
Running to ti~e: 2100 ns .v 
< 
- -
.l > 
Ready Stopped at .VHO: 0 Selected line : 0 NUM 
Figure 8.03 Results from state Init- R6 
100 
Un
ive
rsi
ty 
of 
Ma
ay
a
,.._...._.. ....... 
-- _,. 
fiNIIDATA.VHD yl 
OUT . ~~ov_l_to_rr<.ll<-E1AD505B 63ns 72ns 81ns OOns 99ns 10Sns 117ns 126ns " 
OUT .~apalh.ov_r_to_fp..UUUUUUUU 
OUT .~~ov_r_to_mU!C•7f860~7 btAI:I ~4~~~ Dt6f8B35 904CW41 CIJm2Ft ~5185636 4L.JLUI.= 
OUT . ~apath.r;g,t_in-FCFCHFO 
OUT ~~rouncll_to_ov=E1AD505B J':LI UlAtlbtAil ~4=t:S DEBFBB35 S0'1Ltfll_41 LUU4b~ '"->1856SB 
-OUT .~~rounclr_to_ov•7FB60~7 btAI:I ~4~t~ DE6f8835 904CW4' ~E. :011~ 4L.JL ::Jt 
OUT.subkey_generalor.c-5555555 
OUT. subkey _generalor.c 1 s5555555 
I 
AAAAI>I>A 
OUT.subkey_gene<ator.d-5555555 
OUT .subkey _generalor.d1•5555555 AAf:>.OAOA I I 
OUT .ki_sig•9153E54319BD 
OUT .~ ok•'O' 
W_CI..Ks'[J- r=-'"" 
OUT .load_new__pt•'O' 
DUT . cortml_lri.~e_stale•R5 HI Hll H~ RlO H HU 
pur. cortrol_ lri.fut_ state=R6 Hll RS R10 R1 Hl~ Rl3 
~-CT•UUUUUUUUUUUUUUUU 
W =KEY·FHXFFOO'FOOFFOO 
I 
' 
W =PT •[)(XX)()fXXFFFFFFFF :VI 
'' )"! < l. < ~ \ I t>: 
loading ... ~ initializing •. • 
done 
Initialization conplete ••• 
Getting uariables ..• 
Ready. n 
Running to ti~: 2000 ns ~ ' 
< 
-
-~ - I > 
Ready Stopped at . 't'HD: 0 Selected lne : 0 NLI>1 
Figure 8.04 Results from states R7 to R12 
101 
Un
ive
rsi
ty 
of 
Ma
lay
a
-
!rNITDATA.VHD 
· I 
OUT .d!II!IP"th.ov_L to_roox-57816792 127ns 136ns 145ns 154ns 163ns 172ns 181 ns t~l 
OUT.dat!IP"th.ov_r_to_lp-57816792 
OUT .d!II!IP"th. ov _r_ to_rru>e-0 8645168 l s.Jt . 4tAAA)~U ~4l~tl:!b IW/4~0 li'\WUlb.:l ~flflbf:lL IJ!l64!>168 
OUT d!II!IP"th.ri!#_ir,.f(Hlfll'O 
OUT .d!II!IP"th. r0l.r.d_l_to_ovz57816792 5698 4UL 01: 4tALW. ~41 ~tl:!b I UUI4:l:lll ::1'\=.:t ~ft!l bf:lL 
-. OUT.d!II!IP"th. r0l.r.d_r_to_ov-D8645168 I .:lot 4tAlW~U Hl~tH£1- 70074950 li'\WUd>.:l oflfllif~~ 08645168 
OUT .SI.bkey __generator. c-5555555 
OUT .stbkey _generator. c 1-5555555 >AAA ~~~= 
OUT . oubkey_gene~ator.d-5555555 
OUT .stbkey_generator.dl a5555555 >PAP. 
. ~~~~~~ 
OUT.ki._aga9153E5431 9BO ~Ltb4l ~l::.Jt04.:1l:Jij~ 6E 
OUT.outpU_ok•'O' 
W'_D.K•1 ' ·r--
DUT.IMCI_new_pi•'O' r 
OUT .cootrol_lri.pe_state..JNIT HI .:I Hl4 Hl~ R16 "-t' _tNU INII 
OUT .cootrol_ tri.fut_state=Al Hl4 R15 R16 KE' oNL INI R' 
~-CT •76CFS480C1~68 1 
W'~KEY..mxFf(D'fCXFFOO 
w _PT ooOIXDlDJFFFFFFFF ~, i"-l 
( f>1i <:, ~ I p1, 
. -
- -- -- -- - - -- -· ~---- - ---- -- -·-- - -- .. --- ----
. 
loading ___ 
initializing •.• ~  
done 
Initialization conplete ... 
Getting uariables ..• 
Ready. n' 
Running to ti~e: 2000 ns ~r. 
( --~--- ---~-- I > 
Ready Stopped ~t .1/HD: 0 Selected ~ne : 0 NliM 
Figure 8.05 Results from states R13 to Key_end 
102 
Un
ive
rsi
ty 
of 
Ma
lay
a
As we can see from the figures, the waveform for each value for keys 
and permuted data during each state tallies with our Controlled Results. 
However, the state value for permuted data is shown in its future state. Rl 
will have no value, but its supposed value is displayed in R2. But other than 
that, all values are right. However, this does not mean anything unless we 
can decrypt the ciphertext and get the original data. 
The testbench is run again, this time in decrypt mode. Figures 8.06 to 
8.08 displays the waveform. 
Pt = x" 76CF6480C10646Bl"; 
Key = x"FFOOFFOOFFOOFFOO"; 
Dec ='1 '; 
Reset ='0'; 
103 
Un
ive
rsi
ty 
of 
Ma
lay
a
- . ltNITDATA.VHD · I 
_______...,. .. 
DUT.datapath.ov_r_to_fP-UUUUUUUU 9ns 1Bns 27ns 36ns 45ns 54ns 63ns " 
DUT.datapath.ov_r_to_mUlFF41FEB2F uuuuuuuu ruur4~:>u ~41~1:.~~ _4_EA_2(JlJ5D 4LJLU(Jtll:. ~tll~tlb!Jtl 
DUT.datapath.right_in=9AB50263 
DUT.datapath.round_l_to_ov=70074950 uuuuuuuu ::l".lltlUlb::t /Wf4~~ F41FEI:s. 41:.A.!IJUtll) 4UUJf::ttlt 2 
DUT.datapath.round_r_to_ov=F41FEB2F UUUUL UUL 70074950 F41FEB2F 4EA2ll!hL 4DC0735E ltlllltlb~ L 
DUT. subkey_generator. c=f>lli:>A6.0A 
DUT . stbkey_generator.cl~ ~UUUUL! :l:l:l=:l ~ 
DUT . sl.bkey_general01.~
DUT .sl.bkey_generator.d1~ ~UUUUL! tlt>t>=t> ~ 
DU T. ki_ sig..sEAC1 ABCE 642 UUuUI] <.;St::l4' ~l:lL btAL IAI:lt-~b4l 
DUT .ot.tput_ok='O' 
W_CLK='O' 
-
r 
DUT .load_new_pt='O' 
DU T. control_ t.ri.pre_ state=R3 INII Hl Hi H:l R4 Htl Hb 
DUT .control_t.ri.fut_stale=R4 H Hi HJ rr..- ~ Hli Ri 
~-CT=UUUUUUUUUUUUUUUU 
w~KEY=FFOOFFIXHOOFFOO 
w _PT =76CF6480C1 ro\681 
v 
-
<! .. 1 > -~ -I f>:', 
•.-
- -
- --
--
... 
-
loading ... [": 
initializing ... 
done 
Initialization co~plete ... ~ 
Getting va~iables ... 
Ready. ! : 
Running to tiRe: 2000 ns .v ... 
< II .l 
Ready stopped at . YHO: 0 selected line : o NUM 
Figure 8.06 Results lnit- R6 (decrypt mode) 
104 
Un
ive
rsi
ty 
of 
Ma
lay
a
-- -
IINITDATA.VHD · I 
OUT.datapathov_r_to_fp..UUUUUUUU 63ns 72hs 8111$ SOns 99ns 108ns 117ns 126ns A 
OUT.datapalh.ov_r_to_rnux•25185698 pb~ L..UU4l~t. ::JU4U:Il4l DEBFBB35 E4::1b!1At::t l..t!AIA:ii::.AB 7F8609C 
OUT.datapath.right_ins9A850263 
OUT . dat~round_t_to_ov•4DC0735E ,735E ~ltl:lb:ll:l l.UU4~t ::IJ4l..tltl4" DEBFtli:IJ~ t.4!:tbti".t!:t UlAtll:itAB 
OUT .datapath.round_r_to_ov•251 85698 ~98 I l..UU'I~~t. !:tU4l..l:ltl41 Ut~tltl3~ l::.4::rtXlAt.:l l..tlAtJbtAtl (1-tlb!J::JL 
OUT .stbkey .Jlener ator. c=I>AOAI>M ,.... 
OUT .stbkey_generetor.c1 ~
I 5555555 I I OUT.sl.bkey_generetor.do<AAAAMA 
I 
: I OUT .stbkey_generetor.cl1 ~ ~::.~55 
OUT.ki_$ig-6EAC1ABCE642 :n::.::~t.04Jl3BD 
DUT.output_ok•'O' I 
W_CLK•'O' r 
DUT.Ioad_new_pt•'O' 
OUT .control_unit.pre_statecR6 I> R/ I RB R9 llU H. R12 
DU T .cortrol_ ri fut. stele= A 7 Htl RS RlO Hll Rl:J 
w_cT-uuuuuuuuuuuuuuuu uu I 
I 
w' _KEY=FHXFFO!HOOFFOO 
w' _PT •76CF6400C1004681 I I! 
,! ~v! 
~ j,;j 
.. 
J>"' <) _ n_ -
·-
-
- -
-
f>1' 
~ . ·-
loading ... 'A 
initializing ••. 
,_ 
done 
Initialization co~lete ••• r Getting variables ..• Ready. 
Running to ti~: 2111 ns ~v 
' 
1 ... 
Ready Stopped at .VH): 0 Time: 60 ns 1'-lJM 
Figure 8.07 Results R7- Rl2 (decrypt mode) 
105 
Un
ive
rsi
ty 
of 
Ma
lay
a
jiNITDATA.VHD 
· I 
OUT.datapath.ov=r=to=lp=FOFOFOFO 127ns 136ns 145ns 154ns 163ns 172ns 181ns ;., 
OUT.datapath.ov_r_to_muxzA4210979 )~{ t1AOoD5B b::JI..i:jUUi:j~ l£tl4btf£ rut-Ut-Ut-U ll840E72 
OUT .datapath.ri!t>t_in=9A850263 
OUT .da!apath.round_Lto_ov=22846E72 6EAB 7F86DOC7 tlAD005B 65C80089 Ulj4btf£ FOFOFOFU . 
DU T .datapath.round_r_to_ovzA421 0979 )~{ t::1AD5D5B b::JI..i:jUUtl::l Z2B46t72 t-Urut-Ut-U 22840E72 
OUT .subkey_gener at01. c=f:>AO.OA6A 
OUT .subkey_generator.c1 =5555555 )555 flPili'P.PA 
DU T .subkey_generat01.cJ..AAAO.AAA 
OUT .subkey_generator.d1 =5555555 )!)!)!) flPili'P.PA 
DUT .ki_sig--91 53E 543198D ~Jl ::AJO 
DUT.output_ok='O' 
W_CLK='1' r= 
OUT .load_new_pt='1' r 
OUT .control_unit.pre_state=R1 I ~ HU 1114 Hl::J 1 lb X KEY_END I INI pur .control unil.fut state=R2 13 X t1T4 Hl!:l R16 KEY_:Nl INI R' f.o/_cr =OOOOOOOOFFFFFFFF 
~~KEY ·FFOOFFOOFFOOFFOO 
W _PT =76CF64BOC1 ~681 
= 
v 
_t.JI ~ ~~;. ~ 1! PI ,> ..
·-
-· ·- --·--·-- -
loading ... A 
-initializing . .. 
done 
Initialization co~plete ..• ~ Getting ua~iables ... Ready. 
Running to ti~: 2000 ns 
·-
~  
( 
- - -- --
Jl t 
·-
Ready Stopped at , VHO: 0 Select-ed ~ne : 0 
Figure 8.08 Results Rl2 - Key_end (decrypt mode) 
106 
Un
ive
rsi
ty 
of 
Ma
lay
a
As we can see, ct' s value at the end of the process is 
OOOOOOOOFFFFFFFFFH , which is the original data. From the results obtained, our 
design has reach its objective, which is to successfully encrypt a 64 bit data based 
on DES standards, and decrypt the data using the same key. I have also included 
other sample data's and keys to fully verify our design. 
Pt = x"ABCDEFABCDEFABCD"; 
Key = x"OOOOOOOOOOOOOOOO"; 
Ct = x"AA4FE87B44C87AAB" 
Dec ='0'; 
Pt = x"AA4FE87B44C87 AAB"; 
Key = x"OOOOOOOOOOOOOOOO"; 
Ct = x"ABCDEFABCDEFABCD"; 
Dec ='1'; 
Pt =x" 
Key =x"1100ABCD0011DCBA"; 
Ct =x"92F88CDBFB 1 F8FE2"; 
Dec ='0'; 
Pt =x"92F88CDBFB 1 F8FE2"; 
Key =x"1100ABCD0011DCBA"; 
Ct = x" 
Dec =' 1 '; 
107 
Un
ive
rsi
ty 
of 
Ma
lay
a
0 0 
Un
ive
rsi
ty 
of 
Ma
lay
a
Chapter 9 Discussion 
This chapter discusses the problems related to this project, its 
strength and weaknesses, future improvements consideration and the 
projects development process. 
In the world of digital systems design, there are two ways in 
implementing any design. I came to this deduction because of the 
numerous research papers on DES designs I've come across, there is 
always trade-off between speed and size of design. There is a fast 
version, in which all operation are pipelined and done in just one 
clock cycle, while the other is small, where operations are permuted 
by looping data through the machine according to requirements, 
causing delay based on the amount ofloops required. Eventually, a 
hardware design will be hard-wired onto FPGA or CPLB boards. In a 
fast design, all operations are split to be executed individually; 
certain architectures are repeated, thus wasting space on the limited 
space available on the targeted circuit boards. This method is also 
called pipe-lining. 
If space is premium, then a small design is appropriate. By 
using state machine, the operation can be manipulated. If certain 
operation could not be done on a clock cycle yet it uses the same 
resources, it can be set in the future state, where the operation is done 
108 
Un
ive
rsi
ty 
of 
Ma
lay
a
the following clock cycle. Thus this saves space, as we do not have 
to build an identical architecture. 
My DES design is a design where space is premium, in other 
words, it is a small design. For a variation of my design, I feel it is 
possible to develop a fast pipelined design. The lnitdata architecture 
could be arranged sequentially, because if we consider the DES 
algorithm, the left part of the next round is the right part of the 
preceding one. So only half of the information needs to be stored. By 
doing this way, we store only 32 bits instead of 64 bits. The figure 
below illustrates my point. 
Rl Ro Rl Ro Rl 
Lo u Lo U 
Figure 9.01 Pipelined design for DES 
This design will be at least 17 times faster than our original 
design, but in term of space required for FPGA circuit board, it will 
be much, much larger. 
In term of strength and security the DES offers, the level of 
security is still adequate, but considering the strength of computers 
nowadays, it is not safe, because the length of key (56 bit) is 
109 
Un
ive
rsi
ty 
of 
Ma
lay
a
considered too short and is breakable using brute-force attacks. 
Nowadays, only the Triple DES variation of DES offers adequate 
security. 
In order to arrive at my fmal design, a lot of effort has been 
put into designing, then re-designing the DES architecture. The 
hardest part is in designing the shifter and state machine. My initial 
design was without a state machine whatsoever, and needless to say, 
it was anarchy. Credits should be given to the website, "VHDL 
tutorial through example" by Wei Jun Zhang. My state machine and 
registers design are taken and adapted from here. 
110 
Un
ive
rsi
ty 
of 
Ma
lay
a
Un
ive
rsi
ty 
of 
Ma
lay
a
Chapter 10 Summary 
This project is about the development of DES cryptosystem 
in VHDL. In other words, a hardware implementation of DES in 
VHDL. Two main subjects important in the development for this 
project are the DES algorithm, and VHDL programming language. 
In-depth research has been done to these two subjects. 
The process flow used is based on "Cascading-Waterfall" 
model. It is used because of its simplicity and sequential process. The 
proposed methodology is "Top-down Design/Bottom-up 
Implementation". Here, in analyzing the system, a top-view is taken, 
then broken into modules of components. Recursive partitioning will 
produce subsequent levels, and the smaller modules are referred to as 
subcomponents. The implementation phase will take a bottom-up 
approach, where each submodules are built. These submodules are 
then tested individually and all components will be integrated. In 
other words, take a "divide-and-conquer" approach in this projects 
development. 
In DES analysis, based on functions involved, it is deduced 
that DES contains two main modules. All functions are identified, 
and some are combined to form sub-modules for DES. Results from 
the analysis will be the basis of our DES design. 
111 
Un
ive
rsi
ty 
of 
Ma
lay
a
For DES design, in addition to the two main modules, two 
additional modules are required, which are RAM and Controller. The 
RAM modules acts as temporary buffers, and come in three different 
designs, in the reg32, ov32 and mux32 modules. The Controller is to 
control DES operations using state machine. 
The tool of choice used in this project is peakFPGA. DES 
operation is performed manually, so we have a benchmark value to 
evaluate our design. After individual modules are built, they are 
linked and simulated. Then, finally, the top-level design of our DES 
testbench is simulated. From the waveform obtained, our design has 
successfully encrypted and decrypt 64 bit data based on DES 
standards, operating in ECB mode. 
112 
Un
ive
rsi
ty 
of 
Ma
lay
a
0 
0 
Un
ive
rsi
ty 
of 
Ma
lay
a
Appendix A -A practical example of the DES algorithm encryption 
By Adrian Grigorof- adrian@grigorof.com 
December 2000 
The sample 64-bit key: 
ddd,bbbbbbbb 
222,11011110 
16,00010000 
156,10011100 
88,010 I 1000 
232,I I IOIOOO 
164,10 I 00100 
166,IOIOOIIO 
48,00I 10000 
The 64-bit key is (hex): DE,10,9C,58,E8,A4,A6,30 
The original 64-bit key with parity bits 
1 I 0 1 I I I 0 bits I -8 
0 0 0 I 0 0 0 0 bits 9-16 
1 0 0 I I 1 0 0 bits I7-24 
0 1 0 I 1 0 0 0 bits 25-32 
1 I I 0 1 0 0 0 bits 33-40 
I 0 I 0 0 I 0 0 bits 41-48 
I 0 1 0 0 I I 0 bits 49-56 
0 0 1 I 0 0 0 0 bits 57-64 
The original bit positions: 
12345678 
9 IO I I I2 13 I4 I5 16 
I 7 I 8 I 9 20 21 22 23 24 
25 26 27 28 29 30 31 32 
33 34 35 36 37 38 39 40 
4I 42 43 44 45 46 47 48 
49 50 51 52 53 54 55 56 
57 58 59 60 61 62 63 64 
The 56-bit key (parity bits stripped) 
1101111 
0001000 
IOOIIIO 
0 I 0 I 1 0 0 
II10100 
1010010 
IOI0011 
OOliOOO 
The original positions of the bits after the parity is stripped: 
113 
Un
ive
rsi
ty 
of 
Ma
lay
a
1234567 
9 10 11 12 13 14 15 
1 7 18 19 20 21 22 23 
25 26 27 28 29 30 31 
33 34 35 36 37 38 39 
41 42 43 44 45 46 47 
49 50 51 52 53 54 55 
57 58 59 60 61 62 63 
The positions of the remained 56 bits after Permuted Choice 1 (PC-I) 
57 49 41 33 25 17 9 
1 58 50 42 34 26 18 
102595143 3527 
19 11 3 60 52 44 36 
63 55 47 39 3123 15 
7 62 54 46 38 30 22 
14 6 61 53 45 37 29 
21 13 5 28 20 12 4 
The permuted 56-bit key: 
0111010 
1000110 
0110001 
0001000 
0100000 
lOilOOI 
0100011 
1011111 
Split the permuted key into two halves. The first 28 bits are called C[O] and the last 28 bits are called 
0(0]. 
C(O] 
0111010 
1000110 
0110001 
0001000 
D(O] 
0100000 
1011001 
OlOOOil 
1 0 1 I I 1 1 
Calculate the I6 sub keys. Start with i = 1 
Perform one or two circular left shifts on both C[i-1] and D[i-1] to get C[i] and D[i], 
respectively. The number of shifts per iteration are given in the table below. 
Iteration # 1 2 3 4 5 6 7 8 9 10 11 12 I3 14 15 16 
Left Shifts 1 1 2 2 2 2 2 2 I 2 2 2 2 2 2 1 
C[O] 
114 
Un
ive
rsi
ty 
of 
Ma
lay
a
0111010100011001100010001000 
D[O] 
0100000101100101000111011111 
C[1] 
1110101000110011000100010000 
D[1] 
1 0 0 0 00101 1 0 01010 0 01 1 l 0 l 1 1 1 10 
C[2J 
1101010001100110001000100001 
D[2] 
0000010110010100011101111101 
C[3] 
0101000110011000100010000111 
D[3] 
0001011001010001110111110100 
C[4] 
0100011001100010001000011101 
D[4] 
0101100101000111011111010000 
C[5] 
0001100110001000100001110101 
D[5] 
01 10 0 1 0 100 01 1 10 1 1 1 1 101 0 0 0 0 01 
C[6] 
0110011000100010000111010100 
D[6] 
1001010001110111110100000101 
C[7] 
1001100010001000011101010001 
D[7] 
0 1 0 1 0 0 0 1 I 1 0 1 l 1 1 1 0 1 0 0 0 0 0 1 0 1 1 0 
C[8] 
0110001000100001 l 10101000110 
D[8] 
0 1 0 0 0 1 1 1 0 1 l 1 1 1 0 1 0 0 0 0 0 l 0 1 1 0 0 1 
C[9] 
1100010001000011101010001100 
115 
Un
ive
rsi
ty 
of 
Ma
lay
a
D[9] 
I 0 001 1 101 I 1 1 1 0100 0 0 0 I 01 10 010 
C[lO] 
0001000100001110101000110011 
D(10] 
0 0 I 1 l 0 l 1 1 1 1 0 1 0 0 0 0 0 1 0 I 1 0 0 1 0 1 0 
C[11] 
0100010000111010100011001100 
D[ll] 
1110111110100000101100101000 
C[l2) 
0001000011101010001100110001 
D[12] 
1 0 1 1 1 1 1 0 1 0 0 0 0 0 1 0 1 1 0 0 1 0 1 0 0 0 1 1 
C[13] 
0100001110101000110011000100 
D[13] 
1 1 1 1 1 0 1 0 0 0 0 0 1 0 1 1 0 0 1 0 1 0 0 0 1 1 1 0 
C[14] 
0000111010100011001100010001 
D[14] 
1110100000101100101000111011 
C[l5] 
0011101010001100110001000100 
D[15] 
1010000010110010100011101111 
C[16J 
0111010100011001100010001000 
D[16] 
0 I 0 0 0 0 0 1 0 1 1 0 010 10 00 1 1 1 01 1 1 1 1 
Permute the concatenation C[i]D[i] as indicated below. This will yield K[i], which is 48 bits long. 
Permuted Choice 2 (PC-2) 
14 17 11 24 I 5 
3 28 15 6 21 10 
23 19 12 4 26 8 
16 7 27 20 13 2 
41 52 31 37 47 55 
30 40 51 45 33 48 
44 49 39 56 34 53 
46 42 50 36 29 32 
116 
Un
ive
rsi
ty 
of 
Ma
lay
a
C(O]D(O] 
0 I I I 0 I 0 bits I-7 
I 0 0 0 I I 0 bits 8-I4 
0110001 bits 15-21 
0 0 0 1 0 0 0 bits 22-28 
0 1 0 0 0 0 0 bits 29-35 
I 0 I 1 0 0 I bits 36-42 
0 1 0 0 0 1 1 bits 43-49 
I 0 1 1 I 1 1 bits 50-56 
K[O] 
010000 
100110 
OOIIOl 
IOOOII 
0 I 0 00 I 
10000I 
Ill101 
OII100 
Loop back until K(16] has been calculated (for this example, the calculation ofthe rest of the K[x] is 
skipped) 
Process a 64-bit data block. 
Get a 64-bit data block. ffthe block is shorter than 64 bits, it should be padded as appropriate for the 
application. 
Sample 64 bit data: 
86,01010110 
233,11I01001 
158,10011110 
I 72, 1 0 1 0 11 00 
222, 11 0 1 I II 0 
95,0IOIIII1 
244,11 I10100 
1 77, I 0 11000 I 
The original bit positions: 
I2345678 
9 IO 11 12 13 I4 I5 16 
I7 18 19 20 2I 22 23 24 
25 26 27 28 29 30 31 32 
33 34 35 36 37 38 39 40 
41 42 43 44 45 46 47 48 
49 50 51 52 53 54 55 56 
57 58 59 60 61 62 63 64 
Perform the following permutation on the data block. 
117 
Un
ive
rsi
ty 
of 
Ma
lay
a
Initial Permutation (IP) 
58 50 42 34 26 18 10 2 
60 52 44 36 28 20 12 4 
62 54 46 38 30 22 14 6 
64 56 48 40 32 24 I6 8 
5749413325179I 
595I433527I9I13 
61534537292Il35 
635547393123157 
Original data: 
0 1 0 I 0 1 1 0 bits I-8 
1 1 1 0 1 0 0 1 bits 9-I6 
I 0 0 l 1 1 I 0 bits I7-24 
1 0 I 0 1 1 0 0 bits 25-32 
1 1 0 1 I I I 0 bits 33-40 
0 I 0 I 1 I I 1 bits 4I-48 
I I I 1 0 I 0 0 bits 49-56 
1 0 I 1 0 0 0 I bits 57-64 
Permuted data: 
OI1I0011 
1 1 1 I 0 I 0 I 
0 I 1 I 1 I 0 I 
IOIOOOlO 
110I1110 
11001010 
00111110 
0011010I 
Split the block into two halves. The first 32 bits are called L[O], and the last 32 bits are called R[O]. 
L[O] 
01110011 
11110I01 
01111101 
10100010 
R[O] 
11011110 
Il0010IO 
001II110 
OOllOIOI 
Apply the 16 sub keys to the data block. Start with i = 1. Expand the 32-bit R[i-1] into 48 bits 
according to the bit-selection function below. 
Expansion (E) 
32 I 2 3 4 5 
456789 
8 9 10 Il 12 13 
12 13 14 I5 16 I7 
I6 1 7 1 8 19 20 21 
20 21 22 23 24 25 
24 25 26 27 28 29 
28 29 30 3 1 32 1 
R[O] 
118 
Un
ive
rsi
ty 
of 
Ma
lay
a
1 1 0 1 1 1 1 0 bites 1-8 
I 1 0 0 1 0 I 0 bites 9-16 
0 0 I 1 I I 1 0 bites 17-24 
0 0 1 1 0 I 0 1 bites 25-32 
12345678 
9 10 II 12 I3 14 15 16 
17 18 19 20 21 22 23 24 
25 26 27 28 29 30 31 32 
Expanded R[OJ or E(R[OJ) 
I 1 0 1 1 1 
11I101 
OI1001 
OI0100 
000111 
I11100 
OOOJIO 
IOIOII 
Exclusive-or E(R(i-1]) with K(i]. 
E(R[O]) 
1 1 0 1 1 1 
111101 
011001 
OI0100 
000111 
11I100 
0001IO 
I01011 
K[O] 
010000110111 
1 0 0 1 1 0 1 1 1 1 0 1 
001101011001 
I00011010IOO 
010001000111 
100001111100 
I 1 I 1 0 1 0 0 0 1 1 0 
OI110010I011 
XOR: If one, and only one, of the expressions evaluates to True, result is True 
Perfonn Exclusive-or E(R(i-1]) with K[i]. 
E(R[i-I]) xor K[i] 
100111 
011011 
OI1IOO 
111001 
01I110 
011101 
I I I 0 1 1 
1 1 0 1 1 I 
Break E(R[i-1]) xor K[i] into eight 6-bit blocks. 
Bits 1-6 are B[ I], bits 7-12 are B[2], and so on with bits 43-48 being B[8]. 
119 
U
ive
rsi
ty 
of 
Ma
lay
a
B[l] 
100111 
Bf2J 
011011 
B[3] 
011100 
B[4] 
111001 
B[5] 
011110 
B[6J 
011101 
B[7] 
111011 
B[8] 
110111 
Substitute the values found in the S-boxes for all B[j]. Start with j = 1. 
All values in the S-boxes should be considered 4 bits wide. 
Take the 1st and 6th bits ofB[j] together as a 2-bit value (call it m) 
indicating the row in SUJ to look in for the substitution. 
Take the 2nd through 5th bits ofB[j] together as a 4-bit value (call it n) 
indicating the column in S[j] to find the substitution. 
B[1] 
100111 
1 2 3 4 5 6 bit order 
m = 11 == 3 
n == 0011 = 3 
Replace B[j] with S[j][m][n}. 
Substitution Box 1 (S[l J) 
1441312151183106125907 
0157414213110612119538 
4114813621115129731050 
15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13 
.120 
Un
ive
rsi
ty 
of 
Ma
lay
a
S[I ][3][3] = 2 
B[2] 
011011 
m = 01 = 1 
n = 1101 = 13 
S[2] 
1518146113497213120510 
3 13 4 7 15 2 8 14 12 0 I 10 6 9 II 5 
0 I4 7 11 10 4 13 1 58 12 6 9 3 2 15 
I3 8 10 1 3 15 4 2 11 6 7 12 0 5 14 9 
S[2][1 ](13] = 9 
B[3] 
OI1100 
m = 00 = 0 
n = 1110 = 14 
S[3] 
1009146315511312711428 
13 7 0 9 3 4 6 10 2 8 5 14 12 11 15 1 
13 6 4 9 8 I5 3 0 1 I I 2 I2 5 10 14 7 
1 10 I3 0 6 9 8 7 4 I5 I4 3 11 52 12 
S[3][0][14] = 2 
B[4] 
I 1 100 I 
m = 11 = 3 
n = 1100 = 12 
S[4] 
7 13 I4 3 0 6 9 10 1 2 8 5 11 12 4 15 
1381156150347212110149 
1069012117131513145284 
3 15 0 6 1 0 1 13 8 9 4 5 11 12 7 2 14 
S(4][3](12]= I2 
B[5] 
011110 
m = 00 = 0 
n = II1I = 15 
121 
Un
ive
rsi
ty 
of 
Ma
lay
a
S[5] 
2 I2 4 I 7 10 II 6 8 53 15 I3 0 I4 9 
I4 11 2 I2 4 7 13 1 50 15 10 3 9 8 6 
4 2 1 II IO 13 7 8 15 9 I2 56 3 0 I4 
II 8 I2 7 I I4 2 13 6 15 0 9 10 4 53 
S(5](0][1 5] = 9 
B[6] 
OII101 
m = OI = 1 
n = 11IO = I4 
S[6] 
l21IO 1592680 I334I475II 
1015427129561131401138 
9 I4 15 52 8 12 3 7 0 4 10 I 13 II 6 
432129515IOIII41760813 
S[6][1][I4]=3 
B[7] 
11I011 
m = II = 3 
n = IIOI = 13 
S[7] 
4 11 2 14 15 0 8 13 3 12 9 7 5 10 6 I 
13 0 1 I 7 4 9 1 10 14 3 5 12 2 15 8 6 
1 4 11 13 12 3 7 14 IO I5 6 8 0 59 2 
6 II 13 8 1 4 10 7 9 50 I5 14 2 3 12 
S[7](3][ 13] = 2 
B(8] 
110111 
m = 11 = 3 
n = IOII = II 
S[8] 
1328461511110931450127 
1 15 13 8 lO 3 7 4 12 56 I I 0 I4 9 2 
7 II 4 I 9 12 14 2 0 6 10 I3 15 3 58 
211474108I315129035611 
122 
Un
ive
rsi
ty 
of 
Ma
lay
a
S[8][3][11] = 0 
Permute the concatenation of8[1] through 8[8] as indicated below. 
8[1] = S[I][3][3] = 2 = 0010 
8[2] = S[2][1 ][13] = 9 = 1001 
8[3] = S[3][0][14] = 2 = 0010 
8(4] = S[4][3][I2] = 12 = 1100 
8(5] = S[5][0][I5] = 9 = I 00 I 
8[6] = S[6][I][14] = 3 = OOII 
8[7] = S[7][3][13] = 2 = 0010 
8(8] = S[8][3][1I] = 0 = 0000 
8[1-8] 
0010100100I01100100I001IOOIOOOOO 
I 2 3 4 5 6 7 8 9 I 0 1 I 12 13 14 15 16 I7 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 
Permutation P 
1672021 
29122817 
I I5 23 26 
5I83110 
2 8 24 14 
32 27 3 9 
I913306 
22 I1 4 25 
P(S[ 1 ](8(1 ]) ... S[8](8[8])) 
0 0 1 0 
0 0 0 I 
0010 
I 0 0 0 
0 I 1 1 
0 I 1 0 
0100 
0 1 0 0 
Exclusive-or the resulting value with L[i-1]. 
Thus, all together, your R[i] = L[i-I] xor P{S[1](8[1]) ... S[8](8(8])), 
where 8[j] is a 6-bit block of E(R[i-1]) xor K[i]. 
(The function for R[i] is more concisely written as, R[i] = L[i-1] xor f(R[i-1 ], K[i]).) 
L(O) xor P(S[1](B[l]) .. . S[8](B[8])) 
L(O] (see above) 
0111001I 
1I11010I 
0 1 I 1 1 I 0 l 
I 0 1 0 0 0 1 0 
123 
U
ive
rsi
ty 
of 
Ma
lay
a
L[O] 
0 I 1 1 
0 0 1 I 
1 I 1 1 
0 1 0 1 
0 I 1 1 
1 1 0 1 
1 0 1 0 
0010 
xor with 
P(S[1 ](B[l ]) ... S[S](B[8])) 
0010 
0001 
OOIO 
1000 
0 I I 1 
01IO 
0100 
0100 
R[1) 
0 1 0 I 
OOIO 
1 1 0 I 
1 1 0 I 
0000 
1 0 1 1 
1 1 1 0 
OIOO 
124 
Un
ive
rsi
ty 
of 
Ma
lay
a
Appendix B - DES source codes 
There are 26 modules altogether, and due to space constraints, I have 
decided to submit it in soft copy. This appendix serves to explain how to use the 
source code, in term of entering values into the system. Thus, we can say, a very 
simplified user's manual. 
Signals/ Data are entered in the State_ TB module. The four parameters are 
pt, key, dec and reset. Values entered should follow the correct VHDL syntax. 
Below are the correct examples. Note that the signals are mapped to the P _signal 
port. 
begin 
W PT <= x"OOOOOOOOfffilfff'; 
W KEY <= x"ffDOffOOftDOffDO"; 
W RESET <= '0'; 
W DEC <='0'; 
W PT <= x"76CF6480Cl0646Bl "; 
W KEY <= x"ffDOffOOffOOffDO"; 
W _RESET <= '0'; 
W DEC <='I'; 
We can also enter values in pure binary from, but we will have to omit the x 
operand before the double quote. 
125 
Un
ive
rsi
ty 
of 
Ma
lay
a
Un
ive
rsi
ty 
of 
Ma
lay
a
References 
Books:-
Zainalabedin Navabi. (1998). VHDL: Analysis and Modeling of Digital 
Systems. 2nd ed. McGraw-Hill. 
Peter Ashenden (1998). The VHDL Cookbook. 1st ed. 
Eric Maiwald. (200 1 ). Network Security :A beginner's Guide. 1st ed. McGraw-
Hill. 
Intemet:-
1. http://www.opencores.org 
2. http://www.acc-eda.com/vhdlref/ 
3. http://www.itl.nist.gov/fipspubs/index.htm 
4. http://www.itl.nist.gov/fipspubs/fip74.htm 
5. http://www.itl.nist.gov/fipspubs/fip81.htm 
6. http://www.itl.nist.gov/fipspubs/fip46-2.htm 
7. http:/ /isc.faqs.org/faqs/ cryptography-faq/ 
8. http://www.eventid.net/docs/desexample.htm 
9. http://www.free-ip.com/DES/index.html 
1 0. http://www .cs. ucr. edu/ content/ esd/labs/tutorial/ 
11. http://www. vhdl-online.de/~vhdl/TB-GEN/ent2tb 1.htm 
126 
Un
ive
rsi
ty 
of 
Ma
lay
a
