|
|
Ultra-Compact Data Encryption Standard (DES/3DES) Core
|
 |
General Description |
|
 |
The DES1 ASIC/FPGA core is an implementation of the DES and triple DES encryption and decryption in compliance with the NIST Data Encryption Standard. It processes 64-bit blocks, with one, two, or three 56-bit keys. |
|
Basic core is very small (3,000 ASIC gates). Enhanced versions are available that support various cipher modes (ECB, CBC, OFB, CFB, CTR). |
|
The design is fully synchronous and available in both source and netlist form. Test bench includes the NIST DES test vectors. |
|
DES Core is supplied as portable Verilog (VHDL version available) thus allowing customers to carry out an internal code review to ensure its security. |
|
| |
|
|
Base Core Features |
|
| |
Encrypts and decrypts using the DES / TDEA / Triple DES / 3DES Block Cipher Algorithm |
|
High throughput: up to 3 Gbps at 750 MHz in 90 nm LV technology |
|
Small size: from 3K ASIC gates for a triple DES core |
|
Satisfies FIPS 46-3 from the US National Institute of Standards and Technology (NIST) |
|
Processes 64-bit data blocks |
|
Optional parity check feature |
|
Employs one to three keys of 56 bits each |
|
Completely self-contained: does not require external memory |
|
Available as fully functional and synthesizable Verilog, or as a netlist for popular programmable devices and ASIC libraries |
|
Single-DES No License
Required option DES1-NLR |
|
Deliverables include test benches |
|
|
|
|
Symbol |
|
|
|
|
Applications |
|
| |
Secure mobile phone communications |
|
Secure RFID |
|
Secure Smart Cards |
|
Secure financial transactions |
|
SCTE 52 |
|
|
|
|
Pin Description |
|
| CLK |
Input |
Core clock signal |
| RESET |
Input |
Core reset signal |
| CEN |
Input |
Synchronous enable signal. When LOW the core ignores all its inputs and all its outputs must be ignored. |
| START |
Input |
When goes HIGH, a cryptographic operation is started |
| E/D |
Input |
Encrypt (1) / Decrypt (0) |
| MODE[1:0] |
Input |
DES mode
0 – Single DES
1 – Double DES
2 – Triple DES (3DES, TDEA) |
| READY |
Output |
Output data ready and valid |
| K1[1:64] |
Input |
First Encryption Key |
| K2[1:64] |
Input |
Second Encryption Key (used only in Double or Triple mode) |
| K3[1:64] |
Input |
Third Encryption Key (used only in Triple mode) |
| D[1:64] |
Input |
Input Plain or Cipher Text Data |
| Q[1:64] |
Output |
Output Cipher or Plain Text Data |
|
|
| |
|
Function Description |
A DES encryption operation transforms a 64-bit block into a block of the same size. The encryption key size is 56 bits, with one to three keys used. The block performs DES and Triple DES (TDEA) encryption as defined by NIST in FIPS publication 46-3. |
| |
|
Operation |
|
| A rising input on the START port triggers the beginning of a cryptographic operation on the data D, using the KEY as key.
The core then starts to process the state according to the DES algorithm.
When all the rounds are completed, the READY signal is raised and the encrypted data is available on the output.
It is possible to start a new cryptographic operation as soon as the data from the previous one is output. A cryptographic operation can be aborted at any time by lowering the START signal for at least one clock cycle.
The core is fully pipelined. Loading of the new plain/cipher text data and key can be combined with outputting cipher/plain text data from the previous operation.
New key can be used for each cryptographic operation. The absence of gaps allows sustaining the throughput of 4/2/1.33 bits per clock for DES / 2DES / 3DES correspondingly. |
|
| |
|
Implementation Results |
Representative area/resources figures are shown below. |
| TSMC 130 nm |
234 MHz |
3,117 gates |
936 Mbit/s |
312 Mbit/s |
| TSMC 130 nm |
512 MHz |
4,482 gates |
2,048 Mbit/s |
684 Mbit/s |
| TSMC 90 nm |
358 MHz |
3,192 gates |
1.4 Gbit/s |
477 Mbit/s |
| TSMC 90 nm |
789 MHz |
5,090 gates |
3.15 Gbit/s |
1 Gbit/s |
| Altera Stratix II |
133 MHz |
466 ALUT |
1.06 Gbit/s |
335 Mbit/s |
| Altera Stratix II |
180 MHz |
362 ALUT |
720 Mbit/s |
240 Mbit/s |
|
| |
|
Export Permits |
|
| See the IP Cores, Inc. licensing basics page licensing basics page,
for links to US government sites and more details. DES1-NLR single-DES option is
classified as ECCN 5E992 and does not
require an export license. |
| |
|
Deliverables |
|
HDL Source Licenses
|
| |
Synthesizable Verilog RTL source code |
|
Testbench (self-checking) |
|
Test vectors |
|
Expected results |
|
User Documentation |
|
|
Netlist Licenses
|
| |
Post-synthesis EDIF |
|
Testbench (self-checking) |
|
Test vectors |
|
Expected results |
|
|
|
| |
|
Contact Information |
|
| |
| |
|
|
