Design and Implementation of a flexible Multi-purpose Cryptographic System on low cost FPGA
Keywords:Advanced encryption standard (AES), Pipelining, FPGA, Keccak, RNG, secure hash algorithm-3 ( SHA -3)
The design of cryptographic hardware that supports multiple cryptographic primitives is common in literature. In this work, a new design is presented consisting of a multi-purpose cryptographic system featuring both 128-bit pipelined AES-CORE (Advanced Encryption Standard) for high-speed symmetric encryption and a Keccak hash core on a low-cost FPGA. The KECCAK-CORE’s security and performance parameters are tunable in the sense that capacity, bitrate, and the number of rounds can be user-defined. Such flexibility enables the core to suit a large range of security requirements. The structure of Keccak’s sponge construction is exploited to enable different modes of operation. An example application outlined in this work is Pseudo Random Number Generation (PRNG). With few adjustments, the KECCAK-CORE was also operated as a post-processing unit for True Random Number Generation (TRNG) that uses the analog Lorenz chaotic circuit as a physical entropy source. The multi-purpose design was implemented in VHDL targeting an IntelFPGA Cyclone-V FPGA. For AES symmetric encryption, a maximum throughput of 31.1Gbps was achieved and a logic usage of 25146LEs (23% of the FPGA) in the case of the pipelined variant of AES-CORE. For the KECCAK-CORE, maximum throughput figures of 5.81, 8.4, and 11Gbps were achieved for the three SHA-3 variants 512, 384, and 256-bit respectively, with an area usage of 8947LEs (8%). The system as a whole occupies an area of 26909LEs (26%). The random sequences generated by the system operating in PRNG and TRNG post- processing modes successfully passed the National Institute of Standards and Technology (NIST) statistical test suite (NIST SP 800-22). The information entropy analysis performed on the post-processed TRNG sequences indicates an average of 0.935.