The Development of Tiny Encryption Algorithm (TEA) Crypto-Core for ...

2012 IEEE International Conference on Electronics Design, Systems and Applications (ICEDSA)

The Development of Tiny Encryption Algorithm (TEA) Crypto-Core for Mobile Systems Stephanie Ang Yee Hunn1, Siti Zarina binti Md. Naziri1,* Norina binti Idris1

1

School of Microelectronic Engineering, Pauh Putra Campus, Universiti Malaysia Perlis (UniMAP), 02600 Arau, Perlis, Malaysia. *Corresponding email: [email protected] and is then combined together in order to produce the cipher text block as shown in Figure 1. The specification for TEA states a 128-bit key is to be divided into four 32-bit key words and the block size of each encryption is 64-bits, of which is to be divided into two 32-bit words [4]. TEA utilizes a Feistel scheme, noted as F, for its encryption rounds in which one round of TEA includes two Feistel operations and a number of additions and bitwise XOR operations [3] as shown in Figure 2.

Abstract- In this paper, a cryptographic algorithm design called Tiny Encryption Algorithm (TEA) is proposed in order to minimize the memory footprint and maximize the speed. The design was targeted for embedded and mobile systems which concern more on speed and space. In TEA, the plaintext is encrypted and decrypted using the operations from mixed (orthogonal) algebraic groups and a huge number of rounds to achieve security with simplicity. At sixty-four (64) Feistel rounds, a total of 2,883 gates are used in the TEA encryption process with 16.72ns delay time while 2,805 gates are consumed in the decryption process with 14.78ns delay time. With these outcomes, the design is possible to be implemented on mobile devices which require considerable extent of security.

I. INTRODUCTION Tiny Encryption Algorithm (TEA) is a notably fast, simple and Feistel-based block cipher designed to be one of the fastest and most efficient cryptographic algorithm compared to other algorithms such as IDEA and AES.TEA was introduced by Roger M. Needham and David J. Wheeler in 1994. TEA is designed to minimize the memory footprint and maximize speed by making the basic operations weak and very simple while high security is achieved by repeating these simple operations many times. Although TEA has a few weaknesses, most notably from equivalent keys and related-key attacks [12], TEA still provide good security for mobile systems such as RFID where hackers do not have the time necessary to sit down and work on security breaking [3]. This project explores the advantages of TEA to be implemented on mobile systems which has limited resource yet still concern in speed and area. For the understanding of the TEA concept, MATLAB software is used. Whilst other CAD tools in such Altera QuartusII and Mentor Graphics are used for the verification and proof of hardware implementations. The results are discussed in the next sections.

Fig. 1. The abstract structure of TEA encryption routine

A. The Encryption of TEA At first, the 64-bits plaintext is split into two inputs with 32bits each (which are y and z). There are four passkeys that can be defined as the passcode for the user. These passkeys are also assigned as inputs in the TEA architecture. The initial z input value is firstly being left-shifted with 4bits and the result is then being added up with the first passkey which is the K[0] and the result is then being kept aside in the memory named as z_2. The initial z input value is again being used to be added up with a Golden Ratio constant which is 2654435769 in decimal value and the result is being stored in

II. PRINCIPLES OF TEA The basic operation of a TEA is very simple and easy to be understood; started with the inputs to the encryption algorithm is basically a plaintext block and a passkey K. The plaintext is represented by P in which it can be divided into two halves, Left[0] and Right[0] while the cipher text is represented by C (Left[64], Right[64]). Each half of the plaintext, P is being used to encrypt the other half over 64 rounds of processing

978-1-4673-2163-1/12/$31.00 ©2012 IEEE

45

2012 IEEE International Conference on Electronics Design, Systems and Applications (ICEDSA)

the memory named as z_3. The following steps is to reuse again the initial z input value to undergo a right-shift of 5-bits and the result is then being saved in the memory named z_5.

The decryption of TEA is basically almost the same as the encryption of TEA with the function is being reversed. The decryption process started with the encrypted text is now treated as the input of the algorithm in which the final_y is indicated as input_y and final_z is indicated as the input_z. The input_z is initially being left-shifted with 4-bits and the result is then being added up with the third passkey which si the K[2] and the result is then being kept aside in the memory with the name of z_2. The input_z is then being utilized to add up with the Golden Ratio constant and the result is being saved in the memory z_3. The following step is to reuse again the input_z value to undergo a right-shift of 5-bits and the result is being added up with the fourth passkey which is the K[3] with the result being recorded in the memory named z_5.

Fig. 2. Two Feistel rounds (one cycle) of TEA

XOR operation is then being used for all the three values in z_2, z_3 and also z_5. This carry the meaning of z_2 being XORed with z_3 and the result is being XORed again with z_5. This final result is then recorded in the memory named z_6. Furthermore, the value of z_6 must be added up with the initial y input value and the result is hence stored in the memory x_1. One TEA round (half a cycle) is considered as completed up to this point. The encryption process is then being proceed to the next round by left-shifting the value of x_1 with 4-bits and the result is added up with the third passkey which is K[2]. The result is then being kept in a memory named y_2. The process is continued with the x_1 value being added up with the Golden Ratio constant and y_3 memory is used to record the result obtained. Followed by the value of x_1 is again being reused to undergo a right-shift of 5-bits then the result is added with the value of the fourth passkey which is K[3]. The final result is then being saved in the memory y_5. XOR operation is again being used for all the three values in y_2, y_3 and also y_5. This carry the meaning of y_2 being XORed with y_3 and the result is being XORed again with y_5. This final result is then recorded in the memory named y_6. Moreover, the value of y_6 must be added up with the initial z input value and the result is hence stored in the memory x_2. The output (encrypted text) is then indicated as final_y and final_z. The second TEA round (another half of the TEA cycle) is considered completed. A complete cycle of TEA encryption is now repeated for thirty two times to reach the requirement of a full TEA encryption. Figure 3 shows the complete TEA encryption process.

Fig. 3: TEA Encryption Process

The decryption process continued with the z_2 being XORed with the z_3 and the result is agin being XORed with z_5. This final result is then stored in the memory carrying the name of z_6. Next, the value of z_6 must be reduced by the input_y value and the result is being saved in the memory x_1 in order for the one round TEA decryption to be utilized up to this point. The decryption process is then being proceed to the next round by left-shifting the value of x_1 with 4-bits and the result is added up with the first passkey carrying the name of K[0]. Then the output is being kept in y_2 memory. The algorithm is progressed with the x_1 value being added with the Golden Ratio constant and a y_3 memory is utilized to record the result obtained. Followed by the x_1 value is being reused to undergo a right-shift of 5-bits with the output is

B. The Decryption of TEA

46

2012 IEEE International Conference on Electronics Design, Systems and Applications (ICEDSA)

being added up with the value of the second passkey which is K[1]. The final result is then being stored in the y_5 memory. The decryption process is progressed with the y_2 being XORed with the y_3 and the result is again being XORed with y_5. This final result is then recorded in the memory with the name of y_6. Moreover, the value of y_6 must be reduced by the input_z and the result is being saved in the memory x_2. A complete cycle of TEA is now repeated for thirty two times to reach the requirement of a full TEA decryption. The output (decrypted text) is then being compared with the input (plaintext) of the encryption process in order to obtain a same value or message. The TEA decryption process can be illustrated as in Figure 4.

Firstly, the TEA encryption and decryption operation codes are developed in Verilog HDL using the Quartus II software. Then the codes are compiled to obtain the RTL diagram. Next, the Verilog HDL code is compiled using the ModelSim software and appropriate testbenches are created for both the TEA encryption and decryption. After that, the files are all being compiled and the testbenches are simulated in order to verify the behavioural aspects of the design. The output waveform of the decryption process is compared with the input waveform of the encryption process. If both the waveform are the same then operations for both the encryption and decryption process are correct. Furthermore, the simulated files are placed into the Leonardo Spectrum to be synthesized in order to import the Verilog code into the IC Station software to obtain the layout. Total gates being used, delay time, block diagrams as well as the gate level circuits can be obtained during the synthesis process using Leonardo Spectrum of Mentor Graphics. III. RESULTS AND DISCUSSION A. Results generated by MATLAB After running the coding of the TEA encryption, an output display requesting the message (plaintext) to be entered will be shown and the passcode formed by a combination of four different passkeys is to key in as well. Figure 5 shows the plaintext which is ‘StephanieAng’ and the passcode (4321) that have been entered.

Passcodes

Fig. 4. TEA Decryption Process

C. TEA Development using MATLAB Firstly, a blank new file in the MATLAB software is created and the TEA encryption coding is being developed using the MATLAB. The result for TEA encryption is then being simulated. After the simulation of the TEA encryption is successful, the TEA decryption coding is then being developed. The result for the TEA decryption is simulated. Both the results for the encryption and decryption are being compared by entering a plaintext into the TEA encryption process and the encrypted text will be obtained. Next, place the encrypted text is placed into the TEA decryption process to obtain the decrypted text. Lastly the decrypted text is compared with the original plaintext and if the same texts retrieved, then the operations for both the encryption and decryption process are considered successful. D.

Plaintext

Fig. 5. Plaintext and passcode entered

Figure 6 shows the encrypted text obtained after the encryption operation is completed. The value of Final y which is 2673881084 and the value of Final z which is 3495756974 are the encrypted texts obtained. The time consumed to complete this encryption process is 1.817591seconds. The decryption process is continued to ensure that the coding and the algorithm are correct after the encryption process is achieved. A display requiring the user to key in the correct passcode will be shown as in Figure 7 and the correct passcode (4321) is then being entered. Figure 8 shows decrypted text obtained and also the time consumed to complete this decryption process. Notice that the decrypted text is exactly the same as the plaintext which is ‘StephanieAng’ and this proves that both the encryption and decryption process are operating in the correct manner.

TEA Development using CAD Tools

47

2012 IEEE International Conference on Electronics Design, Systems and Applications (ICEDSA)

Encrypted text

process, y is 10101010101010101010101010101010 and z is 11111111111111111111111111111111 which are the same as the original plaintext. From the conducted behavioural simulations, it is proven that both the encryption and decryption process are accurate as compared with the simulations done using MATLAB. The simulated design is than preceded to the next level, which is the synthesis process by another tool by Mentor Graphics that is Leonardo Spectrum. The synthesis process is done for 1-, 32- and 64-cycles of TEA. The result of the synthesis is illustrated in Table 1.

Time consumed

Fig. 6. Encrypted text and the time consumed

Passcodes Fig. 10. Waveform for TEA decryption process

Fig. 7. Correct passcode being entered

TABLE 1 SUMMARY OF THE AREA AND TIMING REPORT FOR 1-, 32- AND 64-CYCLES OF TEA

Fig. 8. Decrypted text and time consumed

B. Results generated by Mentor Graphics Figure 9 shows the waveform of ModelSim by Mentor Graphics for all the parameters inclusive of the inputs which are y and z (plaintext), k_0, k_1, k_2 and k_3 (passcode), clock and also output which are final_y and final_z (encrypted text). The inputs y is set to 10101010101010101010101010101010 while the input z is set to 11111111111111111111111111111111 and all of the passcode are set as 1. After the simulation of the encryption process, final_y is 01011110001101001010100111000010 while the final_z is 11001110110110010011010010100110.

1 Process Total number of gates Delay time (ns)

Enc

Number of TEA cycles 32 64 Dec Enc Dec Enc Dec

1,263

1,253

2,883

2,805

2,805

2804

13.49

13.03

16.72

14.78

16.72

16.66

IV. CONCLUSION The result for the MATLAB approach and the Mentor Graphic approach are both successfully demonstrated as the encrypted decrypted text are matched with the original plaintext. The MATLAB software is a tool which provides a great help in understanding the structure of TEA as it is more flexible. The Altera QuartusII and Mentor Graphic approach however, is the main contributor in providing the exact data needed for a good implementation on hardware, particularly for mobile systems, which includes simulation, verification and layout production. From the conducted hardware implementation on Mentor Graphics using Leonardo Spectrum, it is found that the design consumed 2,883 gates for a 64-cycles TEA encryption process with 16.72ns delay time, while 2,805 gates are used in the decryption process with 14.78ns delay time.

Fig. 9. Waveform for TEA encryption process

Figure 10 shows the waveform for all the parameters inclusive of the inputs which are final_y and final_z (encrypted text), k_o, k_1, k_2 and k_3 (passcode), clock and also the outputs which are y and z (decrypted text). The encrypted text has become the inputs for the decryption process in which the final_y and final_z are set to 01011110001101001010100111000010 and 11001110110110010011010010100110 and all of the passcode are set as 1. After the simulation of the decryption

ACKNOWLEDGMENT This project is funded under the Exploratory Research Grant Scheme (ERGS) (9010-00004) lead by Siti Zarina binti Md Naziri, lecturer of School of Microelectronic Engineering, UniMAP.

48

2012 IEEE International Conference on Electronics Design, Systems and Applications (ICEDSA)

REFERENCES [1] [2] [3] [4] [5]

John Kelsey, Bruce Schneier, and David Wagner, “Key-schedule cryptanalysis of IDEA, -DES, GOST, SAFER, and Triple-DES,” LNCS, Vol. 1109, pp. 237-251, Springer-Verlag 1996. John Kelsey, Bruce Schneier, and David Wagner, “Related-key cryptanalysis of 3-Way, Biham-DES, CAST, DES-X NewDES, RC2, and TEA,” LNCS, Vol. 1334, pp. 233-246, Springer-Verlag 1997. P. Israsena, “Securing Ubiquitous and Low-cost RFID using Tiny Encryption Algorithm”, Proc ICICS 2006, Dec 2006. Jessie Grabowski and Jeff Keurian, “Tiny Encryption Algorithm.” Internet:http//people.rit.edujwg6168crypto TEA_Grabowski_Keurian.pdf, Sept. 05, 2010 [Dec. 08, 2011]. David J. Wheeler and Roger M. Needham, “TEA, a tiny encryption algorithm.” Proc.First International Conference on Security in Pervasive Computing, Boppard, Germany, March 12-14, 2003

49