DES/3DES Encryption/Decryption Cores
CS5010-40
Virtual Components for the Converging World
TM
The CS5010-CS5040 DES/3DES Encryption/Decryption cores are designed to achieve data privacy in digital
broadband, wireless, and multimedia systems. These high performance application specific silicon cores support
the Data Encryption Standard (also referred as Data Encryption Algorithm) as described in the NIST Federal
Information Processing Standard 46-3. They offer an efficient means of providing both DES and Triple DES
encryption and decryption in one core in order to rapidly construct complete security solutions. The DES/3DES
family of cores are available in both ASIC and programmable logic versions that have been hand crafted by
Amphion to deliver high performance while minimizing power consumption and silicon area.
Patient
Room
Camera
Nurse
Station
PC
MPEG-2
Encoder
MPEG-2
Decoder
Security
Gateway
High Speed
DES/3DES
Encoder
10/100-Base
T-Hub
Security
Nurse
Gateway
Station
High
PC
Speed
DES/3DES
Decoder
Figure 1: Example of a Secure Audio/Video Based Remote Patient Monitoring System Using DES/3DES
ENCRYPTION CORE FEATURES
Table 1: CS5010-40 Features at a Glance
CS5010
Ultra Compact
Fully compliant with DES NIST FIPS 46-3
DES and Triple DES Support
32-bit I/O
128-bit I/O
28-bit Key Input Port
56-bit Key Input Port
EDE2 and EDE3 Triple DES
(112- or 168-bit key length)
CS5020
Compact
•
•
•
CS5030
High
Speed
•
•
•
CS5040
Ultra HIgh
Speed
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Optimized for
Amphion continues to expand its family of application-specific cores
See http://www.amphion.com for a current list of products
1
CS5010-40
♦
DES/3DES Encryption/Decryption Cores
APPLICATIONS
Electronic financial transactions
- eCommerce
- Banking
- Securities exchange
- Point-of-Sale
Secure corporate communications
- Storage Area Networks (SAN)
- Virtual Private Networks (VPN)
- Video conferencing
- Voice services
♦
Personal mobile communications
- Video phones
- PDA
- Point-to-Point Wireless
- Wearable computers
Secure environments
- Satellite communications
- Surveillance systems
- Network appliances
♦
♦
DATA ENCRYPTION ALGORITHM
The Data Encryption Algorithm is an iterated block cipher
with a Feistel structure that encrypts and decrypts data in 64-
bit data blocks using a 56-bit key. The algorithm consists of:
•
•
•
An initial permutation of the input data
Sixteen rounds of the same process - the DES round
A final inverse initial permutation of the data
Figure 2 represents a block diagram of the Data Encryption
Algorithm. A DES round transforms the data using
permutations, additions and non-linear substitutions. The
DES key schedule consists of three parts:
1.
2.
Key Permutation - to remove the eight redundant parity
bits within the 64-bit key, and to permute the key
Scheduled Circular Shifting - the permuted key is circu-
larly shifted according to a schedule by either 1 or 2 bits,
to the left or right.
Key Compression - the 56-bit shift key is compressed
using another permutation, or rearrangement, to obtain a
48-bit subkey.
3.
The Triple Data Encryption Algorithm offers increased
security by extending the DES key to 112 or 168 bits, thus
greatly reducing the effectiveness of exhaustive key searches
or "brute-force" attacks. Triple DES is simply three successive
DES operations in the sequence of encrypt-decrypt-encrypt, or
decrypt-encrypt-decrypt if decrypting data.
Figure 2: DES Algorithm Structure
2
Optimized for
TM
FUNCTIONAL DESCRIPTION
The Amphion series of DES/3DES cores offer a complete
solution to maintaining legacy DES functionality for modern
data encryption needs, offering a simple interface, no internal
or external memory usage, no external keyspace processing,
and a highly efficient design offering unparalleled
performance.
The CS5010 Ultra Compact DES/3DES and the CS5020
Compact DES/3DES Cores are designed to offer an efficient
yet high performance means of both DES and Triple DES
encryption/decryption, with the emphasis on reduced
resource usage.
The CS5030 High Speed DES/3DES Core offers an increased
data throughput in comparison to the Compact Cores, while
still achieving a highly efficient hardware implementation.
The CS5040 Ultra High Speed DES/3DES Core is designed to
provide a high performance solution while still achieving a
relatively low resource usage.
The Ultra Compact DES/3DES Core is capable of all DES
standard modes of operation. The use of these added modes
of operation on Compact, High Speed and Ultra High Speed
DES/3DES Cores is subject to conditions. For example, it is
impractical to use a fully pipelined DES core to perform CBC
mode, as the data throughput of the hardware would have to
be substantially reduced in order to support the feedback
XOR operation between output and input of the DES core.
All versions of the Amphion DES/3DES cores follow the block
diagram shown in Figure 3.
The DES/3DES cores are excellent complements to other
Amphion cores. For instance they can be combined with the
CS6650 MPEG-2 Decoder to rapidly construct a secure patient
monitoring system, and they can be combined with the
CS4191 ADPCM codec to achieve secure, high speed, high
channel-count speech processing in Voice-over-Packet (VoP)
systems.
The Amphion encryption/decryption cores are also an
excellent choice for VPN security ICs incorporated into
broadband switches, routers, firewalls and remote access
concentrators. Likewise, the cores are an ideal fit for the
Secure Socket Layer (SSL) channel ICs used in Web servers,
WAP gateways and other access applications requiring a high
number of parallel SSL channels to carry out eCommerce.
Control Logic
Plaintext/
Ciphertext
Input
Buffer
DES Round
Transformations
Output
Buffer
Ciphertext/
Plaintext
Key
Key
Buffer
Key
Scheduler
Figure 3: Block Diagram of DES/3DES Cores
Optimized for
3
CS5010-40
DES/3DES Encryption/Decryption Cores
CS5210-40 SYMBOL AND PIN DESCRIPTION
Table 2 describes the input and output ports (shown graphically in Figure 4) of the CS5010-40 series of DES/3DES encryption
cores. Unless otherwise stated, all signals are active high and bit(0) is the least significant bit.
D
DADDR
DLOAD
KEY
KADDR
KLOAD
MODE
TRIPLE
EDE
CLK
RST
Figure 4: CS5010-40 DES/3DES Symbol
DSTAT
DES/3DES
QSTRB
QADDR
Q
4
Optimized for
TM
Table 2: CS5010-40 DES/3DES Cores Interface Signal Definitions
Signal
D
DADDR
I/O
I
I
Width (Bits)
32 (64 Ultra High Speed)
1 (Ultra Compact)
2 (Compact)
3 (High Speed)
0 (Ultra High Speed)
1
28 (56 Ultra High Speed)
2
1
1
1
1
1
1
1
Description
Input Plaintext/Ciphertext data
Input Plaintext/Ciphertext data address, 0: the lowest 32-bit word
DLOAD
KEY
KADDR
KLOAD
MODE
TRIPLE
EDE
CLK
RST
DSTAT
I
I
I
I
I
I
I
I
I
O
Load input Plaintext/Ciphertext enable
Encryption key data
Encryption key address, 0: the lowest 28-bit word
Load encryption key
Encryption/Decryption mode select, 0: Encryption. 1: Decryption
DES/3DES mode select, 0: DES, 1:3DES
Triple DES key selection mode, 0:EDE2, 1: EDE3
System clock, rising edge active
Asynchronous reset
Input port status
This signal will be
Asserted
when the core is ready for loading the
highest word of the next 64-bit data block, or the highest word of the
multiple input DES blocks available in the Compact or High Speed
cores. The lower words can be loaded at anytime in the period
when DSTAT is LOW depending on the key-size selection
Output strobe indicating the Plaintext/Ciphertext word Q is valid
Output Plaintext/Ciphertext data address, 0: the lowest 32-bit word
QSTRB
QADDR
O
O
1
1 (Ultra Compact)
2 (Compact)
3 (High Speed)
0 (Ultra High Speed)
32 (64 Ultra High Speed)
Q
O
Output Plaintext/Ciphertext data
Optimized for
5
京公网安备 11010802033920号
EEWORLD
