Triple DES, 3-DES Network Encryptor



Synopsis

Triple Data Encryption Algorithm (3DES) is an advancement of the popular DES standard.  3DES utilizes symmetric key block cipher. Using three unrelated 64 bit keys, 3DES was created to encrypt 64 bit blocks of data.    In DES block, each key is utilized as an input. Without creating an entire new cryptosystem, 3DES can highlight the apparent defect in DES. Through exerting the algorithm three times in progression with three unlike keys, 3-DES simply enhances the key size of DES. As DES utilizes a 56 bit key and it is not adequate to encrypt sensitive data. Therefore, the merged key size is 168 bits (Three times 56 bits as in DES).

Introduction

Because of the excessive computational performance, 3DES is considered a weighty cipher. Most essential parts of 3DES algorithm are the substitution boxes.  These boxes have maximum efficiency when executed in hardware. Substitution box contains 64 4-bit digits, through which replacement of substitution box input bit takes place. With only one iteration round block, sub key generator and state machine, it was feasible to carry out the essential implementation because 3DES composed of 48 consecutive identical iterations. 3DES transpire to be extremely complex and demanding resources.  The encryption and decryption services applied among the host system and network use 3DES.   Here the host system provides security information, which is utilized together with a set of secret keys for 3DES processing data.  It utilizes an intermediate outcome fed back to  the DES engine of the 3DES IPsec circuit.

Invention

Data or message utilizing a single secret key can be encrypted or decrypted by 3DES. The message is decrypted at the IP layer, in the receiver system, in which the sender and receiver systems allocate a public key via security association. Key allocation is typically achieved through an internet security association and key management protocol that authorize the receiver to acquire a public key and validate the sender utilizing digital certificates. For the host system utilizing a single DES engine, the invention belongs to enhanced security processing circuits of a host system and methods for executing 3DES encryption and decryption services.  Inside the single DES engine processing, the enhanced circuit make use of a distinctive circuit component positioning to deliver shortened path timings. The permutation and inverse permutation blocks are detached from these critical path timings of the three independent DES processing operations and transferred to the inception and end of the 3DES process.

3DES Cipher Block Chaining with External Feedback

One more 3DES mode that is the segment of a suite of encryption modes in the American National Standards Institute (ANSI) X9.F.1 3DES draft standard (X9.52). One of these modes is entitled as 3DES external feedback cipher block chaining. There are some advantages of 3DES external feedback cipher block chaining. First, the input and output block size is 64 bits, similar to normal DES. Second, it is reverse compatible with respect to single key DES encryption, utilizing one key value for all the three key inputs due to which identical output appears as a single DES encryption. Third, it has restricted error propagation, if one block of cipher text is corrupted, only two blocks of retrieved plain text will be corrupted. This is recognized as the self-synchronizing property of cipher block chaining encryption. Fourth, it is impenetrable to cryptanalytic exhaustive key search attacks.

Encryption Module

In the network encryptor, the encryption module is incorporated twice. First, for downstream encryption. Second, for upstream decryption. Each of them can execute DES encryption and decryption, since the 3DES algorithm with two keys in the encryption-decryption-encryption scheme requires both. Encryption data is laden from First In First Out (FIFO) buffers which assemble data byte wise from an asynchronous interface. For asynchronous, the output FIFO buffers an encrypted block. Entire DES encryption acquires 42 clock cycles, 3DES encryption acquires 108 cycles and plaintext loading acquires 12 cycles. No extra clock cycles are needed in cipher block chaining mode. A version utilizing one clock cycle per round would spend comparatively additional time for loading than for encryption, would have greater logical functions and would require a more complicated sub key generator.

Conclusion

3DES encryptor is a single chip formula to encrypt network communications. It is optimized for throughput and rapid switching among viral connections. 3DES security processing circuit is provided as a security component of a network interface device, embracing a bus interface to relocate data among the network interface device and a host system, and a media access control system to relocate data among the network interface device and the network. 3DES algorithm in outer cipher block chaining mode, the encryptor can simultaneously encrypt and decrypt two 155 Mbps data stream. 3DES implementations with less area and rational throughput and on the other side, with huge area with high throughput are perceived. The implementations still leave sufficient chip area for the further MAC functions, despite the fact that 3DES appears to be quite big and resource demanding. Therefore, the set conditions are met and the cipher can be integrated into the system.

References

 


Comments

No comments yet. Be the first to chime in!