1. Encryption Transaction with 3DES Team W2 Yervant Dermenjian (W21) Taewan Kim (W22) Evan Mengstab(W23) Xiaochun Zhu(W24) Objective: To implement a secure credit card transaction using 3DES encryption using Kerberos-style authentication. Current Stage: Short Final Presentation 04/12/2004 Design Manager: Rebecca Miller

2. Status Update  Have not found source of voltage drop on Vdd problem  Debugging Attempts 1) Simulate PC alone with long Vdd & Gnd rails: Works 1) Simulate PC alone with long Vdd & Gnd rails: Works 2) Simulate (1) with min sized buffers on input AND output: Works 2) Simulate (1) with min sized buffers on input AND output: Works 3) Simulate PCROM alone with long Vdd & Gnd rails: Works 3) Simulate PCROM alone with long Vdd & Gnd rails: Works 4) Simulate (3) with min sized buffers on input AND output: Works 4) Simulate (3) with min sized buffers on input AND output: Works 5) Simulate PC & PCROM together without resistances: Works 5) Simulate PC & PCROM together without resistances: Works 6) Simulate PC & PCROM together with resistances: Doesn't Work 6) Simulate PC & PCROM together with resistances: Doesn't Work 7) Remove excess M1 to Gnd contacts in ROM and decoder in (6): Doesn't Work 7) Remove excess M1 to Gnd contacts in ROM and decoder in (6): Doesn't Work 8) Do (7) with NWell and contacts along long Vdd rail: Works 8) Do (7) with NWell and contacts along long Vdd rail: Works They’re connected by a few microns of wire: Shouldn’t be a problem They’re connected by a few microns of wire: Shouldn’t be a problem  Workaround: Layed Vdd and Gnd rails everywhere possible  Runs at 150MHz

3. Project Description  Implement Triple DES Encryption using 0.18μ CMOS technology  Attain speeds appropriate for application in Automated Teller Machines (200MHz)  Integrate Encryption into ATM transation  Use Kerberos-style authentication Encrypt User Information as data using CC# and Pin as Keys Encrypt User Information as data using CC# and Pin as Keys Transaction Authorizer decrypts using CC# and Pin (which they know) Transaction Authorizer decrypts using CC# and Pin (which they know)  Credit Card Number and PIN are never transmitted, but are essential to authenticate

4. Marketability  Point-of-sale terminals transmit your name, credit card number, and expiration dates ‘in the clear.’  Credit and charge card fraud costs cardholders and issuers hundreds of millions of dollars each year  Using Kerberos-style authentication, we transmit encrypted information that can be verified by the card authorizer without actually containing sensitive information.  Uses existing cards and phone network  Finalist for the 2001 Advanced Encryption Standard  April 1, 2005 – MasterCard requires all ATMs be 3DES compliant

5. System Integration Triple DES Compliant Encrypted Card# + PIN Verified Unencrypted Card# + PIN Triple DES Encryption

6. The 3DES Algorithm  Overview Block Cipher - acts on a 64-bit block of plaintext Block Cipher - acts on a 64-bit block of plaintext Converts it into a 64-bit block of cipher text using a 56-bit key Converts it into a 64-bit block of cipher text using a 56-bit key Specified in FIPS Pub 46-3 Specified in FIPS Pub 46-3 Symmetric Key Cipher – encryption & decryption use same key Symmetric Key Cipher – encryption & decryption use same key  DES vs. 3DES 3DES applies 3 stages of DES with a separate key for each stage 3DES applies 3 stages of DES with a separate key for each stage Total key length in 3DES is 56 bits x 3 key = 168 bits Total key length in 3DES is 56 bits x 3 key = 168 bits  Stages Stage 1: Encrypt plaintext with Key 1 Stage 1: Encrypt plaintext with Key 1 Stage 2: Decrypt cipher text from Stage 1 with Key 2 (produces new cipher text) Stage 2: Decrypt cipher text from Stage 1 with Key 2 (produces new cipher text) Stage 2: Encrypt cipher text from Stage 2 with Key 3 Stage 2: Encrypt cipher text from Stage 2 with Key 3

7. 3DES Algorithm Flowchart (I) DES DES -1 DES Plain Text DES -1 DES Cipher Text K1K1K1K1 K2K2K2K2 K3K3K3K3 Encryption Decryption

8. 3DES Algorithm Flowchart (II) 64 bit plain Text cipher Text Initial Permutation Final Permutation 16 Rounds Encryption Extension 32 bit 48 bit 48 Bit XOR S Box 32 Bit XOR Right Half Left Half Subkey SingleRound

9. 3DES Algorithm Flowchart (III) Final Permutation 48 bit Sub-key [ I ] I=16? Key Schedule 56bit Key I=1 Left/Right Half 28 bits Left Barrel Shift Initial Permutation I=I+1 Ready Y N

10. Original Floorplan PC (wiring) 64 -> 56 64’b 2:1 demux 56’b Key Latch 56’b 2:1 mux KeySub 56’b Register Des_ShiftREnc_ShiftL 32’b 2:1 demux 64’b 2:1 mux IP (wiring) Text 64’b Reg IP -1 Wiring Expand 48’b XOR 56’b 2:1 mux PC-2 wiring 56b -> 48b S-box 512 x 4’b P Wiring 32’b XOR Program Control (Instruction ROM) Input Output 377.44 um 334.37 um 64’b 2:1 mux 125,534 um 2 =.126 mm 2 Density.09 Trans/um 2 Revised Floorplan Total Area: 111947 um 2 = 0.112mm 2 Transistor Density: 0.136 trans/ um 2 269 um PC (wiring) 64 -> 56 64’b 2:1 demux 56’b Key Latch 56’b 2:1 mux KeySub 56’b Register Enc_ShiftL 32’b 2:1 demux 64’b 2:1 mux IP (wiring) Data Reg (L) 32’b IP -1 Wiring Expand 48’b XOR PC-2 wiring 56b -> 48b S-box 512 x 4’b P Wiring 32’b XOR Program Control (Instruction ROM) Input Output Dec_ShiftL Data Reg (R) 32’b 32’b 2:1 mux 415 um

11.  Verify C Simulation C Simulation Behavioral Behavioral Schematic Schematic Layout Layout Verification Expected Output : 2f 81 a8 bf 3c 6b df b4 C code Verification Behavioral Verification Structural Verification

12. Spice Verification

13. Problems Encountered  Spice Simulation Vdd Strength drops along conductor wires Vdd Strength drops along conductor wires No DC path to ground from node No DC path to ground from node  Layout Interconnections between components back and forth due to complicated algorithm Interconnections between components back and forth due to complicated algorithm Permutations take too much space Permutations take too much space

14. Module Specifications

15.  Input Pins 32 Data Pins (used for input text and keys) 32 Data Pins (used for input text and keys) 1 Clock Pin 1 Clock Pin 1 Reset Pin (asserted high) 1 Reset Pin (asserted high) 1 Vdd Pin 1 Vdd Pin 1 Ground Pin 1 Ground Pin  Output Pins 32 Cipher Text Pins (64’b cipher text delivered over 2 clocks) 32 Cipher Text Pins (64’b cipher text delivered over 2 clocks) 1 Valid Output Pin 1 Valid Output Pin 1 Get Next Key Pin 1 Get Next Key Pin  Total Pin Count: 70  Chip Aspect Ratio: 1.03  Chip Area: 139093 μm 2 = 0.139093 mm 2  Total Transistor Count: 13,697 (PMOS: 4,324 NMOS: 9,373)  Transistor Density: 0.09847 transistors/μm 2 = 10.155 μm 2 /transistor  Operation: 256’b Input 64’b Output over 54 clock cycles  Faster Clock Speed: 150MHz  Total Throughput: 169.54 Mbits / second Overall Chip Specifications

16. Layer Masks

17. Full Chip Layout Initial Permutation Barrel Shifting Initial Permutation Final Permutation Text Register P Permutation S BOX ROM and Decoders Program Control Input Latch Key Register PC2 Perumtation XOR Expand Permutation

18. Final Presentation Breakdown  MarketingEvan  Algorithm DescriptionXiaochun  Design ProcessEvan  Floorplan EvolutionTaewan  VerificationTaewan  IssuesYervant  SpecificationsXiaochun  LayoutYervant  ConclusionsYervant