This is a Chisel implementation of ZUC-128 (a 3GPP LTE Stream Cipher) used in 4G networks security.
Called also as Zu Chongzhi’s cipher, ZUC-128 stream cipher is designed on the basis of 128-bit key. Including encryption algorithm 128-EEA3 and integrity algorithm 128-EIA3, it is mainly used for data encryption and integrity protection of mobile communication systems. It has high performance and low latency suitable for 4G network speed.
ZUC is a stream cipher that forms the heart of the 3GPP confidentiality algorithm 128-EEA3 and the 3GPP integrity algorithm 128-EIA3, offering reliable security services in Long Term Evolution networks (LTE). It is used for data encryption and integrity protection of mobile communication systems and provide message encryption and ID authentication.
In September 2011, ZUC-128 was approved as the LTE international standard cipher for 3GPP at the 53rd 3GPP Meeting for System Architecture Group held at Fukuoka, Japan which is compatible with 4G. Stream cipher ZUC 128 plays a crucial role in the next generation of mobile communication as it has already been included by the 3GPP LTE-Advanced, which is a candidate standard for the 4G network. Further it has been extended as ZUC 256 which is candidate for 5G mobile communication network.
Project details:
Algorithm implemented:
ZUC-128
ZUC
is a word-oriented stream cipher. It takes a 128-bit initial key and a 128-bit initial vector (IV) as input, and outputs a keystream of 32-bit words (where each 32-bit word is hence called a key-word). This keystream can be used for encryption/decryption.
The execution of ZUC has two stages: initialization stage and working stage. In the first stage, a key/IV initialization is performed, i.e., the cipher is clocked without producing output. The second stage is a working stage. In this stage, with every clock pulse, it produces a 32-bit word of output.
We have completed the Scala implementation along with necessary helper functions and testing with stages broken down into testing the input to all stages(LFSR, F(), before and after initialization mode). Finally the required output (keystream) generated is tested.
For our Chisel implementation, we have used FSM and have made the IO decoupled in order to enable its smooth interfacing with any bigger application like 3GPP Confidentiality and Integrity Algorithms. Since the scope of this project limits implementation of applications using the Stream Cipher, we intend to make the ZUC-128 Stream Cipher well enough to be used as a submodule without requiring changes for interfacing with any application module.
Following are the details (internal working of algorithm) of Chisel implementation:
-
we have 4 FSM states : idle :: loadKey :: initMode :: workMode :: genKeystream
idle : In reset state or when the KeyStream genration is done.
loadKey : System is ready and takes in all the inputs in load_cycle cycles.It initializes 16 LFSR(Linear feedback shift registers) registers and set F_R registers to 0. We have parallelized the loading of inputs into multiple cycle upto 16 to load 16 LSFR registers from Input Key, IV and constant Ek_d.
initMode : After loadKey, cipher enters initMode and iterates through following stages 32 times (32 cycles). Breaks down the Input into 4 words (BitReorganization) and use it within a non-Linear function (F) and LFSR to generate the KeyStream. The function F transforms the words using some Linear and non-linear transforsations. Inputs from function F and BitReorganization stage are used by the LFSRs to carry-out shifting and arithmetic/logical operations to generate the keystream in Workmode. This stage does not provide any output.
workMode : After initialization operation is done, it does further tranformations on the hardware components listed below in order to generate keystream in next stage. This state is for 1 clock cycle.
genKeystream : This stage generates each word of keystream in each cyle. So, this stage operates for "keystreamlength" number of cycles to generate each word of KeyStream at each cycle. We have parametrized the implementation to support variable number of Keystreamlength and tested with all test vectors upto length 32.
Hardware components involved in implemenation:
- LFSR_S(16)
- F_R0 and F_R1
- BRC_X(4)
- W
- S0 and S1 boxes constant as specified in spec
- Ek_d constant as specified in spec
Testing the code:
4 set of test vectors have been used to test the Scala implementation exhaustively.
These can all be run using : testOnly ZUC_128.ZUC_128_ModelTester
If you want to execute individual tests, you can run testOnly ZUC_128.ZUC_128_ModelTester -- -t "<name of the test>"
. For example: testOnly ZUC_128.ZUC_128_ModelTester -- -t "LFSR value for the POST initialization mode. TC:1"
will run a test for test case 1.
The basic working algorithm has been implemented in Chisel as well.
Testing of this implementation can be executed by running: testOnly ZUC_128.ZUC128Tester
.
If you want to execute individual tests, you can run testOnly ZUC_128.ZUC128Tester -- -t "<name of the test>"
. For example: testOnly ZUC_128.ZUC128Tester -- -t "Hardware ZUC128 should generate correct keystream for Test Vector 1"
will run a test for test case 1.
Following are the deliverables:
- Scala model: https://github.com/sakshi15108/CSE293Project/blob/main/src/main/scala/ZUC_128/zuc_128.scala
- Scala test: https://github.com/sakshi15108/CSE293Project/blob/main/src/test/scala/Zuc_128/Zuc128_Test_suit.scala
- Chisel Implementation: https://github.com/sakshi15108/CSE293Project/blob/main/src/main/scala/ZUC_128/zuc128HW.scala
- Chisel test: https://github.com/sakshi15108/CSE293Project/blob/main/src/test/scala/Zuc_128/zuc128HW_Test.scala
References and Links:
[1]. Specification of the 3GPP Confidentiality and Integrity Algorithms 128-EEA3 & 128-EIA3. Document 1: 128-EEA3 and 128-EIA3 Specifications.
[2].) Specification of the 3GPP Confidentiality and Integrity Algorithms 128-EEA3 & 128-EIA3. Document 2: ZUC Specification.
[3]. Specification of the 3GPP Confidentiality and Integrity Algorithms 128-EEA3 & 128-EIA3. Document 3: Implementor’s Test Data
[4]. http://www.jcr.cacrnet.org.cn/EN/10.13868/j.cnki.jcr.000228
Presentation: The details of interface, parameters, state machine and other details are explained in below presentation: https://github.com/sakshi15108/CSE293Project/blob/main/ZUC_128.pdf