128-Bit LEA Block Encryption Architecture to Improve the Security of IoT Systems with Limited Resources and Area

to Improve the Security of Systems Limited Resources and Area ░ ABSTRACT - The LEA block encryption algorithm is an architecture suitable for IoT systems with limited resources and space. It was developed by the National Security Technology Research Institute in 2013 and established as an international standard for cryptography by the International Electrotechnical Commission in 2019, drawing much attention from developers. In this paper, the 128-bit LEA block encryption algorithm was light weighted and implemented in a hardware environment. All modules share and reuse registers and are designed and implemented in a bottom area through the resource sharing function. As a result of synthesis using Xilinx ISE 14.7 Virtex-5 as a design environment, the maximum frequency achieved 190.88 MHz and has a processing speed of up to 128 Mbps. Compared to the previously designed architecture, we present a bottom-level hardware design with a 128-bit LEA algorithm implemented with a 49.8% reduction in Flip-Flop, 18.8% reduction in LUTs, and 67.6% reduction in Slices.


░ 1. INTRODUCTION
Data has become a vital commodity in the era of the Fourth Industrial revolution. As the Fourth Industrial Revolution broke out, most of the information and documents stored as data [1]. Accordingly, data exchange takes place online, and data has become an important resource [2,3]. Therefore, data has commercial value, such as being used for e-commerce, personal information, and cryptocurrency. Several encryption technologies are applied to protect this important data [4,5,16]. Furthermore, various encryption technologies are evolving or are securing developed. Currently, ubiquitous technologies such as IoT are applied in various fields such as healthcare, education, energy, and smart home [6,7,17]. As the domestic and industrial consumption of these technology increase, network attacks on IoT technologies are also increase [8]. To solve this problem, when applying existing SPN-structured cryptographic algorithms such as AES [9] or ARIA [10] in software, the code size increases, and problems such as large memory usage and decreased speed occur, and lightweight cryptographic algorithms such as HIGHT [11] and LEA [12] of ARX structure were developed. The algorithm realized weight reduction by applying the concept of the Feistel structure and applying Addition, Rotation, and XOR operations with low computational costs. To reduce the hardware area of the LEA algorithm architecture, an architecture using minimal operational function maintenance, register reuse, and resource sharing is proposed.

Feistel Structure
The LEA algorithm is a block cipher algorithm based of the Feistel structure [13]. The Feistel structure is a type of block cipher that alternately performs substitution and permutation. Since the Feistel structure uses the same components for encryption and decryption, it is not necessary to configure different algorithms, so it is suitable for area reduction. The encryption method of the Feistel structure divides the information to be encrypted into two half's of information of the same bit length (L0, R0). A secret key used in each round is defined as Ki, and a function performed in each round is defined as F. In each round, the following operations are named R0 of the first round is stored in L1 of the next round, and R0 is substituted into the round function F using the key K1. The calculated value is added to the value of L0 and then stored in R1 of the next round. This is repeat until the last round. After all rounds are finished, Li and Ri are finally encrypted half values. Conversely, in decryption, Li and Ri are calculated in reverse order of encryption, and when all rounds are completed, L0, R0 becomes the decrypted half values. Figure 1 shows the encryption/decryption flow of the Feistel structure. It is a process of encrypting from round 1 to round i and decrypting from round i to round 0 in reverse order. LEA cipher security is further strengthened by applying the GFN-Type3 structure that expanded the above Feistel structure.
Website: www.ijeer.forexjournal.co.in 128-Bit LEA Block Encryption Architecture to Improve the Security of IoT Systems with Limited Resources and Area

128-bit LEA Algorithm Enc/Dec Process
The 128-bit standard LEA encryption process consists of a key schedule function that generates 24 round keys for 192-bit encryption with a 128-bit secret key and an encryption function that converts 128-bit plaintext into 128-bit ciphertexts using round keys and round functions. Figure 2 shows the encryption/decryption architecture of LEA. The encryption/decryption round key RKenc/dec is generated through the key schedule function with the secret key, and Roundenc/dec is performed with the generated round key and plaintext/ciphertexts.

Top Module
The top module is encapsulating module of the 128-bit sub module. It has a round key generator, an encryption/decryption module, a module controller, two 128-bit registers, and one 32-bit register. The length of key required for the round function of the 128-bit LEA algorithm is 192-bit. However, 128-bit round keys are generated, and the remaining 64-bit is rearranged and used. Therefore, the actual required register size is 128-bit. The two 128-bit registers in the top module are used as round key buffers and buffers that store a single round of encryption/decryption data, respectively. One 32-bit register is used to store the previous data required in the encryption/decryption function. The select signal of the top module functions to choose between encryption/decryption mode of operation. In the top module, encryption/decryption is performed by inputting plaintext or ciphertext. Two counters are used within the top module. The first counter divides 128bit into 32-bit units and uses them to determine the bit address of the divided round key and ciphertext to process. The second counter is used to control the repetition of the round function from the first round to the last round during encryption/decryption. Figure 3 shows the internal architecture and flow of data in which 128-bit plaintext blocks are calculated in 32-bit units using a round key module, an encryption/decryption module, and a counter. The top module was able to recycle registers to generate round keys that required 192-bit using only 128-bit of registers. As a result, the area of the entire module is reduced. Round data is controlled in 32-bit units, and data is rearranged in 8-bit units in the first and last rounds.

Round Key Generator Module
One round key is generated by dividing 128-bit round keys into 32-bit (T[x]) through ARX operations during four clock cycles. The LEA algorithm uses the same master round key from the first round to the 24th round for both encryption and decryption. During encryption, 24 round keys are generated in the encryption/decryption module using the expression in Table 1, sequentially from the first round key to the 24th round key. During decryption, 24 round keys are generated in the encryption/decryption module using the expression in Table 2 in reverse order from the 24th round key to the first round key.  Figure 4 implements the expressions described in Tables 1 and  2 in hardware, and the 32-bit variables stored in the register are selected according to round, and the selected variables are generated 32-bit by calculating ROL/ROR, add, subtract, and ROL/ROR according to encryption or decryption. The round key generation module was implemented in a bottom area using resource sharing, and the processing speed during decoding was optimized by calculating the round key generation function in reverse order.

Encryption/Decryption Module
The encryption/decryption module has functions that perform encryption and decryption, and encryption or decryption is determined according to the select signal. For each round, the encryption/decryption module operates three times, and a total of three clock cycles are required to encrypt 128-bit of data. The encryption module performs encryption by receiving a round key (RKi enc/dec ) divided into 32-bit and data under encryption (Xi) divided into 32-bit. In the encryption process, as shown in Table 3, two plaintext blocks divided into 32-bit and two round key blocks divided into 32-bit are generated through ARX operations ░  Figure 5 shows an encryption process of LEA in which the encryption process of the i th round is sequentially performed three times, and the previously calculated Xi[0] value is stored in a 32-bit buffer in the third cycle, and Xi+1[0], Xi+1 [1], Xi+1 [2] and Xi+1 [3] values of the next round are stored.
In the decoding process, as shown in Table 4, two 32-bit ciphertext blocks and two 32-bit round key blocks are generated through ARX operations. Figure 6 shows a decryption process of LEA in which the decryption process of the i-th round is sequentially performed three times, and the previously calculated Xi [3] value is stored in a 32-bit buffer in the third cycle and Xi+1[0], Xi+1 [1], Xi+1 [2] and Xi+1 [3] values of the next round are stored.   [2]))⊕RKi dec [3] Xi+1 [3] (ROR3(Xi [2])⊟(Xi+1 [2]⊕RKi dec [4]))⊕RKi dec [5] International Journal of Electrical and Electronics Research (IJEER) Open Access | Rapid and quality publishing Research Article | Volume 10, Issue 2 | Pages 245-249 | e-ISSN: 2347-470X Website: www.ijeer.forexjournal.co.in 128-Bit LEA Block Encryption Architecture to Improve the Security of IoT Systems with Limited Resources and Area Figure 7 shows the internal architecture of the encryption/decryption module that performs the encryption/decryption process shown in Figure 5 and 6 and the flow of data accordingly. The encryption/decryption module performs encryption/decryption by receiving two 32bit plaintext/ciphertext and two 32-bit current round keys from the top module.

░ 4. VERIFICATION AND ANALYSIS OF PROPOSED ARCHITECTURE
The proposed ultra-lightweight LEA 128-bit LEA encryption/decryption module was designed in Verilog HDL using Xilinx ISE 14.7 and tested and implemented on a virtex-5 FPGA device. To confirm the correct operation, Figure 8 shows the simulation results of the designed LEA module. When 128-bit plaintext "128'h10111213_14151617_18191a1b_1c1d1e1f" and 128bit secret key "128'h0f1e2d3c_4b5a6978_8796a5b4 c3d2e1f0" were input, 128-bit ciphertext "128'h9fc84e35_28c6c618_5532c7a7_04648bfd" was output. Conversely, when the 128-bit ciphertext "128'h9fc84e35_28c6c618_5532c7a7_04648bfd" was decrypted using the 128-bit secret key "128'h0f1e2d3c_4b5a6978_8796a5b4 c3d2e1f0", it was confirmed that the 128-bit plaintext "128'h10111213_14151617_18191a1b_1c1d1e1f" was output, such as the plaintext before encryption.
The maximum operating frequency of the proposed ultralightweight LEA encryption/decryption architecture is 190.88 MHz, requires 191 clock cycles during encryption as shown in Table 5, and has a throughput of 128 Mbps. A 283 clock cycle is required for decryption and has a throughput of 86 Mbps. The encryption-only architecture of the ultra-lightweight LEA module occupied or required 296 FFs, 501 LUTs, and 363 slices as shown in Table 5, and the encryption/decryption architecture of the ultra-lightweight LEA module occupied 301 FFs, 1151 LUTs, and 485 slices. Compared to the data analyzed in papers using Virtex-5 Xilinx FPGA, which is most similar to the verification environment of the proposed design, FF decreased by about 46% compared to the synthesis results of Yoon et al. [14] as shown in Table 5. LUTs decreased by about 18%, slice decreased by about 53%, and Sung et al. [15] module results.

░ 5. CONCLUSION
Lightweight cryptographic technologies related to IoT are rapidly emerging and evolving particularly in the era of the fourth industrial revolution. Because IoT environments use low power and low budget, computing performance and area cannot be secured. To address this issue, we propose a hardware design of the ultra-lightweight 128-bit LEA algorithm by further reducing its size based on the LEA algorithm that features low area implementation through the use of low power and simple architecture operations. It was verified that the 128-bit LEA block encryption/decryption cipher architecture was implemented with a smaller area than the existing proposed LEA encryption/decryption module by reusing the internal register of the module and sharing resources to make it lightweight. The proposed block encryption/decryption module is capable of both encryption and decryption and is designed to be ultra-lightweight and Website: www.ijeer.forexjournal.co.in 128-Bit LEA Block Encryption Architecture to Improve the Security of IoT Systems with Limited Resources and Area suitable for IoT systems that require smaller sizes, low power, and low cost. In the future, we will modify the LEA algorithm to support 32-bit and 64-bit block encryption/decryption and further conduct research on SoC design and verification of encryption/decryption modules automatically using a synthesizable hardware processor