DESIGN, VALIDATION AND

CHARACTERIZATION OF FRUIT-80 CIPHER

Under Supervision of
Mr. Nandakumar R - NIELIT, Calicut
Mr. Abhilash MT - DIAT, Pune

SUDEEPTA PANDA
Reg. No: 22-24-20
Presentation Outline 2

Introduction
Related Works
Problem Statement
Objective
Block Diagram
Algorithm And Methodology
Tools Ans Resources Required
Test Vectors
Simulation Results
Performance Matrices
Project Outcome
Future Scope
References
2 / 24
INTRODUCTION 3

► The need for secure lightweight ciphers is increasing day by day. In the era of
Internet of things, many constrained deployment should be securely connected
to the internet.
► The rise of the Internet-of-things applications has increased the demand for
low resource devices. To ensure security it is essential to protect the data
generated by these devices.
► Achieving high levels of security in limited resources contains hardware is a
challenge. While implementing a cipher on the hardware it is essential to
enhance throughput and minimize the area consumption while ensuring
security.
► In cryptography, symmetric ciphers are usually used to encrypt data between
two parties. Symmetric ciphers can either be block or stream ciphers.
► This project focuses on the implementation and validation of the Fruit-80
stream cipher on a FPGA platform and its characterization.
3 / 24
RELATED WORKS 4

4 / 24
PROBLEM STATEMENT 5

► IOT Devices are resource-constraints which require less processing power and
small area. They are connected to internet to transfer data, so security is also
a concern but conventional security algorithms is not well suited to meet the
resource constraints.
► So there is need to design lightweight IP core, for increased throughput as
well as, for minimal area(GE<2000).

5 / 24
OBJECTIVE 6

► Design, validate and characterize an area efficient Fruit-80 IP core using

FPGA with minimal area.

6 / 24
BLOCK DIAGRAM 7

fig: Block diagram of Fruit-80

7 / 24
ALGORITHM AND METHODOLOGY(1/3) 8

Round Key Function

► Round key function produces different keys by involving 3 bits of the key.
► The 3 bits are updated in every clock uniformly.
kt’ = kr . k(p+16) . k(q+48) ⊕ kr . k(p+16) ⊕ k(p+16) . k(q+48) ⊕ kr .
k(q+48) ⊕ k(p+16)
kt* = kr . k(p+16) ⊕ k(p+16) . k(q+48) ⊕ kr . k(q+48) ⊕ kr ⊕ k(p+16)
⊕ k(q+48)

g Function
► The variables of g function are kt and 16 bits of the NFSR.
► The feedback function of the NFSR is
n(t+37) = kt ⊕ lt ⊕ nt ⊕ n(t+10) ⊕ n(t+20) ⊕ n(t+12) . n(t+3) n(t+14)
. n(t+25) ⊕ n(t+5) . n(t+23). n(t+31) ⊕ n(t+8) . n(t+18) ⊕ n(t+28) .
n(t+30) . n(t+32) . n(t+34)
8 / 24
ALGORITHM AND METHODOLOGY(2/3) 9

f Function
► The feedback function of the LFSR is
l(t+43) = lt ⊕ l(t+8) ⊕ l(t+18) ⊕ l(t+23) ⊕ l(t+28) ⊕ l(t+37)

h Function
► This function produces a pre-output stream from the LFSR and NFSR states
as follows.
ht = kt* . (n(t+36) ⊕ l(t+19)) ⊕ l(t+6) . l(t+15) . l(t+1) . l(t+22) ⊕ n(t+35)
.l(t+27) ⊕ n(t+1) . n(t+24) ⊕ n(t+1) . n(t+33) . l(t+42)

Output Function
► The output stream is produced by 5 bits of the NFSR, 1 bit of the LFSR, and
the output of h function is
Zt = ht ⊕ nt ⊕ n(t+7) ⊕ n(t+19) ⊕ n(t+29) ⊕ n(t+36) ⊕ l(t+38)
9 / 24
ALGORITHM AND METHODOLOGY(3/3) 10

Initialization Of Cipher
► The IV bits are extended to the 80 bits by concatenating 10 bits to the first of
them. 1 bit one and 9 bit zeros are concatenated to the first of IV.
IV’=1000000000v0v1v2...v67v68v69

10 / 24
TOOLS AND RESOURCES REQUIRED 11

Software Tools: Xilinx™ Vivado

Hardware Tool: Artix-A7 FPGA Board

11 / 24
FLOW CHART 12

Fig: Flow chart of Fruit-80 12 / 24

TEST VECTORS 13

Sl. No. Key Bit IV Keystream

1 00000000000000000000 000000000000000000 9,D,6,3,4,B,D
2 00000000000000000001 000000000000000001 5,E,C,5,1,0,D

13 / 24
SIMULATION RESULTS(1/2) 14

Test Vector-1

Key Bit = 00000000000000000000

IV = 000000000000000000
Key stream (Hex) = 9,D,6,3,4,B,D
Key stream (bin) = 1001,1101,0110,0011,0100,1011,1101

14 / 24
SIMULATION RESULTS(2/2) 15

Test Vector-2

Key Bit = 00000000000000000001

IV = 000000000000000001
Key stream = 5,E,C,5,1,0,D
Key stream (bin) = 0101,1110,1100,0101,0001,0000,1101

15 / 24
RTL SCHEMATIC 16

fig: RTL Schematic of Fruit-80

16 / 24
PERFORMANCE METRICS(1/3) 17

1.Latency
Latency is the time taken for the completion of an instruction. It is the amount of
time taken by the clock signal to travel from its source to destination.
Latency = 188cycles@100MHz (1)
2-Power
The static and dynamic power of an FPGA contributes to its total power
consumption.

Fig: Power Analysis Report of Fruit-80

17 / 24
PERFORMANCE METRICS(2/3) 18

3. Maximum Operating Frequency

1
fmax =
Time period − WNS
1 (2)
=
10ns − 7.333ns
= 374.95MHz

Fig :Timing summary

18 / 24
PERFORMANCE METRICS(3/3) 19

4. Throughput

fmax x Total bits

Throughput =
Latency
374.95 x 28 (3)
=
188
= 55.84Mpbs
5- Resource Utilization
Resources Available Utilization Utilization
LUT 303600 158 0.052
FF 607200 98 0.016
IO 600 154 25.67
6- Gate Equivalency
Gate Equivalency of cipher is 1808.
19 / 24
PROJECT OUTCOME 20

Fruit-80 is lightweight and with a better initialization speed with a lower gate
equivalency.

20 / 24
FUTURE SCOPE 21

► ASIC implementation of Fruit-80 ip core.

► Make it more secure against some attacks like TMDTO attack (Time-Memory
Trade-off attack).

21 / 24
PROJECT SCHEDULE 22

Task Starting Date Ending Date Duration

Literature Survey 01-09-2023 29-09-2023 28
Literature Survey 01-09-2023 29-09-2023 28
Design Cipher 30-09-2023 15-11-2023 46
FPGA Implementation 16-11-2023 01-12-2023 16
Validation 02-12-2023 15-01-2024 43
Modification 16-01-2024 20-02-2024 34
Thesis 21-02-2024 31-03-2024 40

22 / 24
REFERENCES 23

1- Cannière, C.D. Trivium: A Stream Cipher Construction Inspired by Block

Cipher Design Principles.[1]
2- Ghafari, V.A.; Hu, H.; Xie, C. Fruit: Ultra-Lightweight Stream Cipher with
Shorter Internal State. eSTREAM, ECRYPT Stream Cipher Project, 2016.[2]
3- Dey, S.; Sarkar, S. Cryptanalysis of full round Fruit. IACR Cryptol. ePrint Arch.
2017, 2017, 87.[3]
4- Fruit-80: A Secure Ultra-Lightweight Stream Cipher for Constrained
Environments.[4]
5- Zhang, B.; Gong, X.; Meier, W. Fast Correlation Attacks on Grain-like Small
State Stream Ciphers. IACR Trans. Symmetric Cryptol. 58–81.[5]
6- Aumasson,J.; Dinur, I.; Henzen, L.; Meier, W.; Shamir, A. Efficient FPGA
Implementation of High-Dimensional CubeTesters on the Stream Cipher
Grain-128.[6]
7- Ding, L.; Guan, J. Related Key Chosen IV Attack on Grain-128a Stream Cipher.
IEEE Trans. Inf. Forensics Secur. 2013, 8, 803–809.[7]
23 / 24
Thank You

24 / 24