# ARC4 DECRYPTION CIRCUIT

# **ARC4 Decryption Circuit**

ARC4 is a symmetric stream cipher once widely used in encrypting web traffic, wireless data, and so on; it has since been broken. Still, the structure of ARC4 is similar to modern symmetric encryption methods.

A stream cipher like ARC4 uses the provided encryption key to generate a pseudo-random byte stream that is XOR'd with the plaintext to obtain the ciphertext. Because XOR is symmetric, encryption and decryption are the same.

The basic ARC4 algorithm uses the following parameters:

| Parameter    | Туре   | Semantics                         |
|--------------|--------|-----------------------------------|
| key[]        | Input  | Array of bytes that represent the |
|              |        | secret key (24 bits in our        |
|              |        | implementation)                   |
| Ciphertext[] | Input  | Array of bytes that represent the |
|              |        | encrypted message                 |
| Plaintext[]  | Output | Array of bytes that represent the |
|              |        | decrypted result (same length as  |
|              |        | cipher text)                      |

The following is the ARC4 algorithm pseudocode:

```
-- key-scheduling algorithm: initialize the s array
for i = 0 to 255:
  s[i] = i
j = 0
for i = 0 to 255:
   j = (j + s[i] + key[i mod keylength]) mod 256 -- for us, keylength is 3
   swap values of s[i] and s[j]
-- pseudo-random generation algorithm: generate byte stream ("pad") to be xor'd with
the ciphertext
i = 0, j = 0
for k = 0 to message_length-1:
   i = (i+1) \mod 256
    j = (j+s[i]) \mod 256
   swap values of s[i] and s[j]
   pad[k] = s[(s[i]+s[j]) \mod 256]
-- ciphertext xor pad --> plaintext
for k = 0 to message_length-1:
    plaintext[k] = pad[k] xor ciphertext[k] -- xor each byte
```

The length of the secret key can vary but this project uses a smaller key of 24 bits stored in big-endian.

Messages in this lab (both plaintext and encrypted) are length-prefixed strings of any length from 0 to 255 characters. Strings are encoded as an array of bytes where the first bye indicates the length of the string and the remaining bytes are the ASCII values of the characters; thus a string with n characters is represented by n + 1 bytes.

Embedded memories are also used in this project using a generated RAM with Megafunction Wizard on Intel Quartus Prime. The following described the embedded generated RAM built:

- Output bus ~ 8 bits wide
- Size of memory ~ 256 words
- Memory clock type ~ M10K
- Clocking method ~ single clock

The following SystemVerilog shows the generated module:

```
module s_mem (
          address,
          clock,
          data,
          wren,
          q);

     input [7:0] address;
     input clock;
     input [7:0] data;
     input wren;
     output [7:0] q;
```

## Initializing ARC4 (init.sv)

To begin, we need to initialize the system, the pseudo-code shows what we are implementing:

```
for i = 0 to 255:
s[i] = i
```

These parameters describe the *init.sv* module:

| Parameter    | Туре   | Semantics                                      |
|--------------|--------|------------------------------------------------|
| clk          | Input  | System clock                                   |
| rst_n        | Input  | Asynchronous reset                             |
| en           | Input  | Enable signal, following readyenable protocol. |
| rdy          | Output | Ready signal, following readyenable protocol.  |
| [7:0] addr   | Output | Address output from module to RAM.             |
| [7:0] wrdata | Output | Write data output from module to RAM.          |
| wren         | Output | Write enable signal from module to RAM.        |

| Block                    | Functionality                                                                           | Details                                                                                       |
|--------------------------|-----------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------|
| Counter Block            | Triggered at the event of an asynchronous reset or positive                             | If reset triggers, counter is reset to zero.                                                  |
|                          | edge of the clock.                                                                      | If counter control signal is on, at every                                                     |
|                          |                                                                                         | clock cycle that counter will increment by one.                                               |
|                          |                                                                                         | If counter done signal is on, counter control signal is off, and the counter block is stopped |
| State Machine Flow       | D-flipflop controlling the flow of                                                      | Upon every clock cycle, the current state                                                     |
| D-FlipFlop               | the state machine upon the trigger of asynchronous reset or positive                    | is moved to the next state.                                                                   |
|                          | edge of the clock.                                                                      | Upon an asynchronous reset, the current state is reset.                                       |
| Next State Case<br>Block | Determines next state by checking current state and other signals determining the path. | 3 defined states (RESET, LOOP, END) to indicate three primary behaviours.                     |
|                          | actornians are pain                                                                     | Follows ready-enable protocol to begin (READY).                                               |
|                          |                                                                                         | Iterates the loop until notified done by a finished signal (LOOP).                            |

|                   |                                  | Idles in final state once iteration is       |
|-------------------|----------------------------------|----------------------------------------------|
|                   |                                  | finished (END).                              |
| Output Case Block | Supplies module outputs defined  | Properly supplies the rdy, [7:0] addr, [7:0] |
|                   | by the current state as well as  | wrdata, and wren signals for each state.     |
|                   | controls other signals governing |                                              |
|                   | the flow of the circuit.         | Controls finished signal.                    |

Module and test benches: <a href="https://github.com/ryaanluke/ARC4-Decryption-Circuit/tree/main/task1">https://github.com/ryaanluke/ARC4-Decryption-Circuit/tree/main/task1</a>

### The Key-Scheduling Algorithm (ksa.sv)

The objected of the KSA is to spready the key entropy evenly to precent statistical correlations in the generated ciphertext that could be used to break the cipher. Below it the pseudo-code being implemented:

```
j = 0
for i = 0 to 255:
j = (j + s[i] + key[i mod keylength]) mod 256 -- for us, keylength is 3
swap values of s[i] and s[j]
```

These parameters describe the *ksa.sv* module:

| Parameter    | Туре   | Semantics                                      |
|--------------|--------|------------------------------------------------|
| clk          | Input  | System clock                                   |
| rst_n        | Input  | Asynchronous reset                             |
| en           | Input  | Enable signal, following readyenable protocol. |
| [23:0] key   | Input  | Secret Key                                     |
| [7:0] rrdata | Input  | Read data from RAM to module.                  |
| rdy          | Output | Ready signal, following readyenable protocol.  |
| [7:0] addr   | Output | Address output from module to RAM.             |
| [7:0] wrdata | Output | Write data output from module to RAM.          |
| wren         | Output | Write enable signal from module to RAM.        |

| Block              | Functionality                                                        | Details                                                                              |
|--------------------|----------------------------------------------------------------------|--------------------------------------------------------------------------------------|
| Counter Blocks     | Triggered at the event of an asynchronous reset or positive          | If reset triggers, counter is reset to zero.                                         |
|                    | edge of the clock.                                                   | If counter control signal is on, at every clock cycle that counter will increment by |
|                    |                                                                      | one.                                                                                 |
|                    |                                                                      | If counter done signal is on, counter                                                |
|                    |                                                                      | control signal is off, and the counter block is stopped.                             |
| State Machine Flow | D-flipflop controlling the flow of                                   | Upon every clock cycle, the current state                                            |
| D-FlipFlop         | the state machine upon the trigger of asynchronous reset or positive | is moved to the next state.                                                          |
|                    | edge of the clock.                                                   | Upon an asynchronous reset, the current state is reset.                              |
| Next State Case    | Determines next state by checking                                    | 18 defined states (RESET, RDY,                                                       |
| Block              | current state and other signals                                      | RDY_DEASSERT, COUNT,                                                                 |
|                    | determining the path.                                                | READ_S_I_ADDRESS, READ_S_I,                                                          |

|                      |                                                           | READ_S_I_WAIT, GET_S_I, CALC_J,                                                                                                                                                     |
|----------------------|-----------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|                      |                                                           | CALC_J_WAIT,                                                                                                                                                                        |
|                      |                                                           | READ_S_J_ADDRESS, READ_S_J, READ_S_J_WAIT, GET_S_J, SWAP_I,                                                                                                                         |
|                      |                                                           | SWAP_I_WAIT, SWAP_J,                                                                                                                                                                |
|                      |                                                           | SWAP_J_WAIT, COUNTER_DONE) to                                                                                                                                                       |
|                      |                                                           | indicate 18 primary behaviours.                                                                                                                                                     |
|                      |                                                           | Follows ready-enable protocol to begin                                                                                                                                              |
|                      |                                                           | (RESET, RDY, RDY_DEASSERT).                                                                                                                                                         |
|                      |                                                           | Controls loop conditions through counter (COUNT).                                                                                                                                   |
|                      |                                                           | Read data from RAM with additional idle states considering RAM requires extra clock cycles until our module receives the data (READ_S_I_ADDRESS, READ_S_I, READ_S_I_WAIT, GET_S_I). |
|                      |                                                           | Calculate index J as part of KSA (CALC_J, CALC_J_WAIT).                                                                                                                             |
|                      |                                                           | Read data from RAM with additional idle states considering RAM requires extra clock cycles until our module receives the data (READ_S_J_ADDRESS, READ_S_J, READ_S_J_WAIT, GET_S_J). |
|                      |                                                           | Swap values and store back into RAM with additional idle states considering RAM requires extra clock cycles to store our data (SWAP_I, SWAP_I_WAIT, SWAP_J, SWAP_J_WAIT)            |
|                      |                                                           | Finished (COUNTER_DONE)                                                                                                                                                             |
| Output if/else Block | Supplies module outputs defined                           | Properly supplies the rdy, [7:0] addr, [7:0]                                                                                                                                        |
|                      | by the current state as well as                           | wrdata, and wren signals for each state.                                                                                                                                            |
|                      | controls other signals governing the flow of the circuit. | Controls counter and finished signal.                                                                                                                                               |
| Module and test bend |                                                           | RC4-Decryption-Circuit/tree/main/task2                                                                                                                                              |

Module and test benches: <a href="https://github.com/ryaanluke/ARC4-Decryption-Circuit/tree/main/task2">https://github.com/ryaanluke/ARC4-Decryption-Circuit/tree/main/task2</a>

### The Pseudo-Random Generation Algorithm (prga.sv, arc4.sv)

The final phase of ARC4 generates the bytestream that is then XOR'd with the input plaintext to encrypt the message, or as in our case, the input ciphertext to decrypt it. The following shoes the pseudo-code we are implementing:

```
i = 0, j = 0
for k = 0 to message_length-1:
    i = (i+1) mod 256
    j = (j+s[i]) mod 256
    swap values of s[i] and s[j]
    pad[k] = s[(s[i]+s[j]) mod 256]

for k = 0 to message_length-1:
    plaintext[k] = pad[k] xor ciphertext[k] -- xor each byte
```

This contains two additional memories: one to hold the ciphertext, another to write the plaintext, and both being identical generated RAM. The following diagram shows how everything would be connected:



These parameters describe the *prga.sv* module:

| Parameter       | Туре   | Semantics                       |
|-----------------|--------|---------------------------------|
| clk             | Input  | System clock                    |
| rst_n           | Input  | Asynchronous reset              |
| en              | Input  | Enable signal, following ready- |
|                 |        | enable protocol.                |
| [23:0] key      | Input  | Secret Key.                     |
| [7:0] s_rddata  | Input  | Read data from cipher state     |
|                 | _      | memory RAM.                     |
| [7:0] ct_rddata | Input  | Read data from cipher text      |
|                 |        | RAM.                            |
| [7:0] pt_rddata | Input  | Read data from plaintext RAM.   |
| rdy             | Output | Ready signal, following ready-  |
|                 |        | enable protocol.                |

| [7:0] s_addr    | Output | Address output from module to cipher state memory RAM. |
|-----------------|--------|--------------------------------------------------------|
| [7:0] s_wrdata  | Output | Write data output from module                          |
|                 |        | to cipher state memory RAM.                            |
| s_wren          | Output | Write enable signal from                               |
|                 |        | module to cipher state memory                          |
|                 |        | RAM.                                                   |
| [7:0] ct_addr   | Output | Address output from module to                          |
|                 |        | ciphertext RAM.                                        |
| [7:0] pt_addr   | Output | Address output from module to                          |
| _               | _      | plaintext RAM.                                         |
| [7:0] pt_wrdata | Output | Write data output from module                          |
| _               | _      | to plaintext RAM.                                      |
| pt_wren         | Output | Write enable signal from                               |
|                 |        | module to plaintext RAM.                               |

| Block                         | Functionality                                                         | Details                                                               |
|-------------------------------|-----------------------------------------------------------------------|-----------------------------------------------------------------------|
| Counter Blocks                | Triggered at the event of an asynchronous reset or positive           | If reset triggers, counter is reset to zero.                          |
|                               | edge of the clock.                                                    | If counter control signal is on, at every                             |
|                               |                                                                       | clock cycle that counter will increment by                            |
|                               |                                                                       | one.                                                                  |
|                               |                                                                       | If counter done signal is on, counter                                 |
|                               |                                                                       | control signal is off, and the counter block is stopped.              |
| State Machine Flow D-FlipFlop | D-flipflop controlling the flow of the state machine upon the trigger | Upon every clock cycle, the current state is moved to the next state. |
| D-Impriop                     | of asynchronous reset or positive                                     | is moved to the next state.                                           |
|                               | edge of the clock.                                                    | Upon an asynchronous reset, the current                               |
|                               | 16. 1 1                                                               | state is reset.                                                       |
| Next State Case               | Determines next state by                                              | 33 defined states (RESET, RDY,                                        |
| Block                         | checking current state and other                                      | RDY DEASSERT,                                                         |
|                               | signals determining the path.                                         | GET_MESSAGE_LENGTH_ADDRESS,                                           |
|                               |                                                                       | READ_MESSAGE_LENGTH,                                                  |
|                               |                                                                       | READ_MESSAGE_LENGTH_WAIT,                                             |
|                               |                                                                       | GET_MESSAGE_ADDRESS,                                                  |
|                               |                                                                       | WRITE_MESSAGE_LENGTH,                                                 |
|                               |                                                                       | GET_MESSSAGE_ADDRESS,                                                 |
|                               |                                                                       | WRITE_MESSAGE_LENGTH,                                                 |
|                               |                                                                       | START_LOOP, INCREMENT_K,                                              |
|                               |                                                                       | INCREMENT_I, GET_I_ADDRESS,                                           |
|                               |                                                                       | READ_I, READ_I_WAIT, GET_I,                                           |
|                               |                                                                       | INCREMENT_J, GET_J_ADDRESS, READ_J, READ_J_WAIT, GET_J,               |
|                               |                                                                       | SWAP_S_I, SWAP_S_J,                                                   |
|                               |                                                                       | CALC_PAD_INDEX,                                                       |

CALC\_PAD\_INDEX\_WAIT,
GET\_PAD\_ADDRESS, READ\_PAD,
READ\_PAD\_WAIT, GET\_PAD,
GET\_CIPHER\_ADDRESS,
READ\_CIPHER,
READ\_CIPHER\_WAIT, GET\_CIPHER,
UPDATE\_PLAINTEXT, DONE) to
indicate 33 primary behaviours.

Follows ready-enable protocol to begin (RESET, RDY, RDY DEASSERT).

Read data from cipher text memory RAM to get the length of the message with additional idle states considering RAM requires extra clock cycles until our module receives the data (GET\_MESSAGE\_LENGTH\_ADDRESS, READ\_MESSAGE\_LENGTH, READ\_MESSAGE\_LENTH\_WAIT, GET\_MESSAGE\_ADDRESS).

Write message length data into plain text RAM (WRITE\_MESSAGE\_LENGTH)].

Start loop counter (START\_LOOP).

Increment K (INCREMENT\_K)

Increment I, read data from cipher text memory ram with additional idle states considering RAM requires extra clock cycles until our module receives the data (INCREMENT\_I, GET\_I\_ADDRESS, READ\_I, READ\_I\_WAIT, GET\_I).

Increment J, read data from cipher text memory ram with additional idle states considering RAM requires extra clock cycles until our module receives the data (INCREMENT\_J, GET\_J\_ADDRESS, READ\_J, READ\_J\_WAIT, GET\_J).

Swap I and J and store values into cipher text memory RAM (SWAP\_S\_I, SWAP\_S\_J).

Calculate PAD Index and read PAD from cipher text memory RAM with additional idle states considering RAM requires extra clock cycles until our module received the

|                      |                                  | data (CALC_PAD_INDEX,                        |
|----------------------|----------------------------------|----------------------------------------------|
|                      |                                  | CALC_PAD_INDEX_WAIT,                         |
|                      |                                  | GET_PAD_ADDRESS, READ_PAD,                   |
|                      |                                  | READ_PAD_WAIT, GET_PAD).                     |
|                      |                                  |                                              |
|                      |                                  | Read cipher text at the same index as PAD    |
|                      |                                  | from ciphertext RAM (READ_CIPHER,            |
|                      |                                  | READ_CIPHER_WAIT, GET_CIPHER).               |
|                      |                                  |                                              |
|                      |                                  | Update plaintext at the same index           |
|                      |                                  | (UPDATE_PLAINTEXT)                           |
|                      |                                  |                                              |
|                      |                                  | Finished (DONE)                              |
|                      |                                  |                                              |
| Output if/else Block | Supplies module outputs defined  | Properly supplies the rdy, [7:0] addr, [7:0] |
|                      | by the current state as well as  | wrdata, and wren signals for each state.     |
|                      | controls other signals governing | Controls counter and finished signal.        |
|                      | the flow of the circuit.         |                                              |

Modules and test benches: <a href="https://github.com/ryaanluke/ARC4-Decryption-Circuit/tree/main/task3">https://github.com/ryaanluke/ARC4-Decryption-Circuit/tree/main/task3</a>

Note: *arc4.sv* is the topmost level module that uses a state machine to iterate through the beginning to end of building the full ARC4 Decryption Circuit, going from *init.sv* -> *ksa.sv* -> *prga.sv*.

### Cracking ARC4 (crack.sv)

Now we can decrypt some encrypted messages without knowing the key ahead of time. For this project, an encrypted message is deemed to be cracked if its characters consist entirely of byte values between 'h20 and 'h70 inclusive.

The *crack.sv* module is very much like *arc4.sv* but instead our cipher text memory RAM and plain text RAM are now internal, and the key is now an output. It will iterate through every possible key, check if the key is valid and return the key if it is.

These parameters describe the *crack.sv* module:

| Parameter       | Туре   | Semantics                                          |
|-----------------|--------|----------------------------------------------------|
| clk             | Input  | System clock                                       |
| rst_n           | Input  | Asynchronous reset                                 |
| en              | Input  | Enable signal, following readyenable protocol.     |
| [7:0 ct_rddata] | Input  | Read data from cipher text RAM.                    |
| [23:0] key      | Output | Secret Key                                         |
| key_valid       | Output | Valid or non valid key flag.                       |
| Rdy             | Output | Ready signal, following ready-<br>enable protocol. |
| [7:0] ct_addr   | Output | Address output from module to ciphertext RAM.      |

| Block              | Functionality                      | Details                                                                                        |
|--------------------|------------------------------------|------------------------------------------------------------------------------------------------|
| Counter Blocks     | Triggered at the event of an       | If reset triggers, counter is reset to zero.                                                   |
|                    | asynchronous reset or positive     |                                                                                                |
|                    | edge of the clock.                 | If counter control signal is on, at every                                                      |
|                    |                                    | clock cycle that counter will increment by                                                     |
|                    |                                    | one.                                                                                           |
|                    |                                    | If counter done signal is on, counter control signal is off, and the counter block is stopped. |
| State Machine Flow | D-flipflop controlling the flow of | Upon every clock cycle, the current state is                                                   |
| D-FlipFlop         | the state machine upon the         | moved to the next state.                                                                       |
|                    | trigger of asynchronous reset or   |                                                                                                |
|                    | positive edge of the clock.        | Upon an asynchronous reset, the current                                                        |
|                    |                                    | state is reset.                                                                                |
| Next State Case    | Determines next state by           | 34 defined states (RESET_CRACK,                                                                |
| Block              | checking current state and other   | RDY CRACK,                                                                                     |
| DIOCK              | signals determining the path.      | RDT_CRACK, RDY_DEASSERT_CRACK,                                                                 |
|                    | signais determining the path.      | READ_MESSAGE_LENGTH_CT,                                                                        |
|                    |                                    | READ_MESSAGE_LENGTH_CT, READ_MESSAGE_LENGTH_CT_WAIT,                                           |
|                    |                                    | WRITE_MESSAGE_LENGTH_PT,                                                                       |
|                    |                                    |                                                                                                |
|                    |                                    | START_KEY_COUNTER,                                                                             |

INCREMENT\_KEY\_COUNT,
CHECK\_KEY\_COUNTER,
SET\_NEXT\_KEY, SET\_EN\_A4,
WAIT\_A4, DONE\_A4,
START\_KEY\_CHECK,
CHECK\_KEY\_LOOP, READ\_PT,
READ\_PT\_WAIT, CHECK\_KEY\_VALID,
INCREMENT\_MESSAGE\_COUNT,
KEY\_NOT\_VALID, KEY\_VALID,
SET\_OUTPUT\_KEY, CRACK\_DONE,
GET\_PT\_ADDRESS, GET\_PT) to indicate
24 primary behaviours.

Follows ready-enable protocol to begin (RESET\_CRACK, RDY\_CRACK, RDY\_DEASSERT\_CRACK).

Read data from cipher text memory RAM to get the length of the message with additional idle states considering RAM requires extra clock cycles until our module receives the data (READ\_MESSAGE\_LENGTH\_CT, READ\_MESSAGE\_LENGTH\_CT\_WAIT).

Write message length data into plain text RAM (WRITE\_MESSAGE\_LENGTH\_PT)].

Start key loop counter, increment the counter, check loop condition (START\_KEY\_COUNTER, INCREMENT\_KEY\_COUNTER, CHECK KEY COUNTER).

Start ARC4 with current key, wait until done (SET\_EN\_A4, WAIT\_A4, DONE\_A4)

Start key check, check key check loop condition. Read a character from plaintext RAM and check if each character in the message meets the character byte value condition. (START\_KEY\_CHECK, CHECK\_KEY\_LOOP, READ\_PT, READ\_PT\_WAIT, GET\_PT\_ADDRESS, GET\_PT, CHECK\_KEY\_VALID, INCREMENT\_MESSAGE\_COUNT).

Determined if key is valid or not valid (KEY\_NOT\_VALID, KET\_VALID).

|                      |                                                                                                                                    | If key is valid, set output as key (SET_OUTPUT_KEY) Finished (CRACK_DONE)                                                    |
|----------------------|------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------|
| Output if/else Block | Supplies module outputs defined<br>by the current state as well as<br>controls other signals governing<br>the flow of the circuit. | Properly supplies the rdy, [7:0] addr, [7:0] wrdata, and wren signals for each state.  Controls counter and finished signal. |

Modules and testbenches: <a href="https://github.com/ryaanluke/ARC4-Decryption-Circuit/tree/main/task4">https://github.com/ryaanluke/ARC4-Decryption-Circuit/tree/main/task4</a>

### **Summary**

This project explored building an ARC4 decryption/encryption circuit using the following algorithm:

```
-- key-scheduling algorithm: initialize the s array
for i = 0 to 255:
  s[i] = i
i = 0
for i = 0 to 255:
   j = (j + s[i] + key[i mod keylength]) mod 256 -- for us, keylength is 3
   swap values of s[i] and s[j]
-- pseudo-random generation algorithm: generate byte stream ("pad") to be xor'd with
the ciphertext
i = 0, j = 0
for k = 0 to message_length-1:
   i = (i+1) \mod 256
   j = (j+s[i]) \mod 256
   swap values of s[i] and s[j]
   pad[k] = s[(s[i]+s[j]) \mod 256]
-- ciphertext xor pad --> plaintext
for k = 0 to message_length-1:
   plaintext[k] = pad[k] xor ciphertext[k] -- xor each byte
```

Then automating the process of finding the key that cracks ARC4 by iterating through every possible key, running that key through ARC4, and seeing if it returns valid.

### Programming / Lessons takeaways:

- 1. State machines on state machines on state machines on...
  - We built complex modules that used state machines, that other modules used that were also governed by a state machine, that other modules used that ... you get the point.
- 2. Ready-Enable Protocol
  - Developed modules using ready-enable protocol adding complexity to how modules are called and used.
- 3. Embedded Memories
  - Learned how to create RAM using Megafunction Wizard
  - Write state machines that followed RAM block's clock cycle timing conditions for reading and writing.
  - Transferring data from one RAM block to another and back and forth.
  - Test benching RAM blocks using commands from Altera libraries.
- 4. Turning pseudo-code algorithms to digital design
  - Exercising loops, memory access, swapping, reading/writing into arrays, etc.