A

Project Report On

Optimization of DES
algorithm using OpenCL
(A Parallel Project)

SUBMITTED IN PARTIAL FULFILLMENT

FOR THE AWARD OF
DIPLOMA IN SYSTEM SOFTWARE DEVELOPEMENT
From C-DAC, ACTS (Bangalore)

Guided by
Ms. Nipuna Sri
Presented by
Rajesh Kumar Patel
Sujeet Kumar Singh

PRN: 140850122029
PRN: 140850122037

CENTER FOR DEVELOPMENT OF ADVANCE COMPUTING

ACTS-BANGALORE

CERTIFICATE OF APPROVAL OF PROJECT WORK

This is to certify that the project report entitled Optimization of DES algorithm
using OpenCL is a bonafide work carried out by Rajesh Kumar Patel and Sujeet
Kumar Singh fulfillment for the award of Diploma in Systems Software
Development
Place: CDAC-ACTS, Bangalore, August-2014 Batch.

Signature
(Mr./Ms.
Project Guide

Signature
(Ms
)
Course Coordinator

Table of Contents
iii
1. Introduction
1.1. Abstract
1.2. Project Scope
1.3. Schedule
2. Requirement Specification & Methodologies
2.1. System Requirements
2.2. DES Algorithm
2.3. Parallel Programming
2.4. Why do we need Parallel Programming?
2.5. OpenCL
3. Code Implementation 8
3.1. Sequential Code 8
3.2 Parallel Code 20
4. Result
5. Graphical Analysis
6. Conclusion
7. References

Introduction
This work is concerned with the development of a fast DES bit slice brute force software
which utilize consumer Graphics Processing Units (GPUs) and shows improved performance
over existing implementations. The use of modern GPUs in high-performance computing is a
new trend, where such devices may be useful for offloading computationally intensive tasks
for achieving a significant performance boost in comparison with traditional use of general
purpose Central Processing Units (CPUs). Programming GPUs are supported by new
programming models based on the C language, e.g., the most widely used vendor-specific
OpenCL standard. The Data Encryption Standard (DES) was chosen as a case study because
the block-cipher uses permutations and substitutions of data, rather than the arithmetic
calculations which GPUs are known to excel in. The goal is to evaluate the potential of GPUs
for this type of application. Furthermore, the DES cipher has a limited 56 bit key space,
which has been successfully cracked by on FGPAs. However, FGPAs are much more
expensive than GPUs and requires much more programming effort in comparison with CUDA
and OpenCL.
Modern GPUs can be attractive for parallel processing because these architectures by
design have hundreds of processing cores and have high on-chip bandwidth close to one
order in magnitude larger than modern CPUs. These GPUs have good support for hiding
latency in memory transactions through massive multithreading with low context switch
overhead. The processing of instructions in the thread contexts is based on the Single
Instruction Multiple Data (SIMD) processing paradigm and is therefore suitable for algorithms
that can expose a high degree of data parallelism.

Abstract
The Data Encryption Standard (DES) was chosen as a case study because the block-cipher
uses permutations and substitutions of data, rather than the arithmetic calculations which
GPUs are known to excel in. The goal is to evaluate the potential of GPUs for this type of
application. Furthermore, the DES cipher has a limited 56 bit key space, which has been
successfully cracked by on FGPAs. However, FGPAs are much more expensive than GPUs and
requires much more programming effort in comparison with CUDA and OpenCL. A bit sliced
implementation of DES was initially considered to be a suitable candidate algorithm for
implementation on GPUs. The bit slice method is an emulated SIMD, that utilizes the n-bit
registers as a slice of the data vector, making it possible to permute n bits per operation.
Our tool is based on highly optimized lookup tables called Substitution BOXes (SBOXs). The
nonlinear SBOXs are converted from a lookup table to pure logic, which on average requires
56 operations. Thus, this is much faster than cutting the distinct key values from the slice
and sending them through a lookup table thereby substituting excessive high-latency data
transfers with bitwise operations enabling fast processing.

Scope
In general if we implement any complex problem, our expectations will be with the throughput and time taken to
generate the output. In the same scenario his implementation provides the maximum speed up of the process and
reduction in the time complexity. This engagement can generate the more promising results by implementing on
number of cores i.e. by using Parallel Programming methodology.

Schedule
This Project began on December 28, 2014 and continued till January 28, 2015 with the implementation of the
Algorithm.

Requirement Specification and Methodologies

3.1 System Requirements

2GB RAM (Recommended)
Intel 3rd generation i3 processor
Ubuntu OS 14.3 (64 bits)
gcc compiler
GPU AMD Radeon 1 GB
Disk Space 10 GB

DES Algorithm
As mentioned earlier there are two main types of cryptography in use today - symmetric
or secret key cryptography and asymmetric or public key cryptography. Symmetric
key cryptography is the oldest type whereas asymmetric cryptography is only being
used publicly since the late 1970s1. Asymmetric cryptography was a major milestone
in the search for a perfect encryption scheme.
Secret key cryptography goes back to at least Egyptian times and is of concern here.
It involves the use of only one key which is used for both encryption and decryption
(hence the use of the term symmetric). Figure 2.1 depicts this idea. It is necessary for
security purposes that the secret key never be revealed.

Figure 2.1: Secret key encryption.

To accomplish encryption, most secret key algorithms use two main techniques known
as substitution and permutation. Substitution is simply a mapping of one value to
another whereas permutation is a reordering of the bit positions for each of the inputs.
These techniques are used a number of times in iterations called rounds. Generally,
the more rounds there are, the more secure the algorithm. A non-linearity is also
introduced into the encryption so that decryption will be computationally infeasible2
without the secret key. This is achieved with the use of S-boxes which are basically
non-linear substitution tables where either the output is smaller than the input or vice
versa.

2.1 Brief history of DES

Up until recently, the main standard for encrypting data was a symmetric algorithm
known as the Data Encryption Standard (DES). However, this has now been replaced
by a new standard known as the Advanced Encryption Standard (AES) which we
will look at later. DES is a 64 bit block cipher which means that it encrypts data 64
bits at a time. This is contrasted to a stream cipher in which only one bit at a time (or
sometimes small groups of bits such as a byte) is encrypted.
DES was the result of a research project set up by International Business Machines
(IBM) corporation in the late 1960s which resulted in a cipher known as LUCIFER. In
the early 1970s it was decided to commercialise LUCIFER and a number of significant
changes were introduced. IBM was not the only one involved in these changes as
they sought technical advice from the National Security Agency (NSA) (other outside
consultants were involved but it is likely that the NSA were the major contributors
from a technical point of view). The altered version of LUCIFER was put forward as
a proposal for the new national encryption standard requested by the National Bureau

of Standards (NBS)3. It was finally adopted in 1977 as the Data Encryption Standard DES (FIPS PUB 46).
Some of the changes made to LUCIFER have been the subject of much controversy
even to the present day. The most notable of these was the key size. LUCIFER used
a key size of 128 bits however this was reduced to 56 bits for DES. Even though DES
actually accepts a 64 bit key as input, the remaining eight bits are used for parity
checking and have no effect on DESs security. Outsiders were convinced that the 56
bit key was an easy target for a brute force attack4 due to its extremely small size. The
need for the parity checking scheme was also questioned without satisfying answers.
Another controversial issue was that the S-boxes used were designed under classified
conditions and no reasons for their particular design were ever given. This led people
to assume that the NSA had introduced a trapdoor through which they could decrypt
any data encrypted by DES even without knowledge of the key. One startling discovery
was that the S-boxes appeared to be secure against an attack known as Differential
Cryptanalysis which was only publicly discovered by Biham and Shamir in 1990.
This suggests that the NSA were aware of this attack in 1977; 13 years earlier! In fact
the DES designers claimed that the reason they never made the design specifications for
the S-boxes available was that they knew about a number of attacks that werent public
knowledge at the time and they didnt want them leaking - this is quite a plausible
claim as differential cryptanalysis has shown. However, despite all this controversy, in
1994 NIST reaffirmed DES for government use for a further five years for use in areas
other than classified.

2.2 Inner workings of DES

DES (and most of the other major symmetric ciphers) is based on a cipher known as
the Feistel block cipher. This was a block cipher developed by the IBM cryptography
researcher Horst Feistel in the early 70s. It consists of a number of rounds where
each round contains bit-shuffling, non-linear substitutions (S-boxes) and exclusive OR
operations. Most symmetric encryption schemes today are based on this structure
(known as a feistel network).
As with most encryption schemes, DES expects two inputs - the plaintext to be encrypted
and the secret key. The manner in which the plaintext is accepted, and the key
arrangement used for encryption and decryption, both determine the type of cipher it
is. DES is therefore a symmetric, 64 bit block cipher as it uses the same key for both
encryption and decryption and only operates on 64 bit blocks of data at a time5 (be they
plaintext or ciphertext). The key size used is 56 bits, however a 64 bit (or eight-byte)
key is actually input. The least significant bit of each byte is either used for parity (odd
for DES) or set arbitrarily and does not increase the security in any way. All blocks are
numbered from left to right which makes the eight bit of each byte the parity bit.
Once a plain-text message is received to be encrypted, it is arranged into 64 bit blocks
required for input. If the number of bits in the message is not evenly divisible by 64,
then the last block will be padded. Multiple permutations and substitutions are incorporated
throughout in order to increase the difficulty of performing a cryptanalysis on
the cipher. However, it is generally accepted that the initial and final permutations offer
little or no contribution to the security of DES and in fact some software implementations

omit them (although strictly speaking these are not DES as they do not adhere to the standard).
2.2.1 Overall structure
Figure 2.2 shows the sequence of events that occur during an encryption operation.
DES performs an initial permutation on the entire 64 bit block of data. It is then split
into 2, 32 bit sub-blocks, Li and Ri which are then passed into what is known as a
round (see figure 2.3), of which there are 16 (the subscript i in Li and Ri indicates
the current round). Each of the rounds are identical and the effects of increasing their
number is twofold - the algorithms security is increased and its temporal efficiency
decreased. Clearly these are two conflicting outcomes and a compromise must be
made. For DES the number chosen was 16, probably to guarantee the elimination of
any correlation between the ciphertext and either the plaintext or key6. At the end of the
16th round, the 32 bit Li and Ri output quantities are swapped to create what is known
as the pre-output. This [R16, L16] concatenation is permuted using a function which
is the exact inverse of the initial permutation. The output of this final permutation is
the 64 bit ciphertext.