Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Valued Contributor III
740 Views

An fpga prototyping dilemma.

I was trying to create an IP core for lightweight block cipher MANTIS.

The simulation of the Verilog code given below was successfully completed.

But,when I try to form IPcore using DE0 cyclone 3.The cipher output in In system probes and sources editor seen to run non-stop.

The output during simulation was got at 90ns and continued to be constant.

But,the in system probes source editor cipher out runs non stop.

 

 

These are the inputs

 

ai=64'h3b5c77a4921f9718;

bi=64'hba912e6f1055fed2;

ki=128'h92f09952c625e3e9d7a060f714c0292b;

 

Cipher,s should be ci=64'hd6522035c1c0c6c1

It would be really great if any of you could help.

I'm really new to fpga and Verilog.

 

I replaced every input and output except clk to wire during fpga synthesis.

Code

 

module mantis(input clk,input [63:0]ai,bi,input rst,input [127:0] ki,output reg [63:0] ci);

reg [63:0]a1,s1,h1,t1,b1,m1,p1,r,v1,k11,i1,k01,c1,k2;

reg [3:0]state,nextstate;

reg[127:0]k;

parameter s0=4'd0, s01=4'd1,s2=4'd2,s3=4'd3,s4=4'd4,s5=4'd5,s6=4'd6,s 7=4'd7,s8=4'd8,s9=4'd9;

parameter r1=64'h13198a2e03707344,r2=64'ha4093822299f31d0,r3 =64'h082efa98ec4e6c89,r4=64'h452821e638d01377,r5=6 4'hbe5466cf34e90c6c,r6=64'hc0ac29b7c97c50dd,r7=64' h3f84d5b5b5470917,r8=64'h9216d5d98979fb1b,q=64'h24 3f6a8885a308d3;

integer i,x;

 

function [63:0] p (input [63:0]e);

begin

p[63-:4]=e[63-:4];

p[59-:4]=e[19-:4];

p[55-:4]=e[39-:4];

p[51-:4]=e[11-:4];

p[47-:4]=e[23-:4];

p[43-:4]=e[59-:4];

p[39-:4]=e[15-:4];

p[35-:4]=e[35-:4];

p[31-:4]=e[43-:4];

p[27-:4]=e[7-:4];

p[23-:4]=e[51-:4];

p[19-:4]=e[31-:4];

p[15-:4]=e[3-:4];

p[11-:4]=e[47-:4];

p[7-:4]=e[27-:4];

p[3-:4]=e[55-:4];

end

endfunction

 

function [63:0] ip (input [63:0]e);

begin

ip[3-:4]=e[15-:4];

ip[7-:4]=e[27-:4];

ip[11-:4]=e[51-:4];

ip[15-:4]=e[39-:4];

ip[19-:4]=e[59-:4];

ip[23-:4]=e[47-:4];

ip[27-:4]=e[7-:4];

ip[31-:4]=e[19-:4];

ip[35-:4]=e[35-:4];

ip[39-:4]=e[55-:4];

ip[43-:4]=e[31-:4];

ip[47-:4]=e[11-:4];

ip[51-:4]=e[23-:4];

ip[55-:4]=e[3-:4];

ip[59-:4]=e[43-:4];

ip[63-:4]=e[63-:4];

end

endfunction

 

function [63:0]ih(input [63:0]t);

begin

ih[3-:4]=t[51-:4];

ih[7-:4]=t[55-:4];

ih[11-:4]=t[23-:4];

ih[15-:4]=t[27-:4];

ih[19-:4]=t[3-:4];

ih[23-:4]=t[7-:4];

ih[27-:4]=t[11-:4];

ih[31-:4]=t[15-:4];

ih[35-:4]=t[31-:4];

ih[39-:4]=t[63-:4];

ih[43-:4]=t[59-:4];

ih[47-:4]=t[19-:4];

ih[51-:4]=t[35-:4];

ih[55-:4]=t[39-:4];

ih[59-:4]=t[43-:4];

ih[63-:4]=t[47-:4];

end

endfunction

 

function [63:0]h(input [63:0]t);

begin

h[63-:4]=t[39-:4];

h[59-:4]=t[43-:4];

h[55-:4]=t[7-:4];

h[51-:4]=t[3-:4];

h[47-:4]=t[63-:4];

h[43-:4]=t[59-:4];

h[39-:4]=t[55-:4];

h[35-:4]=t[51-:4];

h[31-:4]=t[35-:4];

h[27-:4]=t[15-:4];

h[23-:4]=t[11-:4];

h[19-:4]=t[47-:4];

h[15-:4]=t[31-:4];

h[11-:4]=t[27-:4];

h[7-:4]=t[23-:4];

h[3-:4]=t[19-:4];

end

endfunction

 

 

 

 

function [63:0]m(input [63:0]p);

begin

m[3-:4]=p[19-:4]^p[35-:4]^p[51-:4];

m[7-:4]=p[23-:4]^p[39-:4]^p[55-:4];

m[11-:4]=p[27-:4]^p[43-:4]^p[59-:4];

m[15-:4]=p[31-:4]^p[47-:4]^p[63-:4];

m[19-:4]=p[35-:4]^p[3-:4]^p[51-:4];

m[23-:4]=p[7-:4]^p[39-:4]^p[55-:4];

m[27-:4]=p[11-:4]^p[43-:4]^p[59-:4];

m[31-:4]=p[15-:4]^p[47-:4]^p[63-:4];

m[35-:4]=p[3-:4]^p[19-:4]^p[51-:4];

m[39-:4]=p[7-:4]^p[23-:4]^p[55-:4];

m[43-:4]=p[11-:4]^p[27-:4]^p[59-:4];

m[47-:4]=p[31-:4]^p[63-:4]^p[15-:4];

m[51-:4]=p[35-:4]^p[19-:4]^p[3-:4];

m[55-:4]=p[39-:4]^p[23-:4]^p[7-:4];

m[59-:4]=p[43-:4]^p[27-:4]^p[11-:4];

m[63-:4]=p[47-:4]^p[31-:4]^p[15-:4];

end 

endfunction

 

function [63:0]s(input [63:0]a);

begin

for(i=3;i<64;i=i+4)

begin

case (a[i-:4])

64'ha:s[i-:4]=64'h1;

64'he:s[i-:4]=64'h4;

64'h8:s[i-:4]=64'h8;

64'h6:s[i-:4]=64'hf;

64'h5:s[i-:4]=64'hb;

64'h4:s[i-:4]=64'he;

64'h3:s[i-:4]=64'h3;

64'h2:s[i-:4]=64'hd;

64'h1:s[i-:4]=64'ha;

64'h0:s[i-:4]=64'hc;

64'h7:s[i-:4]=64'h7;

64'hb:s[i-:4]=64'h5;

64'h9:s[i-:4]=64'h9;

64'hc:s[i-:4]=64'h0;

64'hd:s[i-:4]=64'h2;

64'he:s[i-:4]=64'h4;

64'hf:s[i-:4]=64'h6;

endcase

end

end

endfunction

always@(posedge clk)

begin

if (rst) state=s0;

else

state=nextstate;

end

always @(state or ai or bi or ki)

begin

//count=count+1;

case (state) 

 

s0:begin a1=ai;

t1=bi;

k=ki;

nextstate=s01;

// t1=64'hba912e6f1055fed2;

// k=128'h92f09952c625e3e9d7a060f714c0292b;

end

s01:begin k11=k[63-:64]^q;

k2=k[127-:64]>>1;

k01={1'b1,k2[62-:63]}^(k[127-:64]>>63);

// k01=k2;

i1=a1^t1^k[127-:64]^k[63-:64];

nextstate=s2;end

s2:begin

for(x=1;x<6;x=x+1) 

begin

case (x)

1:r=r1;

2:r=r2;

3:r=r3;

4:r=r4;

5:r=r5;

6:r=r6;

7:r=r7;

8:r=r8;

default:r=r1;

endcase

h1=h(t1);

s1=s(i1);

b1=s1^r^h1^k[63-:64];

p1=p(b1);

m1=m(p1);

t1=h1;

i1=m1;

if(x==5)

v1=t1;

end nextstate=s3;end

s3:begin p1=s(m1);nextstate=s4;end

s4:begin a1=m(p1);nextstate=s5 ;end

s5:begin p1=s(a1);nextstate=s6 ;end

// si=p1;

s6: begin a1=p1;nextstate=s7;end

//xxxxxxxxxxxxxxxxxxxxxxxxxx

 

//xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

s7:begin for(x=5;x>=1;x=x-1) 

begin

case (x)

1:r=r1;

2:r=r2;

3:r=r3;

4:r=r4;

5:r=r5;

6:r=r6;

7:r=r7;

8:r=r8;

default:r=r1;

endcase

if(x!=5)

h1=ih(t1);

else

h1=v1;

m1=m(a1);

p1=ip(m1);

b1=p1^r^h1^k11;

s1=s(b1);

t1=h1;

a1=s1;

end

nextstate=s8; end

s8: begin h1=ih(t1);nextstate=s9;end

s9:begin c1=s1^k01^k11^h1;nextstate=s0;end

//s1^k01^k11^h1;

default:nextstate=s0;

endcase

// si=c1;

end

always@(state)

ci=c1;

endmodule

 

 

Test bench 

 

// Code your testbench here

// or browse Examples

module test;

reg[63:0]ai,bi;reg clk,rst;

reg [127:0]ki;wire[63:0]ci;

mantis s1(clk,ai,bi,rst,ki,ci);

always #5 clk=~clk;

initial begin clk=0;

$monitor("%g %b %h %h %b %h %h",$time,clk,ai,bi,rst,ki,ci);

#5 rst=1'b1;

#5 rst=1'b0;

ai=64'h3b5c77a4921f9718;

bi=64'hba912e6f1055fed2;

ki=128'h92f09952c625e3e9d7a060f714c0292b;

end endmodule

Tags (1)
0 Kudos
6 Replies
Highlighted
Valued Contributor III
2 Views

S9 sets next state to s0. How long did you run the simulation for? 

 

Also, your verilog looks like you're writing some software. For loops get expanded during synthesis into parrellel or sequential circuits. Did you draw a diagram of your intended circuit design before you write any code?
0 Kudos
Highlighted
Valued Contributor III
2 Views

I kept it running. 

I needed round functions and inverse round functions to be repeated and them to use a round constant based on no of current round.That's why I used for loop. 

S0 doesn't have cipher ,ci and only s9 has it so would it matter. 

 

This simulation is working perfectly fine for me in modelsim. 

 

Only thing changed is replacing all inputs and output excluding clk to wire and not using a test bench.
0 Kudos
Highlighted
Valued Contributor III
2 Views

But you didn't answer the questions. 

Have you got a circuit diagram you used before you wrote the code?  

How long did you run the simulation for? You may not have run it very long, the simulation will likely slow the repeat. 

And the use of for loops implies you think this is software. Or is not. Software coding style will result in firmware that doesn't work well if it works at all. You really should study a good text book or tutorial on digital logic design.
0 Kudos
Highlighted
Valued Contributor III
2 Views

No,I don't have a circuit diagram.I coded this on the basis of a block diagram. 

 

Is using a for loop for repeating round functions bad? 

 

I know for loop doesn't work like software and circuit replicates.
0 Kudos
Highlighted
Valued Contributor III
2 Views

Like I said before, for loops unroll during synthesis to create ALL of the hardware needed to create the logic, they do not work in a temporal fashion like in software. For loops are generally used to replicate hardware. 

 

I highly suggest starting this again. Try to think about your circuit BEFORE you write any code. All of your assignments are blocking assignments - try and code the entire design with non-blocking assignments. As good practice, blocking assignments should only be used for wires/conitnuous assignments, with non-blocking for everything else.  

 

Your current design will have a very very slow fmax due to the huge amount of combinatorial logic it will employ.
0 Kudos
Highlighted
Valued Contributor III
2 Views

Ok thanks.

0 Kudos