Comparison of the Performance of Stream Ciphers for Wireless Communications Michalis D. GALANIS, mgalanis@vlsi.ee.upatras.gr Paris KITSOS, pkitsos@ee.upatras.gr Giorgos KOSTOPOULOS, gkostop@ee.upatras.gr Odysseas KOUFOPAVLOU, odysseas@ee.upatras.gr Costas E. GOUTIS, goutis@ee.upatras.gr VLSI Design Laboratory Electrical and Computer Engineering Department University of Patras, Rio 26500, Greece ABSTRACT In this paper, the hardware implementations of four representative stream ciphers are compared in terms of performance and consumed area. The ciphers used for this comparison are the A5/1, E0, RC4 and Helix. The first three ones have been used for the security part of well-known standards, especially in wireless ones, while the Helix cipher is a recently introduced fast, word oriented, stream cipher. The designs were coded using VHDL language. For the hardware implementation of the designs, an FPGA device was used. The implementation results illustrate the hardware performance of each cipher in terms of throughput-to-area ratio. This ratio equals to: 0.86 for the RC4, 0.21 for the E0, 5.88 for the A5/1, and 2.45 for the Helix cipher. Keywords: Cryptography, Security, Wireless protocols, Stream ciphers, Hardware performance, FPGA implementation. 1. INTRODUCTION Cryptographic algorithms are divided between those that are secret key or symmetric, and those that are public key or asymmetric. With the latter one, the sender uses publicly known information to send a message to the receiver. Then, the receiver uses secret information to recover the message. In secret key cryptography, the sender and receiver have previously agreed on some private information that they use for both encryption and decryption. Secret key cryptographic systems can be categorized into either block or stream ciphers. Block ciphers are memoryless algorithms that permute N-bit blocks of plaintext data under the influence of the secret key and generate N-bit blocks of encrypted data. Stream ciphers contain internal states and typically operate serially by generating a stream of pseudo-random key bits, the keystream (stream ciphers are also called keystream generators). The keystream is then bitwise XORed with the data to encrypt/decrypt. Stream ciphers do not suffer from the error propagation, as in the block ones, because each bit is independently encrypted/decrypted from any other. They are generally much faster than block ciphers and they have greater software efficiency. Due to these features stream ciphers have been the choice for several communication standards, especially the wireless ones like IEEE 802.11b [1] and Bluetooth [2]. There are numerous stream cipher algorithms. Four of them have been chosen, implemented in an FPGA device and compared in this paper. A5/1, E0 and RC4 are well-known stream ciphers since they have been specified in popular standards and protocols - the A5/1 in GSM [3], the E0 in Bluetooth [2], and the RC4 in IEEE 802.11b [1] and in other ones (e.g in Oracle secure SQL). Helix [4] is a word-oriented stream cipher, which provides a Message Authentication Code (MAC) function. Its functions are easily implemented and it is faster (in software implementations) than the best Advanced Encryption Standard (AES) implementation [4]. The rest of the paper is organized as follows. Section 2 describes the E0 cipher, while section 3 the A5/1. Sections 4 and 5 present the Helix and the RC4 ciphers, respectively. In section 6, the design issues for the hardware architectures of the considered ciphers are presented. Section 7 shows the implementation results in terms of performance and area consumption. Finally, section 8 draws the conclusions for the stream cipher comparison. 2. E0 CIPHER The encryption of packet payloads in Bluetooth is performed by the E0 stream cipher [2], which consists of three components, as illustrated in Figure 1. The first component is the payload key generator, which performs the initialization (payload key generation). The second