The Hardware Side of Cryptography

1 June 2010

Oldskool Memory Skrambler

Filed under: Uncategorized — Tags: , , , , , , — edipermadi @ 10:55 am

Memory scrambling is the process of messing up the contents of memory, either by remapping the adress, data encipherment or even both of them. The aim is to complicate data retrieval from memory, this is also useful to protect a small and sensitive stuff such as firmware.

The address remapping itself is nothing new, its actually a bijective mapping of plain address to scrambled address. In real life this keyed scrambling is made through the usage of block cipher. The mode could be enciphering or deciphering, since address scrambling is a one way mapping.

The content encipherment is working in the same way as address scrambling. It is also based on block cipher. However, content encipherment is sensitive to address and direction since the process must be able to recover the data stored at memory. The writing processis encipherment while the reading process is decipherment.

Now, let’s make it works. Supposed i have an oldskool 8051 development board with a 64 kilo-byte SRAM extension attached, and i wanted to protect the thing i stored in memory.

The 64 kbytes of SRAM takes 16-bits of address 8-bits of data with two additional control RD and WR. Here, as a prototype, we can use S-AES (a 16-bits block cipher with 16-bits of key) to scramble the address either in enciphering and deciphering mode. The 8-bits of content will be scrambled using S-DES (a 8-bits block cipher with 10-bits of key).

As a keying mechanism, the address scrambling will be keyed by a 17-bits key (16 from S-AES and 1 form encipherment/decipherment selection) while the content encipherment will be keyed by a 10-bits key with the addition of scrambled address to make the encipherment varies along the position. The total keyspace is 27-bit or about 128 million of combinations.

Here is the block diagram.

Oldskool SRAM Scrambler

In real life, we need such two microcontrollers with 32 bits GPIO. The first microcontroller is responsible of scrambling the address using S-AES while the other one is responsible of scrambling the content using S-DES.

Haha, you know this is kinda stupid implementation, 27 bits of keyspace is to easy to break. It takes several seconds in a fast computer to brute force all combination. It’s just like nothing but who care . I belief that this scheme works better at larger memory space such as 128-bit that enables the usage of AES.

I am currently developing the software for both microcontroller. I chose AVR for simplicity reason. The code will be posted here and hosted at


  1. Hi.

    When i googled up for prototypes of GRAIN cipher, your blogpage opened up as well. Do you mean to say S-AES is similar to GRAIN, because i think GRAIN is a stream cipher, whereas S-AES is a block cipher?

    I am looking for hardware implementations of TRIVIUM and GRAIN


    RA, IITM

    Comment by Paroma Datta — 19 October 2010 @ 4:45 pm

    • Hi Paroma. Thank you for visiting my blog.

      S-AES is simplified AES and its block cipher by itself. S stands for simplified, not stream. However, since the blocksize is 8-bit. S-AES can also be operated as byte oriented stream cipher as RC4

      Comment by edipermadi — 20 October 2010 @ 8:49 am

  2. Thanks for replying. I still am not clear about one thing. If S-AES can be used as a stream cipher is it similar to GRAIN or TRIVIUM?

    Comment by Paroma Datta — 20 October 2010 @ 12:48 pm

    • the only difference is the internal structure. s-aes uses substitution permutation (SP) structure while grain and trivium uses linear feedback shift register (LFSR) structure. in case of LFSR, you have to accumulate bits until 8 in order to generate byte stream while s-aes and rc4 can do it in 1 cipher cycle only.

      Comment by edipermadi — 21 October 2010 @ 9:41 am

  3. The implementation of GRAIN, TRIVIUM and S-AES would be the same then?

    Comment by Paroma Datta — 21 October 2010 @ 4:10 pm

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at

%d bloggers like this: