ChaChaChip

Inspiration

What inspired us as regular credit and debit card users was our curiosity as to what happens behind the chip on our cards during each transaction. Diving more into cryptography and validation, we found different methods of validating credit card numbers like the Luhn algorithm, IIN validation (Issuer Identification Number) , tokenization, and AVS. We then wanted to extend the scope to not only validation, but also encryption and decryption, to utilize more of the computational abilities of an ASIC. We chose ChaCha20, a stream cipher that generates a keystream by performing multiple rounds of Adding, XOR'ing, and Rotating (AXR) operations on a 512 bit state matrix. The generated keystream is XOR'd with the input data to produce encrypted output. Decryption is performed by XOR'ing the encrypted data with the same keystream again. This inspired us to build ChaChaChip: a hardware cryptographic co-processor that validates and encrypts card data.

What it does

It checks if a 16 digit credit card number is a valid number using the Luhn algorithm. It then checks if the card belongs to an established bank using IIN verification. The number, along with other user information, like the security code, is then encrypted using ChaCha20. Finally, we decrypt the stream of data.

How we built it

We settled on the Luhn algorithm and IIN validation methods and built them using purely combinational circuits. Our ChaCha20 is a sequential circuit that calls upon AXR operations on the columns and diagonals of a state matrix. A top-level controller integrates validation and encryption stages into a structured pipeline. The design is modular, allowing each block to be tested independently before integration.

Challenges we ran into

Finding a suitable database to use for IIN validation was a challenge as we had to ensure the data was accurate, up-to-date, and realistically usable within a hardware context. Most official IIN databases are proprietary, paid, or restricted for security reasons, which made it difficult to access a comprehensive dataset for testing. Another challenge was integration. Because different modules were developed independently, we faced mismatches in signal widths, data formats, and interface assumptions. Debugging these integration issues required redesigning parts of the top-level architecture.

Accomplishments that we're proud of

We successfully implemented both structural validation (Luhn + IIN) and hardware encryption in a single ASIC-oriented design. We designed a working sequential ChaCha20 core using AXR logic and created a modular architecture that cleanly separates validation and encryption stages. Demonstrated full encryption to decryption correctness and fluidity.

What we learned

Through building ChaChaChip, we learned that real world payment systems are much more complex than they seem from the outside. Something as simple as “entering a card number” actually involves multiple stages of validation and security working together. One of the biggest lessons was how important clean module interfaces are in hardware projects. Even when individual blocks work perfectly on their own, small mismatches in input/output variables or formatting can cause major integration headaches. Overall, this project taught us that integration, debugging, and architectural decisions are often harder than just writing the core logic.

What's next for ChaChaChip

Going forward, we want to make ChaChaChip more realistic and closer to real payment hardware. We plan to expand the IIN system using a ROM-based lookup and explore adding tokenization to better reflect how modern systems protect card data. On the cryptography side, we’d like to improve key storage and optimize our ChaCha20 core for area and speed, and potentially run it through a Sky130/OpenLane flow to move closer to tapeout-level design. Eventually, integrating NFC input would make the system feel even more authentic.

Built With

• cognichipai
• systemverilog
• verilog