Conference Paper

A Systematic Evaluation of Compact Hardware Implementations for the Rijndael S-Box

DOI: 10.1007/978-3-540-30574-3_22 Conference: Topics in Cryptology - CT-RSA 2005, The Cryptographers' Track at the RSA Conference 2005, San Francisco, CA, USA, February 14-18, 2005, Proceedings
Source: DBLP


This work proposes a compact implementation of the AES S-box using composite field arithmetic in GF(((22) 2 ) 2 ). It describes a sys- tematic exploration of different choices for the irreducible polynomials that generate the extension fields. It also examines all possible transfor- mation matrices that map one field representation to another. We show that the area of Satoh's S-box, which is the most compact to our knowl- edge, is at least 5% away from an optimal solution. We implemented this optimal solution and Satoh's design using a 0.18 µm standard cell library.

36 Reads
  • Source
    • "The Advanced Encryption Standard (AES), issued by the US National Institute of Standards and Technology (NIST) in 2011, is the dominant symmetric-key cryptosystem [1]. Numerous hardware implementations were proposed and their performance were evaluated using application-specific integrated circuit (ASIC) [2] and field programmable gate-array (FPGA) [3], [4]. However, all the previous research attempts to optimize AES-encrypted chips frequently fall back on refining the AES cores rather than on AES system as a whole; indeed, refining part of the system is useful, yet the focus, such as transfer efficiency and energy consumption, is still on bus architectures. "
    [Show description] [Hide description]
    DESCRIPTION: Security is becoming a de-facto requirement of embedded systems, leading up to a significant share of System-on-Chip design cost. To improve chip performance and the capabilities to provide efficient architectural support for Advanced Encryption Standard (AES), an advanced bus architecture (CDBUS) for AES-encrypted embedded systems is proposed in this paper. Then, different field-programmable gate array (FPGA) implementations, 32-, 64-, and 128-bit CDBUS Direct Memory Access (CDDMA) and Advanced eXensible Interface (AXI) DMA (ADMA) with full pipeline and maximum overlapping AES cores, are optimized and evaluated to identify the high-speed and low-power architectures for the embedded systems. The results show that the presented CDBUS structure outperforms the AXI design. As an example, the 128-bit CDDMA costs less in terms of hardware resources and achieves higher throughput (2.9 GBps) than the 128-bit ADMA, and the dynamic power consumed by the CDBUS cipher test is reduced to 84.8% compared with the AXI cipher test.
  • Source
    • ") into GF(2 2 ) operations. Satoh [6] and Mentens [7] further optimized the hardware implementation of AES S-box by applying a composite field with multiple extensions of smaller degrees. The tower field GF "
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper proposes a compact design of SMS4 S-box using combinational logic which is suitable for the implementation in area constraint environments like smart cards. The inversion algorithm of the proposed S-box is based on composite field GF(((22)2)2) using normal basis at all levels. In our approach, we examined all possible normal basis combinations having trace equal to one at each subfield level. There are 16 such possible combinations with normal basis and we have compared the S-box designs based on each case in terms of logic gates it uses for implementation. The isomorphism mapping and inverse mapping bit matrices are fully optimized using greedy algorithm. We prove that our best case reduces the complexity upon the SMS4 S-box design with existing inversion algorithm based on polynomial basis by 15% XOR and 42% AND gates.
  • Source
    • "Another aspect of our work is that we use composite field technologies to reduce the area requirement of AES. Several composite field implementations of AES are reported in [41] [42] [38] [48] [18] [35]. These circuits however are mostly reported in the context of ASIC AES implementations. "
    Conference Paper: Encrypting the Internet
    [Show abstract] [Hide abstract]
    ABSTRACT: End-to-end communication encryption is considered necessary for protecting the privacy of user data in the Internet. Only a small fraction of all Internet traffic, however, is protected today. The primary reason for this neglect is economic, mainly security protocol speed and cost. In this paper we argue that recent advances in the implementation of cryptographic algorithms can make general purpose processors capable of encrypting packets at line rates. This implies that the Internet can be gradually transformed to an information delivery infrastructure where all traffic is encrypted and authenticated. We justify our claim by presenting technologies that accelerate end-to-end encryption and authentication by a factor of 6 and a high performance TLS 1.2 protocol implementation that takes advantage of these innovations. Our implementation is available in the public domain for experimentation.
    Proceedings of the ACM SIGCOMM 2010 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, New Delhi, India, August 30 -September 3, 2010; 08/2010
Show more