Conference Paper

A Systematic Evaluation of Compact Hardware Implementations for the Rijndael S-Box

University of Leuven, Louvain, Flanders, Belgium
DOI: 10.1007/978-3-540-30574-3_22 Conference: Topics in Cryptology - CT-RSA 2005, The Cryptographers' Track at the RSA Conference 2005, San Francisco, CA, USA, February 14-18, 2005, Proceedings
Source: DBLP


This work proposes a compact implementation of the AES S-box using composite field arithmetic in GF(((22) 2 ) 2 ). It describes a sys- tematic exploration of different choices for the irreducible polynomials that generate the extension fields. It also examines all possible transfor- mation matrices that map one field representation to another. We show that the area of Satoh's S-box, which is the most compact to our knowl- edge, is at least 5% away from an optimal solution. We implemented this optimal solution and Satoh's design using a 0.18 µm standard cell library.

Download full-text


Available from: Lejla Batina
  • Source
    • "The Advanced Encryption Standard (AES), issued by the US National Institute of Standards and Technology (NIST) in 2011, is the dominant symmetric-key cryptosystem [1]. Numerous hardware implementations were proposed and their performance were evaluated using application-specific integrated circuit (ASIC) [2] and field programmable gate-array (FPGA) [3], [4]. However, all the previous research attempts to optimize AES-encrypted chips frequently fall back on refining the AES cores rather than on AES system as a whole; indeed, refining part of the system is useful, yet the focus, such as transfer efficiency and energy consumption, is still on bus architectures. "
    [Show description] [Hide description]
    DESCRIPTION: Security is becoming a de-facto requirement of embedded systems, leading up to a significant share of System-on-Chip design cost. To improve chip performance and the capabilities to provide efficient architectural support for Advanced Encryption Standard (AES), an advanced bus architecture (CDBUS) for AES-encrypted embedded systems is proposed in this paper. Then, different field-programmable gate array (FPGA) implementations, 32-, 64-, and 128-bit CDBUS Direct Memory Access (CDDMA) and Advanced eXensible Interface (AXI) DMA (ADMA) with full pipeline and maximum overlapping AES cores, are optimized and evaluated to identify the high-speed and low-power architectures for the embedded systems. The results show that the presented CDBUS structure outperforms the AXI design. As an example, the 128-bit CDDMA costs less in terms of hardware resources and achieves higher throughput (2.9 GBps) than the 128-bit ADMA, and the dynamic power consumed by the CDBUS cipher test is reduced to 84.8% compared with the AXI cipher test.
    Full-text · Research · Sep 2015
  • Source
    • "Software implementations are also available due to their flexibility, convenience and inherited ease of up gradation [12]. ASIC provides a low power design but lacks of flexibility and short time to market [22] [23] [24] [25]. This paper proposes an approach to combine the general purpose processor with the crypto co-processor. "
    [Show abstract] [Hide abstract]
    ABSTRACT: In this paper, we propose a parameterized crypto co-processor based on Advanced Encryption Standard (AES). This parameterized AES module is combined with a 32-bit general purpose 5-stage pipelined MIPS processor. The AES module used in this paper is fully pipelined. The processor fetches an instruction from the instruction memory and sends it to the decode stage. If the instruction is the crypto instruction it is pushed into the AES module during the decode stage. However if the instruction belongs to the MIPS processor, the remaining cycles will be completed on the MIPS processor. The parameterized AES module has different latencies on different rounds of AES according to the application requirements. The effects of different number of rounds on latency, memory, and area are studied and reported.
    Full-text · Article · Oct 2014
  • Source
    • ") into GF(2 2 ) operations. Satoh [6] and Mentens [7] further optimized the hardware implementation of AES S-box by applying a composite field with multiple extensions of smaller degrees. The tower field GF "
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper proposes a compact design of SMS4 S-box using combinational logic which is suitable for the implementation in area constraint environments like smart cards. The inversion algorithm of the proposed S-box is based on composite field GF(((22)2)2) using normal basis at all levels. In our approach, we examined all possible normal basis combinations having trace equal to one at each subfield level. There are 16 such possible combinations with normal basis and we have compared the S-box designs based on each case in terms of logic gates it uses for implementation. The isomorphism mapping and inverse mapping bit matrices are fully optimized using greedy algorithm. We prove that our best case reduces the complexity upon the SMS4 S-box design with existing inversion algorithm based on polynomial basis by 15% XOR and 42% AND gates.
    Full-text · Article · Jan 2011
Show more