Skip to main content
SpringerLink
Log in

Compact circuits for combined AES encryption/decryption

  • Regular Paper
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

The implementation of the AES encryption core by Moradi et al. at Eurocrypt 2011 is one of the smallest in terms of gate area. The circuit takes around 2400 gates and operates on an 8-bit datapath. However, this is an encryption-only core and unable to cater to block cipher modes like CBC and ELmD that require access to both the AES encryption and decryption modules. In this paper, we look to investigate whether the basic circuit of Moradi et al. can be tweaked to provide dual functionality of encryption and decryption (ENC/DEC) while keeping the hardware overhead as low as possible. We report two constructions of the AES circuit. The first is an 8-bit serialized implementation that provides the functionality of both encryption and decryption and occupies around 2605 GE with a latency of 226 cycles. This is a substantial improvement over the next smallest AES ENC/DEC circuit (Grain of Sand) by Feldhofer et al. which takes around 3400 gates but has a latency of over 1000 cycles for both the encryption and decryption cycles. In the second part, we optimize the above architecture to provide the dual encryption/decryption functionality in only 2227 GE and latency of 246/326 cycles for the encryption and decryption operations, respectively. We take advantage of clock gating techniques to achieve Shiftrow and Inverse Shiftrow operations in 3 cycles instead of 1. This helps us replace many of the scan flip-flops in the design with ordinary flip-flops. Furthermore, we take advantage of the fact that the Inverse Mixcolumn matrix in AES is the cube of the Forward Mixcolumn matrix. Thus by executing the Forward Mixcolumn operation three times over the state, one can achieve the functionality of Inverse Mixcolumn. This saves some more gate area as one is no longer required to have a combined implementation of the Forward and Inverse Mixcolumn circuit.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

Notes

  1. One way to achieve this is to use a gated clock which does not present a leading edge during the shiftrow period.

References

  1. Abed, F., Fluhrer, S., Foley, J., Forler, C., List, E., Lucks, S., Mcgrew, D., Wenzel, J.: The POET family of on-line authenticated encryption schemes. Submission to the CAESAR competition. https://competitions.cr.yp.to/round1/poetv101.pdf

  2. Andreeva, E., Bogdanov, A., Luykx, A., Mennink, B., Tischhauser, E., Yasuda, K.: AES-COPA v.1. Submission to the Caesar Compedition. http://competitions.cr.yp.to/round1/aescopav1.pdf

  3. Banik, S., Bogdanov, A., Regazzoni, F.: Exploring energy efficiency of lightweight block ciphers. In: SAC 2015. LNCS, vol. 9566, pp. 178–194. (2015)

  4. Banik, S., Bogdanov, A., Isobe, T., Shibutani, K., Hiwatari, H., Akishita, T., Regazzoni, F.: Midori: a block cipher for low energy. In: ASIACRYPT 2015. LNCS, vol. 9453, pp. 411–436. (2015)

  5. Banik, S., Bogdanov, A., Regazzoni, F., Isobe, T., Hiwatari, H., Akishita, T.: Round gating for low energy block ciphers. In: IEEE Hardware Oriented Security and Trust (HOST), pp. 55–60. (2016)

  6. Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The Simon and Speck families of lightweight block ciphers. In: IACR eprint archive. https://eprint.iacr.org/2013/404.pdf

  7. Bogdanov, A., Knudsen, L., Leander, G., Paar, C., Poschmann, A., Robshaw, M., Seurin, Y., C. Vikkelsoe. PRESENT: an ultra-lightweight block cipher. In: CHES 2007. LNCS, vol. 4727, pp. 450–466, 2007

  8. Borghoff, J., Canteaut, A., Güneysu, T., Kavun, E.B., Knežević, M., Knudsen, L.R., Leander, G., Nikov, V., Paar, C., Rechberger, C., Rombouts, P., Thomsen, S.S., Yalçin, T.: PRINCE—a low-latency block cipher for pervasive computing applications—extended abstract. In: Asiacrypt 2012. LNCS, vol. 7658, pp. 208–225 (2012)

  9. Boyar, J., Matthews, P., Peralta, R.: Logic minimization techniques with applications to cryptology. J. Cryptol. 26, 28–312 (2013)

    Article  MathSciNet  MATH  Google Scholar 

  10. Chodowiec, P., Gaj, K.: Very compact FPGA implementation of the AES algorithm. In: CHES 2003. LNCS, vol. 2779, pp. 319–333 (2003)

  11. Canright, D.: A very compact S-Box for AES. In: CHES 2005. LNCS, vol. 3659, pp. 441–455. (2005)

  12. De Cannière, C., Dunkelman, O., Knežević, M.: KATAN and KTANTAN—a family of small and efficient hardware-oriented block ciphers. In: CHES 2009. LNCS, vol. 5747, pp. 272–288. (2009)

  13. Daemen, J., Peeters, M., Assche, G.V., Rijmen, V.: Nessie Proposal: NOEKEON. http://gro.noekeon.org/Noekeon-spec.pdf

  14. Daemen, J., Rijmen, V.: The design of Rijndael: AES—the Advanced Encryption Standard. Springer, Berlin (2002)

  15. Datta, N., Nandi, M.: ELmD v1.0. Submission to the Caesar compedition. https://competitions.cr.yp.to/round1/elmdv10.pdf

  16. Dworkin, M.: Recommendation for block cipher modes of operation. NIST Special Publication 800-38A. http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf

  17. Feldhofer, M., Wolkerstorfer, J., Rijmen, V.: AES implementation on a grain of sand. IEEE Proc. Inf. Secur. 152(1), 13–20 (2005)

    Article  Google Scholar 

  18. Gong, Z., Nikova, S., Law, Y.W.: KLEIN: a new family of lightweight block ciphers. In: RFIDSec 2011. LNCS, vol. 7055, pp. 1–18. (2011)

  19. Guo, J., Peyrin, T., Poschmann, A., Robshaw, M.J.B.: The LED block cipher. In: CHES 2011. LNCS, vol. 6917, pp. 326–341. (2011)

  20. Hämäläinen, P., Alho, T., Hännikäinen, M., Hämäläinen, T.D.: Design and implementation of low-area and low-power AES encryption hardware core. In: DSD, pp. 577–583. (2006)

  21. Hong, D., Sung, J., Hong, S., Lim, J., Lee, S., Ko, B., Lee, C., Chang, D., Lee, J., Jeong, K., Kim, H., Kim, J., Chee, S.: HIGHT: a new block cipher suitable for low-resource device. In: CHES 2006. LNCS, vol. 4249, pp. 46–59. (2006)

  22. Lutz, A., Treichler, J., Gürkaynak, F., Kaeslin, H., Basler, G., Erni, A., Reichmuth, S., Rommens, P., Oetiker, S., Fichtner, W.: 2Gbit/s hardware realizations of RIJNDAEL and SERPENT: a comparative analysis. In: CHES 2002. LNCS, vol. 2523, pp. 144–158. (2002)

  23. Mathew, S., Satpathy, S., Suresh, V., Anders, M., Kaul, H., Agarwal, A., Hsu, S., Chen, G., Krishnamurthy, R.K.: 340 mV-1.1V, 289 Gbps/W, 2090-gate nanoAES hardware accelerator with area-optimized encrypt/decrypt GF(\(2^4\))\(^2\) polynomials in 22 nm tri-gate CMOS. IEEE J. Solid State Circuits 50, 1048–1058 (2015)

    Article  Google Scholar 

  24. Mentens, N., Batina, L., Preneel, B., Verbauwhede, I.: A systematic evaluation of compact hardware implementations for the Rijndael S-Box. In: CT-RSA 2005. LNCS, vol. 3376, pp. 323–333. (2005)

  25. Moradi, A., Poschmann, A., Ling, S., Paar, C., Wang, H.: Pushing the limits: a very compact and a threshold implementation of AES. In: Eurocrypt 2011. LNCS, vol. 6632, pp. 69–88. (2011)

  26. Satoh, A., Morioka, S., Takano, K., Munetoh, S.: A compact Rijndael hardware architecture with S-Box optimization. In: Asiacrypt 2001. LNCS, vol. 2248, pp. 239–254. (2001)

  27. Shibutani, K., Isobe, T., Hiwatari, H., Mitsuda, A., Akishita, T., Shirai, T.: Piccolo: an ultra-lightweight blockcipher. In: CHES 2011. LNCS, vol. 6917, pp. 342–357. (2011)

  28. Suzaki, T., Minematsu, K., Morioka, S., Kobayashi, E.: TWINE: a lightweight block cipher for multiple platforms. In: SAC 2012. LNCS, vol. 7707, pp. 339–354. (2012)

  29. Ueno, R., Morioka, S., Homma, N., Aoki, T.: A high throughput/gate AES hardware architecture by compressing encryption and decryption datapaths—toward efficient CBC-mode implementation. In: CHES 2016. LNCS, vol. 9813, pp. 538–558. (2016)

  30. Ueno, R., Homma, N., Sugawara, Y., Nogami, Y., Aoki, T.: Highly efficient GF(\(2^8\)) inversion circuit based on redundant GF arithmetic and its application to AES design. In: CHES 2015. LNCS, vol. 9293, pp. 63–80. (2015)

Download references

Author information

Authors and Affiliations

  1. LASEC, École Polytechnique Fédérale de Lausanne, Lausanne, Switzerland

    Subhadeep Banik

  2. DTU Compute, Technical University of Denmark, Lyngby, Denmark

    Andrey Bogdanov

  3. ALARI, University of Lugano, Lugano, Switzerland

    Francesco Regazzoni

Authors
  1. Subhadeep Banik
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andrey Bogdanov
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Francesco Regazzoni
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Subhadeep Banik.

Additional information

Sections 1, 2 and 3 appeared in the article “Atomic-AES: A Compact Implementation of the AES Encryption/Decryption” core accepted in Indocrypt 2016, LNCS 10095, pp. 173–190.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Banik, S., Bogdanov, A. & Regazzoni, F. Compact circuits for combined AES encryption/decryption. J Cryptogr Eng 9, 69–83 (2019). https://doi.org/10.1007/s13389-017-0176-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-017-0176-3

Keywords

Search

Navigation