Springer Nature is making SARS-CoV-2 and COVID-19 research free. View research | View latest news | Sign up for updates

Performance Characterization of AES Datapath Architectures in 90-nm Standard Cell CMOS Technology

  • 272 Accesses

Abstract

In this paper, we characterize the performance of datapath architectures of the Advanced Encryption Standard (AES). These architectures are parameterized by a datapath width of 8, 16, 32, 64, or 128 bits and, for the 128-bit width, an unrolling factor of 1, 2, 5 or 10. Composite field S-boxes are adopted for all the architectures and shift registers based ShiftRows and MixColumns components are used for architectures with datapath widths of less than 128 bits. Their performance in terms of area, peak power and average energy is benchmarked using a 90-nm standard cell CMOS technology under a variety of throughput requirements. Through this characterization, the performance trade-offs affected by the architecture parameters are extensively explored. The parameters leading to the best performance are identified. It is found that the 8-bit width datapath, which is conventionally adopted for resource efficient purposes, has the worst energy efficiency and does not result in the minimal peak power among the architectures. As well, the 16, 32 and 64-bit width AES datapath architectures are newly considered or represent improvements over previous work.

This is a preview of subscription content, log in to check access.

Figure 1
Figure 2
Figure 3
Figure 4
Figure 5
Figure 6

References

  1. 1.

    US Natl Inst. of Standards and Technology (2001). Federal information processing standard 197: Advanced Encryption Standard.

  2. 2.

    Zhang, X., & Parhi, K.K. (2004). High-speed VLSI architectures for the AES algorithm. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, 12(9), 957–967.

  3. 3.

    Hodjat, A., & Verbauwhede, I. (2006). Area-throughput trade-offs for fully pipelined 30 to 70 Gbits/s AES processors. IEEE Transactions on Computers, 55(4), 366–372.

  4. 4.

    Hämäläinen, P., Alho, T., Hännikäinen, M., Hämäläinen, T.D. (2006). Design and implementation of low-area and low-power aes encryption hardware core. In The 9th EUROMICRO conference on digital system design (DSD 2006) (pp. 577–583).

  5. 5.

    Good, T., & Benaissa, M. (2010). 692-nW advanced encryption standard (AES) on a 0.13-μm CMOS. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, 18(12), 1753–1757.

  6. 6.

    Zambreno, J., Nguyen, D., Choudhary, A. (2004). Exploring area/delay tradeoffs in an AES FPGA implementation. In The 14th annual international conference on field-programmable logic and applications (FPL 2004) (pp. 575–585).

  7. 7.

    Stallings, W. (2005). Cryptography and network security. 4th Edn. Prentice Hall.

  8. 8.

    Wolkerstorfer, J., Oswald, E., Lamberger, M. (2002). An ASIC implementation of the AES SBoxes. In Topics in cryptology (CT-RSA 2002) (Vol. 2271, pp. 67–78). Lecture Notes in Computer Science. Springer

  9. 9.

    Tillich, S., Feldhofer, M., Popp, T., Großschädl, J. (2008). Area, delay, and power characteristics of standard-cell implementations of the AES S-Box. Journal of Signal Processing Systems, 50(2), 251–261.

  10. 10.

    Bertoni, G., Macchetti, M., Negri, L., Fragneto, P. (2004). Power efficient ASIC synthesis of cryptographic Sboxes. In The 14th ACM Great Lakes symposium on VLSI (GLSVLSI 2004) (pp. 277–281). ACM Press.

  11. 11.

    Feldhofer, M., Wolkerstorfer, J., Rijmen, V. (2005). AES implementation on a grain of sand. IEE Proceedings on Information Security, 152(1), 13–20.

  12. 12.

    Canright, D. (2005). A very compact S-Box for AES. Cryptographic hardware and embedded systems (CHES 2005) (Vol. 3659, pp. 441–455). Lecture Notes in Computer Science. Springer.

  13. 13.

    Satoh, A., Morioka, S., Takano, K., Munetoh, S. (2001). A compact Rijndael hardware architecture with S-Box optimization. Advances in cryptology ASIACRYPT 2001 (Vol. 2248, pp. 239–254). Lecture Notes in Computer Science. Springer.

  14. 14.

    Rudra, A., Dubey, P.K., Jutla, C.S., Kumar, V., Rao, J.R., Rohatgi, P. (2001). Efficient Rijndael encryption implementation with composite field arithmetic. In Cryptographic hardware and embedded systems (CHES 2001) (pp. 171–184). Lecture Notes in Computer Science. Springer.

  15. 15.

    Zhang, X., & Parhi, K.K. (2006). On the optimum constructions of composite field for the AES algorithm. IEEE Transactions on Circuits and Systems II: Express Briefs, 53(10), 1153–1157.

  16. 16.

    Nikova, S., Rijmen, V., Schlaffer, M. (2008). Using normal bases for compact hardware implementations of the AES S-Box. In The 6th conference on security and cryptography for networks (SCN 2008) (pp. 236–245).

  17. 17.

    Kermani, M.M., & Reyhani-Masoleh, A. (2009). A low-cost S-box for the advanced encryption standard using normal basis. In The IEEE international conference on electro/information technology (EIT 2009) (pp. 52–55).

  18. 18.

    Nogami, Y., Nekado, K., Toyota, T., Hongo, N., Morikawa, Y. (2010). Mixed bases for efficienct inversion in F((22)2)2 and conversion matrices of subbytes of AES. Cryptographic hardware and embedded systems (CHES 2010) (Vol. 6225, pp. 234–247). Lecture Notes in Computer Science. Springer.

  19. 19.

    Hämäläinen, P., Alho, T., Hännikäinen, M., Hämäläinen, T.D., Jävinen, T., Salmela, P., Hämäläinen, P., Takala, J. (2005). Efficient byte permutation realizations for compact AES implementations. In 13th European signal processing conference (EUSIPCO 2005).

  20. 20.

    Mangard, S., Aigner, M., Dominikus, S. (2003). A highly regular and scalable AES hardware architecture. IEEE Transactions on Computers, 52(4), 483–491.

  21. 21.

    Chodowiec, P., & Gaj, K. (2003). Very compact FPGA implementation of the AES algorithm. In Cryptographic hardware and embedded systems (CHES 2003) (Vol. 2779 pp. 319–333). Lecture Notes in Computer Science. Springer.

  22. 22.

    Pramstaller, N., & Wolkerstorfer, J. (2004). A universal and efficient AES co-processor for field programmable logic arrays. The 14th annual international conference on field-programmable logic and applications (FPL 2004) (pp. 565–574).

  23. 23.

    Chang, C., Huang, C., Chang, K., Chen, Y., Hsieh, C. (2008). High throughput 32-bit AES implementation in FPGA. The 9th IEEE Asia Pacific conference on circuits and systems (APCCAS 2008) (pp. 1806–1809).

  24. 24.

    Synopsys, Design compiler user guide version D-2010.03-SP2 (2010).

  25. 25.

    Synopsys, PrimeTime PX user guide version D-2010.06 (2010).

Download references

Acknowledgments

This work was funded by the Natural Sciences and Engineering Research Council of Canada (NSERC) and facilitated by tools provided by CMC Microsystems.

Author information

Correspondence to Howard M. Heys.

Appendices

Appendix A: Description of the Operationof the ShiftRows Components

The operation of the ShiftRows components shown in Fig. 3 is controlled through the multiplexers. All the 8-bit registers are driven with a continuous clock. In order to demonstrate the operation of these components, the contents of the registers at some selected clock cycles are shown in Tables 101112 and 13 for Fig. 3a, b, c and d, respectively, where the first clock cycle is denoted as CC00 and the p-th clock cycle after CC00 is denoted as CCp. The content of a register is a byte of the State following the notation in Fig. 1, where the primed State bytes represent values following the application of the ShiftRows operation.

Table 10 Contents of the registers of the 8-bit width ShiftRows component at the selected clock cycles.
Table 11 Contents of the registers of the 16-bit width ShiftRows component at the selected clock cycles.
Table 12 Contents of the registers of the 32-bit width ShiftRows component at the selected clock cycles.
Table 13 Contents of the registers of the 64-bit width ShiftRows component at the selected clock cycles.

Appendix B: Description of the Operationof the MixColumns Components

The operation of the MixColumns components shown in Fig. 4 is controlled through the multiplexers and the AND gates. All the 8-bit registers are driven with a continuous clock. In order to demonstrate the operation of these components, the contents of the registers at the clock cycles of an operation are shown in Tables 1415 and 16 for Fig. 4a, b and c, respectively, where the first clock cycle is denoted as CC00 and the p-th clock cycle after CC00 is denoted as CCp. The content of a register is a byte following the notation in (1).

Table 14 Contents of the registers of the 8-bit width MixColumns component for the clock cycles during a complete operation (\(m=n+1\)).
Table 15 Contents of the registers of the 16-bit width MixColumns component for the clock cycles during a complete operation (\(m=n+1\)).
Table 16 Contents of the registers of the 32-bit width MixColumns component for the clock cycles during a complete operation.

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Wang, C., Heys, H.M. Performance Characterization of AES Datapath Architectures in 90-nm Standard Cell CMOS Technology. J Sign Process Syst 75, 217–231 (2014). https://doi.org/10.1007/s11265-013-0788-5

Download citation

Keywords

  • Advanced Encryption Standard
  • VLSI architecture
  • Hardware implementation
  • ASIC