In this paper, we characterize the performance of datapath architectures of the Advanced Encryption Standard (AES). These architectures are parameterized by a datapath width of 8, 16, 32, 64, or 128 bits and, for the 128-bit width, an unrolling factor of 1, 2, 5 or 10. Composite field S-boxes are adopted for all the architectures and shift registers based ShiftRows and MixColumns components are used for architectures with datapath widths of less than 128 bits. Their performance in terms of area, peak power and average energy is benchmarked using a 90-nm standard cell CMOS technology under a variety of throughput requirements. Through this characterization, the performance trade-offs affected by the architecture parameters are extensively explored. The parameters leading to the best performance are identified. It is found that the 8-bit width datapath, which is conventionally adopted for resource efficient purposes, has the worst energy efficiency and does not result in the minimal peak power among the architectures. As well, the 16, 32 and 64-bit width AES datapath architectures are newly considered or represent improvements over previous work.
This is a preview of subscription content, log in to check access.
Buy single article
Instant access to the full article PDF.
Price includes VAT for USA
Subscribe to journal
Immediate online access to all issues from 2019. Subscription will auto renew annually.
This is the net price. Taxes to be calculated in checkout.
US Natl Inst. of Standards and Technology (2001). Federal information processing standard 197: Advanced Encryption Standard.
Zhang, X., & Parhi, K.K. (2004). High-speed VLSI architectures for the AES algorithm. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, 12(9), 957–967.
Hodjat, A., & Verbauwhede, I. (2006). Area-throughput trade-offs for fully pipelined 30 to 70 Gbits/s AES processors. IEEE Transactions on Computers, 55(4), 366–372.
Hämäläinen, P., Alho, T., Hännikäinen, M., Hämäläinen, T.D. (2006). Design and implementation of low-area and low-power aes encryption hardware core. In The 9th EUROMICRO conference on digital system design (DSD 2006) (pp. 577–583).
Good, T., & Benaissa, M. (2010). 692-nW advanced encryption standard (AES) on a 0.13-μm CMOS. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, 18(12), 1753–1757.
Zambreno, J., Nguyen, D., Choudhary, A. (2004). Exploring area/delay tradeoffs in an AES FPGA implementation. In The 14th annual international conference on field-programmable logic and applications (FPL 2004) (pp. 575–585).
Stallings, W. (2005). Cryptography and network security. 4th Edn. Prentice Hall.
Wolkerstorfer, J., Oswald, E., Lamberger, M. (2002). An ASIC implementation of the AES SBoxes. In Topics in cryptology (CT-RSA 2002) (Vol. 2271, pp. 67–78). Lecture Notes in Computer Science. Springer
Tillich, S., Feldhofer, M., Popp, T., Großschädl, J. (2008). Area, delay, and power characteristics of standard-cell implementations of the AES S-Box. Journal of Signal Processing Systems, 50(2), 251–261.
Bertoni, G., Macchetti, M., Negri, L., Fragneto, P. (2004). Power efficient ASIC synthesis of cryptographic Sboxes. In The 14th ACM Great Lakes symposium on VLSI (GLSVLSI 2004) (pp. 277–281). ACM Press.
Feldhofer, M., Wolkerstorfer, J., Rijmen, V. (2005). AES implementation on a grain of sand. IEE Proceedings on Information Security, 152(1), 13–20.
Canright, D. (2005). A very compact S-Box for AES. Cryptographic hardware and embedded systems (CHES 2005) (Vol. 3659, pp. 441–455). Lecture Notes in Computer Science. Springer.
Satoh, A., Morioka, S., Takano, K., Munetoh, S. (2001). A compact Rijndael hardware architecture with S-Box optimization. Advances in cryptology ASIACRYPT 2001 (Vol. 2248, pp. 239–254). Lecture Notes in Computer Science. Springer.
Rudra, A., Dubey, P.K., Jutla, C.S., Kumar, V., Rao, J.R., Rohatgi, P. (2001). Efficient Rijndael encryption implementation with composite field arithmetic. In Cryptographic hardware and embedded systems (CHES 2001) (pp. 171–184). Lecture Notes in Computer Science. Springer.
Zhang, X., & Parhi, K.K. (2006). On the optimum constructions of composite field for the AES algorithm. IEEE Transactions on Circuits and Systems II: Express Briefs, 53(10), 1153–1157.
Nikova, S., Rijmen, V., Schlaffer, M. (2008). Using normal bases for compact hardware implementations of the AES S-Box. In The 6th conference on security and cryptography for networks (SCN 2008) (pp. 236–245).
Kermani, M.M., & Reyhani-Masoleh, A. (2009). A low-cost S-box for the advanced encryption standard using normal basis. In The IEEE international conference on electro/information technology (EIT 2009) (pp. 52–55).
Nogami, Y., Nekado, K., Toyota, T., Hongo, N., Morikawa, Y. (2010). Mixed bases for efficienct inversion in F((22)2)2 and conversion matrices of subbytes of AES. Cryptographic hardware and embedded systems (CHES 2010) (Vol. 6225, pp. 234–247). Lecture Notes in Computer Science. Springer.
Hämäläinen, P., Alho, T., Hännikäinen, M., Hämäläinen, T.D., Jävinen, T., Salmela, P., Hämäläinen, P., Takala, J. (2005). Efficient byte permutation realizations for compact AES implementations. In 13th European signal processing conference (EUSIPCO 2005).
Mangard, S., Aigner, M., Dominikus, S. (2003). A highly regular and scalable AES hardware architecture. IEEE Transactions on Computers, 52(4), 483–491.
Chodowiec, P., & Gaj, K. (2003). Very compact FPGA implementation of the AES algorithm. In Cryptographic hardware and embedded systems (CHES 2003) (Vol. 2779 pp. 319–333). Lecture Notes in Computer Science. Springer.
Pramstaller, N., & Wolkerstorfer, J. (2004). A universal and efficient AES co-processor for field programmable logic arrays. The 14th annual international conference on field-programmable logic and applications (FPL 2004) (pp. 565–574).
Chang, C., Huang, C., Chang, K., Chen, Y., Hsieh, C. (2008). High throughput 32-bit AES implementation in FPGA. The 9th IEEE Asia Pacific conference on circuits and systems (APCCAS 2008) (pp. 1806–1809).
Synopsys, Design compiler user guide version D-2010.03-SP2 (2010).
Synopsys, PrimeTime PX user guide version D-2010.06 (2010).
This work was funded by the Natural Sciences and Engineering Research Council of Canada (NSERC) and facilitated by tools provided by CMC Microsystems.
Appendix A: Description of the Operationof the ShiftRows Components
The operation of the ShiftRows components shown in Fig. 3 is controlled through the multiplexers. All the 8-bit registers are driven with a continuous clock. In order to demonstrate the operation of these components, the contents of the registers at some selected clock cycles are shown in Tables 10, 11, 12 and 13 for Fig. 3a, b, c and d, respectively, where the first clock cycle is denoted as CC00 and the p-th clock cycle after CC00 is denoted as CCp. The content of a register is a byte of the State following the notation in Fig. 1, where the primed State bytes represent values following the application of the ShiftRows operation.
Appendix B: Description of the Operationof the MixColumns Components
The operation of the MixColumns components shown in Fig. 4 is controlled through the multiplexers and the AND gates. All the 8-bit registers are driven with a continuous clock. In order to demonstrate the operation of these components, the contents of the registers at the clock cycles of an operation are shown in Tables 14, 15 and 16 for Fig. 4a, b and c, respectively, where the first clock cycle is denoted as CC00 and the p-th clock cycle after CC00 is denoted as CCp. The content of a register is a byte following the notation in (1).
About this article
Cite this article
Wang, C., Heys, H.M. Performance Characterization of AES Datapath Architectures in 90-nm Standard Cell CMOS Technology. J Sign Process Syst 75, 217–231 (2014). https://doi.org/10.1007/s11265-013-0788-5
- Advanced Encryption Standard
- VLSI architecture
- Hardware implementation