Journal of Cryptographic Engineering

, Volume 9, Issue 1, pp 69–83 | Cite as

Compact circuits for combined AES encryption/decryption

  • Subhadeep BanikEmail author
  • Andrey Bogdanov
  • Francesco Regazzoni
Regular Paper


The implementation of the AES encryption core by Moradi et al. at Eurocrypt 2011 is one of the smallest in terms of gate area. The circuit takes around 2400 gates and operates on an 8-bit datapath. However, this is an encryption-only core and unable to cater to block cipher modes like CBC and ELmD that require access to both the AES encryption and decryption modules. In this paper, we look to investigate whether the basic circuit of Moradi et al. can be tweaked to provide dual functionality of encryption and decryption (ENC/DEC) while keeping the hardware overhead as low as possible. We report two constructions of the AES circuit. The first is an 8-bit serialized implementation that provides the functionality of both encryption and decryption and occupies around 2605 GE with a latency of 226 cycles. This is a substantial improvement over the next smallest AES ENC/DEC circuit (Grain of Sand) by Feldhofer et al. which takes around 3400 gates but has a latency of over 1000 cycles for both the encryption and decryption cycles. In the second part, we optimize the above architecture to provide the dual encryption/decryption functionality in only 2227 GE and latency of 246/326 cycles for the encryption and decryption operations, respectively. We take advantage of clock gating techniques to achieve Shiftrow and Inverse Shiftrow operations in 3 cycles instead of 1. This helps us replace many of the scan flip-flops in the design with ordinary flip-flops. Furthermore, we take advantage of the fact that the Inverse Mixcolumn matrix in AES is the cube of the Forward Mixcolumn matrix. Thus by executing the Forward Mixcolumn operation three times over the state, one can achieve the functionality of Inverse Mixcolumn. This saves some more gate area as one is no longer required to have a combined implementation of the Forward and Inverse Mixcolumn circuit.


AES 128 Combined encryption/decryption Lightweight Cryptography Serialized implementation 


  1. 1.
    Abed, F., Fluhrer, S., Foley, J., Forler, C., List, E., Lucks, S., Mcgrew, D., Wenzel, J.: The POET family of on-line authenticated encryption schemes. Submission to the CAESAR competition.
  2. 2.
    Andreeva, E., Bogdanov, A., Luykx, A., Mennink, B., Tischhauser, E., Yasuda, K.: AES-COPA v.1. Submission to the Caesar Compedition.
  3. 3.
    Banik, S., Bogdanov, A., Regazzoni, F.: Exploring energy efficiency of lightweight block ciphers. In: SAC 2015. LNCS, vol. 9566, pp. 178–194. (2015)Google Scholar
  4. 4.
    Banik, S., Bogdanov, A., Isobe, T., Shibutani, K., Hiwatari, H., Akishita, T., Regazzoni, F.: Midori: a block cipher for low energy. In: ASIACRYPT 2015. LNCS, vol. 9453, pp. 411–436. (2015)Google Scholar
  5. 5.
    Banik, S., Bogdanov, A., Regazzoni, F., Isobe, T., Hiwatari, H., Akishita, T.: Round gating for low energy block ciphers. In: IEEE Hardware Oriented Security and Trust (HOST), pp. 55–60. (2016)Google Scholar
  6. 6.
    Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The Simon and Speck families of lightweight block ciphers. In: IACR eprint archive.
  7. 7.
    Bogdanov, A., Knudsen, L., Leander, G., Paar, C., Poschmann, A., Robshaw, M., Seurin, Y., C. Vikkelsoe. PRESENT: an ultra-lightweight block cipher. In: CHES 2007. LNCS, vol. 4727, pp. 450–466, 2007Google Scholar
  8. 8.
    Borghoff, J., Canteaut, A., Güneysu, T., Kavun, E.B., Knežević, M., Knudsen, L.R., Leander, G., Nikov, V., Paar, C., Rechberger, C., Rombouts, P., Thomsen, S.S., Yalçin, T.: PRINCE—a low-latency block cipher for pervasive computing applications—extended abstract. In: Asiacrypt 2012. LNCS, vol. 7658, pp. 208–225 (2012)Google Scholar
  9. 9.
    Boyar, J., Matthews, P., Peralta, R.: Logic minimization techniques with applications to cryptology. J. Cryptol. 26, 28–312 (2013)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Chodowiec, P., Gaj, K.: Very compact FPGA implementation of the AES algorithm. In: CHES 2003. LNCS, vol. 2779, pp. 319–333 (2003)Google Scholar
  11. 11.
    Canright, D.: A very compact S-Box for AES. In: CHES 2005. LNCS, vol. 3659, pp. 441–455. (2005)Google Scholar
  12. 12.
    De Cannière, C., Dunkelman, O., Knežević, M.: KATAN and KTANTAN—a family of small and efficient hardware-oriented block ciphers. In: CHES 2009. LNCS, vol. 5747, pp. 272–288. (2009)Google Scholar
  13. 13.
    Daemen, J., Peeters, M., Assche, G.V., Rijmen, V.: Nessie Proposal: NOEKEON.
  14. 14.
    Daemen, J., Rijmen, V.: The design of Rijndael: AES—the Advanced Encryption Standard. Springer, Berlin (2002)Google Scholar
  15. 15.
    Datta, N., Nandi, M.: ELmD v1.0. Submission to the Caesar compedition.
  16. 16.
    Dworkin, M.: Recommendation for block cipher modes of operation. NIST Special Publication 800-38A.
  17. 17.
    Feldhofer, M., Wolkerstorfer, J., Rijmen, V.: AES implementation on a grain of sand. IEEE Proc. Inf. Secur. 152(1), 13–20 (2005)CrossRefGoogle Scholar
  18. 18.
    Gong, Z., Nikova, S., Law, Y.W.: KLEIN: a new family of lightweight block ciphers. In: RFIDSec 2011. LNCS, vol. 7055, pp. 1–18. (2011)Google Scholar
  19. 19.
    Guo, J., Peyrin, T., Poschmann, A., Robshaw, M.J.B.: The LED block cipher. In: CHES 2011. LNCS, vol. 6917, pp. 326–341. (2011)Google Scholar
  20. 20.
    Hämäläinen, P., Alho, T., Hännikäinen, M., Hämäläinen, T.D.: Design and implementation of low-area and low-power AES encryption hardware core. In: DSD, pp. 577–583. (2006)Google Scholar
  21. 21.
    Hong, D., Sung, J., Hong, S., Lim, J., Lee, S., Ko, B., Lee, C., Chang, D., Lee, J., Jeong, K., Kim, H., Kim, J., Chee, S.: HIGHT: a new block cipher suitable for low-resource device. In: CHES 2006. LNCS, vol. 4249, pp. 46–59. (2006)Google Scholar
  22. 22.
    Lutz, A., Treichler, J., Gürkaynak, F., Kaeslin, H., Basler, G., Erni, A., Reichmuth, S., Rommens, P., Oetiker, S., Fichtner, W.: 2Gbit/s hardware realizations of RIJNDAEL and SERPENT: a comparative analysis. In: CHES 2002. LNCS, vol. 2523, pp. 144–158. (2002)Google Scholar
  23. 23.
    Mathew, S., Satpathy, S., Suresh, V., Anders, M., Kaul, H., Agarwal, A., Hsu, S., Chen, G., Krishnamurthy, R.K.: 340 mV-1.1V, 289 Gbps/W, 2090-gate nanoAES hardware accelerator with area-optimized encrypt/decrypt GF(\(2^4\))\(^2\) polynomials in 22 nm tri-gate CMOS. IEEE J. Solid State Circuits 50, 1048–1058 (2015)CrossRefGoogle Scholar
  24. 24.
    Mentens, N., Batina, L., Preneel, B., Verbauwhede, I.: A systematic evaluation of compact hardware implementations for the Rijndael S-Box. In: CT-RSA 2005. LNCS, vol. 3376, pp. 323–333. (2005)Google Scholar
  25. 25.
    Moradi, A., Poschmann, A., Ling, S., Paar, C., Wang, H.: Pushing the limits: a very compact and a threshold implementation of AES. In: Eurocrypt 2011. LNCS, vol. 6632, pp. 69–88. (2011)Google Scholar
  26. 26.
    Satoh, A., Morioka, S., Takano, K., Munetoh, S.: A compact Rijndael hardware architecture with S-Box optimization. In: Asiacrypt 2001. LNCS, vol. 2248, pp. 239–254. (2001)Google Scholar
  27. 27.
    Shibutani, K., Isobe, T., Hiwatari, H., Mitsuda, A., Akishita, T., Shirai, T.: Piccolo: an ultra-lightweight blockcipher. In: CHES 2011. LNCS, vol. 6917, pp. 342–357. (2011)Google Scholar
  28. 28.
    Suzaki, T., Minematsu, K., Morioka, S., Kobayashi, E.: TWINE: a lightweight block cipher for multiple platforms. In: SAC 2012. LNCS, vol. 7707, pp. 339–354. (2012)Google Scholar
  29. 29.
    Ueno, R., Morioka, S., Homma, N., Aoki, T.: A high throughput/gate AES hardware architecture by compressing encryption and decryption datapaths—toward efficient CBC-mode implementation. In: CHES 2016. LNCS, vol. 9813, pp. 538–558. (2016)Google Scholar
  30. 30.
    Ueno, R., Homma, N., Sugawara, Y., Nogami, Y., Aoki, T.: Highly efficient GF(\(2^8\)) inversion circuit based on redundant GF arithmetic and its application to AES design. In: CHES 2015. LNCS, vol. 9293, pp. 63–80. (2015)Google Scholar

Copyright information

© Springer-Verlag GmbH Germany 2017

Authors and Affiliations

  • Subhadeep Banik
    • 1
    Email author
  • Andrey Bogdanov
    • 2
  • Francesco Regazzoni
    • 3
  1. 1.LASEC, École Polytechnique Fédérale de LausanneLausanneSwitzerland
  2. 2.DTU Compute, Technical University of DenmarkLyngbyDenmark
  3. 3.ALARI, University of LuganoLuganoSwitzerland

Personalised recommendations