An Optimized S-Box Circuit Architecture for Low Power AES Design
Reducing the power consumption of AES circuits is a critical problem when the circuits are used in low power embedded systems. We found the S-Boxes consume much of the total AES circuit power and the power for an S-Box is mostly determined by the number of dynamic hazards. In this paper, we propose a low-power S-Box circuit architecture: a multi-stage PPRM architecture over composite fields. In this S-Box, (i) the signal arrival times of gates are as close as possible if the depths of the gates from the primary inputs are the same, and (ii) the hazard-transparent XOR gates are located after the other gates that may block the hazards. A low power consumption of 29 μW at 10 MHz using 0.13 μm 1.5V CMOS technology was achieved, while the consumptions of the BDD, SOP, and composite field S-Boxes are 275, 95, and 136 μW, respectively.
KeywordsPower Consumption Advance Encryption Standard Composite Field Galois Field Circuit Size
- 1.J. Daemen and V. Rijmen, “AES Proposal: Rijndael,” http://csrc.nist.gov/ encryption/aes/rijndael/Rijndael.pdf.
- 2.National Institute of Standards and Technology (NIST), “Advanced Encryption Standard (AES)”, FIPS Publication 197, http://csrc.nist.gov/encryption/ aes/index.html, Nov. 2001.
- 3.H. Kuo et al., “Architectural Optimization for a 1.82 Gbits/sec VLSI Implementation of the AES Rijndael Algorithm,” Proc. CHES2001, LNCS Vol. 2162, pp. 53–67, 2001.Google Scholar
- 4.B. Weeks et al., “Hardware Performance Simulation of Round 2 Advanced Encryption Standard Algorithm,” http://csrc.nist.gov/encryption/aes/round2/ NSA-AESfinalreport.pdf.
- 5.M. McLoone et al., “High performance single-chip FPGA Rijndael algorithm implementations,” Proc. CHES2001, LNCS Vol. 2162, pp. 68–80, 2001.Google Scholar
- 6.V. Fischer et al, “Two methods of Rijndael implementation in reconfigurable hardware,” Proc. CHES2001, LNCS Vol. 2162, pp. 81–96, 2001.Google Scholar
- 7.A.P. Chandrakasan and R.W. Brodersen (eds.), Low Power Digital CMOS Design, Kluwer Academic Publishers, 1995.Google Scholar
- 8.J. Guajardo and C. Paar, “Efficient Algorithms for Elliptic Curve Cryptosystems,” CRYPTO’97, LNCS Vol. 1294, pp. 342–356, 1997.Google Scholar
- 9.A. Rudra et al, “Efficient Rijndael encryption implementation with composite field arithmetic,” Proc. CHES2001, LNCS Vol. 2162, pp. 175–188, 2001.Google Scholar
- 10.A. Satoh, S. Morioka, K. Takano, and S. Munetoh, “A Compact Rijndael Hardware Architecture with S-Box Optimization,” Advances in Cryptology-ASIACRYPT 2001, LNCS Vol. 2248, pp. 239–254, 2001.Google Scholar
- 11.T. Sasao, “AND-EXOR expressions and their optimization”, in Sasao, editor: Logic Synthesis and Optimization, Kluwer Academic Publishers, pp. 287–312, 1993.Google Scholar
- 12.I.F. Blake, X. Gao, R.C. Mullin, S.A. Vanstone and T. Yaghoobian, Applications of Finite Fields, Kluwer Academic Publishers. 1993.Google Scholar
- 14.S. Morioka and Y. Katayama, “O(log2m) Iterative Algorithm for Multiplicative Inverse in GF(2m),” IEEE Intl. Symp. On Info. Theory (ISIT2000), pp. 449 ff., 2000.Google Scholar
- 16.S. Morioka, Y. Katayama, and T. Yamane, “Towards Efficient Verification of Arithmetic Algorithms over Galois Fields GF(2m),” 13th Conference on Computer Aided Verification (CAV’01), LNCS Vol. 2102, pp. 465–477, 2001.Google Scholar
- 17.S. Morioka and A. Satoh, “A 10 Gbps Full-AES Crypto Design with a Twisted-BDD SBox Architecture,” 2002 IEEE Intl. Conf. on Computer Design (ICCD2002), 2002.Google Scholar
- 18.S. Morioka and Y. Katayama, “Design Methodology for one-shot Reed-Solomon Encoder and Decoder,” 1999 IEEE Intl. Conf. on Computer Design (ICCD’99), pp. 60–67, 1999.Google Scholar