An Optimized S-Box Circuit Architecture for Low Power AES Design

  • Sumio Morioka
  • Akashi Satoh
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2523)


Reducing the power consumption of AES circuits is a critical problem when the circuits are used in low power embedded systems. We found the S-Boxes consume much of the total AES circuit power and the power for an S-Box is mostly determined by the number of dynamic hazards. In this paper, we propose a low-power S-Box circuit architecture: a multi-stage PPRM architecture over composite fields. In this S-Box, (i) the signal arrival times of gates are as close as possible if the depths of the gates from the primary inputs are the same, and (ii) the hazard-transparent XOR gates are located after the other gates that may block the hazards. A low power consumption of 29 μW at 10 MHz using 0.13 μm 1.5V CMOS technology was achieved, while the consumptions of the BDD, SOP, and composite field S-Boxes are 275, 95, and 136 μW, respectively.


Power Consumption Advance Encryption Standard Composite Field Galois Field Circuit Size 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    J. Daemen and V. Rijmen, “AES Proposal: Rijndael,” encryption/aes/rijndael/Rijndael.pdf.
  2. 2.
    National Institute of Standards and Technology (NIST), “Advanced Encryption Standard (AES)”, FIPS Publication 197, aes/index.html, Nov. 2001.
  3. 3.
    H. Kuo et al., “Architectural Optimization for a 1.82 Gbits/sec VLSI Implementation of the AES Rijndael Algorithm,” Proc. CHES2001, LNCS Vol. 2162, pp. 53–67, 2001.Google Scholar
  4. 4.
    B. Weeks et al., “Hardware Performance Simulation of Round 2 Advanced Encryption Standard Algorithm,” NSA-AESfinalreport.pdf.
  5. 5.
    M. McLoone et al., “High performance single-chip FPGA Rijndael algorithm implementations,” Proc. CHES2001, LNCS Vol. 2162, pp. 68–80, 2001.Google Scholar
  6. 6.
    V. Fischer et al, “Two methods of Rijndael implementation in reconfigurable hardware,” Proc. CHES2001, LNCS Vol. 2162, pp. 81–96, 2001.Google Scholar
  7. 7.
    A.P. Chandrakasan and R.W. Brodersen (eds.), Low Power Digital CMOS Design, Kluwer Academic Publishers, 1995.Google Scholar
  8. 8.
    J. Guajardo and C. Paar, “Efficient Algorithms for Elliptic Curve Cryptosystems,” CRYPTO’97, LNCS Vol. 1294, pp. 342–356, 1997.Google Scholar
  9. 9.
    A. Rudra et al, “Efficient Rijndael encryption implementation with composite field arithmetic,” Proc. CHES2001, LNCS Vol. 2162, pp. 175–188, 2001.Google Scholar
  10. 10.
    A. Satoh, S. Morioka, K. Takano, and S. Munetoh, “A Compact Rijndael Hardware Architecture with S-Box Optimization,” Advances in Cryptology-ASIACRYPT 2001, LNCS Vol. 2248, pp. 239–254, 2001.Google Scholar
  11. 11.
    T. Sasao, “AND-EXOR expressions and their optimization”, in Sasao, editor: Logic Synthesis and Optimization, Kluwer Academic Publishers, pp. 287–312, 1993.Google Scholar
  12. 12.
    I.F. Blake, X. Gao, R.C. Mullin, S.A. Vanstone and T. Yaghoobian, Applications of Finite Fields, Kluwer Academic Publishers. 1993.Google Scholar
  13. 13.
    T. Itoh and S. Tsujii, “A Fast Algorithm for Computing Multiplicative Inverses in GF(2m) using Normal Bases,” Information and Computation, Vol.78, No. 3, pp. 171–177, 1988.zbMATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    S. Morioka and Y. Katayama, “O(log2m) Iterative Algorithm for Multiplicative Inverse in GF(2m),” IEEE Intl. Symp. On Info. Theory (ISIT2000), pp. 449 ff., 2000.Google Scholar
  15. 15.
    R.E. Bryant, “Graph-Based Algorithms for Boolean Function Manipulation,” IEEE Trans. on Computers, Vol. C-35, No. 8, pp. 677–691, 1986.CrossRefGoogle Scholar
  16. 16.
    S. Morioka, Y. Katayama, and T. Yamane, “Towards Efficient Verification of Arithmetic Algorithms over Galois Fields GF(2m),” 13th Conference on Computer Aided Verification (CAV’01), LNCS Vol. 2102, pp. 465–477, 2001.Google Scholar
  17. 17.
    S. Morioka and A. Satoh, “A 10 Gbps Full-AES Crypto Design with a Twisted-BDD SBox Architecture,” 2002 IEEE Intl. Conf. on Computer Design (ICCD2002), 2002.Google Scholar
  18. 18.
    S. Morioka and Y. Katayama, “Design Methodology for one-shot Reed-Solomon Encoder and Decoder,” 1999 IEEE Intl. Conf. on Computer Design (ICCD’99), pp. 60–67, 1999.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Sumio Morioka
    • 1
  • Akashi Satoh
    • 1
  1. 1.IBM ResearchTokyo Research Laboratory, IBM Japan Ltd.Yamato-shi, Kanagawa-kenJapan

Personalised recommendations