Extreme Pipelining Towards the Best Area-Performance Trade-Off in Hardware

  • Stjepan PicekEmail author
  • Dominik Sisejkovic
  • Domagoj Jakobovic
  • Lejla Batina
  • Bohan Yang
  • Danilo Sijacic
  • Nele Mentens
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9646)


This paper presents a novel framework for the automatic pipelining of AES S-boxes using composite field representations. The framework is capable of finding positions to insert flip-flops in an almost optimal way, resulting in S-boxes with an almost optimal critical path. Our novel method is using memetic algorithms and is shown to be fast, reliable and successful. We demonstrate our framework for composite field S-boxes using a polynomial and a normal basis, respectively. Our results prove that this method should be consulted when an optimal solution is of interest. Besides experimental results with the new memetic algorithms, we also discuss the ideal model of a circuit, which can be used when assessing the quality of the obtained solutions. We emphasize that this method can be used for any circuit of interest and not only for AES S-boxes.


Real-time cryptography Pipelining AES S-box Optimization Memetic algorithm 



This work has been supported in part by the Croatian Science Foundation under the project IP-2014-09-4882. In addition, this work was supported in part by the Research Council KU Leuven (C16/15/058) and IOF project EDA-DSE (HB/13/020). D. Sijacic is supported by the Marie Curie-Sklodowska research fellowship, within the ECRYPT-NET framework.


  1. 1.
    Batina, L., Jakobovic, D., Mentens, N., Picek, S., Piedra, A.D.L., Sisejkovic, D.: S-box pipelining using genetic algorithms for high-throughput AES implementations: how fast can we go?. In: Proceedings of the Progress in Cryptology - INDOCRYpPT 2014–15th International Conference on Cryptology in India, New Delhi, India, December 14–17, 2014, pp. 322–337 (2014)Google Scholar
  2. 2.
    Leiserson, C.E., Saxe, J.B.: Retiming synchronous circuitry. Algorithmica 6(1), 5–35 (1991)MathSciNetCrossRefzbMATHGoogle Scholar
  3. 3.
    Shenoy, N., Rudell, R.: Efficient implementation of retiming. In: Kuehlmann, A. (ed.) The Best of ICCAD, pp. 615–630. Springer, New York (2003)CrossRefGoogle Scholar
  4. 4.
    Lin, M.B.: Introduction to VLSI Systems: A Logic, Circuit, and System Perspective. CRC Press, Boca Raton (2011)Google Scholar
  5. 5.
    Tillich, S., Feldhofer, M., Großschädl, J.: Area, delay, and power characteristics of standard-cell implementations of the AES S-box. In: Vassiliadis, S., Wong, S., Hämäläinen, T.D. (eds.) SAMOS 2006. LNCS, vol. 4017, pp. 457–466. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  6. 6.
    Corp., F.T.: Faraday Cell Library 0.13 \(\mu \)m Standard Cell (2004)Google Scholar
  7. 7.
    Daemen, J., Rijmen, V.: The Design of Rijndael. Springer-Verlag New York Inc, Secaucus (2002)CrossRefzbMATHGoogle Scholar
  8. 8.
    Morioka, S., Satoh, A.: A 10 GBPS full-aes crypto design with a twisted-BDD S-box architecture. In: Proceedings of 2002 IEEE International Conference on Computer Design: VLSI in Computers and Processors, pp. 98–103(2002)Google Scholar
  9. 9.
    Satoh, A., Morioka, S., Takano, K., Munetoh, S.: A compact rijndael hardware architecture with S-box optimization. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 239–254. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  10. 10.
    Morioka, S., Satoh, A.: An optimized S-box circuit architecture for low power aes design. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 172–186. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    Rijmen, V.: Efficient Implementation of the Rijndael S-boxGoogle Scholar
  12. 12.
    Canright, D.: A very compact S-box for AES. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 441–455. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  13. 13.
    Mentens, N., Batina, L., Preneel, B., Verbauwhede, I.: A systematic evaluation of compact hardware implementations for the rijndael S-box. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 323–333. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  14. 14.
    Paar, C.: Efficient VLSI architectures for bit parallel computation in Galios [Galois] fields. VDI-Verlag (1994)Google Scholar
  15. 15.
    Maheshwari, N., Sapatnekar, S.: Efficient retiming of large circuits. IEEE Trans. Very Large Scale Integr. VLSI Syst. 6(1), 74–83 (1998)CrossRefGoogle Scholar
  16. 16.
    Münzer, A., Hemme, G.: Converting combinational circuits into pipelined data paths. In: 1991 IEEE International Conference on Computer-Aided Design, ICCAD 1991, Digest of Technical Papers, pp. 368–371, November 1991Google Scholar
  17. 17.
    Jiang, J.H., Brayton, R.: Retiming and resynthesis: a complexity perspective. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 25(12), 2674–2686 (2006)CrossRefGoogle Scholar
  18. 18.
    Wolkerstorfer, J., Oswald, E., Lamberger, M.: An ASIC implementation of the AES SBoxes. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 67–78. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  19. 19.
    Moradi, A., Poschmann, A., Ling, S., Paar, C., Wang, H.: Pushing the limits: a very compact and a threshold implementation of AES. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 69–88. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  20. 20.
    Bertoni, G., Breveglieri, L., Fragneto, P., Macchetti, M., Marchesin, S.: Efficient software implementation of AES on 32-bit platforms. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 159–171. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  21. 21.
    Hodjat, A., Verbauwhede, I.: Area-throughput trade-offs for fully pipelined 30 to 70 gbits/s AES processors. IEEE Trans. Comput. 55(4), 366–372 (2006)CrossRefGoogle Scholar
  22. 22.
    Hodjat, A., Verbauwhede, I.: A 21.54 Gbits/s fully pipelined AES processor on FPGA. In: 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, FCCM 2004, pp. 308–309, April 2004Google Scholar
  23. 23.
    Boyar, J., Peralta, R.: A small depth-16 circuit for the AES S-box. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IFIP AICT, vol. 376, pp. 287–298. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  24. 24.
    Boyar, J., Peralta, R.: A new combinational logic minimization technique with applications to cryptology. In: Festa, P. (ed.) SEA 2010. LNCS, vol. 6049, pp. 178–189. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  25. 25.
    Clark, J.A., Jacob, J.L., Stepney, S., Maitra, S., Millan, W.L.: Evolving boolean functions satisfying multiple criteria. In: Menezes, A., Sarkar, P. (eds.) INDOCRYPT 2002. LNCS, vol. 2551, pp. 246–259. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  26. 26.
    Burnett, L., Carter, G., Dawson, E., Millan, W.L.: Efficient methods for generating MARS-like S-boxes. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 300–314. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  27. 27.
    Picek, S., Papagiannopoulos, K., Ege, B., Batina, L., Jakobovic, D.: Confused by confusion: systematic evaluation of DPA resistance of various S-boxes. In: Proceedings of Progress in Cryptology - INDOCRYpPT 2014–15th International Conference on Cryptology in India, New Delhi, India, December 14–17, pp. 374–390 (2014)Google Scholar
  28. 28.
    Yagain, D., Vijayakrishna, A.: A novel framework for retiming using evolutionary computation for high level synthesis of digital filters. Swarm Evol. Comput. 20, 37–47 (2015)CrossRefGoogle Scholar
  29. 29.
    Weise, T.: Global Optimization Algorithms - Theory and Application, 2 edn. Self-Published (2009).
  30. 30.
    Talbi, E.G.: Metaheuristics: From Design to Implementation. Wiley Publishing, Hoboken (2009)CrossRefzbMATHGoogle Scholar
  31. 31.
    Eiben, A.E., Smith, J.E.: Introduction to Evolutionary Computing. Springer-Verlag, Heidelberg (2003)CrossRefzbMATHGoogle Scholar
  32. 32.
    Beyer, H.G., Schwefel, H.P.: Evolution Strategies a comprehensive introduction. Natural Comput. 1(1), 3–52 (2002)MathSciNetCrossRefzbMATHGoogle Scholar
  33. 33.
    Yao, X.: Optimization by genetic annealing. In: Proceedings of 2nd Australian Conference on Neural Networks, pp. 94–97 (1991)Google Scholar
  34. 34.
    Glover, F.W., Kochenberger, G.A. (eds.): Handbook of Metaheuristics. International Series in Operations Research & Management Science, vol. 114, 1st edn. Springer, Heideelberg (2003)zbMATHGoogle Scholar
  35. 35.
    Standaert, F.-X., Rouvroy, G., Quisquater, J.-J., Legat, J.-D.: Efficient implementation of rijndael encryption in reconfigurable hardware: improvements and design tradeoffs. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 334–350. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  36. 36.
    Kerckhof, S., Durvaux, F., Hocquet, C., Bol, D., Standaert, F.-X.: Towards green cryptography: a comparison of lightweight ciphers from the energy viewpoint. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 390–407. Springer, Heidelberg (2012)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Stjepan Picek
    • 1
    Email author
  • Dominik Sisejkovic
    • 2
  • Domagoj Jakobovic
    • 2
  • Lejla Batina
    • 3
  • Bohan Yang
    • 1
  • Danilo Sijacic
    • 1
  • Nele Mentens
    • 1
  1. 1.KU Leuven ESAT/COSIC and IMindsLeuven-HeverleeBelgium
  2. 2.Faculty of Electrical Engineering and ComputingUniversity of ZagrebZagrebCroatia
  3. 3.Digital Security Group, ICISRadboud University NijmegenNijmegenThe Netherlands

Personalised recommendations