High-Performance Concurrent Error Detection Scheme for AES Hardware

  • Akashi Satoh
  • Takeshi Sugawara
  • Naofumi Homma
  • Takafumi Aoki
Conference paper

DOI: 10.1007/978-3-540-85053-3_7

Part of the Lecture Notes in Computer Science book series (LNCS, volume 5154)
Cite this paper as:
Satoh A., Sugawara T., Homma N., Aoki T. (2008) High-Performance Concurrent Error Detection Scheme for AES Hardware. In: Oswald E., Rohatgi P. (eds) Cryptographic Hardware and Embedded Systems – CHES 2008. CHES 2008. Lecture Notes in Computer Science, vol 5154. Springer, Berlin, Heidelberg

Abstract

This paper proposes an efficient concurrent error detection scheme for hardware implementation of the block cipher AES. The proposed scheme does not require an additional arithmetic unit, but simply divides the round function block into two sub-blocks and uses the sub-blocks alternately for encryption (or decryption) and error detection. The number of clock cycles is doubled, but the maximum operating frequency is increased owing to the shortened critical path of the sub-block. Therefore, the proposed scheme has a limited impact on hardware performance with respect to size and speed. AES hardware with the proposed scheme was designed and synthesized using a 90-nm CMOS standard cell library with size and speed optimization options. The compact and high-speed implementations achieved performances of 2.21 Gbps @ 16.1 Kgates and 3.21 Gbps @ 24.1 Kgates, respectively. In contrast, the performances of AES hardware without error detection were 1.66 Gbps @ 12.9 Kgates for the compact version and 4.22 Gbps @ 30.7 Kgates for the high-speed version. There is only a slight difference between the performances with and without error detection. The performance overhead caused by the error detection is evaluated at the optimal balance between size and speed and was estimated to be 14.5% at maximum. Conversely, the AES hardware with the proposed scheme had better performance in some cases. If pipeline operation is allowed, as in the CTR mode, throughputs can easily be boosted by further dividing the sub-blocks. Although the proposed error detection scheme was applied to AES in the present study, it can also be applied to other algorithms efficiently.

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Akashi Satoh
    • 1
  • Takeshi Sugawara
    • 2
  • Naofumi Homma
    • 2
  • Takafumi Aoki
    • 2
  1. 1.Research Center for Information SecurityNational Institute of Advanced Industrial Science and Technology (AIST), SotokandaTokyoJapan
  2. 2.Graduate School of Information SciencesTohoku UniversitySendaiJapan

Personalised recommendations