Final Report Hardware Implementation Issues for SBox of AES - PowerPoint PPT Presentation

1 / 21
About This Presentation
Title:

Final Report Hardware Implementation Issues for SBox of AES

Description:

The inversion requires the most computation in S-Box. Inversion in composite field can reduce the table size. Transformation overhead. Long latency ... – PowerPoint PPT presentation

Number of Views:85
Avg rating:3.0/5.0
Slides: 22
Provided by: Vid56
Category:

less

Transcript and Presenter's Notes

Title: Final Report Hardware Implementation Issues for SBox of AES


1
Final ReportHardware Implementation Issues for
S-Box of AES
Presenter Chao-Tsung Huang 2004/06/17
2
Outline
  • Basics of Hardware Design
  • Review AES
  • Direct Implementation of S-Box
  • Implementation in Composite Field
  • Published Comparisons
  • Implementation Results Comments

3
Software v.s. Hardware
  • Software
  • Fixed number of processing units (PU)
  • Program Schedule the PU
  • Overhead Control and Cache circuits
  • Advantages Flexibility
  • Hardware
  • You can control the number of PU
  • Design in 2-D Space-Time domain
  • Advantages High performance
  • Suitable for regular data flow
  • Disadvantages inflexibility

4
Itanium Chip Photo
Arithmetic Circuits
Control Circuits
Others Cache related!!!
Ref Intel ISSCC2003
5
If You know the data flow exactly
  • You can have more than 15 times computation power
    using the same area
  • Hardware design is
  • Parallel computing
  • Regular data flow

6
Hardware Evaluation
  • Important factors
  • Speed (working frequency, 1/Latency(T))
  • Area (one PU (A))
  • Utilization
  • Throughput
  • Freq (1/T) x (PU number) x Utilization
  • Total Area AT x Throughput/Utilization
  • General constraint
  • Minimize area for given throughput
  • Minimize AT, Maximize Utilization

7
Agenda
  • Basics of Hardware Design
  • Review AES
  • Direct Implementation of S-Box
  • Implementation in Composite Field
  • Published Comparisons
  • Implementation Results Comments

8
Encryption Process of AES
9
Direct Implementation of S-Box
  • Lookup table
  • Can use ROM, PLA, or Logic gates
  • 256-entry 8-bit table

10
S-Box in Composite Field
  • Original S-Box is in GF(28)
  • Over
  • Most complex computation Inversion
  • Basic concept
  • Isomorphism
  • Perform inversion in composite field
  • GF((24)2) CHES2001
  • GF(((22)2)2) 1

1 A. Satoh, et al., A Compact Rijndael Hardware
Architecture With S-Box Optimization,
ASIACRYPT 2001, LNCS 2248, pp. 239-254
11
Inverse in Composite Field
  • Computing inverse in GF((2m)n) can be done as
    operations over GF(2m) and computing inverse over
    GF(2m)
  • P GF(2mn)
  • P-1(Pr)-1Pr-1, where r (2mn-1)/(2m-1)
  • Pr GF(2m)
  • (Pr)-1 can be computed in GF(2m)
  • And Pr and Pr-1 can be computed in GF(2m)
  • For AES (n2, m4)
  • P-1(P17)-1P16

12
Composite-field-based Inverter in 1
13
Composite-field-based S-Box
14
Isomorphism Map
  • Isomorphism map function must exist
  • Some search skills
  • Map in 1
  • Simple AND, XOR operations
  • Can merge with the affine transform

15
Comparisons in 1 (1/2)
  • S-Box features (two-way NAND gate)
  • 58 reduction compared to Look-up table
  • 79 reduction if merge S-Box and S-Box-1

GF(((22)2)2)
GF((24)2)
16
Comparisons in 1 (2/2)
17
Comparisons in 2
Look-up Table
GF((24)2)
2 I. Verbauwhede, et al., Design and
Performance Testing of a 2.29-GB/s Rijdael
Processor, IEEE JSSC, vol. 38, no. 3, pp569-572,
Mar. 2003.
18
My Implementation Result
  • UMC 0.18um Cell Library
  • 1gate13.3um2

19
Specification Deduction
  • For AES with key size 128bits
  • 10 rounds of S-Box
  • Each round consists of 16 S-Box operations
  • 160 S-Box operations for each 128bits
  • Using the best AT condition
  • 1.5ns, 790gates
  • 666.7M S-Box operations/sec
  • can support 533.3Mbps
  • For 10Gbps application
  • 19 S-Box hardware modules are sufficient
  • About 15010gates gt 0.2mm2

20
Comments
  • The idea of composite-field is interesting, but
    it is useful unless
  • Low speed low cost application
  • Encryption and Decryption coexist, and they dont
    run simultaneously

21
Summary
  • The inversion requires the most computation in
    S-Box
  • Inversion in composite field can reduce the table
    size
  • Transformation overhead
  • Long latency
  • Which is better depends on the application and
    specification
Write a Comment
User Comments (0)
About PowerShow.com