TY - GEN
T1 - A high throughput/gate AES hardware architecture by compressing encryption and decryption datapaths
T2 - 18th International Conference on Cryptographic Hardware and Embedded Systems, CHES 2016
AU - Ueno, Rei
AU - Morioka, Sumio
AU - Homma, Naofumi
AU - Aoki, Takafumi
N1 - Funding Information:
This work has been supported by JSPS KAKENHI Grant No. 25240006.
Publisher Copyright:
© International Association for Cryptologic Research 2016.
PY - 2016
Y1 - 2016
N2 - This paper proposes a highly efficient AES hardware architecture that supports both encryption and decryption for the CBC mode. Some conventional AES architectures employ pipelining techniques to enhance the throughput and efficiency. However, such pipelined architectures are frequently unfit because many practical cryptographic applications work in the CBC mode, where block-wise parallelism is not available for encryption. In this paper, we present an efficient AES encryption/ decryption hardware design suitable for such block-chaining modes. In particular, new operation-reordering and register-retiming techniques allow us to unify the inversion circuits for encryption and decryption (i.e., SubBytes and InvSubBytes) without any delay overhead. A new unification technique for linear mappings further reduces both the area and critical delay in total. Our design employs a common loop architecture and can therefore efficiently perform even in the CBC mode. We also present a shared key scheduling datapath that can work on-the-fly in the proposed architecture. To the best of our knowledge, the proposed architecture has the shortest critical path delay and is the most efficient in terms of throughput per area among conventional AES encryption/ decryption architectures with tower-field S-boxes. We evaluate the performance of the proposed and some conventional datapaths by logic synthesis results with the TSMC 65-nm standard-cell library and Nan-Gate 45-and 15-nm open-cell libraries. As a result, we confirm that our proposed architecture achieves approximately 53–72% higher efficiency (i.e., a higher bps/GE) than any other conventional counterpart.
AB - This paper proposes a highly efficient AES hardware architecture that supports both encryption and decryption for the CBC mode. Some conventional AES architectures employ pipelining techniques to enhance the throughput and efficiency. However, such pipelined architectures are frequently unfit because many practical cryptographic applications work in the CBC mode, where block-wise parallelism is not available for encryption. In this paper, we present an efficient AES encryption/ decryption hardware design suitable for such block-chaining modes. In particular, new operation-reordering and register-retiming techniques allow us to unify the inversion circuits for encryption and decryption (i.e., SubBytes and InvSubBytes) without any delay overhead. A new unification technique for linear mappings further reduces both the area and critical delay in total. Our design employs a common loop architecture and can therefore efficiently perform even in the CBC mode. We also present a shared key scheduling datapath that can work on-the-fly in the proposed architecture. To the best of our knowledge, the proposed architecture has the shortest critical path delay and is the most efficient in terms of throughput per area among conventional AES encryption/ decryption architectures with tower-field S-boxes. We evaluate the performance of the proposed and some conventional datapaths by logic synthesis results with the TSMC 65-nm standard-cell library and Nan-Gate 45-and 15-nm open-cell libraries. As a result, we confirm that our proposed architecture achieves approximately 53–72% higher efficiency (i.e., a higher bps/GE) than any other conventional counterpart.
KW - AES
KW - CBC mode
KW - Hardware architectures
KW - Unified encryption/ decryption architecture
UR - http://www.scopus.com/inward/record.url?scp=84981341556&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84981341556&partnerID=8YFLogxK
U2 - 10.1007/978-3-662-53140-2_26
DO - 10.1007/978-3-662-53140-2_26
M3 - Conference contribution
AN - SCOPUS:84981341556
SN - 9783662531396
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 538
EP - 558
BT - Cryptographic Hardware and Embedded Systems - 18th International Conference, CHES 2016, Proceedings
A2 - Gierlichs, Benedikt
A2 - Poschmann, Axel Y.
PB - Springer Verlag
Y2 - 17 August 2016 through 19 August 2016
ER -