SlideShare a Scribd company logo

A HIGH THROUGHPUT AES DESIGN

Download as PPTX, PDF
Giritharan Ravichandran, profile picture
Giritharan Ravichandran

This document proposes and evaluates several designs for implementing the AES encryption algorithm in hardware. It presents new composite field constructions for the AES S-box that improve on prior work in terms of implementation area and speed. It also introduces a novel fault-tolerant AES model that incorporates Hamming error correction codes to detect and correct single event upsets, making it suitable for use in space-based applications. The designs are implemented on an FPGA and evaluation shows improvements in area requirements, timing, and power consumption compared to previous implementations.

Engineering
1 of 26
Downloaded 15 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
A HIGH THROUGHPUT AND ERROR TOLERANT AES DESIGN Prepared by R.GIRITHARAN E.G.S.PILLAY ENGINEERING COLLEGE.
INTRODUCTION:  The Advanced Encryption Standard (AES) has been lately accepted as the symmetric cryptography standard for confidential data transmission.  The AES cipher is specified as a number of repetitions of transformation rounds that convert the input plain-text into the final output of cipher-text.  All rounds consists of several processing steps including one that depends on the encryption key. A set of reverse rounds applied to transform cipher-text back into the original plain-text using the same encryption key.
PROPOSED…  The proposed schemes are independent of the way the S-box and the inverse S-box are constructed.  Therefore, they can be used for both S-boxes and the inverse S-boxes using lookup tables and those utilizing logic gates based on composite fields.  Furthermore, for each composite field constructions, there exists eight possible isomorphic mapping.  Therefore, after the exploitation of a new common sub expression elimination algorithm, the isomorphic mapping that result in the minimal implementation area cost is chosen.
CONTINUING…  A high throughput hardware implementations of our proposed CFA AES S-boxes are reported.  In order to avoid data corruption due to SEU’s a novel fault tolerant model of AES is presented which is based on the Hamming error correction code.  This reduces the data corruption and increase the performance.  Thus the data corruption due to Single Event Upset can be avoided and the performance was increased.
AES:  The AES standard specifies the Rijndael algorithm , a symmetric block cipher that can process data blocks of 128 bits using cipher keys with lengths of 128, 192 and 256 bit.  Rijndael are designed to handle additional block sizes and key length, however they are not adopted in this standard.  Throughout the remainder of this standard, the algorithm specified will be referred to as “the AES algorithm”.  The algorithms may be used with three different key lengths indicated above and therefore these different “flavors” may be referred to as “AES-128”, “AES-192”, and“AES-256”.
CONTINUING…  The input and output for the AES algorithm each consist of sequences of 128 bits. These sequences will sometimes be referred to as blocks and the number of bits they contain will be referred to as their length. The Cipher Key for the ES algorithm is a sequence of 128, 192 or 256 bits. Other input, output and Cipher Key lengths are not permitted by this standard.  The bits within such sequences will be numbered starting at zero and ending at one less than the sequence length. The number i attached to a bit is known as its index and will be in one of the ranges 0 < i < 128, 0 < i < 192 or 0 < i < 256 depending on the block length and key length (specified above)
DERIVATION OF MULTI P L ICATIVE INVERSE IN S -BOX ALGORITHM US ING CFA  In AES, the encryption of the data is performed on blocks of byte,through the representation in GF(28) with the specified field polynomial q(x)=x8+x4+x3+x+1. Every round in AES consists of four identical transformations, i.e., SubBytes, ShiftRows, MixColumns, and AddRoundKey. In a nutshell, the S-box function, which is claimed to be most resource consuming operation, involves finding a multiplicative inverse over GF(28) and followed by an affine transformation.
C ON T IN U IN G…  The following summarizes the step in performing multiplicative inversion using CFA: 1) map all elements of field A to composite field B using isomorphism function; b= f(a)= δ×a; 2) compute the multiplicative inverse over B; x= b-1(except if b=0,then x=0) 3) remap the computation result to A, using the inverse isomorphism function; a = f ’(x) = δ-1×x.
CONTINUING…  Mapping Galois Field from GF(28) to GF(((22)2)2)requires three stages of isomorphism and field polynomials which are stated (in a general form) as follows:  r(y) = y2 + Гy + v ( isomorphism for GF( 28 ) / GF( 24 ) ) (1)  s(z) = z2+ Т z + N ( isomorphism for GF( 24 ) / GF( 22 ) ) (2)  t(w) = w2 + w + 1 ( isomorphism for GF( 22 ) / GF( 2 ) ) (3)  In this work, we present CFA for multiplicative inverse (in S-box algorithm) over the composite field GF(((22)2)2) with respect to both polynomial basis and normal basis.
CONTINUING…  As w2 + w + 1 =0 is the only irreducible polynomial of degree 2 over GF(2) there is no other candidate coefficient for (3). For (1) and (2), we need to determine all the possible coefficients of v,Г,N and T in both normal and polynomial bases.  In order to promote simplicity in CFA, we can either have the trace or the norm of r(y) and s(z) equal to unity but not both.  To our best knowledge, previous studies attempted optimization only with traces of field polynomials equal to unity.  For instance, the work of Zhang and Parhi [8] used a polynomial basis representation, while the work of Canright [7] used a normal basis representation.
CONTINUING…  Therefore, we extend these studies by choosing the norms ( and ) of the field polynomials to be unity for both polynomial and normal bases. Following this approach, there are two possible T values for s(z) to be irreducible over GF(22). Meanwhile, for r(y) to be irreducible over GF((22)2) there will be eight choices for Г with respect to each of the T value.  These two new constructions (hereafter, referred to as Case I and Case II) are then compared with the ones in [7] and [8].
CONTINUING…  Eventually, based on the thorough reviews of these architectures, we derived yet another new normal basis composite field AES S-box that uses a combination of norm and trace unities in different field polynomials. In total, we propose three new constructions listed as follows.  CaseI Using polynomial basis representation with field polynomials’ norms equal to unity (both and _ in (1) and (2) equal to unity).  CaseII Using normal basis representation with field polynomials’norms equal to unity (both and _ in (1) and (2) equal to unity).  CaseIII Using normal basis representation ( in (1) and _ in (2) equal to unity).
TA B L E I PA I R S OF _ AND _ THA T R E SULT IN MINIMA L COMP L E X I T Y IN _ _ A R E DE T E RMINED
HARDWARE IMPLEMENTATION OF CFA AES S -BOXES  In this section, we discuss on the actual hardware implementation of the proposed CFA AES S-box constructions. First, we manually coded the circuit using a hardware description language for all of the three proposed CFA AES S-boxes. Next, we employ ANF representation along with a strategic fine-grained pipeline registers insertion, in an attempt to validate the feasibility of the proposed compact CFA AES S-boxes in achieving high throughput hardware implementations.
REQUIREMENTS:  The proposed system is implemented on Altera FPGA Platform.  We implemented all the proposed systems( Case 1, Case 2, Case 3) had been implemented in CYLONE II EP2C5T144C6 and were synthesized using Quartus II.  Clocked at 100MHz.  Here two groups of hardware implementations are performed: - Original CFA AES S-boxes -Seven Stages pipelined ANF-CFA AES S-boxes.
A HIGH THROUGHPUT AES DESIGN
FAULT-TOLERANT MODEL OF THE AES ALGORITHAM  This section presents a novel fault-tolerant model for the AES algorithm, which is immune to radiation-induced SEUs occurring during encryption and can be used in hardware implementations on board small OE satellites . The model is based on a self-repairing EDAC scheme, which is built in the AES algorithmic flow and utilizes the Hamming error correcting code .
CALCULATION OF HAMMING CODE:  The parity check bits of each byte of the S-Box LUTs are pre-calculated. These Hamming code bits can be formally expressed as below: h(SRD[a]) →hRD[a] h((SRD[a] f{2g}) →h2RD[a] h((SRD[a] f{03g}) → h3RD[a] (1) where “a” is the state byte and “h” represents the calculation of the Hamming code.
CONTINUING…  The Hamming code of the state byte a is a four-bit parity code, represented by bits (p3,p2,p1,p0), which are derived as follows: p3 → is parity bit group of b7,b6,b4,b3,b1 p2 →is parity bit group of b7,b5,b4,b2,b1 p1 →is parity bit group of b6,b5,b4,b0 p0 →is parity bit group of b3,b2,b1,b0 (2)
DETECTION AND CORRECTION OF FAULT US ING HAMMING CODE BITS : The Hamming code matrix of the Sub Bytes transformation is predicted by referring to the hRD table. The Hamming code matrix prediction for Shift Rows involves a simple cyclic rotation of the Sub Bytes Hamming code bits[14]. The Hamming code state matrix for Mix Columns is predicted with the help of the hRD, h2RD and h3RD parity bits and it is expressed by the equations below: h0,j = h2RD[a0,j ] h3RD[a1,j ] hRD[a2,j ] hRD[a3,j ] h1,j = hRD[a0,j ] h2RD[a1,j ] h3RD[a2,j ] hRD[a3,j ] h2,j = hRD[a0,j ] hRD[a1,j ] h2RD[a2,j ] h3RD[a3,j ] h3,j = h3RD[a0,j ] hRD[a1,j ] hRD[a2,j ] h2RD[a3,j ] 0 < j <4 ( 3)
A HIGH THROUGHPUT AES DESIGN
T A B L E I I A R E A R E Q U I R E M E N T , T I M I N G A N A L Y S I S , A N D P O W E R C O N S U M P T I O N O F F P G A I M P L E M E N T A T I O N O N C Y C L O N E I I E P 2 C 5 T 1 4 4 C 6 D E V I C E F O R O U R O R I G I N A L C F A A E S S - B OX E S A N D O U R S E V E N S T A G E S P I P E L I N E D A N F - C F A A E S S - B OX E S
CONCLUSION  The major contribution of our work was the derivation of a new composite field AES S-box that achieves an optimally balanced construction in terms of area of implementation and critical path, compared to the previous design.  The proposed fault detection and correction AES model targets the satellite application domain, however it can also be used in other applications aimed at hostile environments such as nuclear reactors, interplanetary exploration, unmanned aerial vehicles, etc.
CONCLUSION  Terrestrial applications which require a high level of reliability, such as bank servers, telecommunication servers, etc. can benefit from the use of AES fault-tolerant techniques. Through the exploitation of both algebraic normal form and pipelining, our best case achieves a high throughput.
REFERENCES [1] M. M. Wong, M. L. D. Wong, A. K. Nandi, and I. Hijazin.” Construction of Optimum Composite Field Architecture for Compact High-Throughput AES S-Boxes”ieee transactions on very large scale integration systems, vol. 20, no. 6, june 2012 [2] V. Rijmen, “Efficient implementation of the Rijndael S-box,” 2000 [3] A. Rudra, P. K. Dubey, and P. Rohatgi,“Efficient rijndael encryption implementation with compositefield arithmetic,”171–184. [4] J.Wolkerstorfer “An ASIC implementation of the AES S-boxes,” 2002. [5] A. Satoh, K.Takano, and S. Munetoh, “A compact Rijndael hardware architecture with S-box optimization,”,, pp. 239–245.
REFERENCES [6] N. Mentens, L. Batinan, B. Preneeland, and I. Verbauwhede, “A systematic evaluation of compact hardware implementations for the Rijndael S-box,” in Proc. Topics Cryptology (CT-RSA), 2005, vol. 3376/2005, pp. 323–333. [7] D. Canright, “A very compact Rijndael S-box,” . [8] X. Zhang and K. K. Parhi, “On the optimum constructions of composite field for the AES algorithm. [9] X. Zhang and K. K. Parhi, “High-speed VLSI architectures for the AES algorithm,”.

More Related Content

PPT
Ch9c
kinnarshah8888
 
PDF
Bk044382388
IJERA Editor
 
PPT
Ch9a
kinnarshah8888
 
PPT
Ch9b
kinnarshah8888
 
PDF
Compiler unit 5
BBDITM LUCKNOW
 
PPTX
Dag representation of basic blocks
Jothi Lakshmi
 
PPT
Ch8a
kinnarshah8888
 
PDF
Instruction formats-in-8086
MNM Jain Engineering College
 
Ch9c
kinnarshah8888
 
Bk044382388
IJERA Editor
 
Ch9a
kinnarshah8888
 
Ch9b
kinnarshah8888
 
Compiler unit 5
BBDITM LUCKNOW
 
Dag representation of basic blocks
Jothi Lakshmi
 
Ch8a
kinnarshah8888
 
Instruction formats-in-8086
MNM Jain Engineering College
 

What's hot (20)

PDF
assembly language programming and organization of IBM PC" by YTHA YU
Education
 
PDF
A109210503 digitallogicdesign1
jntuworld
 
PPT
0015.register allocation-graph-coloring
sean chen
 
PPTX
Register allocation and assignment
Karthi Keyan
 
PPT
8086 instruction set
mengistu ketema
 
PDF
Fault Detection Technique for Compact AES Design
IOSR Journals
 
PPTX
8086 instruction set
Sazzad Hossain
 
DOCX
Cs6660 compiler design november december 2016 Answer key
appasami
 
PDF
Dataflow Analysis
Eelco Visser
 
DOCX
Cs6660 compiler design may june 2017 answer key
appasami
 
PDF
8086 instructions
Ravi Anand
 
PPT
Intermediate code generation
RamchandraRegmi
 
PPT
Chapter Eight(1)
bolovv
 
PPT
Chapter 6 intermediate code generation
Vipul Naik
 
PPT
Interm codegen
Anshul Sharma
 
PDF
8086 instruction set
Alamin Hossain Miraje
 
PDF
Lab lect03 arith_control
MPDS
 
PPTX
Three address code In Compiler Design
Shine Raj
 
PDF
Cs2303 theory of computation all anna University question papers
appasami
 
PPTX
Instruction sets of 8086
Mahalakshmiv11
 
assembly language programming and organization of IBM PC" by YTHA YU
Education
 
A109210503 digitallogicdesign1
jntuworld
 
0015.register allocation-graph-coloring
sean chen
 
Register allocation and assignment
Karthi Keyan
 
8086 instruction set
mengistu ketema
 
Fault Detection Technique for Compact AES Design
IOSR Journals
 
8086 instruction set
Sazzad Hossain
 
Cs6660 compiler design november december 2016 Answer key
appasami
 
Dataflow Analysis
Eelco Visser
 
Cs6660 compiler design may june 2017 answer key
appasami
 
8086 instructions
Ravi Anand
 
Intermediate code generation
RamchandraRegmi
 
Chapter Eight(1)
bolovv
 
Chapter 6 intermediate code generation
Vipul Naik
 
Interm codegen
Anshul Sharma
 
8086 instruction set
Alamin Hossain Miraje
 
Lab lect03 arith_control
MPDS
 
Three address code In Compiler Design
Shine Raj
 
Cs2303 theory of computation all anna University question papers
appasami
 
Instruction sets of 8086
Mahalakshmiv11
 
Ad

Similar to A HIGH THROUGHPUT AES DESIGN (20)

PDF
A High Throughput CFA AES S-Box with Error Correction Capability
IOSR Journals
 
PDF
Ijmsr 2016-05
ijmsr
 
PDF
FPGA Implementation of A New Chien Search Block for Reed-Solomon Codes RS (25...
IJERA Editor
 
PDF
CFA based SBOX and Modified Mixcolumn Implementation of 8 Bit Datapath for AES
idescitation
 
PPTX
Fault Detection AES
Sumathi Reddy
 
PDF
A design of a fast parallel pipelined implementation of aes advanced encrypti...
ijcsit
 
PDF
A03530107
inventionjournals
 
PDF
Iisrt swathi priya(26 30)
IISRT
 
PDF
F044062933
IJERA Editor
 
PDF
It3416071612
IJERA Editor
 
PDF
Comparison of Turbo Codes and Low Density Parity Check Codes
IOSR Journals
 
PDF
Aes
Sijo Mathew
 
PDF
A Cryptographic Hardware Revolution in Communication Systems using Verilog HDL
idescitation
 
PDF
11
idescitation
 
PDF
Aes encryption engine for many core processor arrays for enhanced security
IAEME Publication
 
PDF
FPGA Implementation of SubByte & Inverse SubByte for AES Algorithm
ijsrd.com
 
PDF
High Speed VLSI Architecture for AES-Galois/Counter Mode
IJERA Editor
 
PDF
FPGA Implementation of Mix and Inverse Mix Column for AES Algorithm
ijsrd.com
 
PDF
Using Cipher Key to Generate Dynamic S-Box in AES Cipher System
CSCJournals
 
PDF
Design and Implementation of Area Efficiency AES Algoritham with FPGA and ASIC
paperpublications3
 
A High Throughput CFA AES S-Box with Error Correction Capability
IOSR Journals
 
Ijmsr 2016-05
ijmsr
 
FPGA Implementation of A New Chien Search Block for Reed-Solomon Codes RS (25...
IJERA Editor
 
CFA based SBOX and Modified Mixcolumn Implementation of 8 Bit Datapath for AES
idescitation
 
Fault Detection AES
Sumathi Reddy
 
A design of a fast parallel pipelined implementation of aes advanced encrypti...
ijcsit
 
A03530107
inventionjournals
 
Iisrt swathi priya(26 30)
IISRT
 
F044062933
IJERA Editor
 
It3416071612
IJERA Editor
 
Comparison of Turbo Codes and Low Density Parity Check Codes
IOSR Journals
 
Aes
Sijo Mathew
 
A Cryptographic Hardware Revolution in Communication Systems using Verilog HDL
idescitation
 
11
idescitation
 
Aes encryption engine for many core processor arrays for enhanced security
IAEME Publication
 
FPGA Implementation of SubByte & Inverse SubByte for AES Algorithm
ijsrd.com
 
High Speed VLSI Architecture for AES-Galois/Counter Mode
IJERA Editor
 
FPGA Implementation of Mix and Inverse Mix Column for AES Algorithm
ijsrd.com
 
Using Cipher Key to Generate Dynamic S-Box in AES Cipher System
CSCJournals
 
Design and Implementation of Area Efficiency AES Algoritham with FPGA and ASIC
paperpublications3
 
Ad

Recently uploaded (20)

PPT
Project quality management in manufacturing
BarMusaTetik
 
PDF
null (2) bgfbg bfgb bfgb fbfg bfbgf b.pdf
Ramez Hosny
 
PPTX
Fundamentals of Mechanical Engineering.pptx
MdMowdudAhmed
 
PPTX
Artificial Intelligence
dikshendrasarpate2
 
PPT
Introduction, IoT Design Methodology, Case Study on IoT System for Weather Mo...
MariaRufina4
 
PDF
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 
PDF
Human-AI Collaboration: Balancing Agentic AI and Autonomy in Hybrid Systems
ijccsa
 
PPTX
CARTOGRAPHY AND GEOINFORMATION VISUALIZATION chapter1 NPTE (2).pptx
abhi1361yadav
 
PPTX
CYBER-CRIMES AND SECURITY A guide to understanding
Davies Chacko
 
PDF
Unit I ESSENTIAL OF DIGITAL MARKETING.pdf
Nitin Shelake
 
PDF
The CXO Playbook 2025 – Future-Ready Strategies for C-Suite Leaders Cerebrai...
Cerebraix Technologies
 
PPTX
Foundation to blockchain - A guide to Blockchain Tech
Davies Chacko
 
PDF
Automation-in-Manufacturing-Chapter-Introduction.pdf
pcmth867
 
PPTX
UNIT-1 - COAL BASED THERMAL POWER PLANTS
Chandra Kumar S
 
PPTX
Current and future trends in Computer Vision.pptx
Subramanyam Natarajan
 
PDF
BMEC211 - INTRODUCTION TO MECHATRONICS-1.pdf
ryankakungu
 
DOCX
ASol_English-Language-Literature-Set-1-27-02-2023-converted.docx
AYUSHMANAV
 
PDF
Level 2 – IBM Data and AI Fundamentals (1)_v1.1.PDF
KSRIHARISASANKA
 
PDF
Well-logging-methods_new................
ZafriFarid
 
PDF
R24 SURVEYING LAB MANUAL for civil enggi
MNANDITHACIVILSTAFF
 
Project quality management in manufacturing
BarMusaTetik
 
null (2) bgfbg bfgb bfgb fbfg bfbgf b.pdf
Ramez Hosny
 
Fundamentals of Mechanical Engineering.pptx
MdMowdudAhmed
 
Artificial Intelligence
dikshendrasarpate2
 
Introduction, IoT Design Methodology, Case Study on IoT System for Weather Mo...
MariaRufina4
 
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 
Human-AI Collaboration: Balancing Agentic AI and Autonomy in Hybrid Systems
ijccsa
 
CARTOGRAPHY AND GEOINFORMATION VISUALIZATION chapter1 NPTE (2).pptx
abhi1361yadav
 
CYBER-CRIMES AND SECURITY A guide to understanding
Davies Chacko
 
Unit I ESSENTIAL OF DIGITAL MARKETING.pdf
Nitin Shelake
 
The CXO Playbook 2025 – Future-Ready Strategies for C-Suite Leaders Cerebrai...
Cerebraix Technologies
 
Foundation to blockchain - A guide to Blockchain Tech
Davies Chacko
 
Automation-in-Manufacturing-Chapter-Introduction.pdf
pcmth867
 
UNIT-1 - COAL BASED THERMAL POWER PLANTS
Chandra Kumar S
 
Current and future trends in Computer Vision.pptx
Subramanyam Natarajan
 
BMEC211 - INTRODUCTION TO MECHATRONICS-1.pdf
ryankakungu
 
ASol_English-Language-Literature-Set-1-27-02-2023-converted.docx
AYUSHMANAV
 
Level 2 – IBM Data and AI Fundamentals (1)_v1.1.PDF
KSRIHARISASANKA
 
Well-logging-methods_new................
ZafriFarid
 
R24 SURVEYING LAB MANUAL for civil enggi
MNANDITHACIVILSTAFF
 

A HIGH THROUGHPUT AES DESIGN

  • 1. A HIGH THROUGHPUT AND ERROR TOLERANT AES DESIGN Prepared by R.GIRITHARAN E.G.S.PILLAY ENGINEERING COLLEGE.
  • 2. INTRODUCTION:  The Advanced Encryption Standard (AES) has been lately accepted as the symmetric cryptography standard for confidential data transmission.  The AES cipher is specified as a number of repetitions of transformation rounds that convert the input plain-text into the final output of cipher-text.  All rounds consists of several processing steps including one that depends on the encryption key. A set of reverse rounds applied to transform cipher-text back into the original plain-text using the same encryption key.
  • 3. PROPOSED…  The proposed schemes are independent of the way the S-box and the inverse S-box are constructed.  Therefore, they can be used for both S-boxes and the inverse S-boxes using lookup tables and those utilizing logic gates based on composite fields.  Furthermore, for each composite field constructions, there exists eight possible isomorphic mapping.  Therefore, after the exploitation of a new common sub expression elimination algorithm, the isomorphic mapping that result in the minimal implementation area cost is chosen.
  • 4. CONTINUING…  A high throughput hardware implementations of our proposed CFA AES S-boxes are reported.  In order to avoid data corruption due to SEU’s a novel fault tolerant model of AES is presented which is based on the Hamming error correction code.  This reduces the data corruption and increase the performance.  Thus the data corruption due to Single Event Upset can be avoided and the performance was increased.
  • 5. AES:  The AES standard specifies the Rijndael algorithm , a symmetric block cipher that can process data blocks of 128 bits using cipher keys with lengths of 128, 192 and 256 bit.  Rijndael are designed to handle additional block sizes and key length, however they are not adopted in this standard.  Throughout the remainder of this standard, the algorithm specified will be referred to as “the AES algorithm”.  The algorithms may be used with three different key lengths indicated above and therefore these different “flavors” may be referred to as “AES-128”, “AES-192”, and“AES-256”.
  • 6. CONTINUING…  The input and output for the AES algorithm each consist of sequences of 128 bits. These sequences will sometimes be referred to as blocks and the number of bits they contain will be referred to as their length. The Cipher Key for the ES algorithm is a sequence of 128, 192 or 256 bits. Other input, output and Cipher Key lengths are not permitted by this standard.  The bits within such sequences will be numbered starting at zero and ending at one less than the sequence length. The number i attached to a bit is known as its index and will be in one of the ranges 0 < i < 128, 0 < i < 192 or 0 < i < 256 depending on the block length and key length (specified above)
  • 7. DERIVATION OF MULTI P L ICATIVE INVERSE IN S -BOX ALGORITHM US ING CFA  In AES, the encryption of the data is performed on blocks of byte,through the representation in GF(28) with the specified field polynomial q(x)=x8+x4+x3+x+1. Every round in AES consists of four identical transformations, i.e., SubBytes, ShiftRows, MixColumns, and AddRoundKey. In a nutshell, the S-box function, which is claimed to be most resource consuming operation, involves finding a multiplicative inverse over GF(28) and followed by an affine transformation.
  • 8. C ON T IN U IN G…  The following summarizes the step in performing multiplicative inversion using CFA: 1) map all elements of field A to composite field B using isomorphism function; b= f(a)= δ×a; 2) compute the multiplicative inverse over B; x= b-1(except if b=0,then x=0) 3) remap the computation result to A, using the inverse isomorphism function; a = f ’(x) = δ-1×x.
  • 9. CONTINUING…  Mapping Galois Field from GF(28) to GF(((22)2)2)requires three stages of isomorphism and field polynomials which are stated (in a general form) as follows:  r(y) = y2 + Гy + v ( isomorphism for GF( 28 ) / GF( 24 ) ) (1)  s(z) = z2+ Т z + N ( isomorphism for GF( 24 ) / GF( 22 ) ) (2)  t(w) = w2 + w + 1 ( isomorphism for GF( 22 ) / GF( 2 ) ) (3)  In this work, we present CFA for multiplicative inverse (in S-box algorithm) over the composite field GF(((22)2)2) with respect to both polynomial basis and normal basis.
  • 10. CONTINUING…  As w2 + w + 1 =0 is the only irreducible polynomial of degree 2 over GF(2) there is no other candidate coefficient for (3). For (1) and (2), we need to determine all the possible coefficients of v,Г,N and T in both normal and polynomial bases.  In order to promote simplicity in CFA, we can either have the trace or the norm of r(y) and s(z) equal to unity but not both.  To our best knowledge, previous studies attempted optimization only with traces of field polynomials equal to unity.  For instance, the work of Zhang and Parhi [8] used a polynomial basis representation, while the work of Canright [7] used a normal basis representation.
  • 11. CONTINUING…  Therefore, we extend these studies by choosing the norms ( and ) of the field polynomials to be unity for both polynomial and normal bases. Following this approach, there are two possible T values for s(z) to be irreducible over GF(22). Meanwhile, for r(y) to be irreducible over GF((22)2) there will be eight choices for Г with respect to each of the T value.  These two new constructions (hereafter, referred to as Case I and Case II) are then compared with the ones in [7] and [8].
  • 12. CONTINUING…  Eventually, based on the thorough reviews of these architectures, we derived yet another new normal basis composite field AES S-box that uses a combination of norm and trace unities in different field polynomials. In total, we propose three new constructions listed as follows.  CaseI Using polynomial basis representation with field polynomials’ norms equal to unity (both and _ in (1) and (2) equal to unity).  CaseII Using normal basis representation with field polynomials’norms equal to unity (both and _ in (1) and (2) equal to unity).  CaseIII Using normal basis representation ( in (1) and _ in (2) equal to unity).
  • 13. TA B L E I PA I R S OF _ AND _ THA T R E SULT IN MINIMA L COMP L E X I T Y IN _ _ A R E DE T E RMINED
  • 14. HARDWARE IMPLEMENTATION OF CFA AES S -BOXES  In this section, we discuss on the actual hardware implementation of the proposed CFA AES S-box constructions. First, we manually coded the circuit using a hardware description language for all of the three proposed CFA AES S-boxes. Next, we employ ANF representation along with a strategic fine-grained pipeline registers insertion, in an attempt to validate the feasibility of the proposed compact CFA AES S-boxes in achieving high throughput hardware implementations.
  • 15. REQUIREMENTS:  The proposed system is implemented on Altera FPGA Platform.  We implemented all the proposed systems( Case 1, Case 2, Case 3) had been implemented in CYLONE II EP2C5T144C6 and were synthesized using Quartus II.  Clocked at 100MHz.  Here two groups of hardware implementations are performed: - Original CFA AES S-boxes -Seven Stages pipelined ANF-CFA AES S-boxes.
  • 17. FAULT-TOLERANT MODEL OF THE AES ALGORITHAM  This section presents a novel fault-tolerant model for the AES algorithm, which is immune to radiation-induced SEUs occurring during encryption and can be used in hardware implementations on board small OE satellites . The model is based on a self-repairing EDAC scheme, which is built in the AES algorithmic flow and utilizes the Hamming error correcting code .
  • 18. CALCULATION OF HAMMING CODE:  The parity check bits of each byte of the S-Box LUTs are pre-calculated. These Hamming code bits can be formally expressed as below: h(SRD[a]) →hRD[a] h((SRD[a] f{2g}) →h2RD[a] h((SRD[a] f{03g}) → h3RD[a] (1) where “a” is the state byte and “h” represents the calculation of the Hamming code.
  • 19. CONTINUING…  The Hamming code of the state byte a is a four-bit parity code, represented by bits (p3,p2,p1,p0), which are derived as follows: p3 → is parity bit group of b7,b6,b4,b3,b1 p2 →is parity bit group of b7,b5,b4,b2,b1 p1 →is parity bit group of b6,b5,b4,b0 p0 →is parity bit group of b3,b2,b1,b0 (2)
  • 20. DETECTION AND CORRECTION OF FAULT US ING HAMMING CODE BITS : The Hamming code matrix of the Sub Bytes transformation is predicted by referring to the hRD table. The Hamming code matrix prediction for Shift Rows involves a simple cyclic rotation of the Sub Bytes Hamming code bits[14]. The Hamming code state matrix for Mix Columns is predicted with the help of the hRD, h2RD and h3RD parity bits and it is expressed by the equations below: h0,j = h2RD[a0,j ] h3RD[a1,j ] hRD[a2,j ] hRD[a3,j ] h1,j = hRD[a0,j ] h2RD[a1,j ] h3RD[a2,j ] hRD[a3,j ] h2,j = hRD[a0,j ] hRD[a1,j ] h2RD[a2,j ] h3RD[a3,j ] h3,j = h3RD[a0,j ] hRD[a1,j ] hRD[a2,j ] h2RD[a3,j ] 0 < j <4 ( 3)
  • 22. T A B L E I I A R E A R E Q U I R E M E N T , T I M I N G A N A L Y S I S , A N D P O W E R C O N S U M P T I O N O F F P G A I M P L E M E N T A T I O N O N C Y C L O N E I I E P 2 C 5 T 1 4 4 C 6 D E V I C E F O R O U R O R I G I N A L C F A A E S S - B OX E S A N D O U R S E V E N S T A G E S P I P E L I N E D A N F - C F A A E S S - B OX E S
  • 23. CONCLUSION  The major contribution of our work was the derivation of a new composite field AES S-box that achieves an optimally balanced construction in terms of area of implementation and critical path, compared to the previous design.  The proposed fault detection and correction AES model targets the satellite application domain, however it can also be used in other applications aimed at hostile environments such as nuclear reactors, interplanetary exploration, unmanned aerial vehicles, etc.
  • 24. CONCLUSION  Terrestrial applications which require a high level of reliability, such as bank servers, telecommunication servers, etc. can benefit from the use of AES fault-tolerant techniques. Through the exploitation of both algebraic normal form and pipelining, our best case achieves a high throughput.
  • 25. REFERENCES [1] M. M. Wong, M. L. D. Wong, A. K. Nandi, and I. Hijazin.” Construction of Optimum Composite Field Architecture for Compact High-Throughput AES S-Boxes”ieee transactions on very large scale integration systems, vol. 20, no. 6, june 2012 [2] V. Rijmen, “Efficient implementation of the Rijndael S-box,” 2000 [3] A. Rudra, P. K. Dubey, and P. Rohatgi,“Efficient rijndael encryption implementation with compositefield arithmetic,”171–184. [4] J.Wolkerstorfer “An ASIC implementation of the AES S-boxes,” 2002. [5] A. Satoh, K.Takano, and S. Munetoh, “A compact Rijndael hardware architecture with S-box optimization,”,, pp. 239–245.
  • 26. REFERENCES [6] N. Mentens, L. Batinan, B. Preneeland, and I. Verbauwhede, “A systematic evaluation of compact hardware implementations for the Rijndael S-box,” in Proc. Topics Cryptology (CT-RSA), 2005, vol. 3376/2005, pp. 323–333. [7] D. Canright, “A very compact Rijndael S-box,” . [8] X. Zhang and K. K. Parhi, “On the optimum constructions of composite field for the AES algorithm. [9] X. Zhang and K. K. Parhi, “High-speed VLSI architectures for the AES algorithm,”.