### Abstract

This article presents a hardware implementation of the S-Boxes from the Advanced Encryption Standard (AES). The S-Boxes substitute an 8-bit input for an 8-bit output and are based on arithmetic operations in the finite field GF(2^8). We show that a calculation of this function and its inverse can be done efficiently with combinational logic. This approach has advantages over a straight-forward implementation using read-only memories for table lookups. Most of the functionality is used for both encryption and decryption. The resulting circuit offers low transistor count, has low die-size, is convenient for pipelining, and can be realized easily within a semi-custom design methodology like a standard-cell design. Our standard cell implementation on a 0.6 mu CMOS process requires an area of only 0.108 mm^2 and has delay below 15 ns which equals a maximum clock frequency of 70 MHz. These results were achieved without applying any speed optimization techniques like pipelining.

Translated title of the contribution | An ASIC implementation of the AES SBoxes |
---|---|

Original language | English |

Pages (from-to) | 29 - 52 |

Number of pages | 34 |

Journal | Lecture Notes in Computer Science |

Publication status | Published - Feb 2002 |

### Bibliographical note

Editors: Bart PreneelPublisher: Springer

Name and Venue of Conference: Topics in Cryptology - CT-RSA 2002: The Cryptographer's Track at the RSA Conference 2002, San Jose, CA, USA, February 18-22, 2002

Conference Organiser: RSA

## Fingerprint Dive into the research topics of 'An ASIC implementation of the AES SBoxes'. Together they form a unique fingerprint.

## Cite this

Wolkerstorfer, J., Oswald, ME., & Lamberger, M. (2002). An ASIC implementation of the AES SBoxes.

*Lecture Notes in Computer Science*, 29 - 52. http://www.springerlink.com/content/r6437m2yx03ky0xe