An ASIC implementation of the AES SBoxes

J Wolkerstorfer, ME Oswald, M Lamberger

Research output: Contribution to journalArticle (Academic Journal)peer-review

227 Citations (Scopus)


This article presents a hardware implementation of the S-Boxes from the Advanced Encryption Standard (AES). The S-Boxes substitute an 8-bit input for an 8-bit output and are based on arithmetic operations in the finite field GF(2^8). We show that a calculation of this function and its inverse can be done efficiently with combinational logic. This approach has advantages over a straight-forward implementation using read-only memories for table lookups. Most of the functionality is used for both encryption and decryption. The resulting circuit offers low transistor count, has low die-size, is convenient for pipelining, and can be realized easily within a semi-custom design methodology like a standard-cell design. Our standard cell implementation on a 0.6 mu CMOS process requires an area of only 0.108 mm^2 and has delay below 15 ns which equals a maximum clock frequency of 70 MHz. These results were achieved without applying any speed optimization techniques like pipelining.
Translated title of the contributionAn ASIC implementation of the AES SBoxes
Original languageEnglish
Pages (from-to)29 - 52
Number of pages34
JournalLecture Notes in Computer Science
Publication statusPublished - Feb 2002

Bibliographical note

Editors: Bart Preneel
Publisher: Springer
Name and Venue of Conference: Topics in Cryptology - CT-RSA 2002: The Cryptographer's Track at the RSA Conference 2002, San Jose, CA, USA, February 18-22, 2002
Conference Organiser: RSA


Dive into the research topics of 'An ASIC implementation of the AES SBoxes'. Together they form a unique fingerprint.

Cite this