An ASIC implementation of the AES SBoxes

J Wolkerstorfer; ME Oswald; M Lamberger

An ASIC implementation of the AES SBoxes

J Wolkerstorfer, ME Oswald, M Lamberger

Research output: Contribution to journal › Article (Academic Journal) › peer-review

236 Citations (Scopus)

Abstract

This article presents a hardware implementation of the S-Boxes from the Advanced Encryption Standard (AES). The S-Boxes substitute an 8-bit input for an 8-bit output and are based on arithmetic operations in the finite field GF(2^8). We show that a calculation of this function and its inverse can be done efficiently with combinational logic. This approach has advantages over a straight-forward implementation using read-only memories for table lookups. Most of the functionality is used for both encryption and decryption. The resulting circuit offers low transistor count, has low die-size, is convenient for pipelining, and can be realized easily within a semi-custom design methodology like a standard-cell design. Our standard cell implementation on a 0.6 mu CMOS process requires an area of only 0.108 mm^2 and has delay below 15 ns which equals a maximum clock frequency of 70 MHz. These results were achieved without applying any speed optimization techniques like pipelining.

Translated title of the contribution	An ASIC implementation of the AES SBoxes
Original language	English
Pages (from-to)	29 - 52
Number of pages	34
Journal	Lecture Notes in Computer Science
Publication status	Published - Feb 2002

Bibliographical note

Editors: Bart Preneel
Publisher: Springer
Name and Venue of Conference: Topics in Cryptology - CT-RSA 2002: The Cryptographer's Track at the RSA Conference 2002, San Jose, CA, USA, February 18-22, 2002
Conference Organiser: RSA

Access to Document

http://www.springerlink.com/content/r6437m2yx03ky0xe

Handle.net

Persistent link

Cite this

@article{0c5eadcefbd0486cbdd749a8617d4722,

title = "An ASIC implementation of the AES SBoxes",

abstract = "This article presents a hardware implementation of the S-Boxes from the Advanced Encryption Standard (AES). The S-Boxes substitute an 8-bit input for an 8-bit output and are based on arithmetic operations in the finite field GF(2\textasciicircum{}8). We show that a calculation of this function and its inverse can be done efficiently with combinational logic. This approach has advantages over a straight-forward implementation using read-only memories for table lookups. Most of the functionality is used for both encryption and decryption. The resulting circuit offers low transistor count, has low die-size, is convenient for pipelining, and can be realized easily within a semi-custom design methodology like a standard-cell design. Our standard cell implementation on a 0.6 mu CMOS process requires an area of only 0.108 mm\textasciicircum{}2 and has delay below 15 ns which equals a maximum clock frequency of 70 MHz. These results were achieved without applying any speed optimization techniques like pipelining.",

author = "J Wolkerstorfer and ME Oswald and M Lamberger",

note = "Editors: Bart Preneel Publisher: Springer Name and Venue of Conference: Topics in Cryptology - CT-RSA 2002: The Cryptographer's Track at the RSA Conference 2002, San Jose, CA, USA, February 18-22, 2002 Conference Organiser: RSA",

year = "2002",

month = feb,

language = "English",

pages = "29 -- 52",

journal = "Lecture Notes in Computer Science ",

issn = "0302-9743",

publisher = "Springer Science and Business Media Deutschland GmbH",

}

TY - JOUR

T1 - An ASIC implementation of the AES SBoxes

AU - Wolkerstorfer, J

AU - Oswald, ME

AU - Lamberger, M

N1 - Editors: Bart Preneel Publisher: Springer Name and Venue of Conference: Topics in Cryptology - CT-RSA 2002: The Cryptographer's Track at the RSA Conference 2002, San Jose, CA, USA, February 18-22, 2002 Conference Organiser: RSA

PY - 2002/2

Y1 - 2002/2

N2 - This article presents a hardware implementation of the S-Boxes from the Advanced Encryption Standard (AES). The S-Boxes substitute an 8-bit input for an 8-bit output and are based on arithmetic operations in the finite field GF(2^8). We show that a calculation of this function and its inverse can be done efficiently with combinational logic. This approach has advantages over a straight-forward implementation using read-only memories for table lookups. Most of the functionality is used for both encryption and decryption. The resulting circuit offers low transistor count, has low die-size, is convenient for pipelining, and can be realized easily within a semi-custom design methodology like a standard-cell design. Our standard cell implementation on a 0.6 mu CMOS process requires an area of only 0.108 mm^2 and has delay below 15 ns which equals a maximum clock frequency of 70 MHz. These results were achieved without applying any speed optimization techniques like pipelining.

AB - This article presents a hardware implementation of the S-Boxes from the Advanced Encryption Standard (AES). The S-Boxes substitute an 8-bit input for an 8-bit output and are based on arithmetic operations in the finite field GF(2^8). We show that a calculation of this function and its inverse can be done efficiently with combinational logic. This approach has advantages over a straight-forward implementation using read-only memories for table lookups. Most of the functionality is used for both encryption and decryption. The resulting circuit offers low transistor count, has low die-size, is convenient for pipelining, and can be realized easily within a semi-custom design methodology like a standard-cell design. Our standard cell implementation on a 0.6 mu CMOS process requires an area of only 0.108 mm^2 and has delay below 15 ns which equals a maximum clock frequency of 70 MHz. These results were achieved without applying any speed optimization techniques like pipelining.

M3 - Article (Academic Journal)

SN - 0302-9743

SP - 29

EP - 52

JO - Lecture Notes in Computer Science

JF - Lecture Notes in Computer Science

ER -

An ASIC implementation of the AES SBoxes

Abstract

Bibliographical note

Access to Document

Handle.net

Fingerprint

Cite this