TY - GEN
T1 - Pushing the Limits Further
T2 - 25th IFIP/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2017
AU - Wamser, Markus Stefan
AU - Sigl, Georg
N1 - Publisher Copyright:
© IFIP International Federation for Information Processing 2019.
PY - 2019
Y1 - 2019
N2 - The recent trend to connect a plethora of sensors, embedded and ubiquitous systems with low computing power, in short the rise of the Internet of Things, has created a great demand for compact, lightweight and cheap to produce implementations of cryptographic primitives. One approach to meet this demand is the development and standardisation of new tailored primitives, most prominently PRESENT. Yet, the wide proliferation of the Advanced Encryption Standard and the trust it earned through its long history of withstanding cryptanalysis spurred anew the search for small, lightweight implementations of AES. Among the smallest published architectures is the AtomicAES design by Banik et al., who reported a design size of just over 2000 GE. Here we present a new 8-bit serial architecture that has been designed from careful observation of the minimum required connections between storage elements to support all dataflows required for execution of the algorithm. While we reach similar conclusions to previous publications, the new architecture enables us to push the area requirement for a fully featured AES primitive further down by more than 8% from the area requirement of AtomicAES while offering more functionality. Along the way we also answer in the affirmative the open question whether the AES reverse keyschedule can be implemented with negligible hardware overhead based on the forward keyschedule. Our design sets a new record for an 8-bit serial architecture with full functionality for encryption and decryption including the keyschedule, as well as for a sole encryption architecture. Furthermore our design is flexible enough to allow scaling the S-Box architecture from single-cycle to multi-stage pipelined approaches as are required for high operation frequencies or for protection against side-channel attacks. We demonstrate this by instantiating the design with a serial version of the S-Box to reduce the area requirement even further.
AB - The recent trend to connect a plethora of sensors, embedded and ubiquitous systems with low computing power, in short the rise of the Internet of Things, has created a great demand for compact, lightweight and cheap to produce implementations of cryptographic primitives. One approach to meet this demand is the development and standardisation of new tailored primitives, most prominently PRESENT. Yet, the wide proliferation of the Advanced Encryption Standard and the trust it earned through its long history of withstanding cryptanalysis spurred anew the search for small, lightweight implementations of AES. Among the smallest published architectures is the AtomicAES design by Banik et al., who reported a design size of just over 2000 GE. Here we present a new 8-bit serial architecture that has been designed from careful observation of the minimum required connections between storage elements to support all dataflows required for execution of the algorithm. While we reach similar conclusions to previous publications, the new architecture enables us to push the area requirement for a fully featured AES primitive further down by more than 8% from the area requirement of AtomicAES while offering more functionality. Along the way we also answer in the affirmative the open question whether the AES reverse keyschedule can be implemented with negligible hardware overhead based on the forward keyschedule. Our design sets a new record for an 8-bit serial architecture with full functionality for encryption and decryption including the keyschedule, as well as for a sole encryption architecture. Furthermore our design is flexible enough to allow scaling the S-Box architecture from single-cycle to multi-stage pipelined approaches as are required for high operation frequencies or for protection against side-channel attacks. We demonstrate this by instantiating the design with a serial version of the S-Box to reduce the area requirement even further.
KW - 8-bit-serial
KW - AES
KW - ASIC
KW - Block cypher
KW - Lightweight
KW - S-Box
UR - http://www.scopus.com/inward/record.url?scp=85068981776&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-15663-3_11
DO - 10.1007/978-3-030-15663-3_11
M3 - Conference contribution
AN - SCOPUS:85068981776
SN - 9783030156626
T3 - IFIP Advances in Information and Communication Technology
SP - 220
EP - 239
BT - VLSI-SoC
A2 - Maniatakos, Michail
A2 - Elfadel, Ibrahim Abe M.
A2 - Sonza Reorda, Matteo
A2 - Ugurdag, H. Fatih
A2 - Monteiro, José
A2 - Reis, Ricardo
PB - Springer New York LLC
Y2 - 23 October 2017 through 25 October 2017
ER -