AES Core Specification. Author: Homer Hsing

Similar documents
SHA3 Core Specification. Author: Homer Hsing

Tiny Tate Bilinear Pairing Core Specification. Author: Homer Hsing

AES1. Ultra-Compact Advanced Encryption Standard Core AES1. General Description. Base Core Features. Symbol. Applications

FPGA Implementation of High Speed AES Algorithm for Improving The System Computing Speed

Implementation of Full -Parallelism AES Encryption and Decryption

Efficient Hardware Design and Implementation of AES Cryptosystem

Bus Matrix Synthesis Based On Steiner Graphs for Power Efficient System on Chip Communications

A High-Performance VLSI Architecture for Advanced Encryption Standard (AES) Algorithm

Documentation. Design File Formats. Constraints Files. Verification. Slices 1 IOB 2 GCLK BRAM

ECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos

Design and Implementation of Multi-Rate Encryption Unit Based on Customized AES

Advanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50

AES as A Stream Cipher

Analyzing the Generation and Optimization of an FPGA Accelerator using High Level Synthesis

FPGA BASED CRYPTOGRAPHY FOR INTERNET SECURITY

FPGA Can be Implemented Using Advanced Encryption Standard Algorithm

OCB3 Block Specification

Fast implementation and fair comparison of the final candidates for Advanced Encryption Standard using Field Programmable Gate Arrays

HIGH DATA RATE 8-BIT CRYPTO PROCESSOR

Implementation and Comparative Analysis of AES as a Stream Cipher

Advanced Encryption Standard / Rijndael IP Core. Author: Rudolf Usselmann

RC6 Implementation including key scheduling using FPGA

Compact Dual Block AES core on FPGA for CCM Protocol

Hardware Implementation of Cryptosystem by AES Algorithm Using FPGA

Comparison of the Hardware Performance of the AES Candidates Using Reconfigurable Hardware

Modern Symmetric Block cipher

FPGA Based Design of AES with Masked S-Box for Enhanced Security

Block Ciphers. Lucifer, DES, RC5, AES. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk Block Ciphers 1

High Performance Single-Chip FPGA Rijndael Algorithm Implementations

Block Ciphers. Secure Software Systems

VLSI Implementation of Enhanced AES Cryptography

128 Bit ECB-AES Crypto Core Design using Rijndeal Algorithm for Secure Communication

Data Encryption Standard (DES)

Design and Implementation of Rijndael Encryption Algorithm Based on FPGA

FPGA Based Implementation of AES Encryption and Decryption with Verilog HDL

International Journal of Informative & Futuristic Research ISSN:

Low area implementation of AES ECB on FPGA

Implementation and Analysis of the PRIMATEs Family of Authenticated Ciphers

Encryption and Decryption by AES algorithm using FPGA

Stream Ciphers and Block Ciphers

FPGA IMPLEMENTATION OF HIGHLY AREA EFFICIENT ADVANCED ENCRYPTION STANDARD ALGORITHM

Stream Ciphers and Block Ciphers

A Compact FPGA Implementation of Triple-DES Encryption System with IP Core Generation and On-Chip Verification

Chapter 3 Block Ciphers and the Data Encryption Standard

Network Security Essentials Chapter 2

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

Lecture 2B. RTL Design Methodology. Transition from Pseudocode & Interface to a Corresponding Block Diagram

FPGA CAN BE IMPLEMENTED BY USING ADVANCED ENCRYPTION STANDARD ALGORITHM

Design of Least Complex S-Box and its Fault Detection for Robust AES Algorithm

2016 Maxwell Scientific Publication Corp. Submitted: August 21, 2015 Accepted: September 11, 2015 Published: January 05, 2016

6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1

High Level Synthesis of Cryptographic Hardware. Jeremy Trimble ECE 646

An Efficient FPGA Implementation of the Advanced Encryption Standard (AES) Algorithm Using S-Box

Secret Key Cryptography

Optimized FPGA Hardware Encryption Implementation using Public Key Cryptography

Efficient Hardware Realization of Advanced Encryption Standard Algorithm using Virtex-5 FPGA

Secret Key Cryptography

INTRODUCTION TO FPGA ARCHITECTURE

Optimized AES Algorithm Using FeedBack Architecture Chintan Raval 1, Maitrey Patel 2, Bhargav Tarpara 3 1, 2,

Design Implementation of Composite Field S-Box using AES 256 Algorithm

International Journal of Advanced Research in Computer Engineering & Technology (IJARCET) Volume 3 Issue 3, March 2014

Cryptography and Network Security. Sixth Edition by William Stallings

Area Optimization in Masked Advanced Encryption Standard

CONSIDERATIONS ON HARDWARE IMPLEMENTATIONS OF ENCRYPTION ALGORITHMS

Virtex-5 GTP Aurora v2.8

ECE 545 Lecture 8b. Hardware Architectures of Secret-Key Block Ciphers and Hash Functions. George Mason University

Efficient FPGA Implementations of PRINT CIPHER

Architectures and FPGA Implementations of the. 64-bit MISTY1 Block Cipher

algotronix Calton Road Edinburgh, Scotland United Kingdom, EH8 8JQ Phone: URL:

Understanding Cryptography by Christof Paar and Jan Pelzl. Chapter 4 The Advanced Encryption Standard (AES) ver. October 28, 2009

Cryptographic Algorithms - AES

Minimum Area Cost for a 30 to 70 Gbits/s AES Processor

3 Symmetric Cryptography

Shrivathsa Bhargav Larry Chen Abhinandan Majumdar Shiva Ramudit

FPGA Matrix Multiplier

Advanced Encryption Standard Implementation on Field Programmable Gate Arrays. Maryam Behrouzinekoo. B.Eng., University of Guilan, 2011

Hardware Description of Multi-Directional Fast Sobel Edge Detection Processor by VHDL for Implementing on FPGA

Content of this part

Ciphertext. data out. Plaintext. data out

CENG 520 Lecture Note III

VLSI ARCHITECTURE FOR NANO WIRE BASED ADVANCED ENCRYPTION STANDARD (AES) WITH THE EFFICIENT MULTIPLICATIVE INVERSE UNIT

Encryption Details COMP620

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

On Optimized FPGA Implementations of the SHA-3 Candidate Grøstl

A Novel FPGA Implementation of AES-128 using Reduced Residue of Prime Numbers based S-Box

Goals of Modern Cryptography

@ 2014 SEMAR GROUPS TECHNICAL SOCIETY.

PERFORMANCE COMPARISON OF ADVANCED ENCRYPTION STANDARD-128 ALGORITHMS FOR WIMAX APPLICATION WITH IMPROVED POWER-THROUGHPUT

Introduction to Cryptology. Lecture 17

AES ALGORITHM FOR ENCRYPTION

Verilog Sequential Logic. Verilog for Synthesis Rev C (module 3 and 4)

Symmetric Key Cryptography

Digital Logic Design using Verilog and FPGA devices Part 2. An Introductory Lecture Series By Chirag Sangani

Fundamentals of Cryptography

Design and Implementation of on-board satellite encryption with SEU error detection & correction code on FPGA

Exploring Area/Delay Tradeoffs in an AES FPGA Implementation

A Methodology to Implement Block Ciphers in Reconfigurable Hardware and its Application to Fast and Compact AES RIJNDAEL

Symmetric key cryptography

Task 8: Extending the DLX Pipeline to Decrease Execution Time

Cryptography and Network Security

Transcription:

AES Core Specification Author: Homer Hsing homer.hsing@gmail.com Rev. 0.1.1 October 30, 2012

This page has been intentionally left blank. www.opencores.org Rev 0.1.1 ii

Revision History Rev. Date Author Description 0.1 10/18/2012 Homer Hsing First Draft 0.1.1 10/30/2012 Homer Hsing In section performance, change 128 bytes to 128 bits, change throughput. www.opencores.org Rev 0.1.1 iii

Contents INTRODUCTION... 1 ABOUT AES... 1 ABOUT THIS PROJECT... 1 ARCHITECTURE... 3 ARCHITECTURE OF THE CORE... 3 STATE TRANSFORMATION PIPELINE... 3 KEY EXPANSION PIPELINE... 3 INTERFACE... 5 TIMING... 7 FPGA IMPLEMENTATION... 8 SYNTHESIS RESULTS (BY XILINX ISE VERSION 14.2)... 8 PERFORMANCE... 9 TESTBENCH... 10 REFERENCES... 11 www.opencores.org Rev 0.1.1 iv

1 Introduction About AES AES (Advanced Encryption Standard) is a specification published by the American National Institute of Standards and Technology in 2001, as FIPS 197. [1] AES describes a symmetric-key algorithm, in which the same key is used for both encrypting and decrypting the data. The block size is restricted to 128 bits. The key size can be 128, 192, or 256 bits. [1] AES operates on a 4 4 matrix of bytes, called the state. Some rounds of transformation converts the plaintext into the final cipher-text. The number of rounds is six plus the key size divided by 32. One round reads the state into four 4-byte variables ; transforms the variables; xor s them by a 16-byte round key; and puts the result into. [3] When targeting a variable-length plaintext, the plaintext must first be partitioned into separate cipher blocks, and then be encrypted under some mode of operation, generally using randomization based on an additional initialization vector. [4] The cipher feedback (CFB) mode, output feedback (OFB) mode are specified in FIPS 81. The counter (CTR) mode is specified by NIST in SP800-38A. [4] The advantage of these modes is only using encryption algorithm for both encryption and decryption. So the AES hardware price may be reduced by 50% (not need decryption hardware). About this project This project has implemented AES encryption algorithm. This project provides three cores, doing AES-128, AES-192 and AES-256 encryption separately. The cores can be used in cipher feedback (CFB) mode, output feedback (OFB) mode, and counter (CTR) mode. The maximum frequency is 324.6 MHz. The throughput is 37.5 G bytes/second if with a 300 MHz clock. www.opencores.org Rev 0.1.1 1 of 11

This project is licensed under the Apache License, version 2. The features are as follows. Pipeline architecture Only one clock domain in entire core No latch Vendor-independent code www.opencores.org Rev 0.1.1 2 of 11

2 Architecture Architecture of the core AES-128, AES-192, AES-256 cores have the similar architecture. Each of them consists of two pipelines. The first pipeline transforms the 16 bytes state. The second one computes the 16 bytes key used in each round. State transformation pipeline The first pipeline uses two clock cycle for each round of transformation. In the first clock cycle, the pipeline does three steps, including a substitution step where each byte is replaced with another according to a lookup table, a transposition step where each row of the state is shifted cyclically by a certain number of bytes, and a mixing step which operates on the columns of the state, combining the four bytes in each column. As described in the original AES proposal, the three steps above are merged into 16 table lookups, see [2]. In the second clock cycle, the pipeline does the step of byte of the state is xor ed with the round key. Key expansion pipeline where each The second pipeline also uses two clock cycle for computing every 16 bytes round key. Different computation methods are used for different AES key size. For brevity, only AES-128 is described here. Denote the 16 byte round key in the last round as four 4-byte variables. Denote the 16 byte round key in the current round as. They obey following relation. ( ( )) www.opencores.org Rev 0.1.1 3 of 11

AES-128 core does not adopt the relation above, but use its equivalent relation. ( ( )) In the first clock cycle, are computed. In the second clock cycle, are computed. The advantage is the distribution of combination logic in the two clock cycles is more uniform. www.opencores.org Rev 0.1.1 4 of 11

3 Interface The AES cores implement the signals shown in the table below. Input signals are synchronous and sampled at the rising edge of the clock. Output signals are driven by flip-flops, and not directly connected to input signals by combinational logic. For signals wider than 1 bit, the range is most significant bit down to least significant bit. For example, the first byte of the plaintext is the first byte is. It is the same for and.. The most significant bit of Signal name Width In/Out Description 1 In Clock Table 1: Interface signals of AES-128 core 128 In Plaintext 128 In Key 128 Out Cipher-text. It is valid after 21 clock cycles when and signals are valid. Signal name Width In/Out Description 1 In Clock Table 2: Interface signals of AES-192 core 128 In Plaintext 192 In Key 128 Out Cipher-text. It is valid after 25 clock cycles when and signals are valid. www.opencores.org Rev 0.1.1 5 of 11

Signal name Width In/Out Description 1 In Clock Table 3: Interface signals of AES-256 core 128 In Plaintext 256 In Key 128 Out Cipher-text. It is valid after 29 clock cycles when and signals are valid. www.opencores.org Rev 0.1.1 6 of 11

4 Timing The number of clock cycles for calculating the cipher-text is as follows. Table 4: The value of for different AES key size Key-size The value of 128 bit 21 192 bit 25 256 bit 29 The signals and are valid at the -th clock cycle, if and only if the value of the signal at the ( )-th clock cycle is the encryption of plaintext under the, for all integer. The value of and at the -th clock cycle can be different from the value of and at the ( )-th clock cycle, for all integer. An example Table 5: The value of and and Clock cycle Undefined value Undefined value Undefined value Any value Any value Cipher-text of under the key Any value Any value Cipher-text of under the key Any value Any value Cipher-text of under the key www.opencores.org Rev 0.1.1 7 of 11

5 FPGA Implementation Synthesis results (by Xilinx ISE version 14.2) AES-128 core Device Table 6: synthesis result of AES-128 core Xilinx Virtex 6 XC6VLX240T-1FF1156 Number of Slice Registers 3,968 Number of Slice LUTs 3,536 Number of bonded IOBs 385 Number of Block RAM/FIFO 86 Number of BUFG/BUFGCTRLs 1 Maximum Frequency 324.6MHz AES-192 core Device Table 7: synthesis result of AES-192 core Xilinx Virtex 6 XC6VLX240T-1FF1156 Number of Slice Registers 5,280 Number of Slice LUTs 4,264 Number of bonded IOBs 449 Number of Block RAM/FIFO 100 Number of BUFG/BUFGCTRLs 1 Maximum Frequency 324.6MHz www.opencores.org Rev 0.1.1 8 of 11

AES-256 core Device Table 8: synthesis result of AES-256 core Xilinx Virtex 6 XC6VLX240T-1FF1156 Number of Slice Registers 6,848 Number of Slice LUTs 6,503 Number of bonded IOBs 513 Number of Block RAM/FIFO 121 Number of BUFG/BUFGCTRLs 1 Maximum Frequency Performance The core can encrypt 128 bit per clock cycle. 324.6MHz The throughput is G bit /second ( G bytes/sec) if it is working with a 300 MHz clock. www.opencores.org Rev 0.1.1 9 of 11

6 Testbench The file testbench/simulation.do is a batch file for ModelSim to compile the HDL files, setup the wave file, and begin function simulation. In order to make it work properly, the working directory of ModelSim must be the directory of testbench. The files testbench/test_aes_128.v, testbench/test_aes_192.v, and testbench/test_aes_256.v are the main test benches for the AES core. The test benches are self-checked. They feed input data to the core and compare the correct result with the output of the core. If the output is wrong, the test benches will display an error message. File name test_aes_128.v test_aes_192.v test_aes_256.v Table 9: the object being tested by each test bench the object being tested the core doing AES-128 encryption the core doing AES-192 encryption the core doing AES-256 encryption www.opencores.org Rev 0.1.1 10 of 11

7 References [1] Advanced Encryption Standard, http://en.wikipedia.org/wiki/advanced_encryption_standard [2] J. Daemen and V. Rijmen. AES proposal: Rijndael. Original AES Submission to NIST, 1999. [3] D. J. Bernstein and P. Schwabe. New AES software speed records. In INDOCRYPT 2008, volume 5365 of LNCS, pages 322-336, 2008. [4] Block cipher modes of operation, http://en.wikipedia.org/wiki/block_cipher_modes_of_operation www.opencores.org Rev 0.1.1 11 of 11

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback