Reliable advanced encryption standard hardware implementation: 32- bit and 64-bit data-paths

Cryptographic primitives are extensively used in today's applications to provide the desired security. Malicious or accidental faults that occur in the hardware implementations of cryptographic primitives, specifically in this paper the Advanced Encryption Standard (AES), can result in an erroneous output of encryption/decryption process and reduce the reliability of the cryptographic hardware. The use of a suitable fault-tolerant scheme for AES, to recover it from failures or attacks and bring it back to an operational state, is crucial for reliability, and consequently for security purposes. In this paper, two novel online fault-tolerant schemes are proposed for AES. In the proposed fault-tolerant architecture, the round path is modified and divided it into two pipeline stages. The proposed fault-tolerant schemes are based on a combination of hardware and time redundancies, where a new hardware redundancy is proposed for the AES round function and a time redundancy for the hardware of the AES key expansion unit. The presented fault-tolerant schemes are valid for all versions of AES and are independent of its S-box implementation manner. Both ASIC and FPGA implementations of the original and the proposed fault-tolerant AES along with Full TMR (Triple Modular Redundancy) and Full TTR (Triple Time Redundancy) structures are reported as traditional fault-tolerant schemes. It is shown that the first proposed fault-tolerant architecture, named TMRrp&TTRke32, outperforms these approaches and the previous report in the literature in terms of area overhead and therefore power consumption. Also, the other approach, named TMRrp&TTRke64, is better than the other approaches in achieving a trade-off between area overhead and throughput overhead.     

集中式无线局域网分离介质访问控制的CCMP设计

针对临时密钥完整性协议(TKIP)潜在的安全缺陷,提出了一种新的可有效提高无线网络安全性的现场可编程门阵列(FPGA)的计数器模式和密码分组链接消息认证模式协议(CCMP)的设计方案。研究了CCMP的机密性原理,分析表明CCMP比TKIP提供了更为安全的保障。在已有的集中式无线局域网(WLAN)分离介质访问控制(MAC)架构下,给出了CCMP模块的实现方法和电路结构。分析比较了现有的4种高级加密标准(AES)实现方案的运行性能,测试结果表明该实现方案能提供更高的加密性能,提高了无线网络的机密性。     

Efficient hardware architecture for the AES-CCM protocol of the IEEE 802.11i standard

Applications of wireless communications networks are emerging continuously. To offer a good level of security in these applications, new standards for wireless communications propose solutions based on cryptographic algorithms working on special modes of operation. This work presents a custom hardware architecture for the AES-CCM protocol (AES-CCMP) which is the basis for the security architecture of the IEEE 802.11i standard. AES-CCMP is based on the AES-CCM algorithm that performs the Advanced Encryption Standard (AES) in CTR with CBC-MAC mode (CCM mode), plus specialized data formatting modules, providing different security services through iterative and complex operations. Results of implementing the proposed architecture targeting FPGA devices are presented and discussed. A comparison against similar works shows significant improvements in terms of both throughput and efficiency.     

基于小型FPGA的快速AES算法研究

AES算法在实时数据加密中的应用对其处理速度及在FPGA中实现的功耗和成本提出较高要求。针对上述情况,介绍一种基于小型FPGA的快速AES算法的改进方法,通过微处理器完成AES算法中的密钥扩展运算,同时采用共享技术实现加密和解密模块共享同一密钥。实验结果表明,该方法可有效提高处理速度,节省FPGA资源,降低芯片功耗。     

Analyzing and comparing the AES architectures for their power consumption

It has been a decade since the block cipher Rijndael—with some minor changes—takes the name AES (Advanced Encryption Standard) and becomes the new block cipher standard of US government. Over the passed years, through deeper analysis and conducted measurements, AES has gained significant confidence for its security. Meanwhile, the sophistication in its realizations has also evolved considerably; system designers are now able to choose a suitable AES architecture tailored for their area and performance needs. Couple of years ago, the wider technological trend has shifted towards the power aware system design, hence, low power AES architectures gain importance over area and performance oriented designs. In this study, we examine and employ the low power design techniques in reducing the power consumption. These efforts allow us to come up with a slightly different architecture for s-box module. As a result, the power consumptions of AES over the Field Programmable Gate Arrays (FPGAs) are reduced. All described work and respective measurements are carried on Xilinx FPGA families and possible comparisons are made with the existing literature.     

Resource efficient implementation of T-Boxes in AES on Virtex-5 FPGA

This work presents a resource efficient implementation of T-Box module of Advanced Encryption Standard (AES) on Xilinx's Virtex-5 Field Programmable Gate Array (FPGA). The proposed architecture utilizes the 100% capacity of FPGA's dedicated Block RAM (BRAM) as compared to conventional techniques, where the consumption of BRAM memory is from 25% to 50%. The results show that the module fits into 4 BRAMs, thus reducing on device resources by 50%.     

High Performance GCM Architecture for the Security of High Speed Network

Advanced Encryption Standard (AES) is an effective cryptography algorithm for providing the better data communication since it guaranties high security. The Galois/Counter Mode (AES-GCM) has been integrated in various security constrained applications because it provides both authentication and confidentiality. AES algorithm helps to provide data confidentiality while authentication is provided by a universal GHASH function. Since most of existing GCM architectures concentrated on power and area reduction but an compact and efficient hardware architecture should also be considered. In this paper, high-performance architecture for GCM is proposed and its implementation is described. In order to achieve higher operating frequency and throughput, pipelined S-boxes are used in AES algorithm. For a GCM realization of AES, a high-speed, high-throughput, parallel architecture is proposed. Experimental results proves that the performance of the proposed work is around 17% higher than the existing architecture with 3 Gb/s throughput using TSMC 45-nm CMOS technology.     

TRESC: Towards redesigning existing symmetric ciphers

Recently, the security of existing symmetric cryptographic algorithms and protocols has been threatened by new performance challenges and vulnerabilities. In this paper, we propose a dynamic key-dependent approach, ”TRESC”, to make existing symmetric ciphers more efficient and robust. This can be done by using dynamic substitution and permutation primitives to reduce the number of rounds while providing better resistance against cryptanalysis and implementation attacks. In this paper, the Key Setup Algorithm (KSA) of Rivest Cipher 4 (RC4) and its modified variants are applied for the construction of these dynamic key-dependent substitution and permutation primitives. The selection of the RC4-KSA is due to its lightweight implementation since it requires simple permutation operation with minimal overhead. The proposed dynamic cryptographic solution can be integrated in any existing symmetric cipher such as Advanced Encryption Standard (AES), SIMON and SPECK. The security and performance analysis show the robustness and effectiveness of the proposed solution, which strikes a good balance between the required security level and system performance.     

基于FPGA的16位数据路径的AES IP核

提出一种基于FPGA的16位数据路径的高级加密标准AES IP核设计方案。该方案采用有限状态机实现,支持密钥扩展、加密和解密。密钥扩展采用非并行密钥扩展,减少了硬件资源的占用。该方案在Cyclone II FPGA芯片EP2C35F484上实现,占用20 070个逻辑单元（少于60%的资源）,系统最高时钟达到100 MHz。与传统的128位数据路径设计相比,更方便与处理器进行接口。     

Using RC4 and AES Key Schedule to Generate Dynamic S-Box in AES

ABSTRACT

Advanced Encryption Standard (AES) block cipher system is widely used in cryptographic applications. Substitution boxes (S-boxes) are a keystone of modern symmetric cryptosystems which bring nonlinearity to the cryptosystems and strengthen their cryptographic security. The S-box component used in classic AES is fixed and not changeable. If the S-box is generated dynamically, the cryptographic strength of AES cipher system would be increased. In this article, we use RC4 and AES Key Expansion algorithms to generate dynamic S-box for AES. The purpose of the proposed approach is to generate more secure S-boxes. The generated S-box will have better results in security analysis. To examine the security, various tests are applied to the new S-box and the results pass all of them.     

An 8-bit systolic AES architecture for moderate data rate applications

The complexity involved in mapping an algorithm to hardware is a function of the controller logic and data path. Minimizing data path size can lead to significant savings in hardware area and power dissipation. This paper presents an implementation of a novel architectural transformation technique for mapping a word bit wide algorithm to byte vector serial architecture. The technique divides the input word to several bytes and then traces each byte for extracting architectural transformation. The technique is applied on Advanced Encryption Standard (AES) algorithm which is non-linear in nature. Using this technique, the 32-bit AES algorithm is transformed into a byte-systolic architecture. The novelty of the technique is more pronounced around the mix column design which is the most complex part of the AES algorithm. The complex matrix multiplication component and standard transformations of the 32-bit AES algorithm are transformed to support 8-bit operations. The resulted AES architectures reuse same logic resources for key expansion and encryption/decryption. The proposed design offers moderate data rates in the range of 41 Mbps for encryption and 37 Mbps for decryption while utilizing 236 and 280 slices, respectively, on Xilinx Virtex II xc2v1000-6 FPGA. Comparison results show significant gain in throughput when compared with other 8-bit designs. This makes it a viable data/communication security solution for a variety of embedded and consumer electronics.     

Architecture design of high‐efficient and non‐memory AES crypto‐core for WPAN

This paper presents the architecture design of a high‐efficient and non‐memory Advanced Encryption Standard (AES) crypto‐core to fit WPAN security requirement. The proposed basis transformation approach from Galois Field (2⁸) to Galois Field GF(((2²)²)²) can significantly reduce the hardware complexity of the SubBytes Transformation (S‐box). Besides, the on‐the‐fly key expansion function is used to replace the RAM‐based, and the new on‐the‐fly key scheduler fully supports AES‐128, AES‐192 and AES‐256. Moreover, resource‐sharing scheme will also be employed to reduce the hardware complexity of the cipher and decipher. FPGA experiment results show that the AES core works at 175.75 MHz clock. It takes about 33 clocks and 66 clocks to complete an AES‐128 encryption and decryption, respectively. That is, the corresponding throughputs are 681.7 and 340.85 Mbps. The hardware cost of the AES design is about 2420 slices with 3‐in‐1 key scheduler included. Experiment results also show that the proposed design is suitable for integration into the WPAN chips due to its acceptable power dissipation. Copyright © 2010 John Wiley & Sons, Ltd.     

国产通用处理器密码算法指令实现研究

介绍了国际主流密码算法AES和SHA,综述了当前主流通用处理器架构的密码算法指令发展现状。为提高国产通用处理器在密码安全领域的性能,设计了面向国产通用处理器的AES和SHA密码算法扩展指令集,实现了能全流水执行的AES和SHA密码算法指令执行部件,并进行了实现评估和优化。该密码算法指令执行部件的工作频率达2.0 GHz,总面积为17 644μm²,总功耗为59.62 mW,相比软件采用原有通用指令实现,对AES密码算法的最小加速比为8.90倍,对SHA密码算法的最小加速比为4.47倍,在指令全流水执行时可达19.30倍,显著地改善了处理器执行AES和SHA密码算法的性能,有望应用于国产通用处理器并进一步提升国产通用处理器芯片在密码安全应用领域的竞争力。此外,该密码算法指令部件还可以封装成专门用于支持密码算法的IP,应用在密码安全领域的专用芯片中。     

针对FPGA密码芯片的近场差分电磁分析攻击

为探究现场可编程门阵列（FPGA）密码芯片运行时电磁辐射造成的涉密信息泄漏情况,研究了互补金属氧化物半导体（CMOS）电路直接电磁辐射的原理,构建了FPGA密码芯片的近场电磁辐射模型。根据这个模型,探讨了近场电磁辐射测量点的选取,采用电磁扫描的方法解决了电磁探头在FPGA表面电磁信号采集的定位问题。此外,在阐释了差分电磁分析（DEMA）攻击原理的同时,完成了高级加密标准（AES）的FPGA电路设计,针对FPGA密码系统的DEMA攻击实验表明,通过电磁扫描找到最佳测量点,在42 000个样本的条件下能成功破解AES密码电路的128 bit密钥。     

uIP TCP/IP协议栈在51系列单片机上的应用

uIP协议栈是一种免费的可实现的极小的TCP／IP协议栈，可以使用于由8位或16位微处理器构建的嵌入式系统。本文分析了uIP协议栈的结构和应用接口．并讨论了如何将其应用到51系列单片机上。     

The Advanced Encryption Standard

In October 2000, the National Institute of Standards and Technology (NIST) announced that the Rijndael algorithm had been selected to be the new Advanced Encryption Standard (AES). NIST’s announcement concluded a three and a half year search process in which fifteen candidate algorithms from twelve countries were evaluated on the basis of security, computational efficiency, algorithm simplicity, and flexibility. The AES will become a Federal Information Processing Standard (FIPS), thereby replacing the aging and obsolete Data Encryption Standard (DES) as the cryptographic algorithm employed by US Government agencies and the private sector to encrypt sensitive information.     

Hardware implementation analysis of SHA-256 and SHA-512 algorithms on FPGAs

Hash functions are common and important cryptographic primitives, which are very critical for data integrity assurance and data origin authentication security services. Field programmable gate arrays (FPGAs) being reconfigurable, flexible and physically secure are a natural choice for implementation of hash functions in a broad range of applications with different area-performance requirements. In this paper, we explore alternative architectures for the implementation of hash algorithms of the secure hash standards SHA-256 and SHA-512 on FPGAs and study their area-performance trade-offs. As several 64-bit adders are needed in SHA-512 hash value computation, new architectures proposed in this paper implement modulo-64 addition as modulo-32, modulo-16 and modulo-8 additions with a view to reduce the chip area. Hash function SHA-512 is implemented in different FPGA families of ALTERA to compare their performance metrics such as area, memory, latency, clocking frequency and throughput to guide a designer to select the most suitable FPGA for an application. In addition, a common architecture is designed for implementing SHA-256 and SHA-512 algorithms.     

对AES算法硬件实现的面积优化的研究

本文从AES算法入手,对有效缩减面积的多类硬件实现方法设计进行了研究.这些方法主要有三类:对单独的层(layer)分别进行优化;将相邻的层组合在一起进行优化;将加解密的相关模块集成优化.最后,基于SMIC0.18CMOS工艺,提出了一种有效缩减面积的设计,在满足实用要求的情况下,该设计有效的减少了芯片的面积.     

高速可重构AES的设计与实现

提出一种可重构AES硬件架构,对加/解密运算模块和密钥扩展模块进行了可重构设计,使其能够适配128bit、192bit、256bit三种密钥长度的AES算法,并针对列混合模块进行了结构优化。在FPGA上进行了验证与测试,并在0.18μmSMIC工艺下进行了逻辑综合及布局布线。结果表明其核心时钟频率为270MHz,吞吐量达到3.4Gb/s,能够满足高性能的密码处理要求。     

A high-speed AES design resistant to fault injection attacks

To secure the Advanced Encryption Standard against physical attacks known as fault injection attacks, different countermeasures have been proposed. The AES is used in many embedded systems to provide security. It has become the default choice for security services in numerous applications. However, the natural and malicious injected faults reduce its robustness and may cause private information leakage. In this paper, we study the concurrent fault detection schemes for achieving a reliable AES implementation. We specifically propose a new fault detection scheme based on modification of the AES architecture. For this purpose, the round AES transformation is broken into two parts and a pipeline stage is inserted in between.The proposed scheme is independent of the way the S-Box and the Inv_S-Box are implemented. Hence, it can be used for both the S-Box and the Inv_S-Box using Look-Up Table and those using logic gates based on Galois Fields. Our simulation results show the fault coverage reaches 98.54% for the proposed scheme. Moreover, the proposed and the previously reported fault detection schemes have been implemented on the most recent Xilinx Virtex FPGAs. Their area overhead, the frequency and throughput have been compared and it is shown that the proposed fault detection scheme outperform the previously reported ones.