Fault Detection Structures of the S-boxes and the Inverse S-boxes for the Advanced Encryption Standard

Fault detection schemes for the Advanced Encryption Standard are aimed at detecting the internal and malicious faults in its hardware implementations. In this paper, we present fault detection structures of the S-boxes and the inverse S-boxes for designing high performance architectures of the Advanced Encryption Standard. We avoid utilizing the look-up tables for implementing the S-boxes and the inverse S-boxes and their parity predictions. Instead, logic gate implementations based on composite fields are used. We modify these structures and suggest new fault detection schemes for the S-boxes and the inverse S-boxes. Using the closed formulations for the predicted parity bits, the proposed fault detection structures of the S-boxes and the inverse S-boxes are simulated and it is shown that the proposed schemes detect all single faults and almost all random multiple faults. We have also synthesized the modified S-boxes, inverse S-boxes, mixed S-box/inverse S-box structures, and the whole AES encryption using the 0.18 μ CMOS technology and have obtained the area, delay, and power consumption overheads for their fault detection schemes. Furthermore, the fault coverage and the overheads in terms of the space complexity and time delay are compared to those of the previously reported ones.     

基于增强型延时感知CSE算法的AES S盒电路优化设计

针对高级加密标准（AES）S-盒优化,提出了一种增强型延时感知公共项消除（CSE）算法.该算法能够在不同延时约束条件下优化多常数乘法运算电路,并给出从最小延时到最小面积全范围的面积-延时设计折中.采用该算法优化了基于冗余有限域算术的S盒实现电路,确定了延时最优、面积最优的两种S盒构造.实例优化结果表明所提出算法的优化效率高、优化结果整体延时小.所设计的S盒电路基于65nm CMOS工艺库综合,结果表明,对比于已有文献中S盒复合域实现电路,所提出面积最优S盒电路的面积-延时积最小,比目前最小面积与最短延时的S盒组合逻辑分别减少了17.58%和19.74%.     

IEEE802.15.4中AES-CCM协议的扩展指令集实现

该文在高级加密标准(AES)快速算法的基础上,设计了一组基于可配置处理器NiosⅡ上的扩展指令,用于IEEE802.15.4标准媒体访问控制层中基于AES算法的计数器模式和密码分组链接消息验证码(AES-CCM)协议的硬件加速.该文首先推导出快速算法中用于轮变换的查找表与S盒的逻辑关系,然后通过复合域变换方法用硬件电路实现S盒的计算,从而消除了支撑扩展指令集的硬件逻辑对片上存储空间的消耗.同时给出该协议基于查表法的扩展指令集和协处理器的设计方案,并在EP2C35芯片上进行实现和对比.该方案仅消耗223个逻辑单元(LE),吞吐量为668.7 kbps,时钟周期数比软件算法加速174.6倍,芯片面积仅为协处理器方案的9.5％,显著降低了无线传感网节点设备的成本和功耗.     

基于FPGA硬件加密的设计与实现

以FPGA芯片Cyclone II系列为核心,构建FPGA硬件平台,提出一种以资源优先为目的的DES、AES加解密设计方案。通过分析S盒的非线性特征,构造新的复合域变换,避免因同构变换产生的资源损耗。加解密过程中利用轮函数硬件结构的复用,达到硬件资源占用的最小化。整体采用内嵌流水线结构,减少逻辑复杂度的同时提高处理速度。实验结果验证了FPGA硬件加密的资源占用率远低于ASIC的硬件加密,执行速度达到Gbit/s,加密性能大大提高。     

Low-power clock-less hardware implementation of the rijndael S-box for wireless sensor networks

The recent development of microelectronics techniques and advances in wireless communications have made it feasible to design low-cost, low-power, multifunctional and intelligent sensor nodes for wireless sensor networks (WSN). The design challenges for an efficient WSN mainly lie in two issues power and security. The Rijindael algorithm is a candidate algorithm for encrypting data in WSN. The SubByte (S-box) transformation is the main building block of the Rijindael algorithm. It dominates the hardware complexity and power consumption of the Rijindael cryptographic engine. This article proposes a clock-less hardware implementation of the S-box. In this S-box, 1) The composite field arithmetic in GF((24))2 was used to implement the compact datapath circuit; 2) A high-efficiency latch controller was attained by utilizing the four-phase micropipeline. The presented hardware circuit is an application specific integrated circuit (ASIC) on 0.25 μm complementary mental oxide semiconductor (CMOS) process using three metal layers. The layout simulation results show that the proposed S-box offers low-power consumption and high speed with moderate area penalty. This study also proves that the clock-less design methodology can implement high- performance cryptographic intellectual property (IP) core for the wireless sensor node chips.     

Research on area-efficient low-entropy masking scheme for AES

Based on the rotating S-box masking (RSM) proposed by Nassar et al,a low-entropy masking scheme for the advanced encryption standard (AES) was proposed.Reducing the area complexity by reusing the S-boxes,improving the hardware security by shuffling operation and improving the throughput by pipelining operation were the main idea of the proposed scheme.For the AES,the number of S-boxes could be reduced from 16 to 4 (key expansion module wasn’t included).Compared with the RSM,the combinational logic,the dedicated logic and the memory size are reduced to 69%,60% and 80% respectively.In addition,the theoretical analysis shows that the proposed scheme can resist offset based CPA attack,thus has higher security than the RSM.     

Low‐Power Design of Hardware One‐Time Password Generators for Card‐Type OTPs

Since card‐type one‐time password (OTP) generators became available, power and area consumption has been one of the main issues of hardware OTPs. Because relatively smaller batteries and smaller chip areas are available for this type of OTP compared to existing token‐type OTPs, it is necessary to implement power‐efficient and compact dedicated OTP hardware modules. In this paper, we design and implement a low‐power small‐area hardware OTP generator based on the Advanced Encryption Standard (AES). First, we implement a prototype AES hardware module using a 350 nm process to verify the effectiveness of our optimization techniques for the SubBytes transform and data storage. Next, we apply the optimized AES to a real‐world OTP hardware module which is implemented using a 180 nm process. Our experimental results show the power consumption of our OTP module using the new AES implementation is only 49.4% and 15.0% of those of an HOTP and software‐based OTP, respectively.     

一类动态S盒的构造与差分性质研究

该文对有限域的逆与仿射变换复合得到的动态S盒进行了研究。首先给出了动态S盒变换差分概率的刻画方法,并给出了动态S盒变换的差分对应是不可能差分对应的充分必要条件及不可能差分的个数。接着给出了动态S盒变换最大差分概率的上界及可达性。最后利用模拟实验的方法研究了由随机S盒来构造的动态S盒的差分性质。理论和实验分析都表明,这类动态S盒变换具有远好于单个S盒的差分特性。     

Efficient Implementations for AES Encryption and Decryption

This paper proposes two efficient architectures for hardware implementation of the Advanced Encryption Standard (AES) algorithm. The composite field arithmetic for implementing SubBytes (S-box) and InvSubBytes (Inverse S-box) transformations investigated by several authors is used as the basis for deriving the proposed architectures. The first architecture for encryption is based on optimized S-box followed by bit-wise implementation of MixColumns and AddRoundKey and optimized Inverse S-box followed by bit-wise implementation of InvMixColumns and AddMixRoundKey for decryption. The proposed S-box and Inverse S-box used in this architecture are designed as a cascade of three blocks. In the second proposed architecture, the block III of the proposed S-box is combined with the MixColumns and AddRoundKey transformations forming an integrated unit for encryption. An integrated unit for decryption combining the block III of the proposed InvSubBytes with InvMixColumns and AddMixRoundKey is formed on similar lines. The delays of the proposed architectures for VLSI implementation are found to be the shortest compared to the state-of-the-art implementations of AES operating in non-feedback mode. Iterative and fully unrolled sub-pipelined designs including key schedule are implemented using FPGA and ASIC. The proposed designs are efficient in terms of Kgates/Giga-bits per second ratio compared with few recent state-of-the-art ASIC (0.18-μm CMOS standard cell) based designs and throughput per area (TPA) for FPGA implementations.     

基于51核的AES算法高速硬件设计与实现

为提高算法的效率,降低密钥运算的复杂度,提升密钥抵抗强力攻击和时间攻击能力,提出一种AES的算法方案。阐述了AES算法原理及片上系统执行AES的工作流程,基于8051软核AES算法IP原理、设计流程以及硬件模块的实现方案,并给出了效率分析及在硬件平台上的验证结果。仿真结果显示,用查表法实现AES,其IP核具有高效性,并可为密码SoC产品的开发体统算法引擎支持。相比较于以往的算法模型,该方案用少量面积换取速度,大幅提高了算法的效率,因此具备良好的应用价值。     

An 80/20-MHz 160-mW multimedia processor integrated with embeddedDRAM, MPEG-4 accelerator and 3-D rendering engine for mobileapplications

A low-power multimedia processor for mobile applications is presented. An 80-MHz 32-b RISC with enhanced multiplier, two 20-MHz hardware accelerators with 7.125-Mb embedded DRAM for MPEG-4 visual SP@L1 decoding and 3-D graphics processing, 2-kB dual-port SRAM, and peripheral blocks are integrated together on a single chip, MPEG-4 SP@L1 video decoding and 3-D graphics rendering with a 16-b depth-buffer alpha-blending double-buffering and gouraud-shading features at 2, 2-Mpolygons/s speed are realized with the help of the dedicated hardware accelerators/ The architecture of the processor is optimized in terms of power consumption and performance, and various low-power circuit techniques are adopted in each hardware block. The chip is implemented using 0.18-μm embedded memory logic (EML) technology. Its area is 84 mm², and power consumption is 160 mW when all of the functions are activated     

Ultra-wide-band transmitter for low-power wireless body area networks: design and evaluation

The successful realization of a wireless body area network (WBAN) requires innovative solutions to meet the energy consumption budget of the autonomous sensor nodes. The radio interface is a major challenge, since its power consumption must be reduced below 100 /spl mu/W (energy scavenging limit). The emerging ultra-wide-band (UWB) technology shows strong advantages in reaching this target. First, most of the complexity of an UWB system is in the receiver, which is a perfect scenario in the WBAN context. Second, the very little hardware complexity of a UWB transmitter offers the potential for low-cost and highly integrated solutions. Finally, in a pulse-based UWB scheme, the transmitter can be duty-cycled at the pulse rate, thereby reducing the baseline power consumption. We present a low-power UWB transmitter that can be fully integrated in standard CMOS technology. Measured performances of a fully integrated pulse generator are provided, showing the potential of UWB for low power and low cost implementations. Finally, using a WBAN channel model, we present a comparison between our UWB solution and state-of-the-art low-power narrow-band implementations. This paper shows that UWB performs better in the short range due to a reduced baseline power consumption.     

The research of DPA attacks against AES implementations

This article examines vulnerabilities to power analysis attacks between software and hardware implementations of cryptographic algorithms. Representative platforms including an Atmel 89S8252 8-bit processor and a 0.25 um 1.8 v standard cell circuit are proposed to implement the advance encryption standard （AES）. A simulation-based experimental environment is built to acquire power data, and single-bit differential power analysis （DPA）, and multi-bit DPA and correlation power analysis （CPA） attacks are conducted on two implementations respectively. The experimental results show that the hardware implementation has less data-dependent power leakages to resist power attacks. Furthermore, an improved DPA approach is proposed. It adopts hamming distance of intermediate results as power model and arranges plaintext inputs to differentiate power traces to the maximal probability. Compared with the original power attacks, our improved DPA performs a successful attack on AES hardware implementations with acceptable power measurements and fewer computations.     

Low-power and area-optimized VLSI implementation of AES coprocessor for Zigbee system

A low-power and low-cost advanced encryption standard (AES) coprocessor is proposed for Zigbee system-on-a-chip (SoC) design. The cost and power consumption of the proposed AES coprocessor are reduced considerably by optimizing the architectures of SubBytes/InvSubBytes and MixColumns/InvMixColumns, integrating the encryption and deeryption procedures together by the method of resource sharing, and using the hierarchical power management strategy based on finite state machine (FSM) and clock gating (CG) technologies. Based on SMIC 0.18 μm complementary metal oxide semiconductor (CMOS) technology, the scale of the AES coprocessor is only about 10.5 kgate, the corresponding power consumption is 69.1 μW/MHz,and the throughput is 32 Mb/s, which is reasonable and sufficient for Zigbee system. Compared with other designs, the proposed architecture consumes less power and fewer hardware resources, which is conducive to the Zigbee system and other portable devices.     

Side-channel attack-resistant AES S-box with hidden subfield inversion and glitch-free masking

A side-channel attack(SCA)-resistant AES S-box implementation is proposed,which is an improvement from the power-aware hiding(PAH)S-box but with higher security and a smaller area.We use the composite field approach and apply the PAH method to the inversion in the nonlinear kernel and a masking method to the other parts.In addition,a delaymatched enable control technique is used to suppress glitches in the masked parts.The evaluation results show that its area is contracted to 63.3%of the full PAH S-box,and its power-delay product is much lower than that of the masking implementation.The leakage assessment using simulation power traces concludes that it has no detectable leakage under t-test and that it at least can thwart the moment-correlation analysis using 665000 noiseless traces.     

基于状态映射的AES算法硬件混淆设计

代码混淆利用系统自身逻辑来保护内部重要信息和关键算法,常用于软件代码的安全防护,确保开发者和用户的利益。如何在硬件电路上实现混淆、保护硬件IP核的知识产权,也是亟待解决的问题。该文通过对硬件混淆和AES算法的研究,提出一种基于状态映射的AES算法硬件混淆方案。该方案首先利用冗余和黑洞两种状态相结合的状态映射方式,实现有限状态机的混淆;然后,采用比特翻转的方法,实现组合逻辑电路的混淆;最后,在SMIC 65 nm CMOS工艺下设计基于状态映射的AES算法硬件混淆电路,并采用Toggle、数据相关性和代码覆盖率等评价硬件混淆的效率和有效性。实验结果表明,基于状态映射的AES算法硬件混淆电路面积和功耗分别增加9%和16%,代码覆盖率达到93%以上。     

Efficient canonic signed digit recoding

In this work novel-efficient implementations to convert a two’s complement binary number into its canonic signed digit (CSD) representation are presented. In these CSD recoding circuits two signals, H and K, functionally equivalent to two carries are described. They are computed in parallel reducing the critical path and they possess some properties that lead to a simplification of the algebraic expressions minimizing the overall hardware implementation. As a result, the proposed circuits are highly efficient in terms of speed and area in comparison with other counterpart previous architectures. Simulations of different configurations made over standard-cell implementations show an average reduction of about 55% in the delay and 29% in the area for a ripple-carry scheme, 47% in the delay and 17% the area in a carry look-ahead scheme, and 36% in the delay and 31% the area in a parallel prefix scheme.     

High-speed VLSI architectures for the AES algorithm

This paper presents novel high-speed architectures for the hardware implementation of the Advanced Encryption Standard (AES) algorithm. Unlike previous works which rely on look-up tables to implement the SubBytes and InvSubBytes transformations of the AES algorithm, the proposed design employs combinational logic only. As a direct consequence, the unbreakable delay incurred by look-up tables in the conventional approaches is eliminated, and the advantage of subpipelining can be further explored. Furthermore, composite field arithmetic is employed to reduce the area requirements, and different implementations for the inversion in subfield GF(2/sup 4/) are compared. In addition, an efficient key expansion architecture suitable for the subpipelined round units is also presented. Using the proposed architecture, a fully subpipelined encryptor with 7 substages in each round unit can achieve a throughput of 21.56 Gbps on a Xilinx XCV1000 e-8 bg560 device in non-feedback modes, which is faster and is 79% more efficient in terms of equivalent throughput/slice than the fastest previous FPGA implementation known to date.     

Portable video-on-demand in wireless communication

Our present ability to work with video has been confined to a wired environment, requiring both the video encoder and decoder to be physically connected to a power supply and a wired communication link. This paper describes an integrated approach to the design of a portable video-on-demand system capable of delivering high-quality image and video data in a wireless communication environment. The discussion will focus on both the algorithm and circuit design techniques developed for implementing a low-power video compression/decompression system at power levels that are two orders of magnitude below existing solutions. This low-power video compression system not only provides a compression efficiency similar to industry standards, but also maintains a high degree of error tolerance to guard against transmission errors often encountered in wireless communication. The required power reduction can best be attained through reformulating compression algorithms for energy conservation. We developed an intra-frame compression algorithm that requires minimal computation energy in its hardware implementations     

Novel direct designs for 3-input XOR function for low-power and high-speed applications

Novel direct designs for 3-input exclusive-OR (XOR) function at transistor level are proposed in this article. These designs are appropriate for low-power and high-speed applications. The critical path of the presented designs consists of only two pass-transistors, which causes low propagation delay. Neither complementary inputs, nor V _DD and ground exist in the basic structure of these designs. The proposed designs have low dynamic and short-circuit power consumptions and their internal nodes dissipate negligible leakage power, which leads to low average power consumption. Some effective approaches are presented for improving the performance, voltage levels, and the driving capability and lowering the number of transistors of the basic structure of the designs. All of the proposed designs and several classical and state-of-the-art 3-input XOR circuits are simulated in a realistic condition using HSPICE with 90 nm CMOS technology at six supply voltages, ranging from 1.3 V down to 0.8 V. The simulation results demonstrate that the proposed circuits are superior in terms of speed, power consumption and power-delay product (PDP) with respect to other designs.