Pushing the Limits Further: Sub-Atomic AES
The recent trend to connect a plethora of sensors, embedded and ubiquitous systems with low computing power, in short the rise of the Internet of Things, has created a great demand for compact, lightweight and cheap to produce implementations of cryptographic primitives.
One approach to meet this demand is the development and standardisation of new tailored primitives, most prominently PRESENT. Yet, the wide proliferation of the Advanced Encryption Standard and the trust it earned through its long history of withstanding cryptanalysis spurred anew the search for small, lightweight implementations of AES.
Among the smallest published architectures is the AtomicAES design by Banik et al., who reported a design size of just over 2000 GE.
Here we present a new 8-bit serial architecture that has been designed from careful observation of the minimum required connections between storage elements to support all dataflows required for execution of the algorithm. While we reach similar conclusions to previous publications, the new architecture enables us to push the area requirement for a fully featured AES primitive further down by more than 8% from the area requirement of AtomicAES while offering more functionality.
Along the way we also answer in the affirmative the open question whether the AES reverse keyschedule can be implemented with negligible hardware overhead based on the forward keyschedule.
Our design sets a new record for an 8-bit serial architecture with full functionality for encryption and decryption including the keyschedule, as well as for a sole encryption architecture. Furthermore our design is flexible enough to allow scaling the S-Box architecture from single-cycle to multi-stage pipelined approaches as are required for high operation frequencies or for protection against side-channel attacks. We demonstrate this by instantiating the design with a serial version of the S-Box to reduce the area requirement even further.
KeywordsAES Lightweight 8-bit-serial ASIC Block cypher S-Box
- 1.Ahmed, E.G., Shaaban, E., Hashem, M.: Lightweight mix columns implementation for AES. In: Proceedings of the 9th WSEAS International Conference on Applied Informatics and Communications, AIC 2009, pp. 253–258. World Scientific and Engineering Academy and Society (WSEAS), Stevens Point, Wisconsin, USA (2009). http://portal.acm.org/citation.cfm?id=1628143
- 2.Banik, S., et al.: Midori: A block cipher for low energy (extended version). Cryptology ePrint Archive, Report 2015/1142, November 2015. http://eprint.iacr.org/2015/1142
- 3.Banik, S., Bogdanov, A., Regazzoni, F.: Atomic-AES: a compact implementation of the AES Encryption/Decryption core. Cryptology ePrint Archive, Report 2016/927, September 2016. http://eprint.iacr.org/2016/927
- 4.Banik, S., Bogdanov, A., Regazzoni, F.: Atomic-AES v 2.0. Cryptology ePrint Archive, Report 2016/1005, October 2016. http://eprint.iacr.org/2016/1005
- 5.Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The SIMON and SPECK families of lightweight block ciphers. Cryptology ePrint Archive, Report 2013/404, June 2013. http://eprint.iacr.org/2013/404
- 7.Borghoff, J., et al.: PRINCE - a low-latency block cipher for pervasive computing applications (full version). Cryptology ePrint Archive, Report 2012/529, September 2012. http://eprint.iacr.org/2012/529
- 9.Chawla, S.S., Aggarwal, S., Kamal, S., Goel, N.: FPGA implementation of an optimized 8-bit AES architecture: a masked S-box and pipelined approach. In: 2015 IEEE International Conference on Electronics, Computing and Communication Technologies (CONECCT), pp. 1–6. IEEE, July 2015. http://dx.doi.org/10.1109/conecct.2015.7383859
- 10.Daemen, J., Peeters, M., Van Assche, G., Rijmen, V.: The NOEKEON block cipher. Technical report, October 2000. http://gro.noekeon.org/Noekeon-spec.pdf
- 11.De Cannière, C., Dunkelman, O., Knežević, M.: KATAN and KTANTAN—a family of small and efficient hardware-oriented block ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 272–288. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04138-9_20CrossRefzbMATHGoogle Scholar
- 12.Feldhofer, M., Wolkerstorfer, J., Rijmen, V.: AES implementation on a grain of sand. In: IEE Proceedings - Information Security, vol. 152, no. 1, p. 13+ (2005). http://dx.doi.org/10.1049/ip-ifs:20055006
- 13.Feldhofer, M., Lemke, K., Oswald, E., Standaert, F.X., Wollinger, T., Wolkerstorfer, J.: State of the art in hardware architectures. Note: deliverable with a special focus on AES hardware architectures. ECRYPT Deliverable No. D.VAM2, September 2005. http://www.iaik.tugraz.at/content/research/krypto/AES/VAM2-IAIK-17-D.VAM2-1_0.pdf
- 16.Hämäläinen, P., Alho, T., Hännikäinen, M., Hämäläinen, T.D.: Design and implementation of low-area and low-power AES encryption hardware core. In: 9th EUROMICRO Conference on Digital System Design (DSD 2006), pp. 577–583. IEEE (2006). http://dx.doi.org/10.1109/dsd.2006.40
- 17.ISO/IEC: ISO/IEC 29192–2:2012 - information technology - security techniques - lightweight cryptography - part 2: Block ciphers. Technical report, International Organization for Standardization, January 2012. https://www.iso.org/standard/56552.html
- 19.Knudsen, L.R., Robshaw, M.: The Block Cipher Companion. Springer, Heidelberg (2011). http://link.springer.com/book/10.1007%2F978-3-642-17342-4
- 20.Mathew, S., et al.: 340 mV-1.1 V, 289 Gbps/W, 2090-gate nanoAES hardware accelerator with area-optimized encrypt/decrypt \(GF(2^4)^2\) polynomials in 22 nm tri-gate CMOS. IEEE J. Solid-State Circ. 50(4), 1048–1058 (2015). http://dx.doi.org/10.1109/jssc.2014.2384039
- 26.Wamser, M.S.: Ultra-small designs for inversion-based S-boxes. In: 17th Euromicro Conference on Digital System Design, pp. 512–519. Department of Computer Science, Università di Verona. IEEE, August 2014. http://dx.doi.org/10.1109/DSD.2014.37
- 27.Wamser, M.S., Sigl, G.: Pushing the limits further: sub-atomic AES. In: 2017 IFIP/IEEE International Conference on Very Large Scale Integration (VLSI-SoC), pp. 1–6 (2017). http://dx.doi.org/10.1109/VLSI-SoC.2017.8203470
- 28.Zhang, W., Bao, Z., Lin, D., Rijmen, V., Yang, B., Verbauwhede, I.: RECTANGLE: a bit-slice Ultra-Lightweight block cipher suitable for multiple platforms. Cryptology ePrint Archive, Report 2014/084, February 2014. http://eprint.iacr.org/2014/084