Six Shades of AES

  • Fatih BalliEmail author
  • Subhadeep Banik
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11627)


Recently there have been various attempts to construct light weight implementations of the AES-128 encryption and combined encryption/ decryption circuits [2, 13]. However no known lightweight circuit exists for AES-192 and AES-256, the variants of AES that use longer keys. Investing in lightweight implementations of these ciphers is important as we enter the post quantum era in which security is, by a rule of the thumb, scaled down to the square-root of the size of the keyspace. In this paper, we propose a single circuit that is able to offer functionalities of both encryption and decryption for AES-128/192/256. Our circuit operates on an 8-bit datapath and occupies around 3672 GE of area in silicon. We outline the challenges that presented themselves while performing the combinatorial optimization of circuit area and the methods we used to solve them.



Subhadeep Banik is supported by the Ambizione Grant PZ00P2_179921, awarded by the Swiss National Science Foundation (SNSF).


  1. 1.
    NIST Post-Quantum Cryptography Project. Available at
  2. 2.
    Banik, S., Bogdanov, A., Regazzoni, F.: Atomic-AES: a compact implementation of the aes encryption/decryption core. In: Dunkelman, O., Sanadhya, S.K. (eds.) INDOCRYPT 2016. LNCS, vol. 10095, pp. 173–190. Springer, Cham (2016). Scholar
  3. 3.
    Banik, S., Bogdanov, A., Regazzoni, F.: Atomic-AES v 2.0. In IACR eprint archive. Available at
  4. 4.
    Banik, S., et al.: Midori: a block cipher for low energy. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 411–436. Springer, Heidelberg (2015). Scholar
  5. 5.
    Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The simon and speck families of lightweight block ciphers. In IACR eprint Archive. Available at
  6. 6.
    Bogdanov, A., et al.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007). Scholar
  7. 7.
    Borghoff, J., et al.: PRINCE - a low-latency block cipher for pervasive computing applications - extended abstract. In Asiacrypt 2012, LNCS, vol. 7658, pp. 208–225 (2012)Google Scholar
  8. 8.
    Canright, D.: A very compact S-box for AES. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 441–455. Springer, Heidelberg (2005). Scholar
  9. 9.
    Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Springer-Verlag, Berlin (2002)CrossRefGoogle Scholar
  10. 10.
    Datta, N., Nandi, M.: ELmD v1.0. Submission to the Caesar compedition. Available at
  11. 11.
    Dworkin, M.: Recommendation for Block Cipher Modes of Operation. NIST Special Publication 800–38A. Available at
  12. 12.
    Feldhofer, M., Wolkerstorfer, J., Rijmen, V.: AES implementation on a grain of sand. IEEE Proc. Inf. Secur. 152(1), 13–20 (2005)CrossRefGoogle Scholar
  13. 13.
    Jean, J., Moradi, A., Peyrin, T., Sasdrich, P.: Bit-sliding: a generic technique for bit-serial implementations of spn-based primitives. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 687–707. Springer, Cham (2017). Scholar
  14. 14.
    Mathew, S., et al.: 340 mV-1.1V, 289 Gbps/W, 2090-gate nanoAES hardware accelerator with area-optimized encrypt/decrypt GF(\(2^4\))\(^2\) polynomials in 22 nm tri-gate CMOS. IEEE J. Solid-State Circ. 50, 1048–1058 (2015)CrossRefGoogle Scholar
  15. 15.
    Moradi, A., Poschmann, A., Ling, S., Paar, C., Wang, H.: Pushing the limits: a very compact and a threshold implementation of AES. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 69–88. Springer, Heidelberg (2011). Scholar
  16. 16.
    Satoh, A., Morioka, S., Takano, K., Munetoh, S.: A compact rijndael hardware architecture with S-Box optimization. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 239–254. Springer, Heidelberg (2001). Scholar
  17. 17.
    Shirai, T., Shibutani, K., Akishita, T., Moriai, S., Iwata, T.: The 128-bit Block-cipher CLEFIA(Extended Abstract). In FSE 2007, LNCS, vol. 4593, pp. 181–195 (2007)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.LASEC, École Polytechnique Fédérale de LausanneLausanneSwitzerland

Personalised recommendations