VLSI Implementation of a Functional Unit to Accelerate ECC and AES on 32-Bit Processors

  • Stefan Tillich
  • Johann Großschädl
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4547)


Embedded systems require efficient yet flexible implementations of cryptographic primitives with a minimal impact on the overall cost of a device. In this paper we present the design of a functional unit (FU) for accelerating the execution of cryptographic software on 32-bit processors. The FU is basically a multiply-accumulate (MAC) unit able to perform multiplications and MAC operations on integers and binary polynomials. Polynomial arithmetic is a performance-critical building block of numerous cryptosystems using binary extension fields, including public-key primitives based on elliptic curves (e.g. ECDSA), symmetric ciphers (e.g. AES or Twofish), and hash functions (e.g. Whirlpool). We integrated the FU into the Leon2 SPARC V8 core and prototyped the extended processor in an FPGA. All operations provided by the FU are accessible to the programmer through custom instructions. Our results show that the FU allows to accelerate the execution of 128-bit AES by up to 78% compared to a conventional software implementation using only native SPARC V8 instructions. Moreover, the custom instructions reduce the code size by up to 87.4%. The FU increases the silicon area of the Leon2 core by just 8,352 gates and has almost no impact on its cycle time.


Block Cipher Partial Product Advance Encryption Standard Elliptic Curve Cryptography Custom Instruction 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. Bertoni, G., Breveglieri, L., Fragneto, P., Macchetti, M., Marchesin, S.: Efficient software implementation of AES on 32-bit platforms. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 159–171. Springer Verlag, Heidelberg (2003)CrossRefGoogle Scholar
  2. Bertoni, G., Breveglieri, L., Farina, R., Regazzoni, F.: Speeding up AES by extending a 32-bit processor instruction set. In: Proceedings of the 17th IEEE International Conference on Application-Specific Systems, Architectures and Processors (ASAP 2006), pp. 275–282. IEEE Computer Society Press, Los Alamitos (2006)CrossRefGoogle Scholar
  3. Daemen, J., Rijmen, V.: The Design of Rijndael: AES – The Advanced Encryption Standard. Springer Verlag, Heidelberg (2002)zbMATHGoogle Scholar
  4. Gaisler, J.: The LEON-2 Processor User’s Manual (Version 1.0.10) (2003) Available for download at
  5. Gladman, B.: Implementations of AES (Rijndael) in C/C++ and assembler. Available for download at
  6. Großschädl, J., Kamendje, G.-A.: Low-power design of a functional unit for arithmetic in finite fields GF(p) and GF(2m). In: Chae, K.-J., Yung, M. (eds.) Information Security Applications - WISA 2003. LNCS, vol. 2908, pp. 227–243. Springer, Heidelberg (2004)Google Scholar
  7. Großschädl, J., Tillich, S., Szekely, A., Wurm, M.: Cryptography instruction set extensions to the SPARC V8 architecture. Preprint, submitted for publicationGoogle Scholar
  8. Hankerson, D.R., Menezes, A.J., Vanstone, S.A.: Guide to Elliptic Curve Cryptography. Springer Verlag, Heidelberg (2004)zbMATHGoogle Scholar
  9. Hodjat, A., Verbauwhede, I.: Interfacing a high speed crypto accelerator to an embedded CPU. In: Proceedings of the 38th Asilomar Conference on Signals, Systems, and Computers, vol. 1, pp. 488–492. IEEE, New York (2004)Google Scholar
  10. Koufopavlou, O., Selimis, G., Sklavos, N., Kitsos, P.: Cryptography: Circuits and systems approach. In: Proceedings of the 5th IEEE Symposium on Signal Processing and Information Technology (ISSPIT 2005), December 2005, pp. 918–923. IEEE, New York (2005)CrossRefGoogle Scholar
  11. Lim, W.M., Benaissa, M.: Subword parallel GF(2m) ALU: An implementation for a cryptographic processor. In: Proceedings of the 17th IEEE Workshop on Signal Processing Systems (SIPS 2003), pp. 63–68. IEEE, New York (2003)Google Scholar
  12. Nadehara, K., Ikekawa, M., Kuroda, I.: Extended instructions for the AES cryptography and their efficient implementation. In: Proceedings of the 18th IEEE Workshop on Signal Processing Systems (SIPS 2004), pp. 152–157. IEEE, New York (2004)Google Scholar
  13. National Institute of Standards and Technology. FIPS-197: Advanced Encryption Standard (November 2001) Available online at
  14. Page, D.: Theoretical Use of Cache Memory as a Cryptanalytic Side-Channel. Technical Report CSTR-02-003, Department of Computer Science, University of Bristol (June 2002)Google Scholar
  15. Savaş, E., Tenca, A.F., Koç, Ç.K.: A scalable and unified multiplier architecture for finite fields GF(p) and GF(2m). In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 277–292. Springer Verlag, Heidelberg (2000)CrossRefGoogle Scholar
  16. Schaumont, P., Sakiyama, K., Hodjat, A., Verbauwhede, I.: Embedded software integration for coarse-grain reconfigurable systems. In: Proceedings of the 18th International Parallel and Distributed Processing Symposium (IPDPS 2004), pp. 137–142. IEEE Computer Society Press, Los Alamitos (2004)CrossRefGoogle Scholar
  17. Tillich, S., Großschädl, J.: Accelerating AES using instruction set extensions for elliptic curve cryptography. In: Gervasi, O., Gavrilova, M., Kumar, V., Laganà, A., Lee, H.P., Mun, Y., Taniar, D., Tan, C.J.K. (eds.) Computational Science and Its Applications – ICCSA 2005. LNCS, vol. 3481, pp. 665–675. Springer, Heidelberg (2005)Google Scholar
  18. Tillich, S., Großschädl, J.: Instruction set extensions for efficient AES implementation on 32-bit processors. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 270–284. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  19. Tillich, S., Großschädl, J., Szekely, A.: An instruction set extension for fast and memory-efficient AES implementation. In: Dittmann, J., Katzenbeisser, S., Uhl, A. (eds.) CMS 2005. LNCS, vol. 3677, pp. 11–21. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  20. Trusted Computing Group. TCG Specification Architecture Overview (Revision 1.2) (April 2004), Available for download at

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Stefan Tillich
    • 1
  • Johann Großschädl
    • 1
  1. 1.Graz University of Technology, Institute for Applied Information Processing and Communications, Inffeldgasse 16a, A–8010 GrazAustria

Personalised recommendations