COMPUSOFT, An international journal of advanced computer technology, 3 (8), August-2014 (Volume-III, Issue-VIII)

ISSN:2320-0790

Area Optimized Advanced Encryption Standard

Mr. Sandip R. Aher, Prof. Dr. G. U. Kharat
Dept. of Electronics and Teleco mmunication Engineering
SPCOE, Otur, University of Pune
Pune, Maharashtra, India
Abstract Performance evaluation of the Advanced Encryption Standard candi dates has become led to
intensive study of both hardware and software i mplementations. However, number of papers presents
vari ous implementation results, it shows that efficiency coul d still be greatly improved by applying
effecti ve design rules adapted to devices and algorithms. This paper shows vari ous approaches for
efficient FPGA i mplementati ons of the Advanced Encrypti on Standard algorithm. For different
applications of the AES algorithm may require different s peed/area tradeoffs, we propose a vital study of
the possible implementati on schemes, but also the discussion of design methodology and algorithmic
optimization in order to improve previous reported results. We propose system to evaluate hardware
efficiency at different steps of the design process. We also use an opti mal pi peline that takes the place and
route constraints into account. Resulting circuits significantly i mprove the previous reported results:
throughput has been up to 18.5 Gbits/sec and the area requirements can be li mited to 542 slices and 10
RAM bl ocks wi th a rati o throughput/area i mproved by mini mum 25% of the best-known designs in the
Xilinx Virtex- E technol ogy.
Keywords E DK, Real time Communicati on, AES, Security, XPS, EDK, RTOS.
BACKGROUND
The Advanced Encryption Standard (AES)
specifies a cryptographic algorithm that can be
used to protect electronic data. AES algorith m is
asymmetric block cipher that can encrypt
(encipher) and decrypt (decipher) in formation.
Encryption converts data to an unintellig ible form
called cipher-text; decrypting the cipher-text
converts the data back into its original form, called
plaintext.
The Advanced Encryption Standard, after the Data
Encryption Standard was found too weak because
of its small key size and the technological
advancements in processor power. Fifteen
candidates were accepted and based on public
comments the pool was reduced to five. One of
these five algorith ms was selected as the
forthcoming standard: a slightly modified version
of the Rijndael.
The Rijndael, whose name is based on the names of
its two Belgian inventors, Joan Daemen and
Vincent Rijmen is a Block cipher, wh ich means
that it works on fixed length group of bits, which

are called blocks. It takes an input block of a

certain size, usually 128 bits, and produces a
corresponding output block of the same size. The
transformation requires a second input, which is the
secret key with lengths of 128, 192 and 256 b its.
Unlike DES, wh ich is based on Feistel network,
AES is a substitution-permutation network, which
is a series of mathematical operations that use
substitutions (also called S-Bo x) and permutations
(P-Bo xes) and their careful defin ition imp lies that
each output bit depends on every input bit.
BLOCK CIPHER
When a block cipher algorithm is used for
encryption and decryption purposes, the message is
divided into blocks of bits. These blocks are then
put through substitution, transposition, and other
mathematical functions.
The algorithm d ictates all the possible functions
available to be used on the message, and it is the
key that will determine what order these functions
will take p lace. St rong algorith ms make

1059

COMPUSOFT, An international journal of advanced computer technology, 3 (8), August-2014 (Volume-III, Issue-VIII)

reengineering or trying to figure out all the

functions that took place on the message, basically
impossible.
It has been said that the properties of a cipher
should contain confusion and diffusion. Different
unknown key values cause confusion, because the
attacker does not know these values, and diffusion
is accomplished by putting the bits within the
plaintext through many different functions so that
they are dispersed throughout the algorith m. Block
ciphers use diffusion and confusion in their
methods.

bits treated as a single entity. The input, output and

Cipher Key b it sequences which are processed as
arrays of bytes that are formed by dividing these
sequences into groups of eight contiguous bits to
form arrays of bytes.
In the Rijndael version with variable block size, the
row size is fixed to four and the number of colu mns
varies. The number of colu mns is the block size
divided by 32 and denoted Nb. The cipher key is
similarly pictured as a rectangular array with four
rows. The number of colu mns of the cipher key,
denoted Nk, is equal to the key length divided by
32. AES uses a variable number of rounds, which
are fixed : A key of size 128 has 10 rounds.
AES algorith m uses a round function that
is composed of four different byte-oriented
transformations:
Byte substitution using a substitution table
(S-bo x)
Shift ing rows of the State array by
different offsets
Mixing the data within each column of the
State array
Adding a Round Key to the State
Above mentioned functions were carried
out for every individual round and in the last round
the third function, that is, Mixing the data within
each column of the State array will not be
performed. Hence the last round is carried out
separately. Based on the key provided, the new set
of keys will be generated in the Key Expansion
block and is given to the each round as input.

ADVANTAGES OF AES:
Through AES, input message of length
128 b its can be encrypted which is more
than the DES and Trip le DES.
AES has the various secret key lengths
such as 128 b its, 192 b its and 256 b its,
whereas DES and Triple DES have fixed
length of 64 bits.
The cipher key is expanded into a larger
key, which is later used for the actual
operation.
The Expanded Key shall ALWAYS be
derived fro m the Cipher Key and never be
specified direct ly.
AES is very hard to attack or crack when
compared to DES.
AES will be faster when compared to the
Trip le DES.
APPLICATION
This standard may be used by Federal
departments and agencies when an agency
determines that sensitive (unclassified)
informat ion (as defined in P. L. 100-235)
requires cryptographic protection
High speed ATM/Ethernet/Fiber-Channel
switches
Secure video teleconferencing
Routers and Remote Access Servers

ENCRYPTION
At the start of the Encryption or Cipher, the input
data and the input key were copied to the State
array using the conventions. Initially the XOR
operation should be performed between each byte
of the input data and the input key and the output
will be given as the input of the Round-1. After an
initial Round Key addition, the State array is
transformed by imp lementing a round function
10t imes, with the final round differing slightly
fro m the first Nr 1rounds. The final State is then
copied to the output. The round function is
parameterized using a key schedule that consists of
a one-dimensional array of four-byte words derived
using the Key Expansion routine.
The individual transformat ions that carried
out are listed below.
SubBytes

AES ALGORITHM
The AES is an iterated block cipher with a fixed
block size of 128 and a variable key length. The
different
transformat ions
operate on
the
intermediate results, called state. The state is a
rectangular array of bytes and since the block size
is 128 bits, which is 16 bytes, the rectangular array
is of dimensions 4x4.The basic unit for processing
in the AES algorith m is a byte, a sequence of eight

1060

COMPUSOFT, An international journal of advanced computer technology, 3 (8), August-2014 (Volume-III, Issue-VIII)

Shift Rows
MixCo lu mns
AddRoundKey

includes both Encryption and Decryption are

implemented using Verilog and their functionality
will be verified in the ModelSim Tool with proper
test cases.

DECRYPTION
The cipher text of 128 bits and the same key of 128
bits will be given as the input to the decryption
block. The encrypted data will be decrypted and the
original p lain message will be achieved as the
output of the decryption block. The Cipher
transformations can be inverted and then
implemented in reverse order to produce a
straightforward Inverse Cipher for the A ES
algorith m. The individual transformations used in
the Inverse Cipher were listed as follo ws.
InvShift Rows
InvSubBytes
InvMixColu mns
AddRoundKey
Here also 10 rounds will be carried out
and the only difference in the decryption block
with respect to the algorithm flow is that the result
of the KeyExpansion of each round will also be
given to the MixCoulmns operation after which the
AddRoundKey transformation should be carried
out.
InvMixColumns (state XOR Round Key) =
InvMixColumns (state) XOR InvMixColumns
(Round Key)
The above equation represents the basic
difference in the process of the AES Encryption
and Decryption algorith m.

IMPLEMENTATION REQUIREMENTS
During the implementation, there are different
parameters are required wh ich are discussed as
follows.
Input Data Length Requirements
An implementation of the AES algorithm should
have the input data (Plain Text ) length of 128bits
which acts as the primary input to the both
Encryption and Decryption block.
Key Length Requirements
In this AES implementation the input key chosen to
be as 128bits fro m the various key lengths
available. This also acts as the primary input to the
both Encryption and Decryption block.
Keying Restrictions
No weak or semi-weak keys have been identified
for the AES algorith m and there is no restriction on
key selection.
Parameterization of Block Size and
Round Number
Here since the input data and the input key lengths
are 128 bits, the block size will be of Nb = 4 and
the Round Number will be of Nr = 10. The Round
Nu mber will be taken with respect to the AES
Algorith m Standard.
RES ULTS AND CONCLUS ION
Design Summary
This describes the simulat ion on Xilin x
navigator summary statement.

IMPLEMENTATION
The AES is a block cipher. Th is means that the
number of bytes that it encrypts is fixed. A ES can
currently encrypt blocks of 16 bytes at a time; no
other block sizes are presently a part of the AES
standard. If the bytes being encrypted are larger
than the specified block then AES is executed
concurrently. This also means that AES has to
encrypt a minimu m of 16 bytes. If the plain text is
smaller than 16 bytes then it must be padded.
Simp ly said the block is a reference to the bytes
that are processed by the algorithm.
The current condition of the block will be defined
by the State. That is the block of bytes that are
currently being worked on. The state starts off
being equal to the block, however it changes as
each round of the algorithms executes. Plain ly we
can say that this is the block in progress. The
Advanced Encryption Standard Algorithm which

Device Utilizati on Summary

Logic
Utilizati on
Nu mber of
Slice Flip
Flops
Nu mber of 4
input LUTs

Used

Availabl Utilizati o Note(s

e
n
)

551

29,504

1%

2,116

29,504

7%

1,210

14,752

8%

Logic
Distributio
n
Nu mber of
occupied
Slices

1061

COMPUSOFT, An international journal of advanced computer technology, 3 (8), August-2014 (Volume-III, Issue-VIII)

Nu mber
of Slices
containing
only related
logic

1,210

1,210

5.2 Simulati on Waveforms

1) Simulat ion Waveforms for In itial Round:

100%

Functional Simulation and Verification

Nu mber
of Slices
containing
unrelated
logic
Total
Number of
4 input
LUTs

1,210

0%

2,116

29,504

7%

Nu mber of
bonded
IOBs

133

250

53%

Nu mber of
GCLKs

24

4%

Total
equi valent
gate count
for design

17,91
4

Additional
JTA G gate
count for
IOBs

6,384

The new improved structure of AES-128

encryption algorithm is implemented with Verilog.
We used Xilin x 9.2 ISE fo r the waveform and
verified the results.
Table 1 Comparison of implementations of AES

Performance Summary
Final Ti ming
0
Score:
Routing
Results:

All Signals
Co mpletely
Routed

Ti ming
Constraints:

All Constraints
Met

Pinout
Data:

Pinout
Report

Clock
Data:

Clock
Report

Slices

Throug
hput
(Gbps)

Through
put/ Area
(Mb/Sec/
Slice)

Suppo
rt

Ref

1931

Enc

[1]

22994

Enc/D
ec

[4]

8447

1.18

0.187

Enc

[5]

626

3.4

5.43

Enc

[6]

1470

2.8

1.9

Enc/D
ec

[7]

751

4.0

5.33

Enc

951

5.25

9.16

Enc/D
ec

Serial
Implem
entation
Pipeline

Fig. 1 Simulation Results Initial Round

1062

d
Implem
entation

COMPUSOFT, An international journal of advanced computer technology, 3 (8), August-2014 (Volume-III, Issue-VIII)

Conclusion

block. The future work can done for the

distribution of secret key that is considered as a
critical issue of AES like other symmetric
encryption algorithm.

Efficiency in terms of architecture optimizations

such as those made in the Advanced Encryption
Standard and imp lementation aspects leading to

Area Optimization
Higher Throughput

REFERENCES
[1] AI-W EN LUO, QING-MING YI, M IN SHI
Design and Imp lementation of Area-optimized
AES Based on FPGA Published by 2011
International Conference on Business Management
and Electronic Information.

Meanwhile, this design reduces power

consumption to some extent, fo r the power
consumption is direct ly related to the chip area.
A implementation of area-optimized A ES
algorith m which meets the actual application is
proposed in this thesis. After being coded with
Verilog Hardware Description Language, the
waveform simu lation of the new algorith m was
taken in the Xilin x 9.2 family. Ultimately, a
synthesis simulat ion of the new algorithm has been
done. The result shows that the design with the
pipelin ing technology and special data transmission
mode can optimize the chip area effect ively.
Meanwhile,
this
design
reduces
power
consumption to some extent, fo r the power
consumption is directly related to the chip area.
Therefore the encryption device implemented in
this method can meet some practical applicat ions.
As the S-box is implemented by look-uptable in this design, the chip area and power can
still be optimized. So the future work should focus
on the imp lementation mode of S-bo x.
Mathematics in Galois field (28) can accomplish
the bytes substitution of the AES algorith m, which
could be another idea of further research.

[2] Ahmed, S.; Samsudin, K.; Ramli, A.R.;

Rokhani, F.Z. Effective imp lementation of A ESXTS on FPGA Published in TENCON 2011 2011 IEEE Region 10 Conference
.
[3] Kuo-Huang Chang 1 , Yi-Cheng Chen 2 , ChungCheng Hsieh 1 , Chi-Wu Huang2 and Chi-Jeng
Chang 1 Embedded a low area 32-bit AES for
image
encryption/decryption
application
Published by IEEE International Sy mposium on
Circuits and Systems, 2009. ISCAS 2009
[4] Shan xin Qu; GuochuShou; Yihong Hu;
ZhigangGuo; Zongjue Qian High Throughput,
Pipelined Imp lementation of A ES on FPGA
Published in International Sy mposium on
Information
Engineering
and
Electronic
Co mmerce, 2009. IEEC '09.

[5] Kaur, Swinder; Vig, Renu, Efficient

Implementation of A ES A lgorith m in FPGA
DevicePublished in International Conference on
Conference on Co mputational Intelligence and
Multimedia Applications 2007.

Future Scope
The result shows that the design with the
pipelin ing technology and special data transmission
mode can optimize the chip area effect ively.
Therefore the encryption device implemented in
this method can meet some practical Applications
like image encryption.
In this thesis, we have studied AES
encryption and decryption schemes and have
highlighted some of the important mathematical
properties as well as the security issues of AES
algorith m. Since AES provides better security and
has less implementation complexity, it has emerged
as one of the strongest and most efficient
algorith ms in existence today. Hence, the optimal
solution is the use of a hybrid encryption system in
which typically AES is used to encrypt large data

[6] Helion Technologies Ltd, Fast AES XTS/CBC

Core for Xilin x FPGA (XEX-based Tweaked
Codebook
with
Ciphertext
Stealing),
IP
Core,http://www.heliontech.com/aes_xex.ht m.
[7] Hatzidimit riou, E.; Kakarountas, A.P.; ,
"Imp lementation of a P1619 crypto-core for Shared
Storage
Media,"
MELECON
15th IEEE
Mediterranean Electrotechnical Conference , vol.,
no., pp.597-601,
[8] M. Dworkin, Reco mmendation for Block
Cipher Modes of Operation: The XTS-A ES Mode
1063

COMPUSOFT, An international journal of advanced computer technology, 3 (8), August-2014 (Volume-III, Issue-VIII)

for Confidentiality on Storage Devices, NIST

Special Publication 800-38E, US Natl Inst. of
Standards
and
Technology,
http://csrc.nist.gov/publications/nistpubs/800
38E/n ist-sp-800-38E.pdf.
[9] Martin, L.; "XTS: A Mode of AES for
Encrypting Hard Disks," Security & Privacy, IEEE
, vol.8, no.3, pp.68-69.

1064