1DESIGN AND ANALYSIS OF LOW POWER KEY EXPANSION

ARCHITECTURE USING MODIFIED LFSR FOR AES

ALGORITHM

1.1 INTRODUCTION

Encryption has become a vital part in military applications and

government agencies for secret information exchange. Due to the rapid advances in
computer networks and communication, encryption needs to be applied for civilian
systems to protect the information so that safety communication can be assured. In
view of this information protection, there is a widespread interest in designing
cryptographic systems.

The AES block cipher is well acknowledged for its fortified security.
However, the hardware requirement for AES is considerably too high. LFSR has been
considered being efficient and widely used in several cryptographic applications like
hash functions, pseudo-random sequence generators and stream ciphers. However, it
is considerably new in block cipher implementation. In order to achieve both compact
hardware area and minimal power consumption, it is proposed to employ the Modified
Linear Feedback Shift Register (MLFSR) as key expansion unit for round key
generation.

This chapter focuses on the implementation of AES using MLFSR based

key expansion approach. Both security and low power consumption having equal
importance in portable communicating devices. In this work, the chosen performance
metrics are the power consumption, delay, power delay product (PDP) and area. These
metrics are essential for performance analysis in FPGA devices.

1.2 SOURCES OF POWER DISSIPATION

 Power dissipation in CMOS digital circuits are caused by four main
following sources:

a. Switching current that flows to charge and discharge the load capacitances
during logic transitions
b. The short circuit current due to the dc path between the V dd and Vss during
output transitions.
c. Leakage current which arises from reverse bias diode currents and
subthreshold effects and
d. Static or standby current that is drawn continuously from Vddto ground.

Accordingly, the total average power dissipation in CMOS circuits can

be expressed by the equation

Pavg = Pswitching + Pshort circuit + Pleakage + Pstatic (3.1)

Pswitching(dynamic) is the switching component of power given by the expression

Pswitching = α.CL.Vdd2.fclk (3.2)

where α is the node transition activity factor(the average number of times the node
makes a power consuming transition in one clock period), CL is the load capacitance,
Vdd is the supply voltage and fclk is the clock frequency (Roy & Prasad 2000). Dynamic
power is the dominant source of power dissipation. Reducing the dynamic power
dissipation involves the reduction of one of the parameters of the equation (3.1).

Reducing the supply voltage is the most effective way of reducing

dynamic power as there is a quadratic reduction in power. But, reducing the supply
voltage increases the delay and reduces the performance of circuit. It also necessitates
reduction in clock frequency to allow the circuits work properly. Reducing the load
capacitance is another way of power reduction. The capacitance can be reduced by
using less logic, smaller devices, fewer and shorter wires. But, reducing transistor
sizes also worsens speed. The third way is to reduce the switching activity. This is
again a function of both clock frequency and data transition activity (Mangalam
2009).In this work, switching activity of the proposed design is reduced to reduce the
consumption of power.

1.3 KEY EXPANSION USING LFSR

The AES block cipher is well acknowledged for its fortified security.
However, the hardware requirement for AES is considerably too high and hence not
suitable for lightweight cryptography (Poschmann 2009; Eisenbarth et al. 2007). In
order to achieve both compact hardware area and minimal power consumption, some
works propose to employ the Linear Feedback Shift Register (LFSR) as key expansion
unit for round key generation. LFSR is considered as more efficient and is widely
used in several cryptographic applications like hash functions, pseudo-random
sequence generators and stream ciphers.

The most widely used technique for generating a pseudo-random

sequence is using the LFSR. Basically, LFSR uses registers (or flip flops), simple
XOR operation of particular bits (the tap position, determined by primitive
polynomial) and shifting operations to generate a pseudo random binary sequence.
LFSR updates the current state through direct computation of its predecessor. The bit
sequence is random, but is repeated in time. This depends on the length of the LFSR.
i.e. the number of flip-flops used in LFSR. 2n – 1 unique states are generated for an n-
bit shift register. After 2n – 1 instance, the sequence repeats. The sequence is not
exactly random since it not only repeats eventually, but also follows a mathematically
predictable sequence. But for most practical purposes it can be considered random. An
n-bit LFSR counter can have a maximum sequence length of 2 n-1. In that case, it goes
through all possible code permutations except one, which would be a lock-up state
(Arnault et al. 2011).

Figure.3.1 shows the architecture of LFSR. Figure 3.2 shows the key
expansion method in AES-128 using LFSR.
 Figure 3.1 Architecture of LFSR

Linear Feedback Shift Register (LFSR)

Key Stream

Plaintext Cipher text

Figure 3.2 Key Expansion Using LFSR in AES Algorithm

1.4 PROPOSED KEY EXPANSION UNIT USING MLFSR

Key expansion is one of the most important processes in AES. In

conventional key expansion unit of AES, XOR gates are used to compute round keys
which increase the computational complexity and hardware requirements. To
overcome this, key expansion unit using LFSR is designed to achieve significant
power reduction and compact hardware area as compared to the conventional AES
key expansion module. Further, the power consumption is reduced using proposed
Modified Linear Feedback Shift Register (MLFSR) technique (Shakya &
SoundraPandian 2009), with acceptable area overhead. A design is proposed to
employ the MLFSR as key expansion unit for round key generation in each round.
Figure 3.3 shows the block diagram of proposed method. The remaining steps remain
the same as in original AES algorithm. Figure 3.4 shows the Modified LFSR Circuit
and Figure 3.5 shows the switching unit of LFSR with modified clock.

In the proposed work, 16 numbers of 8-bit MLFSRs are used to generate

a 128-bit round key in each iteration. The power consumption in MLFSR is reduced
by minimizing unnecessary switching of flip flops (Aloisi & Mita 2008). This is
achieved by deactivating the clock signal to flip flop when the output signal is the
same as the input signal. For the design implementation, Verilog coding is used.
Simulation and Synthesis are performed using Xilinx ISE 13.2 software.
Figure 3.3 Block Diagram of the Proposed MLFSR based AES Algorithm

Figure 3.4 Modified LFSR Circuit

 Figure 3.5 Switching unit of LFSR with Modified Clock

1.5 RESULTS AND DISCUSSION

Simulation, synthesis and implementation of the circuits are performed in

Xilinx Integrated Software Environment (ISE), version 13.2. For the design
implementation, Verilog coding is used. The area requirement, power consumption
and delay are analysed using Xilinx. Power analysis is performed using Xilinx’s
Xpower analysis tool. To validate the results, simulations are also carried out using
Synopsys tool. Table 3.1 shows the parameters used in example test vector.

Table 3.1 Test Vector parameters

Sl. No. Parameter Value

1 AES Block Size(Nb) 4
2 Key Length(Nk) 128 bits
3 No. of Rounds(Nr) 10
4 Input Cipher 0A1E9B2D8C73F46CAF160B7492D4CE28
Key(Example data)
5 Input Plain Text A10B29C38D47E56FF65E74D83C92B01A
(Example data)
6 Output Cipher Text 2E16BB586BB86633A62ABDFF72CE3731

Simulations are done with the input plain text

“A10B29C38D47E56FF65E74D83C92B01A” and cipher key
“0A1E9B2D8C73F46CAF160B7492D4CE28”. The simulation results obtained for
one round operation are shown in Figure 3.6 to Figure 3.11. Figure 3.12 to Figure 3.14
shows the simulation results of existing and proposed techniques.
 Input Cipher Key :0A1E9B2D8C73F46CAF160B7492D4CE28
Input Plain Text :A10B29C38D47E56FF65E74D83C92B01A

Figure 3.6 Simulation output of Pre-AddRoundKey

Output Pre-AddRoundKey :AB15B2EED134110359487FACAE467E3

/Input Sub Byte 2
Output Sub Byte : 625937287C18827BCB52D291E45AF323
 Figure 3.7 Simulation output of Sub Byte

OutputSub Byte /
:625937287C18827BCB52D291E45AF323
Input Shift Row
Output Shift Row :6218D2237C52F328CB5A377BE4598291

Figure 3.8 Simulation output of Shift Row

OutputShift Row
:6218D2237C52F328CB5A377BE4598291
/Input MixColumn
Output MixColumn :
1D1CA02AD5FEAB752F5D72DD2B5A0AD5

Figure 3.9 Simulation output of Mix Column

 Input Key Expansion :0A1E9B2D8C73F46CAF160B7492D4CE28

Output Key Expansion :E39B86A66FE872CAC0FE79BE522AB796

Figure 3.10 Simulation output of Key Expansion Unit

OutputMixColumn
:1D1CA02AD5FEAB752F5D72DD2B5A0AD5
/Input1 AddRoundKey
Output Key Expansion
:E39B86A66FE872CAC0FE79BE522AB796
/Input2 AddRoundKey
Output AddRoundKey :17023B07598D5F19804B79A9B98EC4FD
 Figure 3.11 Simulation output AddRoundKey

Figure 3.12 AES Encryption Output with Conventional XOR gate based Key
Expansion Unit of a Test Vector
Figure 3.13 AES Encryption Output with LFSR based Key Expansion Unit of a
Test Vector

Figure 3.14 AES Encryption Output with MLFSR based Key Expansion Unit of
a Test Vector
 The area, logic power, delay, and power delay product of the proposed MLFSR
based AES and conventional AES algorithms are obtained and these values are
tabulated in Table 3.2. Table 3.3 compares the dynamic, quiescent and total power of
the proposed technique with the conventional AES technique.Table.3.4 and Table 3.5
compares the cell internal, net switching, cell leakage power and total power of the
proposed technique with the conventional AES technique before and after placement
and routing by using design vision and IC compiler (ICC) of Synopsys tool.
 Table 3.2 Area, Power, Delay and PDP of different architectures

Area (in Logic Power - Delay

Delay
Method terms of Power Product
(ns)
LUTs) (mW) (mW- ns )
AES architecture with Key expansion 9607 480.58 27.169 13056.9
unit using XOR gates
AES architecture with Key expansion
7674 483.54 26.964 13038.2
unit using LFSR

AES architecture with proposed

8735 266.42 25.083 6682.6
Modified LFSR key expansion unit

Table 3.3 Dynamic, Quiescent and Total Power of different architectures

Dynamic QuiescentP Total

Power ower Power
Method
(W) (W) (W)
AES architecture with Key expansion unit using
7.562 3.921 11.483
XOR gates

AES architecture with Key expansion unit using

4.497 3.746 8.246
LFSR

AES architecture with proposed Modified LFSR

3.816 3.713 7.529
key expansion unit

Table 3.4 Cell Internal, Net Switching, Total Dynamic, Cell Leakage and
Total Power of different architectures- Before Routing

Cell Net Total Cell Total

Switching Power
Method Interna Power
Dynamic Leakag (W)
l Power Power e Power
(W) (W)
(W) (mW)

AES architecture with Key 1.55 1.31 2.86 4.74 2.865

expansion unit using XOR gates
 AES architecture with Key
1.22 0.98 2.20 3.91 2.204
expansion unit using LFSR

AES architecture with proposed

Modified LFSR key expansion 1.20 0.97 2.17 4.42 2.174
unit

Table 3.5 Cell Internal, Net Switching, Total Dynamic, Cell Leakage and
Total Power of different architectures- After Routing

Cell Net Total Cell Total

Switching Power
Method Internal Power
Dynamic Leakag (W)
Power Power e Power
(W) (W)
(W) (mW)

AES architecture with Key 1.96 1.84 3.80 4.74 3.805

expansion unit using XOR gates

AES architecture with Key

0.77 0.47 1.24 3.91 1.244
expansion unit using LFSR

AES architecture with proposed

Modified LFSR key expansion 0.76 0.46 1.22 4.42 1.224
unit
Figure 3.15 to Figure 3.18 shows the comparison charts for the area,
power, delay and power delay product of the proposed technique with the
conventional AES algorithm.

12000
10000
8000
6000
A re a (In Te rm s of LUTs)

4000 9607 8735

7674
2000
0
 Figure 3.15 Area Comparison

600
500
400
300
200 480.58 483.54
100 266.42
P ow e r in m W

Figure 3.16 Power Comparison

27.5
27
26.5
26
25.5 27.17 26.96
25
24.5 25.08
24
De lay in n S

Figure 3.17 Delay Comparison

 14000
12000

P ow e r- De lay P ro du ct (m W -n S)
10000
8000
6000 13056.9 13038.2
4000 6682.6
2000
0

Figure 3.18 Power- Delay Product Comparison

It can be observed that the power, delay and power delay product in
proposed AES with Modified LFSR based key expansion unit are lower compared to
LFSR based key expansion but there is a slight increase in area in terms of LUTs due
to the usage of additional control logic. But area is lower when compared to
conventional XOR based key expansion unit.

1.6 SUMMARY

A new key expansion method using MLFSR for AES has been presented
in this work. The proposed scheme is simple in design as it does not require any
complex computations for generating keys. From the obtained results, it is evident that
the proposed scheme consumes low power compared to the existing schemes. This
work has successfully proved the advantages of choosing MLFSR based approach
over the existing conventional XOR based approach in terms of area, power and delay.
Simulation results using Xilinx tool showed that logic power reduced by 44.57% and
delay by 7.68% when compared with conventional XOR gate implementation and the
logic power reduced by 44.9% and delay by 6.98% when compared with LFSR
implementation. Also it can be observed that in the proposed MLFSR based approach,
the total power reduced by 34.43% when compared to XOR gate implementation and the
total power reduced by 8.69% when compared to LFSR implementation. The area is
reduced when compared to XOR gate implementation but it is slightly increased when
compared to LFSR implementation due to the usage of additional control logic. The
encryption process using MLFSR is cost effective and can be used in many
lightweight applications. Post routing Simulation results using IC compiler of
Synopsys tool showed that in proposed MLFSR based circuit, the total power reduced
by 67.83% when compared with conventional XOR gate implementation and the total
power reduced by 1.61% when compared with LFSR implementation.

-------------------------------------------------------------------------

(TAKEN FROM LITERATURE SURVEY) REVIEW ON VLSI

IMPLEMENTATION OF AES ALGORITHM WITH XOR AND
LFSR BASED KEY GENERATION

The work in Wong & Wong (2015) presents the hardware

implementation of the Linear Feedback Shift Register (LFSR) based Substitution Box
(S-Box) using ALTERA FPGA platform. The proposed architecture occupies less area
and consumes less power. Hence, the new LFSR based S-Box can be deployed in
block ciphers to achieve lightweight cryptographic implementations.

The paper Wong & Wong (2014) propose a new design for the AES
SubBytes transformation (S-box) by using the LFSR. In the past, Composite Field
Arithmetic (CFA) was commonly deployed as it effectively produced lightweight and
pure combinational architecture. In this methodology, the resultant circuitry is
complex in nature, which leads to long critical path and high power consumption. But
the proposed solution in this work is relatively simple which comprised of a pair of
identical LFSRs, two comparators and a multiplexer. LFSR is employed to replace the
CFA in performing the multiplicative inversion over GF(2 8). The resultant architecture
is proven to consume less hardware space and low routing complexity, hence suitable
for lightweight embedded devices.
 Saberi et al. (2011) conducted research to determine an alternative,
creative method for designing key expansion in AES-256 which is named Even-Odd
(E-O) method. The proposed algorithm consists of two parts. The first part is key
expansion and the second part is E-O select round key. The size of cipher key is 256
bits and number of round is 15. The element of confusion is highly being concerned in
this algorithm and efficiency is improved compared to the classic existing algorithms.
The avalanche effect of E-O method is highly improved than classic method. In
addition, the concept of weak key is eliminated from the mentioned algorithm, and all
the generated keys are independent of each other. The results also show that the
performance of the sub-keys generation is equivalent to the classic AES algorithm.

Aiming at protection of high speed data, Field Programmable Gate

Array (FPGA) based AES design is proposed in Liu et al., (2015). Deep investigation
into the logical operations of AES with regard to FPGA architectures leads to two
efficient pipelining structures for the AES hardware implementation. The two design
options allow users to make a trade-off among speed, resource usage and power
consumption. In addition, a new key expansion scheme is proposed to address the
potential issues of existing key expansion scheme used in AES. The proposed key
expansion scheme with additional nonlinear operations increases the complexity of
cracking keys by 2(n − 1) times for n-round AES. In terms of both throughput and
throughput per slice, the proposed design can overcome most existing designs.

Arrag et al. (2013) discussed how Modified Genetic Algorithms (MGA)

can be used to produce a ciphering or schedule key. However, MGA can be used to
expand the cipher key to schedule key in any ciphering algorithm. The result obtained
using this method has shown a highly secured and efficient algorithm and it has
decreased the complexity of the original AES algorithm by more than 50%. MGA can
be used in generating schedule key for AES algorithm in different key sizes (128, 196
and 256), that will be used in both ciphering and deciphering phases.
 BLACK COLOUR- REFERENCES IN THE ABOVE CHAPTER

RED COLOUR- GENERAL REFERENCE ABOUT AES

GREEN COLOUR- REFERENCES IN LITERATURE SURVEY

CHAPTER RELATED WITH LFSR

1. Roy, K & Prasad SC 2000, Low Power CMOS VLSI Circuits Design, Wiley
Publishers, New York.
2. Mangalam, H 2009, ‘Investigations on power minimization in certain CMOS
digital VLSI circuits’, Doctoral Thesis, Anna University.
3. Eisenbarth, T, Paar, C, Kumar, S, Uhsadel, L & Poschmann, A2007, ‘A Survey
of Lightweight-Cryptography Implementations’, IEEE Design&Test of
Computers, vol.24, no. 6, pp. 522 – 533.
4. Arnault, F, Berger, T, Minier, M & Pousse, B 2011, ‘Revisiting LFSRs for
Cryptographic Applications’, IEEE Transactions on Information Theory, vol.
57, no. 12, pp. 8095-8113.
5. Shakya, M & SoundraPandian KK, 2009, ’A Power Reduction Technique for
Built-In-Self Testing Using Modified Linear Feedback Shift Register’, World
Academy of Science, Engineering and Technology, International journal of
Electrical, Computer, Energetic, Electronics and Communication Engineering,
vol. 3, no. 10, pp. 1899-1902.
6. Aloisi, W & Mita, R 2008, ‘Gated Clock Design of Linear – Feedback Shift
Registers’, IEEE Transactions on Circuits and Systems, vol.55, no.6, pp.546-
550.
7. Advanced Encryption Standard (AES), Federal Information Processing
Standard (FIPS), PUB 2001, '197, National Institute of Standards and
Technology (NIST), US Department of Commerce, November 2001', Available
from: http://csrc. nist. Gov/publications/fips/fips197/fips-197. Pdf.
8. Forouzan, BA & Mukhopadhyay, D 2008, Cryptography and Network
Security, International Edition, New York, McGraw-Hill.
9. William Stallings, 2011, Cryptography and Network Security– Principles and
Practice, Fifth Edition, Prentice Hall.
10. Wong, MM & Wong, MLD2014, ‘New Lightweight AES S-box Using LFSR’,
Proceedings of the IEEE International Symposium on Precision Clock
Synchronization for Measurement, Control, and Communication (ISPCS)’,
Austin, TX, USA, pp. 115-120.
11. Wong, MM & Wong, MLD2015, ’LFSR Based S-box for Lightweight
Cryptographic Implementation’, IEEE International Conference on Consumer
Electronics-Taiwan, pp. 498-499.
12. Saberi, I, Shojaie, B & Salleh, M2011, ‘Enhanced Key Expansion for AES-256
by Using Even-Odd Method’, IEEE International Conference on Research and
Innovation in Information Systems, ed. IEEE, Kuala Lumpur, Malaysia, pp. 1-
5.
13. Liu, Q, Xu, Z & Yuan, Y2015, ‘High throughput and secure advanced
encryption standard on Field Programmable Gate Array with fine pipelining
and enhanced key expansion’, IET Computers & Digital Techniques, vol.9, no.
3, pp. 175-184.
14. Arrag, S, Hamdoun, A, Tragha, A & Khamlich, SA 2013, ‘Replace AES Key
Expansion Algorithm By Modified Genetic Algorithm’, Applied Mathematical
Sciences, vol. 7, no. 144, pp. 7161-7171.

S. Das, “Halka: A lightweight, software friendly block cipher using ultra-lightweight 8-bit s-box,” IACR
Cryptology ePrint Archive, vol. 2014, p. 110, 2014.

——, “Ultra-lightweight 8-bit multiplicative inverse based s-box using LFSR,” IACR Cryptology ePrint
Archive, vol. 2014, p. 22, 2014. [Online]. Available: http://eprint.iacr.org/2014/022