An Optimized S-Box Circuit Architecture for Low Power AES Design. IBM Japan Ltd. Tokyo Research Laboratory Sumio Morioka and Akashi Satoh

Please download to get full document.

View again

of 24
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Information Report
Category:

Arts & Architecture

Published:

Views: 6 | Pages: 24

Extension: PDF | Download: 0

Share
Related documents
Description
An Optimized S-Box Circuit Architecture for Low Power AES Design IBM Japan Ltd. Tokyo Research Laboratory Sumio Morioka and Akashi Satoh Contents Background Power Analysis of Conventional S-Boxes Multi-Stage
Transcript
An Optimized S-Box Circuit Architecture for Low Power AES Design IBM Japan Ltd. Tokyo Research Laboratory Sumio Morioka and Akashi Satoh Contents Background Power Analysis of Conventional S-Boxes Multi-Stage PPRM S-Box for Low-Power H/W Conclusion Background Back Ground In 21, NIST selected Rijndael as the new symmetric key standard cipher AES AES H/W will be integrated in various applications Low-power feature is important not only in low-end applications but also in high-end servers A 1-Gbps AES H/W chip consumes several Watts in.13-µm CMOS Need for power analysis and development of lowpower architectures for AES H/W Power Analysis Method Power analysis is based on timing simulation Gate switching including dynamic hazard is evaluated Quite accurate estimation compared with static analysis VHDL Code Net List Wave Form library ieee; use ieee.std_logic; entity XNOR is port (A : in std_logic; B : in std_logic; Y : out std_logic; end XNOR; Synthesis Timing Simulation Power Calculation architecture RTL of XNOR is begin signal T : std_logic; T = A xor B; Y = not T; end RTL DQ BUFFER MUX21I XOR NAND2N XNOR XOR XOR NAND2N XOR Test Vector Power Analysis in AES H/W 128-bit bus 11-round Loop Architecture Table-lookup-based S-Box using SOP logic 1 % 2:1 128 Data Input 75 % 1 % 1 % 15% Others Data Register ShiftRows SubBytes MixColumns 3:1 Add RoundKey Data Output For Low-Power AES H/W Reducing S-Box power is most effective There are various S-Box H/W architectures Which architecture is suitable for low power? Objectives Investigate performance of all conventional S-Boxes Develop a low-power S-Box architecture Power Analysis of Conventional S-Boxes S-Box Definition Nonlinear byte substitution function Multiplicative Inversion on GF(2 8 ) + affine transformation. b = a Affine trans. 8x8 XOR matrix Inversion Complicated math. logic S-Box Architectures GF inverter + affine Various mathematical techniques can be applied Rather slow Compact implementation S-Box and S-Box -1 can be merged Direct mapping Generate black box circuit from a truth table High-speed Rather large S-Box and S-Box -1 cannot be merged GF Inverter + Affine Apply hieratical structure of composite field GF(((2 2 ) 2 ) 2 ) Map elements on GF(2 8 ) onto GF(((2 2 ) 2 ) 2 ) by isomorphism Each component is constructed using AND-XOR logic GF(2 8 ) isomorphism GF(((2 2 ) 2 )) 2 inversion GF(((2 2 ) ) GF((2 2 ) 2 ) GF(2 2 ) GF(2) 2 2 ) x 2 λ x -1 GF(2 8 ) isomorphism merged affine trans x 2 φ x Direct Mapping 2-Level Logic SOP (Sum of Products) : (NOT)-AND-OR POS (Product of Sums) : (NOT)-OR-AND PPRM (Positive Polarity Reed-Muller) : AND-XOR 8-bit input Several hundred wires AND matrix OR / XOR matrix 8-bit output Direct Mapping Selector-Based Logic BDD (Binary Decision Diagram) Twisted BDD will appear at ICCD 22 in Sep. in in1 in2 in3 in in5 in6 in7 in in1 in2 in3 in in5 in6 in7 out out 1 out1 out1 1 out7 2:1MUX BDD out7 Twisted BDD Power vs. Gate Count Smaller circuits do not always consume less power Power (uw) µm 1.5-V 1 MHz Nominal conditions BDD PPRM Twisted BDD Composite POS Field SOP Table Lookup Gate Count (Kgate) Analysis Power consumption of S-Box is greatly influenced by the number of dynamic hazards Caused by Differences of signal arrival times at each gate Propagation probability of signal transitions Analysis Differences of signal arrival times at each gate Composite field S-Box consumes a lot of power in spite of having the smallest size It has many crossing and branched signal paths Switch many times x 2 λ x -1 Multiple signal paths Analysis Propagation probability of signal transitions An XOR gate transfers signal transitions from input to output with probability 1% For AND, OR gates, the probability is 5% So power for SOP is lower than PPRM XOR 1 1% Probability AND 1 5% Probability 1 OR 1 Multi-Stage PPRM S-Box for Low-Power H/W Approach for Low Power S-Box Use composite field S-Box Reduce gate counts Divide combination logic into multiple stages Reduce probability of signal transitions Adjust the signal timing between each stage using 2-level logic Reduce the number of dynamic hazards Transition Probability AND array XOR array Multi-Stage PPRM Composite field S-Box is divided into several blocks Each block is designed using PPRM logic suitable for GF operations Adjust signal timing by using 2-level (AND-XOR) logic 8 x 2 λ x affine 8 Delay chain 8 AND array XOR array 28 AND XOR array array 12 AND array 32 XOR array 8 3-stage PPRM Multi-Stage PPRM PPRM S-Boxes can be divided many ways (1~6-stages) XOR AND-XOR AND-XOR AND-XOR 8 x 2 λ -1 x -1 + affine x 2 φ x AND-XOR AND-XOR AND-XOR Power vs. Gate Count 3-stage PPRM is the most effective architecture Multi-stage SOP is not suitable for GF operation µm 1.5-V 1 MHz Nominal conditions 2-3- Power (uw) stage (normal PPRM) 1-stage (normal SOP) Gate Count (Kgate) PPRM SOP Power vs. Gate Count 3-stage PPRM is the most effective architecture Multi-stage SOP is not suitable for GF operation Power (uw) µm 1.5-V 1 MHz Nominal conditions BDD PPRM Composite POS Field SOP Table Lookup 3-stage PPRM Gate Count (Kgate) Twisted BDD 1/3 power with 1/2 gates Conclusion The AES S-Box (SOP logic) consumes 75% of the power Dynamic hazards boost power needs of S-Boxes A multi-stage PPRM architecture based on a composite field S-Box was developed 3-stage PPRM / SOP : Power = 1/3, Size = 1/2 This architecture can be applied to other S-Boxes defined over Galois fields
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks