An Optimized S-Box Circuit Architecture for Low Power AES

Please download to get full document.

View again

of 24
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Information Report
Category:

Genetics

Published:

Views: 13 | Pages: 24

Extension: PDF | Download: 0

Share
Related documents
Description
An Optimized S-Box Circuit Architecture for Low Power AES Design IBM Japan Ltd. Tokyo Research Laboratory Sumio Morioka and Akashi Satoh Contents Š Background…
Transcript
An Optimized S-Box Circuit Architecture for Low Power AES Design IBM Japan Ltd. Tokyo Research Laboratory Sumio Morioka and Akashi Satoh Contents Š Background Š Power Analysis of Conventional S-Boxes Š Multi-Stage PPRM S-Box for Low-Power H/W Š Conclusion Background Back Ground Š In 2001, NIST selected Rijndael as the new symmetric key standard cipher AES Š AES H/W will be integrated in various applications Š Low-power feature is important not only in low-end applications but also in high-end servers Š A 10-Gbps AES H/W chip consumes several Watts in 0.13-µm CMOS Š Need for power analysis and development of low- power architectures for AES H/W Power Analysis Method Š Power analysis is based on timing simulation Š Gate switching including dynamic hazard is evaluated Š Quite accurate estimation compared with static analysis VHDL Code Net List Wave Form library ieee; use ieee.std_logic; entity XNOR is Timing Power port (A : in std_logic; B : in std_logic; Y : out std_logic; Synthesis Simulation Calculation end XNOR; architecture RTL of XNOR is begin signal T : std_logic; T = A xor B; DQ Y = not T; end RTL BUFFER 0101010101 MUX21I 0011001101 XOR2 0100101101 NAND2N1 0100101010 XNOR2 1111000111 XOR3 0101010100 XOR2 1110001111 NAND2N1 0111000111 XOR3 0011100011 Test Vector Power Analysis in AES H/W Š 128-bit bus 11-round Loop Architecture Š Table-lookup-based S-Box using SOP logic 128 Data Input 1% 2:1 Data Register 75 % ShiftRows SubBytes 10 % MixColumns 1% 3:1 Data Output 15% Others Add RoundKey For Low-Power AES H/W Š Reducing S-Box power is most effective Š There are various S-Box H/W architectures Š Which architecture is suitable for low power ? Objectives Š Investigate performance of all conventional S-Boxes Š Develop a low-power S-Box architecture Power Analysis of Conventional S-Boxes S-Box Definition Š Nonlinear byte substitution function Š Multiplicative Inversion on GF(28) + affine transformation. 10001111 1 11000111 1 11100011 0 11110001 -1 0 b = 11111000 a + 0 01111100 1 00111110 1 00011111 0 Affine trans. Inversion 8 x 8 XOR matrix Complicated math. logic S-Box Architectures GF inverter + affine Š Various mathematical techniques can be applied Š Rather slow Š Compact implementation Š S-Box and S-Box-1 can be merged Direct mapping Š Generate black box circuit from a truth table Š High-speed Š Rather large Š S-Box and S-Box-1 cannot be merged GF Inverter + Affine Š Apply hieratical structure of composite field GF(((22)2)2) Š Map elements on GF(28) onto GF(((22)2)2) by isomorphism Š Each component is constructed using AND-XOR logic GF(28) isomorphism  inversion 4 4 GF(((22)2)2) x2 λ GF(((22)2)2) GF((22)2) 4 x -1 4 GF(22) GF(2) isomorphism  -1 merged 2 x2 φ 2 GF(28) affine trans. 2 x -1 2 Direct Mapping Š 2-Level Logic Š SOP (Sum of Products) : (NOT)-AND-OR Š POS (Product of Sums) : (NOT)-OR-AND Š PPRM (Positive Polarity Reed-Muller) : AND-XOR 8-bit input Several hundred wires AND matrix OR / XOR matrix 8-bit output Direct Mapping Š Selector-Based Logic Š BDD (Binary Decision Diagram) Š Twisted BDD will appear at ICCD 2002 in Sep. in0 in1 in2 in3 in4 in5 in6 in7 in0 in1 in2 in3 in4 in5 in6 in7 out0 out0 out1 out1 0 1 0 1 out7 out7 Twisted 2:1MUX BDD BDD Power vs. Gate Count Š Smaller circuits do not always consume less power 400 350 0.13-µm 1.5-V CMOS @ 10 MHz Nominal conditions PPRM 300 BDD Twisted Power (uW) 250 BDD 200 Composite POS 150 Field SOP Table 100 Lookup 50 0 0 0.5 1 1.5 2 2.5 3 Gate Count (Kgate) Analysis Š Power consumption of S-Box is greatly influenced by the number of dynamic hazards Caused by Š Differences of signal arrival times at each gate Š Propagation probability of signal transitions Analysis Differences of signal arrival times at each gate Š Composite field S-Box consumes a lot of power in spite of having the smallest size Š It has many crossing and branched signal paths Switch many times x2 λ x -1 Multiple signal paths Analysis Propagation probability of signal transitions Š An XOR gate transfers signal transitions from input to output with probability 100% Š For AND, OR gates, the probability is 50% Š So power for SOP is lower than PPRM 100% Probability 0 XOR 1 0 0 AND 1 50% Probability 1 1 OR 0 Multi-Stage PPRM S-Box for Low-Power H/W Approach for Low Power S-Box Š Use composite field S-Box Š Reduce gate counts Š Divide combination logic into multiple stages Š Reduce probability of signal transitions Š Adjust the signal timing between each stage using 2-level logic Š Reduce the number of dynamic hazards Transition Probability 0.5 1.0 0.5 1.0 0.5 1.0 0.5 1.0 AND XOR array array Multi-Stage PPRM Š Composite field S-Box is divided into several blocks Š Each block is designed using PPRM logic suitable for GF operations Š Adjust signal timing by using 2-level (AND-XOR) logic 4 4 4 8 x2 λ 4  -1 -1 4 8  4 x 4 + affine 4 Delay chain 4 4 8 AND 28 XOR 4 AND 12 XOR 4 AND 32 XOR 8 array array 4 array array 4 array array 3-stage PPRM Multi-Stage PPRM Š PPRM S-Boxes can be divided many ways (1~6-stages) XOR AND-XOR AND-XOR AND-XOR 4 4 4 8 x2 λ 4  -1 -1 4 8  4 x 4 + affine 4 φ 2 2 x2 2 x -1 2 AND-XOR AND-XOR AND-XOR Power vs. Gate Count Š 3-stage PPRM is the most effective architecture Š Multi-stage SOP is not suitable for GF operation 800 0.13-µm 1.5-V CMOS @ 10 MHz 3- 700 Nominal conditions 600 2- Power (uW) 500 400 1-stage (normal PPRM) 300 2- 200 PPRM 6- 1-stage 100 4- SOP 3- (normal SOP) 0 0 1 2 3 4 5 6 7 Gate Count (Kgate) Power vs. Gate Count Š 3-stage PPRM is the most effective architecture Š Multi-stage SOP is not suitable for GF operation 400 0.13-µm 1.5-V CMOS @ 10 MHz 350 Nominal conditions PPRM 300 BDD Twisted Power (uW) 250 BDD 200 1/3 power Composite with 1/2 POS gates 150 Field SOP Table 100 Lookup 50 3-stage PPRM 0 0 0.5 1 1.5 2 2.5 3 Gate Count (Kgate) Conclusion Š The AES S-Box (SOP logic) consumes 75% of the power Š Dynamic hazards boost power needs of S-Boxes Š A multi-stage PPRM architecture based on a composite field S-Box was developed Š 3-stage PPRM / SOP : Power = 1/3, Size = 1/2 Š This architecture can be applied to other S-Boxes defined over Galois fields
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks