2015 International Conference on Pervasive Computing (ICPC)

Implementation of AES Algorithm on FPGAfor Low

Area Consumption
Pritamkumar N. Khose Prof. Vrushali G. Raut
Dept. of Electronics and Telecommunications Dept. of Electronics and Telecommunications
Sinhgad College of Engineering, Sinhgad College of Engineering,
Pune, India. Pune, India.
p.khose04@gmail.com vgraut.scoe@sinhgad.com

Abstract— An AES algorithm can beimplemented in The rest of paper is organized as follows. Section II will
software or hardware but hardware implementation is present a brief overview of AES and previously proposed
more suitable for high speed applications in real time. AES existing work done. In section III, a proposed work contains
is most secure security algorithm to maintain safety and Sbox architecture, Key Expansion module and AES
reliability of data transmission. The main goal of paper is encryption as well as decryption crypto core. Section IV will
AES hardware implementation to achieve less area and provide experimental results of AES encryption and
low power consumption which maintain standard decryption is compare with previously technique from
throughput of data, also to achieve high speed data references. Finally, section V will provide the conclusion of
processing and reduce time for key generating. AES our proposed design.
hardware implementation caneasily reset and immediately
erase data on disk. The conventional Sboxcombinational II. LITERATURE REVIEW
logic is replaced by BRAM which gives instantaneous AES was standardized by National Institute of Standards
output. The AES 128/196/256 is implements on a FPGA and Technology (NIST) in 2001 became Federal Information
using HDL language with help of Xilinx ISE tool. Processing Standard FIPS-197. Where Rijndael algorithm by
Joan Daeman and VicentRijimen was selected as standard
Index Terms— Advanced Encryption Standard (AES), AES algorithm [1]. The AES is private or symmetric block
Field Programmable Gate Array (FPGA), VHSIC cipher which uses the same key for encryption and decryption
Hardware Description Language (VHDL) is more suitable for faster implementation. The AES is a
symmetric key for both encryption and decryption. AES
I. INTRODUCTION cryptography algorithm is capable of encrypting and
There is increasing need of information data in Computer decrypting block size 128 bit data using cipher keys of 128,
Network and Communication Technology. This data is 196 or 256 bits (AES128, AES196 and AES256) [5].The
handled by public networks and it is vulnerable. So proposed design has ability to defend against fault and glitch
cryptography becomes important for such sensitive data which attacks with small increase area than conventional design.
should be kept secure and safe against automated spying or Proposed S-box is capable to reduce hardware resources and
hacking. defend against glitch attacks [3].
AES can be implemented in software or hardware but, AES algorithm can resist any kinds of password attacks
hardware implementation is used in real time application. with a strong practicability in information security and
Main goal of AES hardware implementationis to minimize reliability[4]. So AES is widely adopted for various
hardwareand lower the power consumption also maintain high applications from high-end computers to low power
throughput at highest operating frequency. portable devices. A numerous application of AES hardware
AES hardware implementation is very reliable, fast and architectures use such as Wi-Fi network, SSD devices, Intel®
conveniently suitable for high speed applications. It does not Core™ processor family. IEEE 802.11i (WPA2) Standard
require system resources used in software during encryption uses secure data over Wi-Fi network at high bitrate schemes
or decryption process. Economically AES hardware and data rate will not exceed 54 MBit/s [3]. In Aegis Padlock
implementation has low costs compared to software Hard drive encrypts all data on the drive in real-time. It uses
implementation which requires update. Hardware encrypted AES-XTS 128 or 256 bit hardware encryption with a super
drives can easily reset which reduces down time in erasing speed USB 3.0 interface at 5 Gbit/s data rate. In portable
data which gives better system performance. devices stored data is protected by hardware based 256-AES
with 480 Mbit/s datarate such as Corsair USB FlashPadlock.

978-1-4799-6272-3/15/$31.00(c)2015 IEEE
 difference between two Step_Count is 4 clock due to
III.PROPOSED WORK SubByte,ShiftRows, MixColumns and AddRoundKey
AES algorithm is symmetric block cipher that means in transformation take one clock cycle for execution in pipeline
encryption process round function consists of four different architecture. Finally at last round inabsence of MixColumns
transformations- SubBytes, ShiftRows, MixColumns and operation where Done signal get high for synchronization of
AddRoundKey but last round function without MixColumns output.
Rcon
R py
otWord
8128
32
SubWord
Control
The main purpose of FSM
transformations. Similarly inverse chipper decryption process Input
Partial Key
Register
Signal

round function consists of four different transformations-

InvSubBytes, InvShiftRows, InvMixColumns and
AddRoundKey, but last round function without
InvMixColumns transformations.

A. S-box architecture
S-Box used in SubByte and InvSubByteoperation of AES.
There are two methods for S-box implemention BRAM
implementation and combinational logic. A combinational
logic has feature like small area occupancy and pipelined for
increased performance in clock frequency. As combinational Fig. 1: Block diagram of Key Expansion
S-Box architecture is repeatedly used in AES increase to p_
Reset
done=1
"1"
"2"
"3"
"4"
"0"
"6"
"7"
"8"
"9"
"A"
"5" &1
&0
&0
Key_Count & Start
occupy huge area. S-box transformation through composite
field arithmetic is more suitable for low latency with reduction
in area [4].
In this paper S-Box architecture based on BRAM
architecture is present.Where BRAM has all pre-computed 256
values stored in a RAM based lookup table and input byte
wired to RAM’s address bus. A BRAM methodhas advantages
over ROMlike unbreakable delay, low latency and fixed access
time for read and write operation. To increase throughput a
combinational S-Box architecture haslarge number ofLUT
replaced by BRAM available on FPGA.

B. Key Expansion Fig 2: FSM State Diagram for AES Encryption Controller
Key Expansion or Schedule module is a common unit in
AES encryption and decryption core. Key Expansion used to controller is saving computation period of key expansion
generate a series of Round Keys from the Cipher Key as operation which enhance throughput of system by maintain
shown figure 1. The RotWord function performs a cyclic standard frequency.
permutation on input word gives cyclic right shifted 4 bytes
output word. SubWord present in Key Expansion routine that D. AES Encryption
takes a 4-byte input word gives 4-bytes output word using AES Encryption has following subsequent steps:
Sbox. Rcon is array of bytes in a word having fixed logical SubByte, ShiftRows, MixColumns and AddRoundKey. In
value having size of 128 bit [2]. A 128 bit Key register is SubBytes transformation cipher undergo process of nonlinear
fixed signal used to temporal storage of cipher key computed byte substitution table (S-box) that operates on each of the
for each round of operation. Here key expansion module State bytes independently. ShiftRows transformation is cipher
generate 10 number of 128 bit size Partial key for each round that processes the State by cyclically right shifting of last three
of operation. rows in State. MixColumns is transformation where cipher
takes a columns of State and mixes their data independently
C. FSM Controller gives one another to produce new columns using GF (28)
A FSM controller is used for synchronization purpose polynomial. AddRoundKey is transformation cipher and
where clock and reset are input of system as shown in figure Inverse Cipher is XOR operation with Round Key added to
2. A value of Key_Count increment in encryption and State. All encryption core module are connectedas shown
decrement in decryption at positive edge of clock cycle. figure 3.
Step_Count initialize with Start signal which require one
clock cycle for first AddRoundKey transformation. The E. AES Decryption
 It is inverted operation of encryption and is implemented IV. RESULTS AND COMPARISONS
using reverse order Inverse Cipher in AES algorithm. AES A Xilinx ISE 14.7 tools used for synthesis and implementation
decryption contain following subsequent steps: andXPower Analyzer for power estimation. A Xilinx Isim
InvShiftRows, InvSubBytes, InvMixColumns and P.2013 and ModelSim SE 6.3c for testing & verification of
AddRoundKey. InvShiftRows is transformation is inverse of simulation result. The experimental results XC6SLX16-3-
ShiftRows processes the State by cyclically left shifting of last CSG324 mount on Diligent Nexys 3 Development Board
three rows in State. InvSubBytes is the inverse of byte snapshotas shown in figure 5. Where AES 128 encryption
substitution
Plaintext
Round
128
FSM
196/ Controller
result display on seven segment of input TEXT_IN is
Cipher
Text
Row
ColumnsKey
KeyExpansion
Byte
256
Key "00112233445566778899AABBCCDD EEFF" encrypt with
"000102030405060708090A0B0C0D 0E0F" hexas key

Plaintext
Mix
Round
128
196/
Sub
Shif
FSM Controller Fig. 3: Block diagram of AES Encryption
Cipher Key
KeyExpansion
Partial
Text Key
Row
256
Columns
Byte
Key

Fig 5: Diligent Nexys 3 Development Board

Fig. 4: Block diagram of AES Decryption

transformation. An inverse S-box obtained by applying the

inverse affine transformation followed by taking Fig 6: Snapshot of AES 128 Encryption Output
multiplicative inverse in GF(28) polynomial. InvMixColumns
is the inverse of MixColumns transformation operates on
column-wise operation four term polynomial and multiplied
modulo (X4+1) with a fixed polynomial. InvAddRoundKey
Transformation is own inverse AddRoundKey which involves Fig 7: Snapshot of AES 128 Decryption Output
128 bitwise XOR operation. All decryption core module are
connected as shown figure 4. TABLE 1. Proposed work AES Encryption design utilization
Parameter AES 128 AES 192 AES 256 AES 128
Regular
F. Glitch attack with analysis Data path (bit) 128 192 256 128
Glitch attack cause due to glitch which define as No. of Round 10 12 14 10
undesired transition occurs before a signal settles to its Slice Registers 564 573 566 4800
intended value [1]. A glitch create a transient fault is difficult Slice LUTs 3559 3705 4274 24999
to troubleshoot in hardwired crypto core. Using proper LUT FF 459 414 412 40
cascade structure of flipflop within synchronized system Block RAM 4 8 8 11
Area Constraint 50 % 52 % 66 % >100 %
glitch attack dynamical reduced. Ratio
Combinational 0 0 0 11.992
Delay (ns)
No. of Clock 41 49 57 10
 Cycle "00112233445566778899AABBCCDDEEFF " hex which
Max. operating 273.997 263.742 267.408 102.990 similar to TEXT_IN of encryption as shown in figure 7.
Frequency
Similarly AES 192 and 256 encryption or decryption result
(MHz)
Throughput 855.61 688.99 600.47 13183.6 shown on seven segment display respectively.
(Mbps) A proposed designs of AES encryptor and decryptor has area
utilization as summarized in tables 1 and 2 respectively.
KEY_IN gives ENCODE_OUTPUT as "69C4E0D8 Where AES 128/192/256 encryption and decryption carried
6A7B0430D8CDB78070B4C55A" hex as shown in figure 6. out at against cost of 22 mW total dynamic power at 25.6 0C
Similarly AES 128 decryption result display on seven segment junction temperature. A proposed design also achieves much
as input ENCODE _TEXT_IN is higher throughput than reference AES encryption core designs
"69C4E0D86A7B0430D8CD is summarized in detail table 3.
TABLE 2. Proposed work AES Decryption design utilization
Parameter AES 128 AES 192 AES 256 AES 128 V. CONCLUSION
Regular AES plays an important rolein security application. The
Data path (bit) 128 192 256 128
implementation of software AES in real time is unsatisfactory
No. of Round 10 12 14 10
so combination hardware and software enhance reliability of
Slice Registers 607 598 611 7120
AES. AES Hardware high speed data processing using
Slice LUTs 3531 3703 4397 39712
pipeline and parallel processing implementation achieve
LUT FF 426 472 531 3
approach. The implemented design of AES algorithm uses
Block RAM 20 20 20 10
pipeline structure for repeated computation by lower down
Area Constraint 49 % 52 % 66 % 49 %
Ratio speed and data rateis capable to support USB protocol.The
Combinational 0 0 0 8.392 design has ability to defend against glitch attacks without
Delay (ns) extra cost of larger area compare to standard design. The
No. of Clock 41 49 57 10 design has improvement in power consumption compared to
Cycle conventional architecture. It shows 89% reduction in LUT and
Max. operating 223.157 225.466 213.258 72.489
Frequency
slice register compare to standard AES hardware
(MHz) implementation.
Throughput 696.712 589.00 479.04 9278.7
(Mbps) REFERENCES
TABLE 3. Comparisons of proposed Encryptor with existing design
Parameter Proposed [1] [2] [3]
Design [1] Z. Yuan, Y. Wang, J. Li, R. Li and W. Zhao, “FPGA based optimization
Platforms Xilinx Xilinx Xilinx Altera for masked AES implementation”, Proc. IEEE 54th International
Sparton-6 Virtex-5 Virtex-2 APEX20K- Midwest Symposium on Circuits and Systems (MWSCAS), pp.1-4
XC6SLX16 XC5VL50 XC2VP20 C 2011.
[2] IssamHammad,Kamal El-Sankary, Ezz El-Masry, "High-Speed AES
Data path (bit) 128 32 128 128
Encryptor with Efficient Merging Techniques" Proc. IEEE Embedded
Area 554 slices/ 769 slices/ 9028 40960 slice
Systems, vol. 2, no. 3, Sept 2010.
3531 LUT 2350 LUT slices / 895 LUT
[3] Hoang Trang, Nguyen Van Loi, “An efficient FPGA implementation of
Frequency 277.369 100.8 220.7 -
the Advanced Encryption Standard algorithm”, Proc. Computing and
(MHz) Communication Technologies RIVF International Conference, pp. 1-4,
Throughput 200 73.3 28250 1188 2012.
(Mbps) [4] Saurabh Kumar, V.K. Sharma, K. K. Mahapatra, “Low
Latency VLSI Architecture of S-box for AES Encryption”, Proc.
B78070B4C55A"hex decrypt with same KEY_IN is International Conference on Circuits, Power and Computing
"000102030405060708090A0B0C0D0E0F" hex gives Technologies, pp. 694-698 2013.
DECODE_OUTPUT as [5] FIPS 197, Advanced Encryption Standard
http://csrc.nist.gov/publications/fips/ fips197/fips-197.pdf