This Article 
 Bibliographic References 
 Add to: 
Area-Throughput Trade-Offs for Fully Pipelined 30 to 70 Gbits/s AES Processors
April 2006 (vol. 55 no. 4)
pp. 366-372
This paper explores the area-throughput trade-off for an ASIC implementation of the Advanced Encryption Standard (AES). Different pipelined implementations of the AES algorithm as well as the design decisions and the area optimizations that lead to a low area and high throughput AES encryption processor are presented. With loop unrolling and outer-round pipelining techniques, throughputs of 30 Gbits/s to 70 Gbits/s are achievable in a 0.18-µm CMOS technology. Moreover, by pipelining the composite field implementation of the byte substitution phase of the AES algorithm (inner-round pipelining), the area consumption is reduced up to 35 percent. By designing an offline key scheduling unit for the AES processor the area cost is further reduced by 28 percent, which results in a total reduction of 48 percent while the same throughput is maintained. Therefore, the over 30 Gbits/s, fully pipelined AES processor operating in the counter mode of operation can be used for the encryption of data on optical links.

[1] H. Chan, A. Hodjat, J. Shi, R. Wesel, and I. Verbauwhede, “Streaming Encryption for a Secure Wavelength and Time Domain Hopped Optical Network,” Proc. IEEE Intl Conf. Information Technology (ITCC 2004), Apr. 2004.
[2] US Nat'l Inst. of Standards and Technology, Advanced Encryption Standard, pdf , 2001.
[3] M. Dworkin, “Recommendation for Block Cipher Modes of Operations,” SP 800-38A 2001, Dec. 2001.
[4] K. Gaj and P. Chodowiec, “Fast Implementation and Fair Comparison of the Final Candidates for Advanced Encryption Standard Using Field Programmable Gate Arrays,” Proc. Cryptographers Track RSA Conf. (CT-RSA 2001), pp. 84-99, 2001.
[5] T. Ichikawa et al., “Hardware Evaluation of the AES Finalists,” Proc. Third AES Candidate Conf., Apr. 2000.
[6] K. Gaj and P. Chodowiec, “Comparison of the Hardware Performance of the AES Candidates Using Reconfigurable Hardware,” Proc. Third Advanced Encryption Standard Candidate Conf. (AES3), pp. 40-54, Apr. 2000.
[7] V. Fischer, “Realization of the Round 2 Candidates Using Altera FPGA,” Comments Third Advanced Encryption Standard Candidates Conf. (AES3), Apr. 2000.
[8] Nat'l Inst. of Standard and Technology Web site, http://www. nist.govaes/, 2006.
[9] I. Verbauwhede, P. Schaumont, and H. Kuo, “Design and Performance Testing of a 2.29 Gb/s Rijndael Processor,” IEEE J. Solid-State Circuits (JSSC), Mar. 2003.
[10] A. Satoh, S. Morioka, K. Takano, and S. Munetoh, “A Compact Rijndael Hardware Architecture with S-Box Optimization,” Proc. ASIACRYPT 2001, pp. 239-254, 2001.
[11] J. Wolkerstorfer, E. Oswald, and M. Lamberger, “An ASIC Implementation of the AES Sboxes,” Proc. RSA Conf. 2002, Feb. 2002.
[12] T.-F. Lin, C.-P. Su, C.-T. Huang, and C.-W. Wu, “A High-Throughput Low-Cost AES Cipher Chip,” Proc. IEEE Asia-Pacific Conf. ASIC, pp. 85-88, 2002.
[13] V. Rijmen, “Efficient Implemenation of the Rijndael S-Box,” AES/old/ ~rijmen/rijndaelsbox.pdf , 2006.
[14] S. Morioka and A. Satoh, “A 10-Gbps Full-AES Design with a Twisted BDD S-Box Architecture,” IEEE Trans. VLSI, vol. 12, no. 7, July 2004.
[15] X. Zhang and K.K. Parhi, “Hardware Implementation of Advanced Encryption Standard Algorithm,” IEEE CAS Magazine, vol. 2, no. 4, Dec. 2002.

Index Terms:
Advanced Encryption Standard (AES), cryptography, crypto-processor, security, hardware architectures, ASIC, VLSI.
Alireza Hodjat, Ingrid Verbauwhede, "Area-Throughput Trade-Offs for Fully Pipelined 30 to 70 Gbits/s AES Processors," IEEE Transactions on Computers, vol. 55, no. 4, pp. 366-372, April 2006, doi:10.1109/TC.2006.49
Usage of this product signifies your acceptance of the Terms of Use.