This Article 
 Bibliographic References 
 Add to: 
Efficient and High-Performance Parallel Hardware Architectures for the AES-GCM
Aug. 2012 (vol. 61 no. 8)
pp. 1165-1178
Mehran Mozaffari-Kermani, The University of Western Ontario, London
Arash Reyhani-Masoleh, University of Western Ontario, London
Since its acceptance as the adopted symmetric-key algorithm, the Advanced Encryption Standard (AES) and its recently standardized authentication Galois/Counter Mode (GCM) have been utilized in various security-constrained applications. Many of the AES-GCM applications are power and resource constrained and require efficient hardware implementations. In this paper, different application-specific integrated circuit (ASIC) architectures of building blocks of the AES-GCM algorithms are evaluated and optimized to identify the high-performance and low-power architectures for the AES-GCM. For the AES, we evaluate the performance of more than 40 S-boxes utilizing a fixed benchmark platform in 65-nm CMOS technology. To obtain the least complexity S-box, the formulations for the Galois Field (GF) subfield inversions in GF(2^4) are optimized. By conducting exhaustive simulations for the input transitions, we analyze the average and peak power consumptions of the AES S-boxes considering the switching activities, gate-level netlists, and parasitic information. Additionally, we present high-speed, parallel hardware architectures for reaching low-latency and high-throughput structures of the GCM. Finally, by investigating the high-performance GF(2^{128}) multiplier architectures, we benchmark the proposed AES-GCM architectures using quadratic and subquadratic hardware complexity GF(2^{128}) multipliers. It is shown that the performance of the presented AES-GCM architectures outperforms the previously reported ones in the utilized 65-nm CMOS technology.

[1] Nat'l Inst. of Standards and Tech nologies "Announcing the Advanced Encryption Standard (AES)," Fed. Information Processing Standards Publication, no. 197, Nov. 2001.
[2] Wi-Fi, 802. 11-2007.pdf, 2011.
[3] WiMAX, 802.16e-2005.pdf, 2011.
[4] S. Trimberger, "Security in SRAM FPGAs," IEEE Design and Test of Computers, vol. 24, no. 6, p. 581, Nov./Dec. 2007.
[5] M. Dworkin, "Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC," NIST SP, 800-38D, 2007.
[6] IEEE Standard for Local and Metropolitan Area Networks, Media Access Control (MAC) Security, 2006.
[7] Fibre Channel Security Protocols (FC-SP), . 2006.
[8] Algotronics Ltd.: GCM Extension for AES G3 Core, 2007.
[9] Helion Technology: AES-GCM Cores, 2007.
[10] Elliptic Semiconductor Inc.: CLP-15: Ultra-High Throughput AES-GCM Core-40 Gbps, 2008.
[11] E. Käsper and P. Schwabe, "Faster and Timing-Attack Resistant AES-GCM," Proc. Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '09), pp. 1-17, 2009.
[12] K. Jankowski and P. Laurent, "Packed AES-GCM Algorithm Suitable for AES/PCLMULQDQ Instructions," IEEE Trans. Computers, vol. 60, no. 1, pp. 135-138, Jan. 2011.
[13] S. Morioka and A. Satoh, "An Optimized S-Box Circuit Architecture for Low Power AES Design," Proc. Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '02), pp. 172-186, Aug. 2002.
[14] A. Satoh, S. Morioka, K. Takano, and S. Munetoh, "A Compact Rijndael Hardware Architecture with S-Box Optimization," Proc. Int'l Conf. Theory and Application of Cryptology and Information Security: Advances in Cryptology (ASIACRYPT '01), pp. 239-254, Dec. 2001.
[15] J. Wolkerstorfer, E. Oswald, and M. Lamberger, "An ASIC Implementation of the AES SBoxes," Proc. Cryptographers Track at the RSA Conf. (CT-RSA '02), pp. 67-78, Jan. 2002.
[16] X. Zhang and K.K. Parhi, "High-Speed VLSI Architectures for the AES Algorithm," IEEE Trans. Very Large Scale Integration (VLSI) Systems, vol. 12, no. 9, pp. 957-967, Sept. 2004.
[17] T. Good and M. Benaissa, "692-nW Advanced Encryption Standard (AES) on a $0.13-\mu {\rm m}$ CMOS," IEEE Trans. Very Large Scale Integration (VLSI) Systems, vol. 18, no. 12, pp. 1753-1757, Dec. 2010.
[18] M. Mozaffari-Kermani and A. Reyhani-Masoleh, "A Low-Cost S-box for the Advanced Encryption Standard Using Normal Basis," Proc. IEEE Int'l Conf. Electro/Information Technology (EIT '09), pp. 52-55, 2009.
[19] S. Tillich, M. Feldhofer, T. Popp, and J. Großschädl, "Area, Delay, and Power Characteristics of Standard-Cell Implementations of the AES S-Box," J. Signal Processing Systems, vol. 50, pp. 251-261, 2008.
[20] D. Canright, "A Very Compact S-Box for AES," Proc. Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '05), pp. 441-455, Sept. 2005.
[21] N. Mentens, L. Batina, B. Preneel, and I. Verbauwhede, "A Systematic Evaluation of Compact Hardware Implementations for the Rijndael S-Box," Proc. Cryptographers Track at the RSA Conf. (CT-RSA '05), pp. 323-333, 2005.
[22] X. Zhang and K.K. Parhi, "On the Optimum Constructions of Composite Field for the AES Algorithm," IEEE Trans. Circuits and Systems II: Express Briefs, vol. 53, no. 10, pp. 1153-1157, Oct. 2006.
[23] J. Boyar and R. Peralta, "A New Combinational Logic Minimization Technique with Applications to Cryptology," Proc. Int'l Symp. Experimental Algorithms (SEA '10), pp. 178-189, 2010.
[24] S. Nikova, V. Rijmen, and M. Schläffer, "Using Normal Bases for Compact Hardware Implementations of the AES S-Box," Proc. Int'l Conf. Security and Cryptography for Networks (SCN '08), pp. 236-245, 2008.
[25] Y. Nogami, K. Nekado, T. Toyota, N. Hongo, and Y. Morikawa, "Mixed Bases for Efficienct Inversion in ${F}_{((2^2)^2)^2}$ and Conversion Matrices of SubBytes of AES," Proc. Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '10), pp. 234-247, Aug. 2010.
[26] D. Canright and D.A. Osvik, "A More Compact AES," Selected Areas in Cryptography, pp. 157-169, Springer-Verlag, 2009.
[27] S. Lemsitzer, J. Wolkerstorfer, N. Felbert, and M. Braendli, "Multi-Gigabit GCM-AES Architecture Optimized for FPGAs," Proc. Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '07), pp. 227-238, 2007.
[28] P. Patel, "Parallel Multiplier Designs for the Galois/Counter Mode of Operation," Master of Applied Science thesis, The Univ. of Waterloo, 2008.
[29] B. Yang, S. Mishra, and R. Karri, "High Speed Architecture for Galois/Counter Mode of Operation (GCM)," Cryptology ePrint Archive: Report 2005/146 June 2005.
[30] D.A. McGrew and J. Viega, "The Galois/Counter Mode of Operation (GCM)," NIST Modes Operation Symmetric Key Block Ciphers, documents/proposedmodes/gcmgcm-revised-spec.pdf , 2005.
[31] A. Satoh, "High-Speed Parallel Hardware Architecture for Galois Counter Mode," Proc. Int'l Symp. Circuits and Systems (ISCAS), pp. 1863-1866, 2007.
[32] A. Satoh, T. Sugawara, and T. Aoki, "High-Performance Hardware Architectures for Galois Counter Mode," IEEE Trans. Computers, vol. 58, no. 7, pp. 917-930, July 2009.
[33] N. Meloni, C. Nègre, and M.A. Hasan, "High Performance GHASH Function for Long Messages," Proc. Int'l Conf. Applied Cryptography and Network Security (ACNS '10), pp. 154-167, 2010.
[34] Synopsys, http:/, 2011.
[35] STMicroelectronics, http:/, 2011.
[36] ModelSim, http:/, 2011.
[37] M. McLoone and J.V. McCanny, "High Performance Single-Chip FPGA Rijndael Algorithm Implementations," Proc. Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '01), pp. 65-76, 2001.
[38] F.X. Standaert, G. Rouvroy, J.J. Quisquater, and J.D. Legat, "Efficient Implementation of Rijndael Encryption in Reconfigurable Hardware: Improvements and Design Tradeoffs," Proc. Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '03), pp. 334-350, Sept. 2003.
[39] P. Bulens, F.-X. Standaert, J.-J. Quisquater, P. Pellegrin, and G. Rouvroy, "Implementation of the AES-128 on Virtex-5 FPGAs," Proc. Cryptology in Africa First Int'l Conf. Progress in Cryptology (AFRICACRYPT '08), pp. 16-26, 2008.
[40] A. Hodjat and I. Verbauwhede, "Area-Throughput Trade-Offs for Fully Pipelined 30 to 70 Gbits/s AES Processors," IEEE Trans. Computers, vol. 55, no. 4, pp. 366-372, Apr. 2006.
[41] Mathworks, http:/, 2011.
[42] S.-Y. Lin and C.-T. Huang, "A High-Throughput Low-Power AES Cipher for Network Applications," Proc. Asia and South Pacific Design Automation Conf. (ASP-DAC '07), pp. 595-600, 2007.
[43] D.E. Knuth, The Art of Computer Programming: Semi-Numerical Algorithms, vol. 2, pp. 441-466. Addison-Wesley, 1981.
[44] R. Lidl and H. Niederreiter, Introduction to Finite Fields and Their Applications. Cambridge Univ. Press, 1994.
[45] O. Gustafsson and M. Olofsson, "Complexity Reduction of Constant Matrix Computations over the Binary Field," Proc. Int'l Workshop Arithmetic of Finite Fields (WAIFI '07), pp. 103-115, 2007.
[46] H. Yi, J. Song, S. Park, and C. Park, "Parallel CRC Logic Optimization Algorithm for High Speed Communication Systems," Proc. Int'l Conf. Comm. Systems (ICCS '06), pp. 1-5, 2006.
[47] G. Zhou, H. Michalik, and L. Hinsenkamp, "Improving Throughput of AES-GCM with Pipelined Karatsuba Multipliers on FPGAs," Proc. Int'l Workshop Reconfigurable Computing: Architectures, Tools and Applications (ARC '09), pp. 193-203, 2009.
[48] J. Lázaro, A. Astarloa, U. Bidarte, J. Jiménez, and A. Zuloaga, "AES-Galois Counter Mode Encryption/Decryption FPGA Core for Industrial and Residential Gigabit Ethernet Communications," Proc. Int'l Workshop Reconfigurable Computing: Architectures, Tools and Applications (ARC '09), pp. 312-317, 2009.
[49] E.D. Mastrovito, "VLSI Architectures for Computation in Galois Fields," PhD thesis, Linköping Univ., 1991.
[50] A. Karatsuba and Y. Ofman, "Multiplication of Multidigit Numbers on Automata," Soviet Physics Doklady, vol. 7, pp. 595-596, 1963.
[51] H. Fan and M.A. Hasan, "A New Approach to Subquadratic Space Complexity Parallel Multipliers for Extended Binary Fields," IEEE Trans. Computers, vol. 56, no. 2, pp. 224-233, Feb. 2007.
[52] A. Reyhani-Masoleh and M.A. Hasan, "Low Complexity Bit Parallel Architectures for Polynomial Basis Multiplication over $GF({2^{m}})$ ," IEEE Trans. Computers, vol. 53, no. 8, pp. 945-959, Aug. 2004.
[53] G. Zhou, H. Michalik, and L. Hinsenkamp, "Complexity Analysis and Efficient Implementations of Bit Parallel Finite Field Multipliers Based on Karatsuba-Ofman Algorithm on FPGAs," IEEE Trans. Very Large Scale Integration (VLSI) Systems, vol. 18, no. 7, pp. 1057-1066, July 2010.

Index Terms:
Advanced encryption standard, Galois/Counter mode, high performance, low power.
Mehran Mozaffari-Kermani, Arash Reyhani-Masoleh, "Efficient and High-Performance Parallel Hardware Architectures for the AES-GCM," IEEE Transactions on Computers, vol. 61, no. 8, pp. 1165-1178, Aug. 2012, doi:10.1109/TC.2011.125
Usage of this product signifies your acceptance of the Terms of Use.