The Community for Technology Leaders
Green Image
This paper explores the area-throughput trade-off for an ASIC implementation of the Advanced Encryption Standard (AES). Different pipelined implementations of the AES algorithm as well as the design decisions and the area optimizations that lead to a low area and high throughput AES encryption processor are presented. With loop unrolling and outer-round pipelining techniques, throughputs of 30 Gbits/s to 70 Gbits/s are achievable in a 0.18-µm CMOS technology. Moreover, by pipelining the composite field implementation of the byte substitution phase of the AES algorithm (inner-round pipelining), the area consumption is reduced up to 35 percent. By designing an offline key scheduling unit for the AES processor the area cost is further reduced by 28 percent, which results in a total reduction of 48 percent while the same throughput is maintained. Therefore, the over 30 Gbits/s, fully pipelined AES processor operating in the counter mode of operation can be used for the encryption of data on optical links.
Advanced Encryption Standard (AES), cryptography, crypto-processor, security, hardware architectures, ASIC, VLSI.

I. Verbauwhede and A. Hodjat, "Area-Throughput Trade-Offs for Fully Pipelined 30 to 70 Gbits/s AES Processors," in IEEE Transactions on Computers, vol. 55, no. , pp. 366-372, 2006.
82 ms
(Ver 3.3 (11022016))