Subscribe

Issue No.08 - Aug. (2012 vol.61)

pp: 1165-1178

Mehran Mozaffari-Kermani , The University of Western Ontario, London

Arash Reyhani-Masoleh , University of Western Ontario, London

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TC.2011.125

ABSTRACT

Since its acceptance as the adopted symmetric-key algorithm, the Advanced Encryption Standard (AES) and its recently standardized authentication Galois/Counter Mode (GCM) have been utilized in various security-constrained applications. Many of the AES-GCM applications are power and resource constrained and require efficient hardware implementations. In this paper, different application-specific integrated circuit (ASIC) architectures of building blocks of the AES-GCM algorithms are evaluated and optimized to identify the high-performance and low-power architectures for the AES-GCM. For the AES, we evaluate the performance of more than 40 S-boxes utilizing a fixed benchmark platform in 65-nm CMOS technology. To obtain the least complexity S-box, the formulations for the Galois Field (GF) subfield inversions in GF(2^4) are optimized. By conducting exhaustive simulations for the input transitions, we analyze the average and peak power consumptions of the AES S-boxes considering the switching activities, gate-level netlists, and parasitic information. Additionally, we present high-speed, parallel hardware architectures for reaching low-latency and high-throughput structures of the GCM. Finally, by investigating the high-performance GF(2^{128}) multiplier architectures, we benchmark the proposed AES-GCM architectures using quadratic and subquadratic hardware complexity GF(2^{128}) multipliers. It is shown that the performance of the presented AES-GCM architectures outperforms the previously reported ones in the utilized 65-nm CMOS technology.

INDEX TERMS

Advanced encryption standard, Galois/Counter mode, high performance, low power.

CITATION

Mehran Mozaffari-Kermani, Arash Reyhani-Masoleh, "Efficient and High-Performance Parallel Hardware Architectures for the AES-GCM",

*IEEE Transactions on Computers*, vol.61, no. 8, pp. 1165-1178, Aug. 2012, doi:10.1109/TC.2011.125REFERENCES

- [1] Nat'l Inst. of Standards and Tech nologies "Announcing the Advanced Encryption Standard (AES)," Fed. Information Processing Standards Publication, no. 197, Nov. 2001.
- [2] Wi-Fi, http://standards.ieee.org/getieee802/download 802. 11-2007.pdf, 2011.
- [3] WiMAX, http://standards.ieee.org/getieee802/download 802.16e-2005.pdf, 2011.
- [4] S. Trimberger, "Security in SRAM FPGAs,"
IEEE Design and Test of Computers, vol. 24, no. 6, p. 581, Nov./Dec. 2007.- [5] M. Dworkin, "Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC,"
NIST SP, 800-38D, 2007.- [6] IEEE Standard for Local and Metropolitan Area Networks, Media Access Control (MAC) Security, 2006.
- [7] Fibre Channel Security Protocols (FC-SP), http://www.t10.org/ftp/t11/document.0606-157v0.pdf . 2006.
- [8] Algotronics Ltd.: GCM Extension for AES G3 Core, 2007.
- [9] Helion Technology: AES-GCM Cores, 2007.
- [10] Elliptic Semiconductor Inc.: CLP-15: Ultra-High Throughput AES-GCM Core-40 Gbps, 2008.
- [11] E. Käsper and P. Schwabe, "Faster and Timing-Attack Resistant AES-GCM,"
Proc. Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '09), pp. 1-17, 2009.- [12] K. Jankowski and P. Laurent, "Packed AES-GCM Algorithm Suitable for AES/PCLMULQDQ Instructions,"
IEEE Trans. Computers, vol. 60, no. 1, pp. 135-138, Jan. 2011.- [13] S. Morioka and A. Satoh, "An Optimized S-Box Circuit Architecture for Low Power AES Design,"
Proc. Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '02), pp. 172-186, Aug. 2002.- [14] A. Satoh, S. Morioka, K. Takano, and S. Munetoh, "A Compact Rijndael Hardware Architecture with S-Box Optimization,"
Proc. Int'l Conf. Theory and Application of Cryptology and Information Security: Advances in Cryptology (ASIACRYPT '01), pp. 239-254, Dec. 2001.- [15] J. Wolkerstorfer, E. Oswald, and M. Lamberger, "An ASIC Implementation of the AES SBoxes,"
Proc. Cryptographers Track at the RSA Conf. (CT-RSA '02), pp. 67-78, Jan. 2002.- [16] X. Zhang and K.K. Parhi, "High-Speed VLSI Architectures for the AES Algorithm,"
IEEE Trans. Very Large Scale Integration (VLSI) Systems, vol. 12, no. 9, pp. 957-967, Sept. 2004.- [17] T. Good and M. Benaissa, "692-nW Advanced Encryption Standard (AES) on a $0.13-\mu {\rm m}$ CMOS,"
IEEE Trans. Very Large Scale Integration (VLSI) Systems, vol. 18, no. 12, pp. 1753-1757, Dec. 2010.- [18] M. Mozaffari-Kermani and A. Reyhani-Masoleh, "A Low-Cost S-box for the Advanced Encryption Standard Using Normal Basis,"
Proc. IEEE Int'l Conf. Electro/Information Technology (EIT '09), pp. 52-55, 2009.- [19] S. Tillich, M. Feldhofer, T. Popp, and J. Großschädl, "Area, Delay, and Power Characteristics of Standard-Cell Implementations of the AES S-Box,"
J. Signal Processing Systems, vol. 50, pp. 251-261, 2008.- [20] D. Canright, "A Very Compact S-Box for AES,"
Proc. Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '05), pp. 441-455, Sept. 2005.- [21] N. Mentens, L. Batina, B. Preneel, and I. Verbauwhede, "A Systematic Evaluation of Compact Hardware Implementations for the Rijndael S-Box,"
Proc. Cryptographers Track at the RSA Conf. (CT-RSA '05), pp. 323-333, 2005.- [22] X. Zhang and K.K. Parhi, "On the Optimum Constructions of Composite Field for the AES Algorithm,"
IEEE Trans. Circuits and Systems II: Express Briefs, vol. 53, no. 10, pp. 1153-1157, Oct. 2006.- [23] J. Boyar and R. Peralta, "A New Combinational Logic Minimization Technique with Applications to Cryptology,"
Proc. Int'l Symp. Experimental Algorithms (SEA '10), pp. 178-189, 2010.- [24] S. Nikova, V. Rijmen, and M. Schläffer, "Using Normal Bases for Compact Hardware Implementations of the AES S-Box,"
Proc. Int'l Conf. Security and Cryptography for Networks (SCN '08), pp. 236-245, 2008.- [25] Y. Nogami, K. Nekado, T. Toyota, N. Hongo, and Y. Morikawa, "Mixed Bases for Efficienct Inversion in ${F}_{((2^2)^2)^2}$ and Conversion Matrices of SubBytes of AES,"
Proc. Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '10), pp. 234-247, Aug. 2010.- [26] D. Canright and D.A. Osvik, "A More Compact AES,"
Selected Areas in Cryptography, pp. 157-169, Springer-Verlag, 2009.- [27] S. Lemsitzer, J. Wolkerstorfer, N. Felbert, and M. Braendli, "Multi-Gigabit GCM-AES Architecture Optimized for FPGAs,"
Proc. Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '07), pp. 227-238, 2007.- [28] P. Patel, "Parallel Multiplier Designs for the Galois/Counter Mode of Operation," Master of Applied Science thesis, The Univ. of Waterloo, 2008.
- [29] B. Yang, S. Mishra, and R. Karri, "High Speed Architecture for Galois/Counter Mode of Operation (GCM),"
Cryptology ePrint Archive: Report 2005/146 June 2005.- [30] D.A. McGrew and J. Viega, "The Galois/Counter Mode of Operation (GCM),"
NIST Modes Operation Symmetric Key Block Ciphers, http://csrc.nist.gov/groups/ST/toolkit/BCM/ documents/proposedmodes/gcmgcm-revised-spec.pdf , 2005.- [31] A. Satoh, "High-Speed Parallel Hardware Architecture for Galois Counter Mode,"
Proc. Int'l Symp. Circuits and Systems (ISCAS), pp. 1863-1866, 2007.- [32] A. Satoh, T. Sugawara, and T. Aoki, "High-Performance Hardware Architectures for Galois Counter Mode,"
IEEE Trans. Computers, vol. 58, no. 7, pp. 917-930, July 2009.- [33] N. Meloni, C. Nègre, and M.A. Hasan, "High Performance GHASH Function for Long Messages,"
Proc. Int'l Conf. Applied Cryptography and Network Security (ACNS '10), pp. 154-167, 2010.- [34] Synopsys, http:/www.synopsys.com/, 2011.
- [35] STMicroelectronics, http:/www.st.com/, 2011.
- [36] ModelSim, http:/www.model.com/, 2011.
- [37] M. McLoone and J.V. McCanny, "High Performance Single-Chip FPGA Rijndael Algorithm Implementations,"
Proc. Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '01), pp. 65-76, 2001.- [38] F.X. Standaert, G. Rouvroy, J.J. Quisquater, and J.D. Legat, "Efficient Implementation of Rijndael Encryption in Reconfigurable Hardware: Improvements and Design Tradeoffs,"
Proc. Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '03), pp. 334-350, Sept. 2003.- [39] P. Bulens, F.-X. Standaert, J.-J. Quisquater, P. Pellegrin, and G. Rouvroy, "Implementation of the AES-128 on Virtex-5 FPGAs,"
Proc. Cryptology in Africa First Int'l Conf. Progress in Cryptology (AFRICACRYPT '08), pp. 16-26, 2008.- [40] A. Hodjat and I. Verbauwhede, "Area-Throughput Trade-Offs for Fully Pipelined 30 to 70 Gbits/s AES Processors,"
IEEE Trans. Computers, vol. 55, no. 4, pp. 366-372, Apr. 2006.- [41] Mathworks, http:/www.mathworks.com/, 2011.
- [42] S.-Y. Lin and C.-T. Huang, "A High-Throughput Low-Power AES Cipher for Network Applications,"
Proc. Asia and South Pacific Design Automation Conf. (ASP-DAC '07), pp. 595-600, 2007.- [43] D.E. Knuth,
The Art of Computer Programming: Semi-Numerical Algorithms, vol. 2, pp. 441-466. Addison-Wesley, 1981.- [44] R. Lidl and H. Niederreiter,
Introduction to Finite Fields and Their Applications. Cambridge Univ. Press, 1994.- [45] O. Gustafsson and M. Olofsson, "Complexity Reduction of Constant Matrix Computations over the Binary Field,"
Proc. Int'l Workshop Arithmetic of Finite Fields (WAIFI '07), pp. 103-115, 2007.- [46] H. Yi, J. Song, S. Park, and C. Park, "Parallel CRC Logic Optimization Algorithm for High Speed Communication Systems,"
Proc. Int'l Conf. Comm. Systems (ICCS '06), pp. 1-5, 2006.- [47] G. Zhou, H. Michalik, and L. Hinsenkamp, "Improving Throughput of AES-GCM with Pipelined Karatsuba Multipliers on FPGAs,"
Proc. Int'l Workshop Reconfigurable Computing: Architectures, Tools and Applications (ARC '09), pp. 193-203, 2009.- [48] J. Lázaro, A. Astarloa, U. Bidarte, J. Jiménez, and A. Zuloaga, "AES-Galois Counter Mode Encryption/Decryption FPGA Core for Industrial and Residential Gigabit Ethernet Communications,"
Proc. Int'l Workshop Reconfigurable Computing: Architectures, Tools and Applications (ARC '09), pp. 312-317, 2009.- [49] E.D. Mastrovito, "VLSI Architectures for Computation in Galois Fields," PhD thesis, Linköping Univ., 1991.
- [50] A. Karatsuba and Y. Ofman, "Multiplication of Multidigit Numbers on Automata,"
Soviet Physics Doklady, vol. 7, pp. 595-596, 1963.- [51] H. Fan and M.A. Hasan, "A New Approach to Subquadratic Space Complexity Parallel Multipliers for Extended Binary Fields,"
IEEE Trans. Computers, vol. 56, no. 2, pp. 224-233, Feb. 2007.- [52] A. Reyhani-Masoleh and M.A. Hasan, "Low Complexity Bit Parallel Architectures for Polynomial Basis Multiplication over $GF({2^{m}})$ ,"
IEEE Trans. Computers, vol. 53, no. 8, pp. 945-959, Aug. 2004.- [53] G. Zhou, H. Michalik, and L. Hinsenkamp, "Complexity Analysis and Efficient Implementations of Bit Parallel Finite Field Multipliers Based on Karatsuba-Ofman Algorithm on FPGAs,"
IEEE Trans. Very Large Scale Integration (VLSI) Systems, vol. 18, no. 7, pp. 1057-1066, July 2010. |