SYNOPSIS ON

IMPLEMENTATION OF HIGH-SPEED VLSI ARCHITECTURES FOR THE AES ALGORITHM

MASTER OF TECHNOLOGY In VLSI DESIGN Project gui e! Ritur"j #ir Su$%itte &'! &("ti" Pintu )*M+)*

Global Institute of Technology and Management

MAHARSHI DAYANAND UNIV RSITY! R"HTA#

TOPIC OF THE PRO,ECT! $%GA Im&lementation of High'S&eed V(SI A)chitectu)es fo) the A S Algo)ithm O&,ECTIVE AND SCOPE! A S algo)ithm has b)oad a&&lications! including sma)t *a)ds! cellula) &hones! +++ se),e)s! +ifi Route)s! -i)eless net-o).s! automated telle) machines /ATMs0! and digital ,ideo )eco)de)s1 *om&a)ed to soft-a)e im&lementations! ha)d-a)e im&lementations of the A S algo)ithm &)o,ide mo)e &hysical secu)ity as -ell as highe) s&eed1 Th)ee a)chitectu)al o&timi2ation a&&)oaches can be em&loyed to s&eed u& the ha)d-a)e im&lementations3 41 &i&elining! 51 sub&i&elining 61 (oo&'un)olling1 Among these a&&)oaches! the sub&i&elined a)chitectu)e can achie,e ma7imum s&eedu& and o&timum s&eed8a)ea )atio in non'feedbac. modes1 To ta.e ad,antage of sub&i&elining fu)the)! each )ound unit needs to be di,ided into mo)e substages -ith e9ual delay1 Ho-e,e)! the Sub:ytes and the In,Sub:ytes in the A S algo)ithm a)e t)aditionally im&lemented by loo.'u& tables /(UT01 In (UT'based a&&)oaches! it can be obse),ed that the unb)ea.able delay of (UTs is longe) than the total delay of the )est of the t)ansfo)mations in each )ound unit because RAM is gene)ally slo-e) than Gates1 This featu)e &)ohibits each )ound unit f)om being di,ided into mo)e than t-o substages to achie,e any fu)the) s&eedu&1 Non'(UT'based a&&)oaches! -hich em&loy combinational logic only! can be used to a,oid the unb)ea.able delay of (UTs1 Ho-e,e)! these a&&)oaches in,ol,e in,e)sions in G"-oi# Fie- GF.*/0! -hich may ha,e high ha)d-a)e com&le7ities1 *om&osite field a)ithmetic can be em&loyed! such that the field elements of a)e ma&&ed to elements in some isomo)&hic com&osite fields! in -hich the field o&e)ations can be im&lemented by lo-e) cost subfield o&e)ations1 Ho-e,e)! it is not efficient to im&lement all the t)ansfo)mations in the A S algo)ithm in com&osite fields1

PROCESS DISCRIPTION! Th)ee a)chitectu)al o&timi2ation a&&)oaches can be used to s&eed u& the A S algo)ithm in non'feedbac. modes by du&licating ha)d-a)e fo) im&lementing each )ound! -hich is also called )ound unit1 These a)chitectu)es a)e based on &i&elining! sub&i&elining and loo&'un)olling1 40 Pi1e-ining 3The &i&elined a)chitectu)e is )eali2ed by inse)ting )o-s of )egiste)s bet-een each )ound unit1 50 Su$1i1e-ining3 sub&i&elining also inse)ts )o-s of )egiste)s among combinational logic! but )egiste)s a)e inse)ted both bet-een and inside each )ound unit1 In &i&elining and sub&i&elining! multi&le bloc.s of data a)e &)ocessed simultaneously1 60 Loo1-unro--ing! loo& un)olled o) unfolded a)chitectu)es can &)ocess only one bloc. of data at a time! but multi&le )ounds a)e &)ocessed in each cloc. cycle1 Among these a)chitectu)al o&timi2ation a&&)oaches! sub&i&elining can achie,e ma7imum s&eedu& and o&timum s&eed;a)ea )atio in non'feedbac. modes

Di,iding each )ound unit into a)bit)a)y numbe) of substages does not al-ays b)ing s&eedu&1 Since the minimum cloc. &e)iod is dete)mined by the indi,isible com&onent -ith the longest delay! di,iding the )est of the )ound unit into mo)e substages -ith sho)te) delay does not )educe the minimum cloc. &e)iod1 Although mo)e bloc.s of data a)e being &)ocessed

simultaneously! the a,e)age numbe) of cloc. cycles to &)ocess one bloc. of data does not change1 The)efo)e! the o,e)all s&eed does not im&)o,e des&ite inc)eased a)ea caused by the additional )egiste)s1 In a (UT'based im&lementation! it can be obse),ed that nea)ly half the delay of a )ound unit is att)ibuted to the (UTs! and thus! each )ound unit can be di,ided into only t-o substages to achie,e some s&eedu& -ithout -asting any a)ea1 "n the cont)a)y! the longest unb)ea.able delay in the non'(UT'based a&&)oaches is the delay of indi,idual logic gates1 Acco)dingly! each )ound unit can be di,ided into multi&le substages -ith a&&)o7imately e9ual delay The non'(UT'based im&lementations of the A S algo)ithm a)e able to e7&loit the ad,antage of sub&i&elining fu)the)1 Ne,e)theless! these a&&)oaches may ha,e high ha)d-a)e com&le7ities1 Although t-o Galois Fields of the same o)de) a)e isomo)&hic! the com&le7ity of the field o&e)ations may hea,ily de&end on the )e&)esentations of the field elements1 *om&osite field a)ithmetic can be em&loyed to )educe the ha)d-a)e com&le7ity1 RESOURCE AND LIMITATIONS! <ilin7 IS and ModelSim is main )esou)ce of this &)o=ect on -hich -e -ill do ou) all analysis1 It is not efficient to im&lement all the t)ansfo)mations in the A S algo)ithm in com&osite fields1 Mean-hile! the com&osite field a)ithmetic may not be the o&timum a&&)oach -hen the o)de) of the field in,ol,ed is small1 CONCLUSION! In o)de) to achie,e $%GA Im&lementation of High'S&eed V(SI A)chitectu)es fo) the A S Algo)ithm efficient sub&i&elined a)chitectu)es of the A S algo)ithm a)e used1 In o)de) to e7&lo)e the ad,antage of sub&i&elining fu)the)! the Sub:ytes;In,Sub:ytes is im&lemented by combinational logic to a,oid the unb)ea.able delay of (UTs in the t)aditional designs1 Additionally! com&osite field a)ithmetic is used to )educe the ha)d-a)e com&le7ity

REFERENCES! High'S&eed V(SI A)chitectu)es fo) the A S Algo)ithm <inmiao >hang, Student Member, IEEE, and #eshab #1 %a)hi, Fellow, IEEE Advanced Encryption Standard (AES)! No,1 5?! 5@@41 V1 $ische) and M1 D)uta)o,s.y! AT-o methods of Ri=ndael im&lementation in )econfigu)able ha)d-a)e!B in Proc. !ES "##$! %a)is! $)ance! May 5@@4! &&1 CC8D51 A1 Satoh! S1 Mo)io.a! #1 Ta.ano! and S1 Munetoh! AA com&act Ri=ndael ha)d-a)e a)chitectu)e -ith S':o7 o&timi2ation!B in Proc. ASIA %&P' "##$! Gold *oast! Aust)alia! Dec1 5@@@! &&1 56D85EF1 <1 >hang and #1 #1 %a)hi! AIm&lementation a&&)oaches fo) the ad,anced enc)y&tion standa)d algo)ithm!B IEEE ircuits Syst. Ma(.! ,ol1 5! no1 F! &&1 5F8F?! 5@@51