20-10-2010, 10:21 AM
7_compact_and_efficient_encryption-decryption_module_for_fpga.pdf (Size: 243.64 KB / Downloads: 97)
Compact and Efcient Encryption/Decryption Module for
FPGA Implementation of the AES Rijndael
VeryWell Suited for Small Embedded Applications
Ga¨el Rouvroy, Franc¸ois-Xavier Standaert,
Jean-Jacques Quisquater and Jean-Didier Legat
UCL Crypto Group
Laboratoire de Micro´electronique
Universit´e catholique de Louvain
Place du Levant, 3, B-1348 Louvain-la-Neuve, Belgium
Abstract
Hardware implementations of the Advanced Encryption
Standard (AES) Rijndael algorithm have recently
been the object of an intensive evaluation. Several
papers describe efcient architectures for ASICs1
and FPGAs2. In this context, the highest effort was devoted
to high throughput (up to 20 Gbps) encryptiononly
designs, fewer works studied low area encryptiononly
architectures and only a few papers have investigated
low area encryption/decryption structures.
However, in practice, only a few applications need
throughput up to 20 Gbps while exible and low cost
encryption/decryption solutions are needed to protect
sensible data, especially for embedded hardware applications.
This paper proposes an efcient solution
to combine Rijndael encryption and decryption in one
FPGA design, with a strong focus on low area constraints.
The proposed design ts into the smallest Xilinx
FPGAs3, deals with data streams of 208 Mbps,
uses 163 slices and 3 RAM blocks and improves by
68% the best-known similar designs in terms of ratio
Throughput=Area. We also propose implementations
in other FPGA Families (Xilinx Virtex-II) and
comparisons with similar DES, triple-DES and AES
implementations.
Introduction
In October 2000, NIST (National Institute of Standards
and Technology) selected Rijndael [4] as the new
Advanced Encryption Standard (AES), in order to replace
the old Data Encryption Standard (DES). The
selection process included performance evaluation on
both software and hardware platforms and many hardware
architectures were proposed. However, most of
these architectures simply transcript the algorithm into
hardware designs, without relevant optimizations and
tradeoffs. Moreover, the throughput and area constraints
considered are often unrealistic as shown by
the recently published results.
First, many very high-speed ( 10 Gbps) cipher
hardware implementations have been published in the
literature. These designs consists of FPGA implementations
of a complete unrolled and pipelined cipher.
The best such DES implementation is an encryptor/
decryptor based on a new mathematical description.
It can achieve data rates of 21.3 Gbps in Virtex-II
FPGAs [15]. The encryption/decryption mode can be
changed on a cycle-by-cycle basis with no dead cycles.
For the AES, the best similar RAM-based solution
unrolls the 10 cipher rounds and pipelines them
in an encryption-only process. This implementation in
a Virtex-E FPGA produces a throughput of 11.8 Gbps
[17, 18] and allows the key to be changed at every cycle.
This DES implementation reaches higher throughput
than the corresponding AES implementation.