Skip to main content
SpringerLink
Log in

Area, Delay, and Power Characteristics of Standard-Cell Implementations of the AES S-Box

  • Published:
Journal of Signal Processing Systems Aims and scope Submit manuscript

Abstract

Cryptographic substitution boxes (S-boxes) are an integral part of modern block ciphers like the Advanced Encryption Standard (AES). There exists a rich literature devoted to the efficient implementation of cryptographic S-boxes, wherein hardware designs for FPGAs and standard cells received particular attention. In this paper we present a comprehensive study of different standard-cell implementations of the AES S-box with respect to timing (i.e. critical path), silicon area, power consumption, and combinations of these cost metrics. We examine implementations which exploit the mathematical properties of the AES S-box, constructions based on hardware look-up tables, and dedicated low-power solutions. Our results show that the timing, area, and power properties of the different S-box realizations can vary by up to almost an order of magnitude. In terms of area and area-delay product, the best choice are implementations which calculate the S-box output. On the other hand, the hardware look-up solutions are characterized by the shortest critical path. The dedicated low-power implementations do not only reduce power consumption by a large degree, but they also show good timing properties and offer the best power-delay and power-area product, respectively.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Figure 1
Figure 2
Figure 3
Figure 4
Figure 5

Similar content being viewed by others

Notes

  1. Unfortunately, the exact performance figures for ROMs were not accessible for the technology we used.

References

  1. Bertoni, G., Macchetti, M., Negri, L., & Fragneto, P. (2004). Power-efficient ASIC synthesis of cryptographic Sboxes. In Proceedings of the 14th ACM Great Lakes Symposium on VLSI (GLSVLSI 2004) (pp. 277–281). ACM Press.

  2. Canright, D. (2005). A very compact S-Box for AES. In Cryptographic Hardware and Embedded Systems—CHES 2005, vol. 3659 of Lecture Notes in Computer Science (pp. 441–455). Springer.

  3. Chodowiec, P., & Gaj, K. (2003). Very compact FPGA implementation of the AES algorithm. In Cryptographic Hardware and Embedded Systems—CHES 2003, vol. 2779 of Lecture Notes in Computer Science (pp. 319–333). Springer.

  4. Daemen, J., & Rijmen, V. (2002). The Design of Rijndael: AES—The Advanced Encryption Standard. Springer.

  5. Feldhofer, M., Lemke, K., Oswald, E., Standaert, F.-X., Wollinger, T., & Wolkerstorfer, J. (2005). State of the Art in Hardware Architectures. ECRYPT deliverable D.VAM.2, available for download at http://www.ecrypt.eu.org/documents/D.VAM.2-1.0.pdf, Sept.

  6. Feldhofer, M., Wolkerstorfer, J., & Rijmen, V. (2005). AES implementation on a grain of sand. IEE Proceedings Information Security, 152(1), 13–20, Oct.

    Article  Google Scholar 

  7. Hodjat, A., Hwang, D. D., Lai, B.-C ., Tiri, K., & Verbauwhede, I. M. (2005). A 3.84 Gbits/s AES crypto coprocessor with modes of operation in a 0.18-μm CMOS technology. In Proceedings of the 15th ACM Great Lakes Symposium on VLSI (GLSVLSI 2005) (pp. 351–356). ACM Press.

  8. Li, H. (2004). A parallel S-box architecture for AES byte substitution. In Proceedings of the 2nd International Conference on Communications, Circuits and Systems (ICCCAS 2004), vol. 1 (pp. 1–3). IEEE.

  9. Lidl, R., & Niederreiter, H. (1996). Finite Fields, vol. 20 of Encyclopedia of Mathematics and Its Applications. Cambridge University Press.

  10. Macchetti, M., & Bertoni, G. (2003). Hardware implementation of the Rijndael SBOX: A case study. ST Journal of System Research, 0(0), 84–91, July.

    Google Scholar 

  11. McLoone, M., & McCanny, J. V. (2001). High performance single-chip FPGA Rijndael algorithm implementations. In Cryptographic Hardware and Embedded Systems—CHES 2001, vol. 2162 of Lecture Notes in Computer Science (pp. 65–76). Springer.

  12. Mentens, N., Batina, L., Preneel, B., & Verbauwhede, I. M. (2005). Systematic evaluation of compact hardware implementations for the Rijndael S-box. In Topics in Cryptology—CT-RSA 2005, vol. 3376 of Lecture Notes in Computer Science (pp. 323–333). Springer.

  13. Morioka, S., & Satoh, A. (2002). An optimized S-Box circuit architecture for low power AES design. In Cryptographic Hardware and Embedded Systems–CHES 2002, vol. 2523 of Lecture Notes in Computer Science (pp. 172–186). Springer.

  14. National Institute of Standards and Technology (NIST) (1999). Data Encryption Standard (DES). Federal Information Processing Standards (FIPS) Publication 46-3, Oct.

  15. National Institute of Standards and Technology (NIST) (2001). Advanced Encryption Standard (AES). Federal Information Processing Standards (FIPS) Publication 197, Nov.

  16. Pramstaller, N., & Wolkerstorfer, J. (2004). A universal and efficient AES co-processor for field programmable logic arrays. In Field Programmable Logic and Application—FPL 2004, vol. 3203 of Lecture Notes in Computer Science (pp. 565–574). Springer.

  17. Satoh, A., Morioka, S., Takano, K., & Munetoh, S. (2001). A compact Rijndael hardware architecture with S-Box optimization. In Advances in Cryptology—ASIACRYPT 2001, vol. 2248 of Lecture Notes in Computer Science (pp. 239–254). Springer.

  18. Tillich, S., Feldhofer, M., & Großschädl, J. (2006). Area, delay, and power characteristics of standard-cell implementations of the AES S-box. In Embedded Computer Systems: Architectures, Modeling, and Simulation—SAMOS 2006, vol. 4017 of Lecture Notes in Computer Science (pp. 457–466). Springer.

  19. Tillich, S., & Großschädl, J. (2006). Instruction set extensions for efficient AES implementation on 32-bit processors. In Cryptographic Hardware and Embedded Systems—CHES 2006, vol. 4249 of Lecture Notes in Computer Science (pp. 270–284). Springer.

  20. Wolkerstorfer, J., Oswald, E., & Lamberger, M. (2002). An ASIC implementation of the AES SBoxes. In Topics in Cryptology—CT-RSA 2002, vol. 2271 of Lecture Notes in Computer Science (pp. 67–78). Springer.

  21. Zhang, X., & Parhi, K. K. (2004). High-speed VLSI architectures for the AES algorithm. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, 12(9), 957–967, Sept.

    Article  Google Scholar 

Download references

Acknowledgements

The authors would like to thank Johannes Wolkerstorfer and David Canright for providing the HDL source code of several AES S-box implementations. The research described in this paper has been supported by the Austrian Science Fund (FWF) under grant P16952–N04, the FIT-IT initiative of the Austrian Federal Ministry of Transport, Innovation, and Technology (project SNAP), and the EPSRC under grant EP/E001556/1. The research described in this paper has also been supported, in part, by the European Commission through the IST Programme under contract IST-2002-507932 ECRYPT. The information in this document reflects only the authors’ views, is provided as is and no guarantee or warranty is given that the information is fit for any particular purpose. The user thereof uses the information at its sole risk and liability.

Author information

Authors and Affiliations

  1. Institute for Applied Information Processing and Communications, Graz University of Technology, Inffeldgasse 16a, A-8010, Graz, Austria

    Stefan Tillich, Martin Feldhofer & Thomas Popp

  2. Department of Computer Science, University of Bristol, Woodland Road, Bristol, BS8 1UB, UK

    Johann Großschädl

Authors
  1. Stefan Tillich
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Martin Feldhofer
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Thomas Popp
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Johann Großschädl
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Johann Großschädl.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Tillich, S., Feldhofer, M., Popp, T. et al. Area, Delay, and Power Characteristics of Standard-Cell Implementations of the AES S-Box. J Sign Process Syst Sign Image 50, 251–261 (2008). https://doi.org/10.1007/s11265-007-0158-2

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11265-007-0158-2

Keywords

Search

Navigation