340 mV–1.1 V, 289 Gbps/W, 2090-Gate NanoAES Hardware Accelerator With Area-Optimized Encrypt/Decrypt GF(2 4 ) 2 Polynomials in 22 nm Tri-Gate CMOS

Mathew, Sanu; Satpathy, Sudhir; Suresh, Vikram; Anders, Mark; Kaul, Himanshu; Agarwal, Amit; Hsu, Steven; Chen, Gregory; Krishnamurthy, Ram

doi:10.1109/jssc.2014.2384039

Cited by 113 publications

(57 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For lightweight cryptography purposes, the most suitable variant of the family is AES-128, due to the number of rounds and the size of the key schedule. Existing compact implementations of AES-128 require 2090 GEs [49] to 2400 GEs [51]. AES is mainly designed for software applications.…”

Section: Nist-approved Cryptographic Primitives In Constrained Enviromentioning

confidence: 99%

Report on lightweight cryptography

McKay¹,

Bassham²,

Turan³

et al. 2017

241

109

View full text Add to dashboard Cite

The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation's measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analyses to advance the development and productive use of information technology. ITL's responsibilities include the development of management, administrative, technical, and physical standards and guidelines for the cost-effective security and privacy of other than national security-related information in federal information systems. AbstractNIST-approved cryptographic standards were designed to perform well on general-purpose computers. In recent years, there has been increased deployment of small computing devices that have limited resources with which to implement cryptography. When current NIST-approved algorithms can be engineered to fit into the limited resources of constrained environments, their performance may not be acceptable. For these reasons, NIST started a lightweight cryptography project that was tasked with learning more about the issues and developing a strategy for the standardization of lightweight cryptographic algorithms. This report provides an overview of the lightweight cryptography project at NIST, and describes plans for the standardization of lightweight cryptographic algorithms. Keywords Constrained devices; lightweight cryptography; standardization AcknowledgementsThe authors would like to thank their NIST colleagues, Lily Chen and Çağdaş Çalık for providing valuable feedback during the development of this publication. Executive SummaryThere are several emerging areas in which highly constrained devices are interconnected, working in concert to accomplish some task. Examples of these areas include: automotive systems, sensor networks, healthcare, distributed control systems, the Internet of Things (IoT), cyber-physical systems, and the smart grid. Security and privacy can be very important in all of these areas. Because the majority of modern cryptographic algorithms were designed for desktop/server environments, many of these algorithms cannot be implemented in the constrained devices used by these applications. When current NIST-approved algorithms can be engineered to fit into the limited resources of constrained environments, their performance may not be acceptable. For these reasons, NIST started a lightweight cryptography project to investigate the issues and then develop a strategy for the standardization of lightweight cryptographic algorithms.This report provides an overview of lightweight cryptography, summarizes the findings of NIST's lightweight cryptography project, and outlines NIST's plans for the standardization of lightweight algorithms. In particular, NIST has decided to create a portfolio of lightweight algorithms through an open process. This report includes a list of questions to the stakeholders of lightweight cryptography t...

show abstract

Section: Nist-approved Cryptographic Primitives In Constrained Enviromentioning

confidence: 99%

Report on lightweight cryptography

McKay¹,

Bassham²,

Turan³

et al. 2017

241

109

View full text Add to dashboard Cite

show abstract

“…The "Grain of Sand" implementation [17] by Feldhofer et al constructs an 8-bit serialized architecture with circuit size of around 3400 GE but a latency of over 1000 cycles for both encryption and decryption. Very recently in [23], the authors report an 8-bit serial implementation that takes 1947/2090 GE for the encryption/decryption circuits respectively. This implementation makes use of intermediate register files that can be synthesized in the ASIC flow using memory compilers.…”

Section: Introductionmentioning

confidence: 99%

“…Grain of Sand implementation [17] at 3400 GE B. 8-bit serial implementation in [23] at 4037 GE C. 32-bit serial implementation in [26] at 5400 GE.…”

Section: Introductionmentioning

confidence: 99%

“…The Mixcolumn circuit used in this architecture is a {0, 1} 32 → {0, 1} 32 logic block, and so data from leftmost column (registers marked 00,10,20,30) of the state is fed as input to the Mixcolumn circuit. In the subsequent cycle the Mixcolumn output is driven into the rightmost column (registers marked 03, 13,23,33). This operation carried out over 4 cycles computes the Mixcolumn over the entire state.…”

mentioning

confidence: 99%

See 1 more Smart Citation

Compact circuits for combined AES encryption/decryption

2017

View full text Add to dashboard Cite

The implementation of the AES encryption core by Moradi et al. at Eurocrypt 2011 is one of the smallest in terms of gate area. The circuit takes around 2400 gates and operates on an 8 bit datapath. However this is an encryption only core and unable to cater to block cipher modes like CBC and ELmD that require access to both the AES encryption and decryption modules. In this paper we look to investigate whether the basic circuit of Moradi et al. can be tweaked to provide dual functionality of encryption and decryption (ENC/DEC) while keeping the hardware overhead as low as possible. We report two constructions of the AES circuit. The first is an 8-bit serialized implementation that provides the functionality of both encryption and decryption and occupies around 2605 GE with a latency of 226 cycles. This is a substantial improvement over the next smallest AES ENC/DEC circuit (Grain of Sand) by Feldhofer et al. which takes around 3400 gates but has a latency of over 1000 cycles for both the encryption and decryption cycles.In the second part, we optimize the above architecture to provide the dual encryption/decryption functionality in only 2227 GE and latency of 246/326 cycles for the encryption and decryption operations respectively. We take advantage of clock gating techniques Furthermore we take advantage of the fact that the Inverse Mixcolumn matrix in AES is the cube of the Forward Mixcolumn matrix. Thus by executing the Forward Mixcolumn operation three times over the state, one can achieve the functionality of Inverse Mixcolumn. This saves some more gate area as one is no longer required to have a combined implementation of the Forward and Inverse Mixcolumn circuit.

show abstract

“…DEUCE and Nacre require more AES blocks, as compared to BLE. Mathew et al [58] designed an optimized and energy-efficient hardware implementation of AES for the 22 nm node.…”

Section: Hardware Overheadmentioning

confidence: 99%

Architectural support for designing dependable non-volatile main memories

Tavana¹

View full text Add to dashboard Cite

340 mV–1.1 V, 289 Gbps/W, 2090-Gate NanoAES Hardware Accelerator With Area-Optimized Encrypt/Decrypt GF(2 4 ) 2 Polynomials in 22 nm Tri-Gate CMOS

Cited by 113 publications

References 13 publications

Report on lightweight cryptography

Report on lightweight cryptography

Compact circuits for combined AES encryption/decryption

Architectural support for designing dependable non-volatile main memories

Contact Info

Product

Resources

About