Indian Journal of Science and Technology, Vol 10(14), DOI: 10.17485/ijst/2017/v10i14/100014, April 2017
ISSN (Print) : 0974-6846
ISSN (Online) : 0974-5645
A Novel Compact Multiplicative Inverse Unit of AES
for Low Power and Low Area Applications
M. Senthil Kumar* and G. V. R. L. Maccalay
Electronics and Communication Engineering, Tirumala Engineering College, Hyderabad – 501301, Telangana, India;
[email protected], [email protected]
Abstract
Objectives: AES(Advanced Encryption Standard) provides strong encrypted information and also it is easy to produce on
a miniature die size and consume low power by reducing the number of gates and transistors in the S-box of AES. The main
aim of project is to reduce the number of gates in AES S-box to achieve low area and low power. Methods/Analysis: The
proposed technique uses the logical level reduction technique to achieve less number of gates by using Boolean logic. The
target of the proposed technique is to design the compact multiplicative inverse unit by circuit and gate level implementation in order to achieve low area and low power utilization. The structure of multiplicative inverse unit is reduced by using
logical simplification. The simulation is performed by Tanner tool version 14.11 for circuit level implementation based on
static complementary metal oxide semiconductor (CMOS) logic. This tool also provides the information about number of
transistors utilized and power consumption of both existing and proposed multiplicative inverse unit. Findings/Novelty:
Several cryptographic techniques such as Data Encryption Standard (DES), AES(Advanced Encryption Standard), blowfish
and RC4 are adopted based on various applications for specific purposes. Among various techniques, AES provides high
security with low power and low area utilization. The conventional multiplicative inverse (MI) unit of AES has 50 gates to
perform the multiplicative inverse (MI) operation. So it needs more area and power. To overcome this problem, Boolean
logic is applied to perform the logical simplification of the proposed multiplicative inverse unit. From that, it reduces from
50 gates to 39 gates than the existing Mt unit. Totally, 11 gates are reduced in the proposed multiplicative inverse unit.
Always the area is directly proportional to the power consumption. The power consumption of the proposed circuit is
reduced from 45.7mw to 36.7mw.The proposed multiplicative inverse unit offers 22% area reduction and 19.6% power
reduction than the existing MI unit. Applications/Improvement: In the proposed multiplicative inverse unit, only 4 XOR
gates are used instead of 14 XOR gates to perform the operation and this in turn helps to achieve less area and low power.
The proposed multiplicative inverse unit based AES is applied for low area and low power with high security applications.
Keywords: AES, Galois Field Arithmetic, Reduced MI Unit, S-Box, Static CMOS and Boolean Logic
1. Introduction
Advanced Encryption Standard (AES) algorithm was
introduced in 20011. The AES algorithm specifies a
Federal Information Processing Standard (FIPS) approved
cryptographic technique that can be applied to protect
electronic information. The symmetric cipher based
AES algorithm can be used to encrypt and decrypt any
information in a secure mode of operation. Encryption
transforms the data to unreadable form called cipher text
and also termed as encrypted output. Decryption of the
ciphertext conveys the data back into its distinctive form,
*Author for correspondence
which is called the plaintext. The AES process is realized
with cryptographic key sizes of 128, 192 and 256 bits for
encryption and decrypts the message in blocks of 128 bits.
The hardware execution of the Rijndael algorithm can
offer either high speed or low cost and it depends on the
particular applications.
The S-Box is a heart of AES implementation and
designing of this segment is a challenge for every designer
and this structure consumes more power and sometimes
crosses the energy budget of AES hardware structure.
This proposed approach is centered on area efficient and
low power CMOS implementation of the multiplicative
A Novel Compact Multiplicative Inverse Unit of AES for Low Power and Low Area Applications
inverse unit of S-Box/Inv S-Box. Many methods were
reported to implement the substitution box to gratify the
differing criteria such as power, speed and delay for various applications. In the S-Box designing methodology,
there are two major flows, the first flow is Execution using
look-up tables (LUTs) which stores all predefined 256 bits
and each one contains 8-bit values of S-Box in Read Only
Memory (ROM)2. Benefit of using LUT is that it provides
a lower critical path. Conversely, it has a disadvantage of
the unbreakable delay path in pipelined techniques, and
it is not apt for high speed applications3. This delay forbids each round unit from being divided into more than
two sub stages to attain any further increase in processing speed4. It also needs a higher die size to implement
both AES encryption and decryption since a special
table is employed in every case. The second flow model
is to design the substitution box circuit using combinatorial logic entirely from its arithmetic operations. This
method has fragile delay path for S-Box processing and
this approach is based on sum of product (SOP) terms
which in turn suffers from high area utilization5-7. The
mix-column structure of AES is improved to reduce the
area and delay. The security is low due to direct use conventional s-box structure8.
S-Box construction like positive polarity Reed-Muller
configuration9, binary decision diagrams (BDD)10 or its
variance termed twisted binary decision diagram (TBDD)
can attain a high performance design11. It also suffers
from large silicon area penalty. A familiar approach to
design S-Box from its arithmetic operations that involves
composite field arithmetic based multiplicative inversion
in Galois Field [GF (28)] structure, decomposing the field
operations from Galois Field (GF) (28) to GF ((24)2)12.
Secondary field arithmetic is used in the calculation of an
inverse in the Galois Field operation. With this approach,
the hardware area cost can be minimized considerably
with the modifications in Sub Bytes and the Inv-Sub-Bytes
operations. The conventional methods were designed by
sharing the multiplicative inverse unit for encryption/
decryption segments. Designing composite field based
substitution box architecture is the most area efficient
technique for AES encryption/decryption algorithm.
Due to the calculation cost of Galois Field operation is
lower when the operation is carried out especially in an
isomorphic composite field this technique is preferred.
The pipelined technique based composite S-Box offers
high speed and high throughput rate along with reduced
pipelined latency when compared with c­onventional
2
Vol 10 (14) | April 2017 | www.indjst.org
S-Box designs. Cryptography technique using AES is
implemented in Field Programmable Gate Array (FPGA)
to test the functionality of the AES to hide the data and
such implementation increases area and power utilization13. To overcome this problem, the high security with
low area and low power multiplicative inverse unit is proposed in this paper. The overall approach of this article
comprises as follows, introduction about AES is given in
section 1, the conventional multiplicative inverse unit of
AES is interpreted in section 2, the section 3 describes
reduced multiplicative inverse unit of AES architecture,
simulation results and comparison of existing and proposed multiplicative inverse unit is presented in section4
along with the discussion and finally the article is concluded in section 5.
2. Conventional Multiplicative
Inverse Unit of S-Box
The S-Box is a product of affine matrix and multiplicative
inverse plus constant matrix as shown in equation (1) for
.
Where M is an 8X8 binary affine matrix,
is a multiplicative inverse and C is a constant matrix of 8bit
vector with 4 nonzero value. S-Box can be classified into
three types such as linearity S-Box, non linearity S-Box
and Composite S-Box. Among these types, designing
of composite S-Box is simple with low area and power
consumption. Multiplicative inverse unit of composite S-Box structure is complicated since it involves with
logarithmic operations. Reducing the multiplicative
inverse unit gate count reduces the S-Box structure as
well. Conventional multiplicative inverse unit is shown
in Figure 114. The circuit diagram is constructed based
on below equations. The multiplicative inverse unit in
of nibble
is given by
where
Indian Journal of Science and Technology
M. Senthil Kumar and G. V. R. L. Maccalay
Figure 1. Circuit diagram of conventional multiplicative
inverse unit.
Figure 2. Circuit diagram of AND gate using static CMOS
logic.
From the figure 1, the existing multiplicative inverse
unit requires 14 XOR gate and 8 AND gate. Generally,
three logic gates (one NAND, one AND & one OR) are
needed in order to design one XOR gate. Using of three
logic gates for one XOR gate increases the gate count
remarkably in the conventional multiplicative inverse unit
since, it has 14 XOR gate in its structure. This increases
the area required for circuit implementation and due to
this, power consumption also increases. To overcome this
problem, number of XOR gate in proposed multiplicative
inverse unit is reduced to achieve low area and low power
consumption than the existing multiplicative inverse unit.
For AND gate design, PMOS_1 and PMOS_2 (Inputs
‘a’ and ‘b’) are coupled in parallel and NMOS_1 and
NMOS_2 are connected in series and both are linked
in series as shown in Figure 2. The output of this combination is given to CMOS inverter for AND operation
as shown in Figure 2. This arrangement requires totally 6
transistors and C is the final output represents AND gate.
If the inputs ‘a’ and ‘b’ are zero, PMOS_1 and PMOS_2 are
ON (one or high) and NMOS_1 and NMOS_2 are OFF.
Further, this PMOS output is connected to the inverter
and finally AND gate output is 0. When the inputs ‘a’ and
‘b’ are one, NMOS_1 and NMOS_2 are ON and this combination is grounded and yields output as 0 at this stage.
This output is given to inverter to produce the final output
Vol 10 (14) | April 2017 | www.indjst.org
of AND gate as 1. Correspondingly all other input combinations are processed to generate the final output15.
In the static CMOS based OR gate, PMOS_1 and
PMOS_2 are connected in series and NMOS_1 and
NMOS_2 are coupled in parallel. This output is given to
the inverter and produces OR gate output as Y as shown
in Figure 3. When the input ‘a’ is 0 and ‘b’ is one, PMOS_1
and NMOS_1 are ON and PMOS_2 and NMOS_2 are
OFF. Consequently, PMOS_1 value is zero, which goes to
inverter and it turns PMOS_3 ON. Thus the final OR gate
output is one, when the input ‘a’ is 0 and ‘b’ is one.
Construction of XOR gate using static CMOS technique is shown in the Figure 4. If the input ‘a’ is 0 and ‘b’ is
0, PMOS_4 and PMOS_5 are goes to ON state. Similarly,
NMOS_5 and NMOS_6 are also ON. Consequently, the
final output becomes zero, since PMOS_4 is ON while
the input ‘a’ value is zero. When the input ‘a’ is 0 and ‘b’
is 1, PMOS_3 and PMOS_4 are ON. Also, NMOS_3 and
NMOS_6 are ON. Because of these conditions, the output of XOR gate Z is one. Likewise all other outputs are
occurred based on the given inputs.
3. Compact Multiplicative Inverse
Unit of S-Box
The goal of the proposed multiplicative inverse unit is to
design its circuit with less number of gate (transistors)
Indian Journal of Science and Technology
3
A Novel Compact Multiplicative Inverse Unit of AES for Low Power and Low Area Applications
logical r­ eduction, one can choose K-map, Boolean logic
minimization with Demorgan’s theorem and Shannon’s
expansion for any digital circuit implmentation. The proposed method adopts Boolean logic minimization with
demorgan’s theorem for simplification of equations and
the same reflected in the reduction of number of gate as
shown in Figure 5.
Figure 3. Circuit diagram of OR gate using static CMOS
logic.
From the above equations (6) to (9), the proposed
multiplicative inverse unit needs 4 XOR gate instead of
14 XOR gates. Along with 4 XOR gate, new AND & OR
gates are included to satisfy the reduced Boolean equations. Finally, 4 XOR, 14 AND, 9 OR and 4 INV gates are
required for proposed multiplicative inverse unit. Area
and power consumption are reduced in the proposed
compact multiplicative inverse unit.
4. Results and Discussion
The design of reduced multiplicative inverse unit and
conventional multiplicative inverse unit of S-Box for AES
Figure 4. Circuit diagram of XOR gate using static CMOS
logic.
to achieve the low area and low power than the existing
multiplicative inverse unit. Equations (2) to (5) of existing multiplicative inverse unit are simplified through
logical reduction method and reduced equations are
represented in the equations (6) to (9). To perform the
4
Vol 10 (14) | April 2017 | www.indjst.org
Figure 5. Circuit diagram of proposed multiplicative
inverse unit.
Indian Journal of Science and Technology
M. Senthil Kumar and G. V. R. L. Maccalay
Table 1. Truth table of Multiplicative inverse in
Binary Value
Multiplicative inverse
0000
0000
0001
1100
0010
1100
0011
0100
0100
1111
0101
Table 3. Comparison between existing and
proposed multiplicative inverse unit by gate level
implementation
Gates
No of gates in existing
circuit
No of gates in
proposed circuit
AND
8
14
OR
–
9
1100
XOR
14 (14 x 3 = 42)
4 (4 x 3 = 12)
0110
1001
0111
1101
INV
-
4
1000
0101
Total
50
39
1001
0110
1010
0011
1011
1110
1100
1010
1101
0111
1110
1011
1111
0010
Table 2. Comparison between existing and
proposed multiplicative inverse unit by circuit level
implementation
Circuits
No of transistors in
existing circuit
No of transistors in
proposed circuit
AND
8gates ∗ each one
6T=48
14Gates ∗ each one
6T=84
OR
–
9gates ∗ each one
6T=54
XOR
14gates x each one
12=168
4gates ∗ each one
12T=48
INV
–
4gates ∗ each one 2T=8
Total no of
transistors
216
194
technique are presented here. The static CMOS (complementary metal oxide semiconductor) is used to design
the existing and proposed multiplicative inverse unit.
This approach is used to analyze the number of transistors
required for the existing and proposed design. Simulation
is carried out by using Tanner toolv14.11. The comparison
between existing multiplicative inverse unit and proposed
multiplicative inverse unit is given in the Table 2.
The comparison of area requirement between
proposed multiplicative inverse unit over existing multiplicative inverse unit is shown in Table1 and Table 3.
Vol 10 (14) | April 2017 | www.indjst.org
Figure 6. Area utilization of conventional multiplicative
inverse unit.
Figure 7. Area of proposed multiplicative inverse unit.
Indian Journal of Science and Technology
5
A Novel Compact Multiplicative Inverse Unit of AES for Low Power and Low Area Applications
The Table 1 illustrated circuit level implementation and
Table 2 describes the gate level implementation. From
the results, the proposed multiplicative inverse unit offers
10% area reduction in terms of transistors and 22% area
reduction in terms of gates than the conventional multiplicative inverse unit.
From the analysis of Figure 6 and Figure 7, the existing multiplicative inverse unit requires 216 transistors and
proposed multiplicative inverse unit needs 194 transistors.
Totally 22 transistors are reduced in proposed multiplicative inverse unit when compared to the conventional
multiplicative inverse unit. Similarly, the conventional
multiplicative inverse unit requires 50 gates and proposed
multiplicative inverse unit needs only 39 gates. Totally, 11
gates are reduced in the proposed multiplicative inverse
unit than the existing multiplicative inverse unit.
From the results, the reduced multiplicative inverse
unit offers 20% power reduction than the existing
Multiplicative Inverse unit of S-Box as shown in Table 4.
From the Figure 8, the existing multiplicative inverse unit
consumes 45.7mW power. On the other hand the proposed multiplicative inverse unit requires only 36.7 mw
power as shown in Figure 9.
Table 4. Comparison between existing and proposed
multiplicative inverse unit for power consumption
Circuits
Maximum power (mw)
Existing multiplicative inverse unit
45.7
Proposed multiplicative inverse unit
36.7
Figure 9. Power consumption of proposed multiplicative
inverse unit.
5. Conclusion
The alternative design of optimized multiplicative
inverse unit with low area and low power consumption
is introduced in the S-Box of AES hardware implementation. The compact multiplicative inverse unit
is achieved with the modification in the conventional
multiplicative inverse equations based on Boolean logic
with Demorgan’s law. This modification has simplified
the circuit implementation with less number of gates.
The compact multiplicative inverse unit offers 30% APP
(Area [10%] and Power [20%] product) reduction than
the conventional multiplicative inverse unit. In future,
the proposed multiplicative inverse unit is incorporated
into the composite S-Box of AES for further reduction of the area and power utilization of entire AES
­architecture.
6. References
Figure 8. Power consumption of existing multiplicative
inverse unit.
6
Vol 10 (14) | April 2017 | www.indjst.org
1. Efficient Implementation of the Rijndael S-box. Available
from: Crossref
2. Liu R, Parhi KK. Fast composite field S-Box architectures
for advanced encryption standard. Proceedings of the ACM
Great Lakes Symposium on VLSI. 2008 May; p. 65-70.
Crossref.
3. Satoh A, Morioka S, Takano K, Munetoh S. A Compact
Rijndael hardware architecture with S-Box optimization. Springer: Advances in Cryptology. Lecture Notes in
Computer Science. 2001 Nov; 2248:239-54.
4. Mangard S, Aigner M, Dominikus S. A highly regular and
scalable AES hardware architecture. IEEE Transactions on
Computers. 2003 Apr; 52(4):483-91. Crossref.
Indian Journal of Science and Technology
M. Senthil Kumar and G. V. R. L. Maccalay
5.Ahmad N, Hasan R, Jubadi WM. Design of AES S-Box
using combinational logic optimization. Proceedings of the
IEEE International Symposium on Industrial Electronics
and Applications. 2010 Oct; p. 696-9. Crossref
6.Rach RR, Ananda Mohan PV. Implementation of AES
S-Boxes using combinational logic. Proceedings of the
IEEE International Symposium on Circuits and Systems.
2008 May; p. 3294-97.
7. Chen N, Yan Z. High-performance designs of AES transformations. Proceedings of the International Symposium on
Circuits and Systems. 2009 May; p. 2906-9. Crossref
8. Vaidehi M, Justus Rabi B. Enhanced Mix Column Design for
AES Encryption. Indian Journal of Science and Technology.
2015 Dec; 8(35):1-7. Crossref.
9.Morioka S, Satoh A. An optimized S-Box circuit architecture for low power AES design. Proceedings of the
Workshop on Cryptographic Hardware and Embedded
Systems. 2003 Feb; 2523:172-86.
10. Bryant RE. Graph-Based Algorithms for Boolean Function
Manipulation. IEEE Transactions on Computers. 1986 Aug;
35(8):677-91. Crossref
Vol 10 (14) | April 2017 | www.indjst.org
11.Morioka S, Satoh A. A 10-Gbps Full-AES crypto design
with a twisted BDD S-Box architecture. IEEE Transactions
on VLSI Systems. 2004 June,12(7), pp.98-103. Crossref
12. Nalini C, Anandmohan PV, Poomaiah DV, Kulkarni VD.
Compact Designs of Sub Bytes and Mix Column for AES.
Proceedings of the IEEE International Advance Computing
Conference (IACC 2009). 2009 Mar; p. 1241-7. Crossref.
13. Salim PT, Vigneswaran T. FPGA Implementation of Hiding
Information using Cryptography. Indian Journal of Science
and Technology. 2015 Aug; 8(19):1-7.
14. Ahmad N, Rezaul Hasan SM. Low-power compact composite field AES S-Box/InvS-Box design in 65 nm CMOS
using Novel XOR Gate. Integration the VLSI Journal. 2013
Sep; 46(4):333-44.
15.Radhika P, Vigneswaran T. Incorporation of optimized
AND, OR gates and Half adder into Carry Select Adder
using CMOS technique. International Journal of Applied
Engineering Research. 2014; 9(22):17083-95.
Indian Journal of Science and Technology
7