Download Ocean Logic's AES Cryptoprocessor: Hardware Implementation of Advanced Encryption Standard and more Study notes Electrical and Electronics Engineering in PDF only on Docsity!
OL_AES
AES Core family
Rev 1.
General
Description
Applications
Features
Symbol
This core family implements various aspects of the AES (Advanced Encryption Standard) algorithm. Simple, fully synchronous design with low gate count.
♦ Electronic financial transactions. ♦ Secure communications. ♦ Secure video surveillance systems. ♦ Encrypted data storage.
♦ Implemented according to the FIPS 197 documentation. ♦ Also available in CBC, CFB and OFB modes. ♦ Key size of 128, 192 and 256 bits. ♦ Both encryption and decryption supported. ♦ Fully synchronous design. ♦ Available as fully functional and synthesizable VHDL or Verilog soft-core. ♦ Test benches provided. ♦ Xilinx and Altera netlists available.
AES
Core
Data Output
Data
Key
Control
Input
Input
General Description
The OL_AES core family is a hardware implementation of various aspects of the AES algorithm as described in NIST’s released documentation, suitable for a variety of applications.
The AES algorithm was selected by NIST on October 20, 2000 amongst a group of competing algorithms. The algorithm chosen by NIST, Rijndael offers strong and secure encryption with the added flexibility of variable key block sizes.
Compared to the DES and the triple DES algorithms AES provides an even higher level of security.
An AES encryption operation consists in the transformation of a 128 bits block into a block of the same size.
The encryption key can be chosen among three different sizes: 128, 192 or 256 bit. The key is expanded during cryptographic operations.
A block diagram of the AES core is shown below.
AddRoundKey State Storage ByteSub ShiftRow MixColumn Area
KEY
DIN
DOUT
Key Expander
Figure 1 AES core block diagram.
The AES algorithm consists of a series of steps repeated a number of times (rounds). The number of rounds depends on the size of the key and the data block. The intermediate cipher result is known as state.
KSIZE = 00 KSIZE = 01 KSIZE = 10
Rounds 10 12 14 Table 1 Number of rounds as a function of key size.
Initially, incoming data and key are added together in the AddRoundKey module. The result is stored in the State Storage area.
The state information is then retrieved and the ByteSub, Shiftrow, MixColumn and AddRoundKey are performed on it in the specified order. At the end of each round the new state is stored in the State Storage area. These operations are repeated according to the number of rounds. The final round is anomalous as the MixColumn step is skipped.
After the final round the cipher is output.
Equivalent Inverse Cipher algorithm as outlined in the AES documentation. Consequently encryption and decryption pre-expanded keys are not equivalent. Ocean Logic can provide an additional module so that encryption and decryption pre-expanded keys are the same. The symbol of the core is shown below.
CLK
RSTN
DOUT_VLD
DIN_REQ
EN
KSIZE[1:0]
DIN[31:0]
DOUT[31:0]
GO
E_D AES
KEY[31:0]
Figure 2 OL_AES_ED symbol
Pin Description
Name Type Description RSTN Input Core reset, active low. CLK Input Core clock signal. EN Input Synchronous enable signal. When LOW the core ignores all its inputs and all its outputs must be ignored. GO Input When HIGH, a cryptographic operation is started. E_D Input Encryption is performed when LOW, decryption when HIGH. KEY[31:0] Input Pre-expanded input key. KSIZE[1:0] Input Input key size. DIN[31:0] Input Input data. DIN_REQ Output Input data request signal. DOUT[31:0] Output Output data. DOUT_VLD Output Output data valid.
Functional description
Rising the input on the GO port triggers the beginning of a cryptographic operation on the data DIN using the KEY as key. The key size selection can be performed on the core by the KSIZE input. Valid values for KSIZE are “00”,”01” and “10” selecting 128, 192 or 256 bits respectively. The KSIZE inputs must not be changed while the data is processed.
The core then raises the DIN_REQ signal requesting the data block. It then starts to process the state according to the AES algorithm. The timing diagram below shows how the data is fed to the core at the start.
K0 K1 K2 K3 K4 K5 K6 K
GO
CLK
DIN[31:0]
DIN_REQ
D0 D1 D2 D
KSIZE[1:0] Valid
E_D Valid
KEY[31:0]
Figure 3 Key and data input at the start of encryption.
The KSIZE parameter is passed to the core after the GO signal is raised. Input of the KEY data continues for all the duration of the cryptographic operation.
Both data and key are input serially, 32 bits at the time. The diagram above shows the case where the input data is 128 bits. The ordering of the data is shown in the figure below.
31 23 15 7 0
Word 1
D D D D Word N
D D D D Word 0
D D D D
4n 4n+1 4n+2 4n+
0 1 2 3
4 5 6 7
Figure 4 AES core data ordering.
When all the rounds are completed the DOUT_VLD signal is raised and the encrypted data starts to flow out. This is shown in the timing diagram below.
KIN[31:0]
KSIZE[1:0]
ADDR[5:0]
KEY[31:0]
KEY_LAST
KEXP
CLK
RSTN
EN
GO
E_D
Figure 6 OL_KEXP_ED symbol
Pin Description
Name Type Description RSTN Input Core reset, active low. CLK Input Core clock signal. EN Input Synchronous enable signal. When LOW the core ignores all its inputs and all its outputs must be ignored. GO Input When HIGH, key expansion is started. E_D Input Key is expanded for encryption or decryption. KSIZE[1:0] Input Input key size. KIN[31:0] Input Unexpanded key input. KEY_REQ Output Input key request signal. ADDR[5:0] Output Address for the key expanded data KEY[31:0] Output Expanded key data. KEY_LAST Output Last expanded key data.
Functional description
Rising the input on the GO port triggers the beginning of the expansion of the KEY input. The key size selection can be performed on the core by the KSIZE input. Valid values for KSIZE are “00”,”01” and “10” selecting 128, 192 or 256 bits respectively. The KSIZE inputs must not be changed while the data is processed.
The core then raises the KEY_REQ signal requesting the key. It then starts to expand the key according to the AES algorithm.
The timing diagram below shows how the data is fed to the core at the start in the case of a 128 bit key.
KSIZE[1:0] Valid
GO
CLK
KEY[31:0]
KIN[31:0] K0 K1 K2 K
KEY_REQ
KEY0 KEY1 KEY2 KEY3 KEY4 KEY5 KEY6 KEY
Figure 7 Key input at the start of expansion.
During the expansion process, the expanded key data is available at the output KEY. At the end of the expansion operation, the signal KEY_LAST is raised. The core is immediately ready for another expansion operation and, in fact, the KEY_REQ signal is raised immediately after. The diagram below illustrates this.
Valid
K0 K1 K2 K
Last
Key data KEY0^ KEY1^ KEY2^ KEY
KEY_LAST
KEY[31:0]
KIN[31:0]
KEY_REQ
CLK
Figure 8 Last expanded key data and start of new expansion.
Any expansion operation can be aborted at any time by lowering the GO signal. Also, the core can be stalled at any time by lowering the synchronous enable signal EN.
Table 3 shows the number of cycles required for a key expansion operation as a function of key size.
Ocean Logic Pty Ltd
PO BOX 768 - Manly NSW 1655 - Australia Tel: +61-2-99054152 Fax: +61-2- E-Mail: info@ocean-logic.com URL : http://www.ocean-logic.com/
