Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dynamic High-Performance Multi-Mode Architectures for AES Encryption

Published byYrjö Laakso Modified over 6 years ago

Similar presentations

Presentation on theme: "Dynamic High-Performance Multi-Mode Architectures for AES Encryption"— Presentation transcript:

1 Dynamic High-Performance Multi-Mode Architectures for AES Encryption
Eric Swankoski Naval Research Lab Vijay Narayanan Penn State University Swankoski MAPLD 2005 / B103

2 Background & Motivation
Bandwidth and throughput capabilities of modern optical networks is skyrocketing Protecting transmitted data becoming more and more critical Current encryption architectures generally aren’t capable of keeping up with high-speed environments SEU effects rarely, if ever, considered Swankoski MAPLD 2005 / B103

3 Plan of Attack: FPGA Encryption
Algorithm: Advanced Encryption Standard (AES) Supports multiple key lengths Supports multiple encryption modes Supports multiple levels of pipelining Target Architecture: Xilinx FPGAs Can be adapted to ASIC devices Virtex-II, Virtex-4 Target Performance: 60+ gigabits per second Requires both inner-round and outer-round pipelining Swankoski MAPLD 2005 / B103

4 The AES Algorithm 10 Rounds of Encryption for 128-bit operands
Four basic operations: SubBytes: 8-bit substitution (16 parallel operations per round) ShiftRows: Byte reordering and rotation (4 parallel operations per round) MixColumns: Polynomial multiplication (4 parallel operations per round) AddRoundKey Simple 128-bit XOR Swankoski MAPLD 2005 / B103

5 Optimizing for Performance
Exploit all possible parallelism Alternative byte substitution methods 1 cycle for a lookup-based substitution 5 cycles for a mathematical transformation Utilize pipelining Outer-Round: 1 cycle per round Inner-Round: 4 cycles per round (lookup-based byte substitution) 8 cycles per round (pipelined byte substitution) Swankoski MAPLD 2005 / B103

6 Combinatorial Byte Substitution
Actual mathematical transformation Conventional implementation cannot be pipelined Simple (atomic) 8x8 lookup table Smaller than lookup table Faster than lookup table Utilizes five-stage pipeline All internal operands are four bits wide Swankoski MAPLD 2005 / B103

7 Encryption Round Diagram
Atomic S-Box: 40 Pipeline Stages Combinatorial S-Box: 76 Pipeline Stages Needs a constant stream to be effective Parallel Key Scheduling No performance penalty Offline Key Scheduling Precomputed keys can be stored in registers Swankoski MAPLD 2005 / B103

8 Counter (CTR) Mode Effectively converts AES into a stream cipher
High security – similar to CBC Supports inner-round and outer-round pipelining No error propagation – errors are completely isolated Swankoski MAPLD 2005 / B103

9 Cipher Block Chaining (CBC) Mode
Most secure – no patterns are observed Cannot be pipelined 100% downstream corruption resulting from data loss or single-event upsets (SEUs) during encryption Errors are isolated during decryption Swankoski MAPLD 2005 / B103

10 Electronic Codebook (ECB) Mode
Supports full pipelining No error propagation – errors are completely isolated Least secure – identical input gives identical output Patterns observable in video and image data Swankoski MAPLD 2005 / B103

11 Staggered CBC Mode Pipelined with Output Feedback
Each encrypted block n depends on itself and the block (n – x) where x is the latency of the pipeline Maintains security while mitigating some error propagation problems Swankoski MAPLD 2005 / B103

12 More Challenges Error-Tolerant Encryption Maintaining High Security
Maintaining High Performance Swankoski MAPLD 2005 / B103

13 Error-Tolerant Encryption
Are errors acceptable? Possibly, but better to assume not How do the multiple modes of encryption deal with upsets? Is there a benefit to triple modular redundancy (TMR)? Is it what we expect? Swankoski MAPLD 2005 / B103

14 Error-Tolerant Encryption
CTR and ECB encryption isolate errors Transmission integrity largely preserved even without SEU mitigation TMR can ensure 100% transmission integrity TMR REQUIRED for CBC encryption Swankoski MAPLD 2005 / B103

15 Error-Tolerant Encryption
Image 1: Error-Free Plaintext Image Before Encryption / After Decryption CTR, ECB, or CBC with mitigation Image 2: Decrypted Plaintext Image One corrupted block CTR or ECB without mitigation Image 3: Decrypted Plaintext Image One block corrupted during encryption CBC without mitigation Swankoski MAPLD 2005 / B103

16 Maintaining High Security
How do the multiple modes of encryption affect security? Is physical protection of the key necessary? Depends on the environment How is throughput affected by increased security? Hopefully, not at all… Swankoski MAPLD 2005 / B103

17 Maintaining High Security
ECB-encrypted image has observable patterns CTR/CBC/SCBC encryption looks like random noise Swankoski MAPLD 2005 / B103

18 Maintaining High Security
Physical Key Protection Not required in aerospace applications Power Analysis / Soft Attacks Countermeasures not mode specific Throughput Effects ECB & CTR far outperform CBC Why is CBC an official mode? Swankoski MAPLD 2005 / B103

19 System-Level Diagram Supports ECB, CTR, CBC, and SCBC modes
Supports two types of TMR System: triplicates all control, key hardware, and mode logic Encryption: triplicates only encryption and key scheduling hardware Swankoski MAPLD 2005 / B103

20 Performance Results – Virtex-4
Byte Substitution Key Scheduling Area Frequency Throughput (CTR, ECB, SCBC) (CBC) ROM Online 3588 339.5 MHz 43.5 Gbps 1.088 Gbps Offline 2827 446.8 MHz 57.2 Gbps 1.430 Gbps Combinatorial 13651 519.2 MHz 66.5 Gbps 700.0 Mbps 10912 Key Scheduling Offline uses precomputed and stored keys (compile or design time) Online uses dynamically computed keys (run time) Significant performance improvement for combinatorial byte substitution in pipelined mode Virtex-II Pro performs better with ROM implementation (56.42 & Gbps) Better CBC performance achieved through other architectures Swankoski MAPLD 2005 / B103

21 Lessons Learned Don’t try to over-optimize FPGA code
Returns diminish quickly Sometimes less is more Know your synthesis tool Now why did it do THAT? Check your system’s memory RAM does fail at inopportune times… ESPECIALLY if it has a lifetime warranty Swankoski MAPLD 2005 / B103

22 Lessons Learned Over-optimization
In a highly pipelined FPGA design, routing plays a MAJOR role in the clock frequency 70%-80% of the total delay What would work in an ASIC (or in theory, or on paper…) might actually make things worse Manual floorplanning and P&R might help, but usually provides minimal (if any) improvement Moral? – Try reducing the pipeline depth as well as increasing it, it just might help! Swankoski MAPLD 2005 / B103

Download ppt "Dynamic High-Performance Multi-Mode Architectures for AES Encryption"

Similar presentations

International Data Encryption Algorithm

International Data Encryption Algorithm
“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.

Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.
Modern Symmetric-Key Ciphers

Modern Symmetric-Key Ciphers
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.

TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Maintaining Data Integrity in Programmable Logic in Atmospheric Environments through Error Detection Joel Seely Technical Marketing Manager Military &

Maintaining Data Integrity in Programmable Logic in Atmospheric Environments through Error Detection Joel Seely Technical Marketing Manager Military &
Cryptography and Network Security Chapter 6. Chapter 6 – Block Cipher Operation Many savages at the present day regard their names as vital parts of themselves,

Cryptography and Network Security Chapter 6. Chapter 6 – Block Cipher Operation Many savages at the present day regard their names as vital parts of themselves,
Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.

Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.
Exploring timing based side channel attacks against 802.11i CCMP Suman Jana, Sneha K. Kasera University of Utah Introduction

Exploring timing based side channel attacks against i CCMP Suman Jana, Sneha K. Kasera University of Utah Introduction
1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.

1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.
The Design of Improved Dynamic AES and Hardware Implementation Using FPGA 89321032 游精允.

The Design of Improved Dynamic AES and Hardware Implementation Using FPGA 游精允.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Study of AES Encryption/Decription Optimizations Nathan Windels.

Study of AES Encryption/Decription Optimizations Nathan Windels.
RUN-TIME RECONFIGURATION FOR AUTOMATIC HARDWARE/SOFTWARE PARTITIONING Tom Davidson, Karel Bruneel, Dirk Stroobandt Ghent University, Belgium Presenting:

RUN-TIME RECONFIGURATION FOR AUTOMATIC HARDWARE/SOFTWARE PARTITIONING Tom Davidson, Karel Bruneel, Dirk Stroobandt Ghent University, Belgium Presenting:
Block Cipher Transmission Modes CSCI 5857: Encoding and Encryption.

Block Cipher Transmission Modes CSCI 5857: Encoding and Encryption.
Cryptography and Network Security

Cryptography and Network Security
Modes of Operation. Topics  Overview of Modes of Operation  EBC, CBC, CFB, OFB, CTR  Notes and Remarks on each modes.

Modes of Operation. Topics  Overview of Modes of Operation  EBC, CBC, CFB, OFB, CTR  Notes and Remarks on each modes.

Similar presentations

Ads by Google