The cipher Rijndael is one of the five finalists of the Advanced Encryption Standard (AES) The algorithm has been designed by Joan Daemen and Vincent Rijmen It is a Block cipher. The hardware implementation with 128-bit blocks and 128-bit keys is presented. VLSI optimizations of the Rijndael algorithm are discussed and several hardware design modifications and techniques are used, such as memory sharing and parallelism.

1. Fault Detection Scheme for AES
Using Composite Field
BY
AJAL.A.J
EPGPM – IIM K

2. PRESENTATION
OVERVIEW
••RRIIJJNNDDAAEELL AALLGGOORRIITTHHMM
••SSYYSSTTEEMM AARRCCHHIITTEECCTTUURREE
••SSIIMMUULLAATTIIOONN RREESSUULLTTSS
FFUUTTUURREE DDEEVVEELLOOPPMMEENNTT

3. INTRODUCTION
• The cipher Rijndael is one of the five finalists of
the Advanced Encryption Standard (AES)
• The algorithm has been designed by Joan Daemen
and Vincent Rijmen
• It is a Block cipher.
• The hardware implementation with 128-bit blocks
and 128-bit keys is presented.
• VLSI optimizations of the Rijndael algorithm are
discussed and several hardware design
modifications and techniques are used, such as
memory sharing and parallelism.

5. Critical N/W Security Elements
Critical communications private
(confidentiality)
Know who we are dealing with (identity)
Guarantee messages unaltered (integrity)
Assert rights over content use (authorization)
All critical systems up-and-running
(availability)

6. The Rijndael Chip
6
1. Rijndael
2. Serpent
3. Two fish
4. RC 6
5. MARS
AES 128bit
implementation
Selected by AES
(Advanced
Encryption
Standard, part of
NIST) as the new
private-key
encryption standard.

7. Rijndael Algorithm – Round
Partition of the rounds not suited for intraround pipelining
Add Round Key
Sub Bytes
Shift Rows
Mix Columns
Add Round Key
Sub Bytes
Shift Rows
Mix Columns
Add Round Key
Sub Bytes
Shift Rows
Add Round Key
Add Round Key
Inv Sub Bytes
Inv Shift Rows
Inv Mix Columns
Add Round Key
Inv Sub Bytes
Inv Shift Rows
Inv Mix Columns
Add Round Key
Inv Sub Bytes
Inv Shift Rows
Add Round Key
1
9
10
10
9
2
1
Encryption Decryption

8. Rijndael Architecture - Overview
Parallel
Round 1
Round Key
Register
Key
Generator
Parallel
Round 2
AddKey
Key Reg Data Reg
Controller
32 128
128
32
128 32
128 128
128 128
Data Reg
Largest potential for optimizations in rounds

9. It all starts with a key
• What is a key?
• Encryption algorithm is like a recipe for
spaghetti. Key is like the choice of sauce
that changes the end result.
Plain text
I am going to the
market
Decrypting Text
That’s encryption!
Cipher text
K co iqkpi vq vjg
octmgv
Encrypt – Garble so it’s unreadable
Decrypt – Ungarble so it can be read again
encrypt algorithm – add
x letters
hard to read,
UNLESS you know
the key
Encrypting Text
Plain text
I am going to the
market
CipherText
K co iqkpi vq vjg
octmgv
decryption algorithm –
subtract x letters
key - 2

10. BLOCK DIAGRAM - DECRYPTION
CORES

11. Parallel impletation of S-Boxes
Rijndael S-box consists of two operations
Encryption
Path
Decryption
Path
SubBytes
Inv Sub
Bytes
Inv Aff Trans
Mult Inverse
Aff Trans
Mult Inverse
Multiplicative inverse can be shared

15. Encryption Simulation Result

16. Decryption Simulation Result

17. Synthesis Report And Result Of
AES Fault Detection Schemes

18. Comparison of s- box
Design Area Delay Power
LUT-Based 262144 31.824ns 35mw
Composite Field
Based
28514 8.129ns 34mw

19. Output Waveform for composite
field s-box without error

20. Output wave form of encryption
algorithm for composite field s-box
without error

21. Output wave form decryption
algorithm for composite field s-box
without error

22. Output wave form decryption
algorithm for composite field s-box
with error

23. Map report
--------------
• Number of errors: 0
• Number of warnings: 0

24. HDL SYNTHESIS REPORT
Macro Statistics
# ROMs : 56
16x128-bit ROM : 56
# Multiplexers : 66
8-bit 10-to-1 MUX : 10
8-bit 16-to-1 MUX : 56
# XORs : 171
128-bit xor2 : 11
8-bit xor2 : 150
8-bit xor3 : 10

25. Performance Comparison
Implementation Encryption Speed
Software implementation
(ANSI C)
27Mb/s
Visual C++ 70.5Mb/s
Hardware Implementation
(Altra)
268Mb/s
Proposed VHDL
(Virtex II)
2.18Gb/s

36. FUTURE
DEVELOPMENT
• For future development, estimation on the real time
required for key initialization and time for a whole
encryption should be done on the real chip.
• Research is still going on the encryptor core for higher
bit lengths.
• FPGA based solutions have shown significant speedups
compared with software based approaches
• The widespread adoption of distributed, wireless, and
mobile computing makes the inclusion of privacy,
authentication and security
• Power consumption will remain a critical factor
,especially when cryptographic applications will move into
embedded context

37. CONCLUSION
• In this paper, a VLSI implementation for the Rijndael encryption
algorithm is presented
• The combination of security, and high speed implementation,
makes it a very good choice for wireless systems.
• The whole design was captured entirely in VHDL language
using a bottom-up design and verification methodology
• The proposed VLSI implementation of the algorithm reduces the
covered area and achieves a data throughput up to 2.18Gbit/sec.
• An optimized coding for the implementation of Rijndael
algorithm for 128 bits has been developed
• Architectural innovations like on the fly round key generation,
which facilitates simultaneous execution of sub bytes, shift rows
and mix columns and round key generation has been
incorporated in our coding.

38. FUTURE WORK
• We have presented a high performance parity based low complexity fault
detection scheme for the AES using the S-box and the inverse S-box in
composite fields.
• In our implementations, we used parity method in case of s box and
ensured that error detection at s box takes two times which improves the
fault coverage to a great extent. According to our simulation results, with
acceptable error coverage, the structure-independent schemes proposed
in this paper have the highest efficiencies, showing reasonable area and
time complexity overheads. Based on the AES structure chosen, the
performance goals to achieve, and the resources available, one can use
combinations of the presented schemes in order to have much more
reliable AES encryption and decryption structure.

39. FUTURE WORK

40. [1] National Institute of Standards and Technologies, Announcing
the Advanced Encryption Standard (AES) FIPS 197, Nov. 2001.
[2] R. Karri, K. Wu, P. Mishra, and K. Yongkook, “Fault-based
side-channel cryptanalysis tolerant Rijndael symmetric block
cipher architecture,” in Proc. DFT, Oct. 2001, pp. 418–426.
[3] R. Karri, K. Wu, P. Mishra, and Y. Kim, “Concurrent error
detection schemes for fault-based side-channel cryptanalysis of
symmetric block ciphers,” IEEE Trans. Comput.-Aided Des. Integr.
Circuits Syst., vol. 21, no. 12, pp. 1509–1517, Dec. 2002.
[4] A. Satoh, T. Sugawara, N. Homma, and T. Aoki, “High-performance
concurrent error detection scheme for AES
hardware,” in Proc. CHES, Aug. 2008, pp. 100–112.

41. [5] L. Breveglieri, I. Koren, and P. Maistri, “Incorporating error detection and online
reconfiguration into a regular architecture for the advanced encryption standard,” in Proc. DFT,
Oct. 2005, pp. 72–80.
[6] M. Karpovsky, K. J. Kulikowski, and A. Taubin, “Differential fault analysis attack resistant
architectures for the advanced encryption standard,” in Proc. CARDIS, Aug. 2004, vol. 153, pp.
177–192.
[7] P. Maistri and R. Leveugle, “Double-data-rate computation as a countermeasure against fault
analysis,” IEEE Trans. Computers, vol. 57, no. 11, pp. 1528–1539, Nov. 2008.
[8] C. H. Yen and B. F.Wu, “Simple error detection methods for hardware
implementation of advanced encryption standard,” IEEE Trans. Computers, vol. 55, no. 6, pp.
720–731, Jun. 2006.
[9] G. Bertoni, L. Breveglieri, I. Koren, P. Maistri, and V. Piuri, “A parity code based fault
detection for an implementation of the advanced encryption standard,” in Proc. DFT, Nov. 2002,
pp. 51–59.
[10] G. Bertoni, L. Breveglieri, I. Koren, P. Maistri, and V. Piuri, “Error analysis and detection
procedures for a hardware implementation of the advanced encryption standard,” IEEE Trans.
Computers, vol. 52, no. 4, pp. 492–505, Apr. 2003.
[11] C. Moratelli, F. Ghellar, E. Cota, and M. Lubaszewski, “A fault-tolerant DFA-resistant AES
core,” in Proc. ISCAS, 2008, pp. 244–247.
[12] M. Mozaffari-Kermani and A. Reyhani-Masoleh, “Parity-based fault detection architecture
of S-box for advanced encryption standard,” in Proc. DFT, Verbauwhede, “A systematic
evaluation of compact hardware implementations for the Rijndael S-box,” in Proc. CT-RSA, Feb.
2005, pp. 323–333. Oct. 2006, pp. 572 580.

42. [13] S.-Y. Wu and H.-T. Yen, “On the S-box architectures with concurrent error detection for the
advanced encryption standard,” IEICE Trans. Fundam. Electron., Commun. Comput. Sci., vol.
E89-A, no. 10, pp. 2583–2588, Oct. 2006.
[14] A. E. Cohen, “Architectures for Cryptography Accelerators,” Ph.D. dissertation, Univ.
Minnesota, Twin Cities, Sep. 2007.
[15] M. Mozaffari-Kermani and A. Reyhani-Masoleh, “A lightweight concurrent fault detection
scheme for the AES S-boxes using normal basis,” in Proc. CHES, Aug. 2008, pp. 113–129.
[16] D. Canright, “A very compact S-box for AES,” in Proc. CHES, Aug. 2005, pp. 441–455.
[17] A. Satoh, S. Morioka, K. Takano, and S. Munetoh, “A compact Rijndael hardware
architecture with S-box optimization,” in Proc. ASIACRYPT, Dec. 2001, pp. 239–254.
[18] J.Wolkerstorfer, E. Oswald, and M. Lamberger, “An ASIC implementation of the AES
SBoxes,” in Proc. CT-RSA, 2002, pp. 67–78.
[19] V. Rijmen, Dept. ESAT, Katholieke Universiteit Leuven, Leuven, Belgium, Efficient
Implementation of the Rijndael S-Box, 2000.
[20] X. Zhang and K. K. Parhi, “High-speed VLSI architectures for the AES algorithm,” IEEE
Trans. Very Large Scale Integr. (VLSI) Syst., vol. VLSI-12, no. 9, pp. 957–967, Sep. 2004.
[21] X. Zhang and K. K. Parhi, “On the optimum constructions of composite field for the AES
algorithm,” IEEE Trans. Circuits Syst. II, Exp. Briefs, vol. 53, no. 10, pp. 1153–1157, Oct. 2006.
[22] N. Mentens, L. Batina, B. Preneel, and I. Verbauwhede, “A systematic evaluation of compact
hardware implementations for the Rijndael S-box,” in Proc. CT-RSA, Feb. 2005, pp. 323–333.

44. QUERRIES ? ? ?
AJAL.A.J
MOB: 0-8907305642