Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
and AEGIS
Abstract—This paper presents an integrated design of AES, the on different FPGA platforms, and the comparison with the
block cipher standard and AEGIS, an AES based authenticated existing related works. Finally, Section V concludes our work.
encryption. Our design tries to exploit the common functionalities
of AES and AEGIS to achieve both confidentiality as well as II. AES AND AEGIS-128 OVERVIEW
confidentiality and authenticity together. The proposed design
provides a cost-effective implementation on various FPGA plat- AES [1] is symmetric block cipher that operates on 128,
forms, and it achieves both the goals by using a minimum amount 192 and 256 key size on 128 bit fixed size message blocks.
of extra resources compared to the stand-alone AES and AEGIS AES implements different number of rounds for different key
design. The performance of our design implementation has been size as for example 10 rounds for 128 bit key, 12 for 192 and
compared with the similar design work, and it has been shown
that the throughput and frequency of our design outperform the 14 for 256. Each intermediate result of the rounds is called
best result available in the literature. a ‘state’. Moreover, the round key for each state is generated
Index Terms—Encryption, AES, Authenticated Encryption, from the encryption key. Each round of AES comprises of
AEGIS, Integrated Architecture, FPGA four basic operations SubBytes, ShiftRow, MixColumn and
addroundkey, except for the last round where the MixColumn
I. I NTRODUCTION operation is not performed [1].
In recent times the frequency of digital transaction has AEGIS [3] is an authenticated encryption technique that
increased manifolds. This has led to the security of the transac- uses the AES round function. The intermediate cipher is
tion to become a critical aspect due to the increased probability known as state in AEGIS. AEGIS algorithm consists of ini-
of attacks. Many of the cases in secure digital transaction need tialization phase, associated data processing phase, encryption
only data confidentiality, while some require both confiden- and MAC generation phase. All the phases use one common
tiality as well as authenticity. AES [1] is the standard cipher function known as StateUpdate. StateUpdate function is used
which is used for encryption. Recently, CAESAR competition to perform five, six and eight AES round functions on the state
has been announced to provide a standard Authenticated in AEGIS128, AEGIS-256 and AEGIS-128L respectively. The
Encryption (AE) scheme. Most of the CAESAR candidates only difference between AES and AEGIS round function is
are either AES based or permutation based AE. We observe AES has addroundkey operation additionally. Apart from that
that most entries for this competition are AES based such AES uses 10 rounds for the encryption technique whereas
as ACORN [2], AEGIS [3], MOURS [4] and so on. AEGIS AEGIS performs 5 round operations for each state update
appears as one of the CAESAR finalist in this competition. In function. In order to achieve both AES and AEGIS in single
this paper, we integrate AES and AEGIS in a cost-effective hardware platform, we have to design a control circuit in such
manner through the reuse of common functionalities between a way that we can reuse the common hardware block between
them. Currently, no attack has been shown against AEGIS, AES and AEGIS. The common hardware block mainly con-
hence in our design we choose AEGIS-128 and merge it with sists of SubByte, ShiftRow and MixColumn operation inside
AES architecture to achieve both encryption and authenticated round function. AEGIS operates based on four counters viz.
encryption. A very few researches exist on the implementation aegis counter, associated data counter, ciphertext counter and
of achieving both the goals. Paper [5] is one of the combined mac counter. Among these last three counters solely depend
design where the authors informed the performance of their on the first counter. Three bit aegis counter counts from four
design in terms of throughput and frequency. to zero. Associated data counter and ciphertext counter are
In our work, we proposed an integrated architecture of AES initialized with external 64 bit data and mac counter initialized
and AEGIS by exploiting the common functionalities between with fixed value seven. The initial value of ciphertext counter
them, and also implemented on various FPGA platforms. We indicates the number of blocks used for encryption. All these
observed that our design achieves almost double speed up in last three counters are decremented by one, once aegis counter
compare to [5]. reaches from four to zero in the corresponding states. Key and
Following the introduction in section I, the rest of the paper IV are the private key and initialization vector respectively.
is organized as follows. Section II gives a brief overview
of AES and AEGIS. Section III describes the integrated III. I NTEGRATED A RCHITECTURE OF AES AND AEGIS
architecture of AES and AEGIS, where the focus is on the This section describes the overall architecture of our pro-
design circuitry to reuse the common functionalities of AES posed design. In this design, we explain how AES and
and AEGIS. Section IV illustrates the design performances AEGIS are combined together by reusing some common
Figure 1: AES and AEGIS combined architecture
functionalities between them. Figure 1 represents the complete of Key schedule module for AES and another for AEGIS.
architecture in details. In this diagram, we present five main MUX M1 is used for AES, whereas MUX M5 is used for
modules viz Controller, Assigninput, State update, Key sched- AEGIS. The overview of design are depicted in Figure 2.
ule and Round function, and four counters like aegis counter,
associated data counter, ciphertext counter and mac counter.
All the aforesaid counters are used in AEGIS only. In addition,
Round function module consists of two shiftrow block, one
intermediate register, one subbyte block, one mixcolumn block
and four MUXes are shown as dotted box. Moreover, Assign-
input module generates ciphertext and MAC. For AES, only
ciphertext is generated but AEGIS produces both ciphertext
and MAC.
Among these previous five modules three modules are
shared by both AES and AEGIS, whereas one of the remaining
modules is used for AES only and another is used only for
AEGIS. These are as follows
• Controller block used for both AES and AEGIS Figure 2: Overall design of AES and AEGIS
• Assigninput block used for both AES and AEGIS
• Round function block used for both AES and AEGIS Now, all these five modules of Figure 2 are described in
• Key schedule block used only for AES details sequentially.
• State update block used for only AEGIS
The inclusion of all these modules in a single implemen- A. Controller Block
tation needs one control input to perform AES and AEGIS This section, describes the operational flow between AES
separately. User provides the control input externally to select and AEGIS. It takes the value of aegis counter, associated
either AES or AEGIS at any time. Figure 2 shows how all data counter, ciphertext counter, mac counter, clock and user
these five modules are activated based on user input. If user input (AES or AEGIS) as shown in Figure 3. The Controller
selects AES then all the modules inside the bold dotted box acts as finite state machine that changes the state based
are performed, whereas the modules inside thin dotted box are on the present state and aforesaid inputs (counters) which
realized for AEGIS operations. generates different kind of control signals like initialization of
We assume triplet hKey, IV, M i where key, IV and M associated data process, ciphertext process and mac process.
represents the private key, initialization vector and plain- In this design, FSM consists of 24 states. In case of AES,
text/ciphertext message respectively. The triplet hKey, IV, M i state transition occurs from 1 to 11, whereas it moves from
is initialized to Assigninput block. MUX M6 selects the output state12 to state24 for AEGIS. The preprocessing phase is
occurred between state12 to state21. Moreover, Associated For AES, plaintext/ciphertext and key are forwarded to the
data processing phase, ciphertext processing phase and mac Round function block and Key schedule block respectively.
generation phase occurs at state22, state23 and state24 re-
spectively. For AES, each state transition occurs in every
clock pulse. On the contrary, AEGIS state transition happens
after the aegis counter(3 bits) reaches from four to zero. In
addition, associated data process, ciphertext process and mac
generation process occur only when the aegis counter and
corresponding phase counters reach zero concurrently. Once
the user provides control input (AES or AEGIS), Controller
block activates Assigninput block to start the operation for
AES or AEGIS respectively.
R EFERENCES
[1] J. Daemen and V. Rijmen, The Design of Rijndael: AES-The Advanced
Encryption Standard. Springer Science & Business Media, 2013.