Six Shades of AES

Recently there have been various attempts to construct light weight implementations of the AES-128 encryption and combined encryption/ decryption circuits. However no known lightweight circuit exists forAES-192 and AES-256, the variants of AES that use longer keys. Investing in lightweight implementations of these ciphers is important as we enter the post quantum era in which security is, by a rule of the thumb, scaled down to the square-root of the size of the keyspace. In this paper, we propose a single circuit that is able to offer functionalities of both encryption and decryption for AES-128/192/256. Our circuit operates on an 8-bit datapath and occupies around 3672 GE of area in silicon. We outline the challenges that presented themselves while performing the combinatorial optimization of circuit area and the methods we used to solve them.

Published in:
Lecture Notes in Computer Science, 11627, 311-329
Presented at:
Progress in Cryptology – AFRICACRYPT 2019

Note: The status of this file is: Anyone

 Record created 2019-07-17, last modified 2020-10-24

Download fulltext

Rate this document:

Rate this document:
(Not yet reviewed)