MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI

SECURITY-LEVEL APPLICATIONS

CHAPTER 1
INTRODUCTION

KITS DEPT.OF.ECE Page 1

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

1.1 Introduction To Security:

In the recent years, many applications based on internet are
emerged such as on-line shopping, internet banking and electronic bill
payment etc. Such transactions over network demand end to end
secure connections which should be confidential to ensure data
authentication and confidentiality, integrity and availability, also
known as CIA trial. Security is the mechanism by which information
and services are protected from unintended or unauthorized access.
Security in networking is based on cryptography (a word with Greek
origins, means “secret writing”), the science and art of transforming
messages to make them secure and immune to attack. Encryption is
one of the principal means to guarantee security of sensitive
information. Many encryption algorithms are widely available used for
information security. Encryption algorithms are classified into two
groups: Symmetric-Key and Asymmetric-Key encryption. Symmetric
key encryption is a form of cryptosystem in which encryption and
decryption is performed using same key. It is also known as
conventional encryption. Asymmetric key encryption is a form of
cryptosystem in which encryption and decryption is performed using
the different keys i.e. public key and private key. It is also known as
public key encryption. Asymmetric encryption techniques are about
1000 times slower than symmetric encryption which makes it
impractical when trying to encrypt large amounts of data. Also to get
the same security strength as symmetric, asymmetric must use a
stronger key than symmetric encryption technique.
In today’s digital world, encryption is emerging as a
disintegrable part of all communication networks and information
processing systems, for protecting both stored and in transit data.
Encryption is the transformation of plain data (known as plaintext)
into unintelligible data (known as cipher text) through an algorithm
referred to as cipher. There are numerous encryption algorithms that
are now commonly used in computation, but the U.S. government has

KITS DEPT.OF.ECE Page 2

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

adopted the Advanced Encryption Standard (AES) to be used by

Federal departments and agencies for protecting sensitive information.
The National Institute of Standards and Technology (NIST) has
published the specifications of this encryption standard in the Federal
Information Processing Standards (FIPS) Publication 197.
1.2 INTRODUCTION TO CRYPTOGRAPHY:-
The book "A classical introduction to cryptography", describes
Cryptography is the science of information and communication
security. Cryptography is the science of secret codes, enabling the
confidentiality of communication through an insecure channel. It
protects against unauthorized parties by preventing unauthorized
alteration of use. Generally speaking, it uses a cryptographic system
to transform a plaintext into a cipher text, using most of the time a
key. Data Confidentiality, Data Integrity, and Authentication are core
principles of modern-day cryptography.
1. Confidentiality refers to certain rules and guidelines usually
executed under confidentiality agreements which ensure that
the information is restricted to certain people or places.
2. Data integrity refers to maintaining and making sure that the
data stays accurate and consistent over its entire life cycle.
3. Authentication is the process of making sure that the piece of
data being claimed by the user belongs to it.
1.3 INTRODUCTION TO DIFFERENT TECHNOLOGIES:
Now a day’s most of the users are rapidly using wireless
communication technology, and in this wireless communication they
are both advantages and disadvantages. We will overcome some
disadvantage in wireless communication like hacking process with our
project to protect the information from the hacker we are having three
types of techniques and are listed below:
1. AES (Advanced Encryption Standards)
2. DES (Data Encryption Standards)
3. RSA (Rivest – Shamir-Adleman)

KITS DEPT.OF.ECE Page 3

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

These three techniques are certified by National Institute of Standards

Techniques (NIST) publications, Information Technology Management,
Computer Security.
1.3.1 DATA ENCRYPTION STANDARDS:
The Data Encryption Standard was jointly developed by IBM
and the U.S. government in 1974 to set a standard that everyone
could use to securely communicate with each other. It operates on
blocks of 64 bits using secret key that is 56 bits long. The original
proposal used a secret key that was 64 bits long. The removal of 8 bits
from the key was done to make it possible for the U.S. government
agencies to secretly crack message. The US National Security Agency
(NSA) made several modifications, after which it was adopted by
Federal Information Processing Standard (FIPS).
The data encryption standard is a block cipher that is designed
to encrypt and decrypt blocks of data consisting of 64 bits by using a
64-bit key. The data encryption standard is a secret key encryption
scheme adopted as standard in the USA in 1977. DES works on bits.
DES key consists of 64 binary digits ("0"s or "1"s), Binary “0001” is
equal to number”1”. DES works by encrypting groups of 64 message
bits, which is same as 16 hexadecimal numbers. To do the encryption,
DES uses “Keys” which are also apparently 16 hexadecimal numbers
long. However, every 8th key bit is ignored in the DES algorithm, so
that the effective key size is 46 bits. But in case, 64 bits (64
hexadecimal digits) is the round number upon which DES is
organized.
1.3.2 ADVANCED ENCRYPTION STANDARDS:
Advanced Encryption Standard was adopted by NIST in 2001 as
FIPS-197, and replaced DES which was withdrawn in 2005. AES can
support any combination of data (128 bits) and key length of 128, 192
and 256 bits, depending upon the key length. During encryption and
decryption process, AES system goes through 10 rounds for 128-bit
keys, 12 rounds for 192- bit keys and 14 rounds for 256-bit keys in
order to deliver final cipher text or to retrieve the original plaintext.

KITS DEPT.OF.ECE Page 4

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

AES allows a 128-bit data length that can be divided into four basic
operational blocks. These blocks are treated as array of bytes and
organized as a matrix of the order of 4 * 4 that is called the state. For
both encryption and decryption, the cipher begins with an Add Round
Key stage. However, before reaching the final round, this output goes
through nine main rounds, during each of those rounds four
transformations are performed; 1) Sub-Types 2) Shift-Rows 3) Mix-
Columns 4) Add Round Key. In the final round, there is no Mix-
Column transformation. Decryption is the reverse process of
encryption and using inverse functions: Inverse Substitute Bytes,
Inverse Shift Rows and Inverse Mix Columns. Different versions of
AES algorithm exist today (AES128, AES196, and AES256) depending
on the size of the encryption key.
1.3.3 RIVEST – SHAMIR-ADLEMAN:
Ron Rivest, Adi Shamir, and Leonard Adleman of Massachusetts
design RSA in 1978. It is one of the best-known public key
cryptosystems for key exchange or digital signature or encryption of
blocks of data. RSA uses a variable size encryption block and a
variable size key. It is an asymmetric (public key) cryptosystem on
number theory, which is a block cipher system. It uses two prime
numbers to generate the public and private keys. These two different
keys are used for encryption and decryption purpose. Sender encrypts
the message using receiver public key and when the message is
received by the receiver, than receiver can decrypt it using his own
private key. RSA operations can be decomposed into three broad
steps: key generation, encryption and decryption. RSA have many
flaws in its design therefore not preferred for the commercial use.
When the value of p and q is small for designing key then the
encryption process becomes too weak and one can be able to decrypt
the data by using random probability theory and side channel attacks.
where p & q are prime numbers. Padding techniques are required to
increases the systems overheads by taking more processing time.

KITS DEPT.OF.ECE Page 5

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

1.4 COMPARATIVE STUDY OF SECURITY ALGORITHMS:

Factors RSA DES AES

Created by Ron Rivest, Adi IBM in 1975 Vincent Rijmen,

Shamir and Joan Daemen in
Leonard Adleman 2001.
in 1978.

Key Length Depends on the 56 bits 128, 192 or 256

number of bits in bits.
the modulus n
where n= p*q

Rounds 1 16 10-128 bit key,

12-192 bit key,
14- 256 bit key

Block size Variable 64 bits 128 bits

Cipher type Asymmetric Symmetric Block Symmetric Block

Block Cipher cipher Cipher

Speed Slowest Slow Fast

Security Least Secure Not secure Excellent

enough Security

Table 1.1 Comparison between different security algorithms

KITS DEPT.OF.ECE Page 6

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

CHAPTER 2
LITERATURE SURVEY

KITS DEPT.OF.ECE Page 7

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

2.1 HISTORY OF AES:

NIST (National Institute of Standards and Technology) created
AES in 1997. It was created to take the place of DES, which was slow
and open to many attacks. In order to fix DES's flaws, a new
encryption algorithm was developed. AES was subsequently released
on November 26, 2001. In their article "Design of Modified AES
Algorithm for Data Security,"
B. Nageswara Rao (2017) said that increasing the number of
rounds (cycles) from 10 to 16 makes the algorithm (AES) more secure.
As the number of cycles rises, more processing power will be needed,
making it more challenging for hackers to break into the system. The
key is created using the polybius square approach.
In their 2017 paper titled "AES Algorithm to Encrypt and
Decrypt Data," Ako Muhammad Abdullah implemented 10 rounds of
AES encryption using keys that were 128 bits, 192 bits, and 256 bits
in block cipher. His research leads to the conclusion that AES has
greater security than competing algorithms like DES and 3DES.
N Sivasankari (2017) report that both encryption and decryption
have been actualized into a single chip (FPGA-XC5VLX50T), and that
they perform with minimal resource utilization and a high throughput
of 38.65Gbps in their paper "Implementation of Area Efficient 128-bit
Based AES Algorithm in FPGA."
Talari Bhanu Teja (2017) implemented both RSA and AES
technique are blended for encryption handle using USB device to
upload and download data in their paper "Encryption and Decryption
-Data Security for Cloud Computing -Using AES Algorithm." File
uploading and downloads are archived securely. The system's
advantage is that it gives cloud storage frameworks where security is
concerned a spine structure is elevated. The proposed system's
limitation is that it only operates on text files, not other types of data
like images. File uploading and downloads are archived securely. The
system's advantage is that it gives cloud storage frameworks a spine

KITS DEPT.OF.ECE Page 8

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

structure to boost security. The flaw is that the proposed system only
works with text files and not other types of data, such as image,
audio, and video.
Because sensitive data is frequently transmitted and stored in
today's digital technologies, encryption is widely used. The popular
encryption algorithm used to secure data is AES, which is the
industry standard. The problem of balancing area, power, and speed
is difficult when designing VLSI systems, and hardware encryption is
no exception. Certain performance factors are brought to the fore by
system needs, but it is not always clear how to modify design
implementations to satisfy performance requirements. There was a
dearth of a single comparison analysis despite the fact that numerous
resources in this field of study recognized and analysed interesting
AES algorithm elements and their effects on a few of the design trade
spaces. The six AES elements that are addressed in this work are key
size, mode specificity, round key storage, round unravelling, SBOX
implementation, and pipelining. By looking at a compressed image of
the resulting designs, readers may quickly analyse how each of the six
aspects influences speed, power, area, latency, and throughput.
2.2 DESIGN OF LOW POWER, HIGH SECURE AND EFFIC-
-IENT FSR BASED LBIST CRYPTOGRAPHIC SYSTEMS:
The main motive of our project is to design a crypto device with low
complexity and high security by using Advanced AES Algorithm using
LBIST concept and bit swapping LFSR. To accomplish high security
for a system we are using the crypto devices technique in our project.
Extra cost in terms of area is very low compared to other techniques,
because only one AES core will be originally embedded in the system.
This reduces the reduction of test cost will lead to the reduction of
overall production cost & 100% security of data.
Now a day’s most of the users are using wireless communication
for fast sending and receiving the mails in less time and in less cost.

KITS DEPT.OF.ECE Page 9

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

The main issue in this way of communication is information

hacking. When this way of communication is going on, the
unauthorized people will hack the information within that frequency.
After hacking the information the hacker can know about what we are
discussing. This leads to leakage of information to protect that from
the hacker we are using Advanced AES algorithm. So in this project
we are developing a low power, high security level applications.
2.3 DESIGN OF LOW TRANSITION PSEUDO-RANDOM
PATTERN GENERATOR FOR BIST APPLICATIONS:
Built in self-testing (BIST) is most attractive technique to test
different kind of circuits. In BIST, test patterns are generated by
different techniques of test pattern generation and applied to the
circuit under test (CUT). In pseudo-random BIST architecture, test
patterns are generated by Linear Feedback Shift Register (LFSR). Due
to high Switching in pattern generation by conventional LFSR, power
dissipation is high in conventional LFSR. Power is an important
constraint in VLSI (Very Large Scale Integration) testing. This new
technique represent low transition pattern pseudorandom generator
(LT-PRG) for Test-per Clock and Test-per-Scan BIST applications.

KITS DEPT.OF.ECE Page 10

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

CHAPTER 3
ADVANCED ENCRYPTION STANDARD (AES)

KITS DEPT.OF.ECE Page 11

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

3.1 OVERVIEW OF AES:

On October, 2, 2000, The National Institute of Standards and
Technology (NIST) announced Rijndael as the new Advanced
Encryption Standard (AES). Rijndael is a family of ciphers with
different key and block sizes. For AES, NIST selected three members of
the Rijndael family, each with a block size of 128 bits, but three
different key lengths: 128, 192 and 256 bits. In the United States,
AES was announced by the NIST as U.S. FIPS PUB 197 (FIPS 197) on
November 26, 2001. AES became effective as a federal government
standard on May 26, 2002 after approval by the Secretary of
Commerce. AES is included in the ISO/IEC 18033-3 standard. The
AES is a 128 bit Symmetric block Cipher. This thesis includes the
complete step by step implementation of Advanced Encryption
Technique, i.e. encrypting and decrypting 128 bit data using the AES
and it’s modification for enhanced reliability and security. The
encryption process consists of the combination of various classical
techniques such as substitution, rearrangement and transformation
encoding techniques. The encryption and decryption modules include
the Key Expansion module which generates Key for all iterations.
3.2 CIPHER TRANSFORMATIONS:
The AES cipher either operates on individual bytes of the State
or an entire row/column. At the start of the cipher, the input is copied
into the State. Then, an initial Round Key addition is performed on the
State. Round keys are derived from the cipher key using the Key
Expansion routine. The key expansion routine generates a series of
round keys for each round of transformations that are performed on
the State. The transformations performed on the state are similar
among all AES versions but the number of transformation rounds
depends on the cipher key length. The final round in all AES versions
differs slightly from the first Nr-1 rounds as it has one less
transformation performed on the State. Each round of AES cipher
(except the last one) consists of all the following transformation:

KITS DEPT.OF.ECE Page 12

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

 SubBytes( )
 ShiftRows( )
 MixColumns( )
 AddRoundKey ( )
3.2.1 SUB-BYTE TRANSFORMATION:
The SubBytes is a byte substitution operation performed on
individual bytes of the State using a substitution table as shown in
below fig called S-box.

State Array S-box State Array

s0,0 s0,1 s0,2 s0,3 s’0,0 s’0,1 s’0,2 s’0,3

s1,0 ss1,1 s1,2 s1,3 s’1,0 ss’1,1
’
1,1
s’1,2 s’1,3
1,1
s2,0 s2,1 s2,2 s2,3 s’2,0 s’2,1 s’2,2 s’2,3
s3,0 s3,1 s3,2 s3,3 s’3,0 s’3,1 s’3,2 s’3,3

Figure 3.1 – Sub-Bytes Transformation

The invertible S-box table is constructed by performing the following

transformation on each byte of the State.
 Take the multiplicative inverse in the finite field GF(28) of the
byte.
 Apply the following transformation to the byte:
bi'  bi  b(i 4) mod 8  b(i 5) mod 8  b(i 6) mod 8  b(i 7) mod 8  ci

The bi is the ith bit of the byte and ci is the ith bit of a constant byte
with the value of {63}. The combination of the two transformations
can be expressed in matrix form as shown below:

b0'  1 0 0 0 1 1 1 1  b0  1 
 ' 1 b 
b
 1  1 0 0 0 1 1 1 1 
1 
 
b2'  1 1 1 0 0 0 1 1  b2  0 
 '     
 3   1
b 1 1 1 0 0 0 1  b3  0
 
b '  1 1 1 1 1 0 0 
0 b4   0
 4'      
b5  0 1 1 1 1 1 0 0 b5  1 
b '  0 0 1 1 1 1 1 
0 b6  1 
 6     

b7 
'
 
0 0 0 1 1 1 1 1b7 
 
0 

KITS DEPT.OF.ECE Page 13

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

The S-box table shown below, is constructed by performing the

two transformations described earlier for all possible values of a byte,
ranging from {00} to {ff}. For example the substitution value for {53}
would be determined by the intersection of the row with index ‘5’ and
the column with index ‘3’.

0 1 2 3 4 5 6 7 8 9 a b c d e f

0 63 7c 77 7b f2 6b 6f c5 30 01 67 2b fe d7 ab 76

1 ca 82 c9 7d fa 59 47 f0 ad d4 a2 af 9c a4 72 c0

2 b7 fd 93 26 36 3f f7 Cc 34 a5 e5 f1 71 d8 31 15

3 04 c7 23 c3 18 96 05 9a 07 12 80 e2 eb 27 b2 75

4 09 83 2c 1a 1b 6e 5a a0 52 3b d6 b3 29 e3 2f 84

5 53 d1 00 Ed 20 fc b1 5b 6a cb be 39 4a 4c 58 cf

6 d0 ef aa Fb 43 4d 33 85 45 f9 02 7f 50 3c 9f a8

7 51 a3 40 8f 92 9d 38 f5 bc b6 da 21 10 ff f3 d2
X
8 cd 0c 13 Ec 5f 97 44 17 c4 a7 7e 3d 64 5d 19 73

9 60 81 4f Dc 22 2a 90 88 46 ee b8 14 de 5e 0b db

A e0 32 3a 0a 49 06 24 5c c2 d3 ac 62 91 95 e4 79

B e7 c8 37 6d 8d d5 4e a9 6c 56 f4 ea 65 7a ae 08

C ba 78 25 2e 1c a6 b4 c6 e8 dd 74 1f 4b bd 8b 8a

D 70 3e b5 66 48 03 f6 0e 61 35 57 b9 86 c1 1d 9e

E e1 f8 98 11 69 d9 8e 94 9b 1e 87 e9 ce 55 28 df

F 8c a1 89 0d bf e6 42 68 41 99 2d 0f b0 54 bb 16

Table 3.1 AES S-box

KITS DEPT.OF.ECE Page 14

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

3.2.2 SHIFT ROW TRANSFORMATION:

The ShiftRows transformation cyclically shifts the last three
rows of the state by different offsets. The first row is left unchanged in
this transformation. Each byte of the second row is shifted one
position to the left. The third and fourth rows are shifted left by two
and three positions, respectively. The ShiftRows transformation is
illustrated in below Figure.

ShiftRows

State Array State Array

s0,0 s0,1 s0,2 s0,3 s0,0 s0,1 s0,2 s0,3

s1,0 s1,1 s1,2 s1,3 s1,1 s1,2 s1,3 s1,0
s2,0 s2,1 s2,2 s2,3 s2,2 s2,3 s2,0 s2,1
s3,0 s3,1 s3,2 s3,3 s3,3 s3,0 s3,1 s3,2

Figure 3.2: Shift-Rows Transformation

3.2.3 MIX COLUMN TRANSFORMATION:

This transformation operates on the columns of the State,
treating each columns as a four term polynomial the finite field GF(28).
Each columns is multiplied with modulo x4+1 with a fixed four-term
polynomial a(x) = {03}x3 + {01}x2 + {01}x + {02} over the GF(28). The Mix
Columns transformation can be expressed as a matrix multiplication
as shown below:
 s 0' ,c  02 03 01 01  s 0,c 
 '    
 s1,c    01 02 03 01  s 0,c 
 s 2' ,c   01 01 02 03  s 0,c 
 '    
 s3,c  03 01 01 02  s 0,c 

The MixColumns transformation replaces the four bytes of the

processed column with the following values:
s0' ,c  ({02}  s0,c )  ({03}  s1,c )  s2,c  s3,c

s1' ,c  s0,c  ({02}  s1,c )  ({03}  s2,c )  s3,c

KITS DEPT.OF.ECE Page 15

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

s0' ,c  s0,c  s1,c  ({02}  s2,c )  ({03}  s3,c )

s1' ,c  ({03}  s0,c  s1,c )  s2,c  ({02}  s3,c )

The “  ” corresponds to the multiplication of polynomials in

GF(28) modulo an irreducible polynomial of degree 8. A polynomial is
irreducible if its only divisors are one and itself. For the AES algorithm
the irreducible polynomial is:
m(x) = x8 + x 4 + x3 + x +1.[1]
The MixColumns transformation is illustrated in below Figure.

MixColumns

S0,1 S’0,1
s0,0 s0,1 s0,2 s0,3 s0,0 s0,1
’
s0,2 s0,3
S 1,1
s1,0 Ss1,1
1,1
s1,2 s1,3 s1,1 s1,2 s1,3 s1,0
’
s2,0 Ss 2,1 s2,2 s2,3 s2,2 Ss2,3
2,1 s2,0 s2,1

s3,0 Ss3,1 s3,2 s3,3 ’

s3,3 Ss3,0
3,1 3,1 s3,1 s3,2

State Array State Array

Figure 3.3 – Mix-Column Transformation

3.2.4 ADD ROUND KEY TRANSFORMATION:

In this operation, a Round Key is applied to the state by a
simple bitwise XOR. For each round, a subkey is derived from the
main key using Rijndael's key schedule; each subkey is the same size
as the state.The Round key is derived from the Cipher Key by the
means of the key schedule. The Round Key length is equal to the
block key length (=16 bytes).
s '
0, c   
, s1' ,c , s2' ,c , s3' ,c  s0,c , s1,c , s2,c , s3,c  wround*Nb c  for 0  c  N b

KITS DEPT.OF.ECE Page 16

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

Key Length= 16 bytes

|a[0,0]||a[0,1]||a[0,2]||a[0,3]| |a[0,0]||a[0,1]||a[0,2]||a[0,3]| |a[0,0]||a[0,1]||a[0,2]||a[0,3]|

|a[0,0]||a[0,1]||a[0,2]||a[0,3]| XOR |a[0,0]||a[0,1]||a[0,2]||a[0,3]| = |a[0,0]||a[0,1]||a[0,2]||a[0,3]|

|a[0,0]||a[0,1]||a[0,2]||a[0,3]| |a[0,0]||a[0,1]||a[0,2]||a[0,3]| |a[0,0]||a[0,1]||a[0,2]||a[0,3]|

|a[0,0]||a[0,1]||a[0,2]||a[0,3]| |a[0,0]||a[0,1]||a[0,2]||a[0,3]| |a[0,0]||a[0,1]||a[0,2]||a[0,3]|

A graphical representation of this operation can be seen below:

Fig 3.4: Add Round Key Operation

3.3 AES KEY EXPANSION:
First, let me show you the key Expansion function as you can
find it in the Rijndael documentation (there are 2 versions, one for key
size 128, 192 and one for key size 256):
Key Expansion (byte Key[4*Nk] word W [Nb*(Nr+1)])
{
For (i = 0; i< Nk; i++)
W[i] = (Key [4*i],Key[4*i+1],Key [4*i+2], Key[4*i+3]);
For (i = Nk; i < Nb * (Nr + 1); i++)
{
Temp = W [i - 1];
If (i % Nk == 0)
Temp = Sub Byte(Rot Byte(temp)) ^ RCON[i / Nk];
W[i] = W [i - Nk] ^ temp;

KITS DEPT.OF.ECE Page 17

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

}
}
Nk is the number of columns in the cipher key (128-bit -> 4, 192-bit -
> 5, 256-bit ->6), W is of type "word", which is 4-bytes.
Let me try to explain this in an easier understandable way:
The first n bytes of the expanded key are simply the cipher key (n =
the size of the encryption key). The RCON value i is set to 1 until we
have enough bytes of expanded key, we do the following to generate n
more bytes of expanded key (please note once again that "n" is used
here, this varies depending on the key size)
1. We do the following to generate four bytes
 We use a temporary 4-byte word called t.
 We assign the previous 4 bytes to t.
 We perform the key schedule core on t, with i as RCON
value.
 We increment i
 We XOR t with the 4-byte word n bytes before in the
expanded Key (where n is once either either 16,24 or 32
bytes).
2. we do the following x times to generate the next x*4 bytes of the
expanded Key (x = 3 for n=16,32 and x = 5 for n=24)
 We assign the previous 4-byte word to t.
 We XOR t with the 4-byte word n bytes before in the
expanded Key (where n is once either either 16,24 or 32
bytes)
3. If n = 32 (and ONLY then), we do the following to generate 4
more bytes
 We assign the previous 4-byte word to t.
 We run each of the four bytes in t through Rijndael's S-
box.
 We XOR ‘t’ with the 4-byte word 32 bytes before in the
expanded Key

KITS DEPT.OF.ECE Page 18

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

4. If n = 32 (and ONLY then), we do the following three times to

generate twelve more bytes
 We assign the previous 4-byte word to t.
 we XOR t with the 4-byte word 32 bytes before in the
expanded Key
 We now have our expanded Key
Another form of representation:
 The part in red is only for cipher key size = 32
 For n=16, we generate: 4 + 3*4 bytes = 16 bytes per iteration.
 For n=24, we generate: 4 + 5*4 bytes = 24 bytes per iteration.
 For n=32, we generate: 4 + 3*4 + 4 + 3*4 = 32 bytes per iteration
3.3.1 IMPLEMENTATION:
Our key expansion function basically needs only two things:
 The input cipher key
 The output expanded key
Since in C, it is not possible to know the size of an array passed as
pointer to a function, we'll add the cipher key size (of type "enum key
Size") and the expanded key size (of type size) to the parameter list of
our function. The prototype looks like the following:

Void expand Key (unsigned char *expanded Key, unsigned char *key,
enum key Size, size_t expandedKeySize);

Structure of the Code:

While (expanded_key_size < required_key_size)
{
if (expanded_key_size%key_size == 0)
key_schedule_core (word);
Some operation ();
}
The below code would expand a given cipher key, this code uses
several constants that will be generated automatically once we
implement the body of the AES encryption.

KITS DEPT.OF.ECE Page 19

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

/* the expanded key Size */

int expandedKeySize = 176;
/* the expanded key */
Unsigned char expanded Key [expandedKeySize];
/* the cipher key */
Unsigned char key[16] = {0};
/* the cipher key size */
enum key Size size = SIZE_16;
int i;
Expand Key(expanded Key, key, size, expandedKeySize);
Printf ("Expanded Key:n");
For (i = 0; i < expandedKeySize; i++)
{
Printf("%2.2x%c", expanded Key[i], (i%16)? 'n' : ' ');
}

KITS DEPT.OF.ECE Page 20

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

CHAPTER 4
DESIGN AND IMPLEMENTATION OF EXISTING
METHOD

KITS DEPT.OF.ECE Page 21

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

4.1 DESIGN HIERARCHY:

The proposed AES128 hardware model is a 3-level hierarchical design
as shown in below Figure. The root module in the hierarchy is the
AES128_cipher_top. It has two 128-bit inputs for receiving the cipher
key and the plaintext. There is also a single bit input signal, ‘Ld’,
which is used to indicate the availability of a new set of plaintext or
cipher key on the input ports. The completion of the encryption
process is indicated by asserting the ‘done’ single bit output.

AES128_Cipher_Top ciphertext
plaintext
128 b 128 b
cipherkey
128 b

ld
rst done
AES128_Rcon
clk

AES128_Key_Expand

Figure 4.1 – Design Hierarchy

A unique feature of the proposed design is that the
AES128_Key_Expand module is pipelined with the AES128_cipher_top
module. While the AES128_cipher_top module is performing an
iteration of the encryption transformations on the State using the
previously generated round keys, the AES128_Key_Expand produces
the next round’s set of keys to be used by the root module in the next
encryption iteration.
4.2 OPERATION OF AES:
AES is an iterative rather than Feistel cipher. It is based on
‘substitution–permutation network’. It comprises of a series of linked
operations, some of which involve replacing inputs by specific
outputs (substitutions) and others involve shuffling bits around
(permutations).Interestingly, AES performs all its computations on

KITS DEPT.OF.ECE Page 22

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

bytes rather than bits. Hence, AES treats the 128 bits of a plaintext
block as 16 bytes. These 16 bytes are arranged in four columns and
four rows for processing as a matrix.
Unlike DES, the number of rounds in AES is variable and
depends on the length of the key. AES uses 10 rounds for 128-bit
keys, 12 rounds for 192-bit keys and 14 rounds for 256-bit keys.
Each of these rounds uses a different 128-bit round key, which is
calculated from the original AES key.
The schematic of AES structure is given in the following illustration −

Fig 4.2 : Schematic of AES

One of the operations of the crypto-algorithm is a substitution
function that is implemented by S-boxes. S-boxes represent the
largest part of the crypto-cores. Their inputs are independently fed by
a subpart of the round inputs. We can therefore assume that they are
fed by a random source, receiving a pattern every clock cycle. S-box
needs k deterministic patterns to be fully tested and it receives one
random pattern every clock cycle. Other parts of the round module
(mainly wires and XOR operations) receive one pattern every clock
cycle as well. Since the other parts have lower complexity than the S-

KITS DEPT.OF.ECE Page 23

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

boxes, it can be expected that they will be fully tested by the time the
S-boxes received a sufficient number of test patterns.
4.3 DESIGN OF ENCRYPTION AND DECRYPTION:
Totally, 10 blocks are used for encryption and decryption
purpose. Each round performs same operations with different variable
constants. In order to perform these operations, a separate key is
needed. All 10 blocks operations together form encryption/decryption
operations. Concerning round key generation, either the keys are pre-
computed and stored in the circuit or the key generation module
calculates the sequence of keys, and the tenth round key is used as
the primary key for the next round key generation.

Fig 4.3: Encryption & Decryption block diagram

4.3.1 AES ENCRYPTION PROCESS:
Each Encryption round comprise of four sub-processes. The
first round process is depicted below −

KITS DEPT.OF.ECE Page 24

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

Fig 4.4 : Encryption Process

 Byte Substitution (Sub-Bytes):

The 16 input bytes are substituted by looking up a fixed table
(S-box) given in design. The result is in a matrix of four rows and four
columns.
 Shift Rows:
Each of the four rows of the matrix is shifted to the left. Any
entries that ‘fall off’ are re-inserted on the right side of row. Shift is
carried out as follows −
 First row is not shifted.
 Second row is shifted one (byte) position to the left.
 Third row is shifted two positions to the left.
 Fourth row is shifted three positions to the left.
 The result is a new matrix consisting of the same 16 bytes
but shifted with respect to each other.
 Mix Columns:
Each column of four bytes is now transformed using a special
mathematical function. This function takes as input the four bytes of
one column and outputs four completely new bytes, which replace
the original column. The result is another new matrix consisting of

KITS DEPT.OF.ECE Page 25

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

16 new bytes. It should be noted that this step is not performed in

the last round.
 Add Round key:
The 16 bytes of the matrix are now considered as 128 bits and are
XOR to the 128 bits of the round key. If this is the last round then the
output is the cipher-text. Otherwise, the resulting 128 bits are
interpreted as 16 bytes and we begin another similar round.
4.3.2 DECRYPTION PROCESS:
The decryption process of an AES cipher-text is similar to the
encryption process but in the reverse order. Each round consists of
the four processes conducted in the reverse order –
 Add round key
 Mix columns
 Shift rows
 Byte substitution
Since sub-processes in each round are in reverse manner, the
encryption and decryption algorithms needs to be separately
implemented, although they are very closely related.
4.4 AES Round Key Generation:
The round keys used by the AES128_Cipher_Top module are
generated based on the state diagram shown in below Figure. The
AES128_Key_Expand and the AES128_RCon modules are responsible
for generating the round keys. These two modules operate based on
the state diagram shown in below Figure, which is slightly different
than the one used for the encryption process.
In the state diagram shown above, the ‘Ld’ signal is checked in
the ‘r0’ state and if asserted, then the cipher key is provided to the
AES128_Cipher_Top module to be used for the initial AddRoundKey
transformation.

KITS DEPT.OF.ECE Page 26

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

↑clk ↑clk
r2

Ld ↑clk
r1 r3

↑clk
r0 !Ld r4
rst

!rst Reset r5
↑clk

↑clk
r10 r6

↑clk ↑clk
States Outputs ·
r9 r7
--------------- ---------------------------------
R0 … R10 w0 = roundkey(Round*i)
w1 = roundkey(Round*i+1) r8
w2 = roundkey(Round*i+2) ↑clk ↑clk
w3 = roundkey(Round*i+3)

Figure 4.5 – AES128_Key_Expand Module State Diagram

The AES128_Key_Expand module generates four 32-bit keys for
each round of the encryption process, by using the cipher key. Below
Figure shows the block diagram of the AES128_Key_Expand module.
The cipher key is passed to this module through a 128-bit input port,
and the round keys are generated on the four output ports.

32 b w0
cipherkey
128 b

32 b w1
ld AES128_Key_Expand

rst 32 b w2
clk

32 b w3

Figure 4.6 – AES128_Key_Expand Module

There is a 32-bit round constant value, which is used by the key
expansion algorithm to generate the round keys. This value varies for
each encryption round and for Nr=1 to Nr=10 is given by [{02}i-
1,{00},{00},{00}]. The AES128_RCcon module is used to generate this

KITS DEPT.OF.ECE Page 27

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

value as shown in below figure. The AES128_RCon module also

operates based on the state diagram shown in above.

ld

AES128_RCon 32 b rcon

rst
clk

Figure 4.7 – AES128_Rcon Module

4.4.1 BLOCK DIAGRAM FOR KEY GENERATION:-
Key generation is the process of generating keys for
cryptography. A key is used to encrypt and decrypt whatever data is
being encrypted / decrypted. A sender encrypts data with the public
key, only the holder of the private key can decrypt this data.

Key Generation Block for One Round same process for

10 rounds

Word Rotation

Substitution Box Previous

RCON Value
key output

XOR with RCON value

XOR with previous

block key

Output for 1st round

Fig 4.8: Key Generation Diagram

KITS DEPT.OF.ECE Page 28

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

4.4.2 IMPLEMENTATION OF KEY SCHEDULE:-

We will start the implementation of AES with the Cipher Key
expansion. We prefer to implement the helper functions such as
rotate, RCON or S-Box first.
 Implementation: S-Box:-
The S-Box values can either be calculated on-the-fly to save
memory or the pre-calculated values can be stored in an array. Since I
assume that every machine my code runs on will have at least 2x
256bytes (there are 2 S-Boxes, one for the encryption and one for the
decryption) we will store the values in an array.
 Implementation: Rotate:-
From the theoretical part, you should know already that Rotate takes
a word (a 4-byte array) and rotates it 8 bit to the left. Since 8 bit
correspond to one byte and our array type is character (whose size is
one byte), rotating 8 bit to the left corresponds to shifting cyclically
the array values one to the left.
 Here's the code for the rotate function:
/ * Rijndael's key schedule rotate operation

* rotate the word eight bits to the left

*
* rotate (1d2c3a4f) = 2c3a4f1d
*
* Word is a char array of size 4 (32 bit)
*/
Void rotate (unsigned char *word)
{
Unsigned char c;
int i;
c = word [0];
For (i = 0; i < 3; i++)
Word[i] = word [i+1];
Word [3] = c;

KITS DEPT.OF.ECE Page 29

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

}
 Implementation: RCON:-
Same as with the S-Box, the RCON values can be calculated on-
the-fly but once again I decide to store them in an array since they
only require 255 bytes of space.
 Here's the code for RCON:
Void core (unsigned char *word, int iteration)
{
int i;
/* rotate the 32-bit word 8 bits to the left */
Rotate (word);
/* apply S-Box substitution on all 4 parts of the 32-bit word */
For (i = 0; i < 4; ++i)
{
Word[i] = getSBoxValue (word[i]);
}
/* XOR the output of the rcon operation with i to the first part
(leftmost) only */
Word [0] = word [0] ^getRconValue (iteration);
}

4.5 AES PIPELINED DESIGN:

Fig 4.9: Pipelined Design

KITS DEPT.OF.ECE Page 30

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

Each AES encryption round ‘n’ (white cells) is pipelined with the
key generation for round ‘n+1’ (gray cells). The most important
advantage of the pipelined design is the lower delay for each
encryption iteration, since the round keys for each encryption
iteration is present at the beginning of the iteration cycle. The lower
delay in each encryption iteration means faster completion of each
round of encryption. This reduces the overall encryption delay and
allows the design to operate at higher clock frequencies. The higher
clock frequency will increase the message encryption rate
(throughput) making this design suitable for time critical encryption
applications.
In 1 Stage Pipelining we place a register one immediately after
Shift row operation, in each round i.e., all 10 rounds. So when
executed shift row and Mix column performs parallel which reduces
time of execution. Similarly in 2 Stage Pipelining place two registers
one after Sub byte operation, and the last one after Mix column data
output. In 3 Stage Pipelining place three registers one after sub byte,
one after shift row, and last one after mix-column. This executes all
the phases at the same time which gives best delay when compared to
all the three pipelining. The same repeats for Decryption of all stages.

KITS DEPT.OF.ECE Page 31

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

CHAPTER 5
DESIGN AND IMPLEMENTATION OF PROPOSED
METHOD

KITS DEPT.OF.ECE Page 32

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

5.1 AES ANALYSIS:

In present day cryptography, AES is widely adopted and
supported in both hardware and software. Till date, no practical
cryptanalytic attacks against AES has been discovered. Additionally,
AES has built-in flexibility of key length, which allows a degree of
‘future-proofing’ against progress in the ability to perform exhaustive
key searches. However, just as for DES, the AES security is assured
only if it is correctly implemented and good key management is
employed. In this chapter, we will discuss the different modes of
operation of a block cipher. These are procedural rules for a generic
block cipher. Interestingly, the different modes result in different
properties being achieved which add to the security of the underlying
block cipher. A block cipher processes the data blocks of fixed size.
Usually, the size of a message is larger than the block size. Hence,
the long message is divided into a series of sequential message
blocks, and the cipher operates on these blocks one at a time.
5.2 AES ALGORITHM:
AES is an iterated block cipher with a fixed block size of 128 and a
variable key length. The different transformations operate on the
intermediate results, called state. The state is a rectangular array of
bytes and since the block size is 128 bits, which is 16 bytes, the
rectangular array is of dimensions 4x4. The cipher key is similarly
pictured as a rectangular array with four rows.

A State: A Key:

|a[0,0]||a[0,1]||a[0,2]||a[0,3]| |k[0,0]||k[0,1]||k[0,2]||k[0,3]|

|a[1,0]||a[1,1]||a[1,2]||a[1,3]| |k[1,0]||k[1,1]||k[1,2]||k[1,3]|

|a[2,0]||a[2,1]||a[2,2]||a[2,3]| |k[2,0]||k[2,1]||k[2,2]||k[2,3]|

|a[3,0]||a[3,1]||a[3,2]||a[3,3]| |k[3,0]||k[3,1]||k[3,2]||k[3,3]|

KITS DEPT.OF.ECE Page 33

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

It is very important to know that the cipher input bytes are

mapped onto the state bytes in the order a0,0, a1,0, a2,0, a3,0, a0,1,
a1,1, a2,1, a3,1 ... and the bytes of the cipher key are mapped onto
the array in the order k0,0, k1,0, k2,0, k3,0, k0,1, k1,1, k2,1, k3,1 ...
At the end of the cipher operation, the cipher output is extracted from
the state by taking the state bytes in the same order. AES uses a
variable number of rounds, which are fixed: A key of size 128 has 10
rounds. A key of size 192 has 12 rounds. A key of size 256 has 14
rounds.
During each round, the following operations are applied on the state:
1. Sub Bytes: Every byte in the state is replaced by another one.
2. Shift Row: Every row in the 4x4 array is shifted a certain
amount to the left.
3. Mix Column: A linear transformation on the columns of the
state.
4. AddRoundKey: Each byte of the state is combined with a round
key, which is a different key for each round.
In the final round, the Mix Column operation is omitted. The
algorithm looks like the following (pseudo-C):
AES (state, Cipher Key)
{Key Expansion (Cipher Key, Expanded Key);
AddRoundKey (state, Expanded Key);
For (i = 1; i < Nr; i++)
{
Round (state, Expanded Key + Nb*i);
}
Final Round (state, Expanded Key + Nb * Nr);
}

5.3 PROPOSED METHOD:

The below figure represents, our proposed AES architecture:

KITS DEPT.OF.ECE Page 34

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

Fig 5.1: Proposed Method

To reduce area and power consumption in the data path, we
minimized the number of flip-flops and control logics in the data path
by using shift registers with a special organization. Shift registers help
simplify loading data and loading key steps. The 32-b of both plaintext
and key are loaded at the same time into the state register and the key
register by using shift operations. By minimizing the number of flip-
flops, we also reduced the number of clock buffers and the power
consumption of the clock tree because clock buffers in the clock tree
consume a large amount of power.
5.3.1 STATE REGISTER:
A further optimization is to select S-boxes with minimal power
dissipation. Below fig shows the organization of our proposed state
register. The state register is organized so that after loading the input
data and the input key, the encryption is done by shifting the data 32
b in each clock cycle. The state register consists of sixteen 8-b
registers (forming a “state matrix”) which are further divided into four
4-stage shift registers.

KITS DEPT.OF.ECE Page 35

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

Fig 5.2: State Register

AES standard specifies that Shift-Row is a permutation
operation on the rows of the state matrix, while Mix Colum is an
operation on the columns. However, in our design, based on Shift-Row
specification, we completely eliminated Shift-Rows by selecting the
diagonal of the state matrix. The output of the state register after each
shift operation is one column of the state matrix after Shift-Row. This
reduces the control logics for the state register, and completely
removes the logic for Shift-Row steps.
In our data path, in contrast with 8-b architectures, Mix-Colum
is designed as pure combinational logics to reduce the number of flip-
flops. Consequently, we saved a 32-b register because we need to
store only 3 × 4-B temporary data from the encryption path in the
output register, while the last 32-b data are written back directly into
the state register. The output register is a simple 4 × 3-stage shift
register to save area and power.
In between the state register and the output register, there are
four S-boxes followed by the Mix-Colums to enable processing 4 B in
each clock cycle. The temporary results are stored in the output
register. When the encryption finished, the results are written out
from the output register.
In the 128-b key configuration, AES encryption module needs
ten rounds, which leads to 40 cycles to finish the encryption for a
128-b block of data. The total number of cycles to encrypt a block in
our architecture is 44 cycles. For other key configurations, our

KITS DEPT.OF.ECE Page 36

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

architecture needs 52 and 60 cycles to encrypt a data block for 192-

and 256-b key modes, respectively. Clock gating technique is applied
on the state register and the output register separately to save the
dynamic power consumption.
For example, in data loading state, the clock to the output
register is disabled to save power because there are no valid data to
the output register. Furthermore, when in the inactive state, the
output of these registers is not changed, which means that there is no
activity in the encryption path. The power estimation results show
that even in the highest throughput mode (44 cycles/encryption for
128-b key mode) the applied clock gating technique can save more
than 13% of power. Certainly, with smaller throughput the clock
gating technique can even save much more power consumption.
5.3.2 SUBSTITUTION BOX:

Fig 5.3: Operation in S-Box

KITS DEPT.OF.ECE Page 37

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

The S-box has a big impact on area and power consumption of

the AES design. In our architecture, we chose S-box implementation
for the lowest power consumption. S-boxes may occupy up to 60% of
the total cell area, while they consume about 10%–20% of the total
power consumption.
The smallest implementation of S-boxes until now is from
Canright. Canright S-box demonstrates optimized area (292 gates/S-
box) but needs more power/energy consumption because it creates
more activities especially in architectures with eight S-boxes. The
most popular and straightforward S-box implementation is the LUT-
based S-box. LUT-based S-box is bigger in terms of area (434 gates/S-
box) but smaller in power/energy consumption than Canright S-box.
The most efficient S-box in terms of power consumption is
DSE S-box, however, it occupies a larger area. DSE S-box can be
further optimized for power consumption using the structure
proposed and described in above Fig. The idea is to use an onehot
decoder to convert S-box inputs into onehot representation. The
nonlinear operations are done by using wire permutation as in
lightweight cryptography algorithms. After that, the S-box output in
onehot encoding is converted back into the original field. DSE S-Box
can reduce the power consumption because it minimizes the activity
inside the S-box circuit.
5.4 OVERALL CIRCUIT DIAGRAM:-
Below main block diagram shows the overall architecture of LBIST
with AES. Starting block linear feedback shift register is used for Test
pattern Generator. In computing, a linear-feedback shift register
(LFSR) is a shift register whose input bit is a linear function of its
previous state. The most commonly used linear function of single bits
is exclusive-or (XOR). Thus, an LFSR is most often a shift register
whose input bit is driven by the XOR of some bits of the overall shift
register value.

KITS DEPT.OF.ECE Page 38

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

CIRCUIT UNDER TEST

ORA
Advanced Encryption
Test Pattern Generator Standards Multiple
Input
S-BOX
Linear Feed Back Signature
Shift Register Register
SHIFT ROW

MIX-COLUMN

Add Round Key

Fig 5.4: Self-Test Technique for Crypto Devices

It is used to generate all type of test patterns for Circuit under Test.
Here, in this concept 128 bit LFSR is used as test pattern generator.
2128 –1 patterns are generated by using above LFSR. Since, XOR gate
is used to construct LFSR, all zeros combination is can’t be generated.
Here, in above block Circuit Under test is AES block. Output
Response Analyzer is last and vital device in this project. Final output
checking is done by this component. If any error occurred in whole
process or not is checked by this ORA. ORA takes input from AES
practical circuit and theoretical circuit, it compares both inputs using
XOR gates, yields final output. 128 xor gates are used to compare
produced outputs. Random pattern testability of crypto-cores has
been discussed in this process.
5.5 LINEAR FEEDBACK SHIFT REGISTER:
5.5.1 PESUDORANDOM TEST GENERATION:
Here we have to develop a battery of statistical tests to detect
non randomness in binary sequences constructed using random
number generators and pseudorandom number generators utilized in
cryptographic applications. Linear Feedback Shift Register (LFSR)
Weighted pseudo-random test generation, Adaptive pseudo-random
test generation.

KITS DEPT.OF.ECE Page 39

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

Algorithm:
 List primary inputs controlling location where a fault should be
detected.
 Determine primary input conditions to activate a fault and to
sensitize the primary outputs such that the fault can be
observed.
Pseudo-Random Test Generation
 Large set of patterns is generated by simple HW or SW pseudo-
random generator
 The set is used to stimulate a system with fault simulator.
 Fault coverage is analyzed and algorithmic approach is used to
cover remain faults.

Fig 5.5: Pseudo-Random test generator

Pseudo-Random Test Generator generates complex pseudorandom (or
random) sequences of test patterns.

Fig 5.6: complex Pseudo-Random test generator

KITS DEPT.OF.ECE Page 40

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

Its output is a set of variables which controls Input Simulator.

Each variable represents different parameter of Input Simulator (like
delay between messages, op code, fields, etc.).
Maximal Length Linear Feedback Shift Register (LFSR) as Pseudo-
Random Test Generator (generates a sequence of length (2n - 1)).

Fig 5.7: LFSR (Linear feedback shift register)

An LFSR generates periodic sequence must start in a non-zero state,
The maximum length of an LFSR sequence is 2n -1 does not generate
all 0s pattern (gets stuck in that state)The characteristic polynomial of
an LFSR generating maximum-length sequence is a primitive
polynomial A maximum-length sequence is pseudo-random: number
of 1s = number of 0s + 1 same number of runs of consecutive 0s and
1s 1/2 of the runs have length1 1/4 of the runs have length 2 (as long
as fractions result in integral numbers of runs).

Fig 5.8: Simple 16-bit LFSR

5.6 CIPHER:
The basic scheme of a block cipher is depicted as follows:

KITS DEPT.OF.ECE Page 41

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

Fig 5.9: Block Cipher

A block cipher takes a block of plaintext bits and generates a
block of cipher text bits, generally of same size. The size of block is
fixed in the given scheme. The choice of block size does not directly
affect to the strength of encryption scheme. The strength of cipher
depends up on the key length.
5.6.1 Padding in Block Cipher:
Block ciphers process blocks of fixed sizes (say 64 bits). The
length of plaintexts is mostly not a multiple of the block size. For
example, a 150-bit plaintext provides two blocks of 64 bits each with
third block of balance 22 bits. The last block of bits needs to be
padded up with redundant information so that the length of the final
block equal to block size of the scheme. In our example, the remaining
22 bits need to have additional 42 redundant bits added to provide a
complete block. The process of adding bits to the last block is referred
to as padding. Too much padding makes the system inefficient. Also,
padding may render the system insecure at times, if the padding is
done with same bits always.
5.6.2 Block Cipher Schemes:
There is a vast number of block ciphers schemes that are in
use. Many of them are publically known. Most popular and prominent
block ciphers are listed below.
 Digital Encryption Standard (DES) − The popular block cipher
of the 1990s. It is now considered as a ‘broken’ block cipher,
due primarily to its small key size.

KITS DEPT.OF.ECE Page 42

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

 Triple DES − It is a variant scheme based on repeated DES

applications. It is still a respected block ciphers but inefficient
compared to the new faster block ciphers available.
 Advanced Encryption Standard (AES) − It is a relatively new
block cipher based on the encryption algorithm Rijndael that
won the AES design competition.
 IDEA − It is a sufficiently strong block cipher with a block size
of 64 and a key size of 128 bits. A number of applications use
IDEA encryption, including early versions of Pretty Good Privacy
(PGP) protocol. The use of IDEA scheme has a restricted
adoption due to patent issues.
 Two-fish − This scheme of block cipher uses block size of 128
bits and a key of variable length. It was one of the AES finalists.
It is based on the earlier block cipher Blowfish with a block size
of 64 bits.
 Serpent − A block cipher with a block size of 128 bits and key
lengths of 128, 192, or 256 bits, which was also an AES
competition finalist. It is a slower but has more secure design
than other block cipher.
5.7 BUILT IN SELF TEST FOR ENCRYPTION:-
LINEAR ENCRYPTION
FEED TTHEORITIC
BACK COMPARATOR
AL o/p
SHIFT
REGISTE ENCRYPTION
R PRATICAL

Fig 5.10: Self- Test for Encryption Side Diagram

A built-in self-test (BIST) or built-in test (BIT) is a mechanism that
permits a machine to test itself. Engineers design BISTs to meet
requirements such as:
 high reliability
 lower repair cycle times
Or constraints such as:
 limited technician accessibility

KITS DEPT.OF.ECE Page 43

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

 cost of testing during manufacture

The main purpose of BIST is to reduce the complexity, and thereby
decrease the cost and reduce reliance upon external (pattern-
programmed) test equipment. BIST reduces cost in two ways:
1. reduces test-cycle duration
2. Reduces the complexity of the test/probe setup, by reducing the
number of I/O signals that must be driven/examined under
tester control.
Both lead to a reduction in hourly charges for automated test
equipment (ATE) service. Above block diagram shows, built in self-test
for encryption. Theoretical output and practical outputs of both blocks
are compared and yields whether output is correct or not.
5.8 BUILT IN SELF TEST FOR DECRYPTION:-

LINEAR DECRYPTION
FEED THEORITICAL COMPARATOR o/p
BACK
SHIFT DECRYPTION
REGISTER PRATICAL

Fig 5.11: Self -Test for Decryption Side Diagram

Above block diagram shows, built in self- test for Decryption.
Theoretical output and practical outputs of both blocks are compared
and yields whether output is correct or not.
5.9 DIFFERENCE BETWEEN PROPOSED & EXISITING
SYSTEM:-

PROPOSED SYSTEM EXISTING SYSTEM

1. RCON is fixed. 1. RCON is not varied.

2. MIXED MULTIPLICATION is
also fixed.
3. It can handle Data up to: 64
bits & Key up to: 56 bit.
4. Not much secure, since all
2. MIXED MULTIPLICATION is
also not fixed.
3. It can handle Data up to:
128,192,256 bits & Key up
to: 128,192,256.

KITS DEPT.OF.ECE Page 44

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

blocks are not dependent. 4. More secure, since all

5. KEY is same for all blocks.
6. KEY,USER are dependent
7. It is a Feistel network.
blocks are dependent.
5. KEY is not same for all
blocks.
6. KEY,USER are independent
7. Substitution-permutation
network

Table 5.1: Difference between Proposed & Existing Systems

5.10 ADVANTAGES:
 Low Power
 Low Density
 More Security
 More Efficiency
 High Reliability
5.11 APPLICATIONS:
 Tele Communications
 Bio Medical Systems
 Military Systems

KITS DEPT.OF.ECE Page 45

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

CHAPTER 6
SOFTWARE DESCRIPTION

KITS DEPT.OF.ECE Page 46

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

6.1 INTRODUCTION TO XILINX:

Xilinx Tools is a suite of software tools used for the design of digital
circuits implemented using Xilinx Field Programmable Gate Array
(FPGA) or Complex Programmable Logic Device (CPLD). The design
procedure consists of :
(a) design entry,
(b) synthesis and implementation of the design,
(c) functional simulation and
(d) testing and verification.
Digital designs can be entered in various ways using the above
CAD tools, using a schematic entry tool and using a hardware
description language (HDL) – VHDL or Verilog or a combination of
both. In this project we will only use the design flow that involves the
use of VHDL HDL. The CAD tools enable you to design combinational
and sequential circuits starting with VHDL HDL design specifications.
The steps of this design procedure are listed below:
1. Create VHDL design input file(s) using template driven editor.
2. Compile and implement the VHDL design file(s).
3. Create the test-vectors and simulate the design (functional
simulation) without using a PLD (FPGA or CPLD).
4. Assign input/output pins to implement the design on a target
device.
5. Download bit stream to an FPGA or CPLD device.
6. Test design on FPGA/CPLD device
A VHDL input file in the Xilinx software environment consists of the
following segments:
Header: module name, list of input and output ports.
Declarations: input and output ports, registers and wires.
Logic Descriptions: equations, state machines and logic functions.
End: endmodule.

KITS DEPT.OF.ECE Page 47

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

All your designs for this lab must be specified in the above
VHDL input format. Note that the state diagram segment does not
exist for combinational logic designs.
6.2 CREATING A NEW PROJECT:
Xilinx Tools can be started by clicking on the Project Navigator
Icon on the Windows desktop. This should open up the Project
Navigator window on your screen. This window shows the last
accessed project.

Fig 6.1: Xilinx Project Navigator window

6.2.1 OPENING A PROJECT:
Select File->New Project to create a new project. This will bring up a
new project window on the desktop.

Fig 6.2: New Project Initiation window

Fill up the necessary entries as follows:
Project Name: Write the name of your new project

KITS DEPT.OF.ECE Page 48

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

Project Location: The directory where you want to store the new
project (Note: DO NOT specify the project location as a folder on
Desktop or a folder in the Xilinx\bin directory. Your H: drive is the
best place to put it. The project location path is NOT to have any
spaces in it eg: C:\Nivash\TA\new lab\sample exercises\o_gate is
NOT to be used)
Leave the top level module type as HDL.
Example: If the project name were “o_gate”, enter “o_gate” as the
project name and then click “Next”.
Clicking on NEXT should bring up the following window:

Fig 6.3: Device and Design Flow of Project

For each of the properties given below, click on the ‘value’ area and
select from the list of values that appear.
 Family: Family of the FPGA/CPLD used. In this laboratory we
will be using the Spartan3E FPGA’s.
 Device: The number of the actual device. For this lab you may
enter XC3S250E (this can be found on the attached prototyping
board)
 Package: The type of package with the number of pins. The
Spartan FPGA used in this lab is packaged in CP132 package.

KITS DEPT.OF.ECE Page 49

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

 Speed Grade: The Speed grade is “-4”.

 Synthesis Tool: XST [VHDL/VHDL]
 Simulator: The tool used to simulate and verify the
functionality of the design. Modelsim simulator is integrated in
the Xilinx ISE. Hence choose “Modelsim-XE VHDL” as the
simulator or even Xilinx ISE Simulator can be used.
Then click on NEXT to save the entries.
All project files such as schematics, netlists, verilog files, VHDL
files, etc., will be stored in a subdirectory with the project name. A
project can only have one top level HDL source file (or schematic).
Modules can be added to the project to create a modular, hierarchical
design.
In order to open an existing project in Xilinx Tools, select File-
>Open Project to show the list of projects on the machine. Choose the
project you want and click OK.
Clicking on NEXT on the above window brings up the following
window:

Fig 6.4: Create New source window

If creating a new source file, click on the NEW SOURCE.
6.2.2 CREATING A VHDL INPUT FILE FOR A COMBINATIONAL
LOGIC DESIGN:
In this lab we will enter a design using a structural or RTL
description using the VHDL HDL. You can create a VHDL HDL input
file (.v file) using the HDL Editor available in the Xilinx ISE Tools (or

KITS DEPT.OF.ECE Page 50

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

any text editor). In the previous window, click on the NEW SOURCE A
window pops up as shown in below Figure. (Note: “Add to project”
option is selected by default. If you do not select it then you will have
to add the new source file to the project manually.)

Fig 6.5: Creating VHDL-HDL source file

Select VHDL Module and in the “File Name:” area, enter the name of
the VHDL source file you are going to create. Also make sure that the
option Add to project is selected so that the source need not be added
to the project again. Then click on Next to accept the entries. This
pops up the following window.

Fig 6.6: VHDL Source window

In the Port Name column, enter the names of all input and output
pins and specify the Direction accordingly. A Vector/Bus can be
defined by entering appropriate bit numbers in the MSB/LSB
columns.

KITS DEPT.OF.ECE Page 51

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

Then click on Next>to get a window showing all the new source
information. If any changes are to be made, just click on <Back to go
back and make changes. If everything is acceptable, click on Finish >
Next > Next > Finish to continue.

Fig 6.7: New Project Information window

Once you click on Finish, the source file will be displayed in the
sources window in the Project Navigator.
If a source has to be removed, just right click on the source file in the
Sources in Project window in the Project Navigator and select Remove
in that. Then select Project -> Delete Implementation Data from the
Project Navigator menu bar to remove any related files.
6.2.3 EDITING THE VHDL SOURCE FILE:
The source file will now be displayed in the Project Navigator window.
The source file window can be used as a text editor to make any
necessary changes to the source file. All the input/output pins will be
displayed. Save your VHDL program periodically by selecting the File-
>Save from the menu. You can also edit VHDL programs in any text
editor and add them to the project directory using “Add Copy Source”.
Add the Logic in the generated VHDL Source code template.

KITS DEPT.OF.ECE Page 52

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

Fig 6.8: VHDL Source code editor window in the Project Navigator
The VHDL source code template generated shows the module
name, the list of ports and also the declarations (input/output) for
each port. Combinational logic code can be added to the VHDL code
after the declarations and before the endmodule line.
For example, an output z in an OR gate with inputs a and b can be
described as, assign z = a | b;
Remember that the names are case sensitive.
Other constructs for modeling the logic function: A given logic
function can be modeled in many ways in VHDL. Here is another
example in which the logic function, is implemented as a truth table
using a case statement:
module or_gate(a,b,z);
input a;
input b;
output z;
reg z;
always @(a or b)
begin
case ({a,b})
00: z = 1'b0;
01: z = 1'b1;

KITS DEPT.OF.ECE Page 53

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

10: z = 1'b1;
11: z = 1'b1;
endcase
end
endmodule
Suppose we want to describe an OR gate. It can be done using the
logic equation as shown in below Figure or using the case statement
as shown in Figure. These are just two example constructs to design a
logic function. VHDL offers numerous such constructs to efficiently
model-designs.

Fig 6.9: OR gate description using assign statement

KITS DEPT.OF.ECE Page 54

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

CHAPTER 7
RESULTS

KITS DEPT.OF.ECE Page 55

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

7.1 SIMULATION RESULTS:

7.1.1 ENCRYPTION RESULT:

Fig 7.1: Encryption Result

7.1.2 DECRYPTION RESULT:

Fig 7.2: Decryption Result

KITS DEPT.OF.ECE Page 56

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

CHAPTER 8
CONCLUSION AND FUTURE SCOPE

KITS DEPT.OF.ECE Page 57

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

8.1 CONCLUSION:
In this project, we designed a low power AES for secured
applications using the VHSIC HDL language. Here, the XILINX
software was used for simulation and verification of the model. Our
proposed model provides the high security, low power consumption
and reduces the delay associated with each round of encryption and
decryption. It provides more throughput compared with the previous
models. In the applications it occupies the lesser space.
With the presence of BIST, our model performs a self –test on
encryption and decryption outputs. The LFSR, increases the security
by providing the different random patterns.
Hence the proposed model provides the security with 100% of
accuracy.
8.2 FUTURE SCOPE:
In this project we are designing a crypto devices with low
complexity and high security which having the data and key length of
128. Further we can extend the key and data upon to 192 and 256
bits efficiently and successfully by using the same technique.

KITS DEPT.OF.ECE Page 58

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

REFERENCES
1. S. Reddy, “Easily testable realizations for logic functions,” IEEE
Transactions on Computers, vol. 21, no. 11, pp. 1183–1188,
1972.
2. S. Golomb, Shift Register Sequences. Aegean Park Press, 1982.
3. R. K. Brayton, C. McMullen, G. Hatchel, and A. Sangiovanni-
Vincentelli, Logic Minimization Algorithms For VLSI Synthesis.
Kluwer Academic Publishers, 1984.
4. E. McCluskey, “Built-in self-test techniques,” IEEE Design and
Test of Computers, v Vol. 2, pp. 21–28, 1985.
5. D. H. Green, “Families of Reed-Muller canonical forms,”
International Journal of Electronics, vol. 70, pp. 259–280, 1991.
6. M. Abramovici, M. A. Breuer, and A. D. Friedman, Digital
Systems Testing and Testable Design. Jon Willey and Sons, New
Jersey, 1994.
7. H.-J. Wunderlich, “BIST for systems-on-a-chip,” Integration, the
VLSI Journal, vol. 26, no. 1-2, pp. 55 – 78, 1998.
8. M.G. Kuhn, R.J. Anderson. Soft tempest: hidden data
transmission using electromagnetic emanations. Information
Hiding 1998,LNCS 1525,pp.124-142,1998.
9. D.Bleichenbacher. Chosen Cipher text Attacks against Protocols
Based on the RSA Encryption Standard PKCS #1. CRYPTO'98,
LNCS 1462, pp.1-12, 1998.
10. K.Gandolfi,C.Mourte,F. Olivier. Electromagnetic Analysis:
Concrete Results. CHES 2001,LNCS 2162,pp.251-261, 2001.
11. J.J. Quisquater, D. Samyde. Electromagnetic analysis
(EMA): measures and counter measures for smart cards. E-
smart 2001,LNCS 2140,pp.200–210,2001.
12. D.Agrawal, B.Archambeault, J.R.Rao, P.Rohatgi. The EM
Side–Channel(s). CHES 2002, LNCS 2523, pp.29-45, 2003.

KITS DEPT.OF.ECE Page 59

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

APPENDIX
BIST CODE:
library ieee;
use ieee.std_logic_1164.all;
entity bist is
port( clk,rst,CTRL : in std_logic;
int1_en,int2_de,int3_key : in std_logic_vector(127 downto 0);
out1,out2 : inout std_logic_vector(127 downto 0);
out1_f,out2_f : inout std_logic_vector(127 downto 0);
faulten,faultde : out std_logic);
end bist;
architecture str of bist is component lfsr is
port(
clk,rst : in std_logic;
init : in std_logic_vector(127 downto 0);
dataout : out std_logic_vector(127 downto 0);
lfsr_reg:inout std_logic_vector(127 downto 0)
);
end component;
component aesproj is
Port ( clk,CTRL : in std_logic;
input_ENCRYPTION,input_DECRYPTION : in
std_logic_vector(127 downto 0);
input_KEY:in std_logic_vector(127 downto 0);
out_KEYS: out std_logic_vector(1407 downto 0);
output_ENCRYPTION,output_DECRYPTION : out
std_logic_vector(127 downto 0)
);
end component;
component aesproj_f is
Port ( clk,CTRL : in std_logic;

KITS DEPT.OF.ECE Page 60

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

input_ENCRYPTION,input_DECRYPTION : in std_logic_vector(127
downto 0);
input_KEY:in std_logic_vector(127 downto 0);
out_KEYS: out std_logic_vector(1407 downto 0);
output_ENCRYPTION,output_DECRYPTION : out std_logic_vector(127
downto 0) );
end component;
component misr is
port( clk,rst : in std_logic; init : in std_logic_vector(127 downto 0);
misr_out : inout std_logic_vector(127 downto 0));
end component;
signal w1_en,w2_de,w3_key : std_logic_vector(127 downto 0);
signal w4_keyout : std_logic_vector(1407 downto 0);
signal w5_enout,w6_deout : std_logic_vector(127 downto 0);
signal w7_keyout_f : std_logic_vector(1407 downto 0);
signal w8_enout_f,w9_deout_f : std_logic_vector(127 downto 0);
begin
u0:lfsr port map(clk,rst,int1_en,w1_en);
u1:lfsr port map(clk,rst,int2_de,w2_de);
u2:lfsr port map(clk,rst,int3_key,w3_key);
u3:aesproj port
map(clk,CTRL,w1_en,w2_de,w3_key,w4_keyout,w5_enout,w6_deout);
u4:aesproj_f port map(clk,CTRL,w1_en,w2_de,w3_key,w7_keyout_f ,
w8_enout_f,w9_deout_f);
u5:misr port map(clk,rst,w5_enout,out1);
u6:misr port map(clk,rst,w6_deout,out2);
u7:misr port map(clk,rst,w8_enout_f,out1_f);
u8:misr port map(clk,rst,w9_deout_f,out2_f);
process(out1,out2,out1_f,out2_f)
begin
if out1/=out1_f then
faulten<='1';
else

KITS DEPT.OF.ECE Page 61

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

faulten<='0';
end if;
if out2/=out2_f then
faultde<='1';
else
faultde<='0';
end if;
end process;
end str;
LFSR CODE:
library ieee;
use ieee.std_logic_1164.all;
entity lfsr is
port( clk,rst : in std_logic; init : in std_logic_vector(127 downto 0);
dataout : out std_logic_vector(127 downto 0); lfsr_reg:inout
std_logic_vector(127 downto 0));
end lfsr;
architecture behaviour of lfsr is
begin
process(clk,rst,init)
variable lfsr_tap:std_logic;
variable tap:std_logic;
begin
if rst='0' then
lfsr_reg<=init;
elsif (clk' event and clk='1') then
lfsr_tap:=lfsr_reg(127) xor lfsr_reg(28) xor lfsr_reg(26) xor lfsr_reg(1);
lfsr_reg<=lfsr_reg(126 downto 0) & lfsr_tap;
end if;
end process;
dataout<=lfsr_reg;
end;

KITS DEPT.OF.ECE Page 62

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

KRISHNA CHAITANYA INSTITUTE OF TECHNOLOGY & SCIENCES

Devarajugattu (Post) , Peddaraveedu (Mandal), Prakasam Dist. - 523 320.
(Approved by A.I.C.T.E., New Delhi, & Affiliated to JNTUK, Kakinada)
NAAC ACCREDITED INSTITUTION

Academic Year: 2022-23 Year & SEM: IV-II Branch: ECE

Course: Project Part-II

COURSE OUTCOMES
After completion of Project work Student can be able to:

COURSE CODE COURSE OUTCOME TAXNOMY

LEVEL

C423.1 Apply the Subject Knowledge for Applying (L3)

given problem

C423.2 Understand the Existed work Understanding

done in the selected one and (L2)
extend by incorporating the
novelty by referring future
scope etc

C423.3 Divide the total work Evaluating (L5)

consolidate and
execute/simulate the total

C424.4 Perform calculation, analyze the Evaluating (L5)

results and perform the
solutions

C425.5 To present and write the Thesis Remembering

(L1)

Signature of the students

KITS DEPT.OF.ECE Page 63

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

KRISHNA CHAITANYA INSTITUTE OF TECHNOLOGY & SCIENCES

Devarajugattu (Post) , Peddaraveedu (Mandal), Prakasam Dist. - 523 320.
(Approved by A.I.C.T.E., New Delhi, & Affiliated to JNTUK, Kakinada)
NAAC ACCREDITED INSTITUTION

Academic Year: 2022-23 Year & SEM: IV-II Branch: ECE

Course: Project Part-II

CO-PO MAPPING
PROJECT TITLE: Modified Advanced Encryption Standard Data Path
Optimization Strategies for Low-Power Multi
Security-Level Applications
STUDENT NAME:
1. S.GURUMURTHY 19JU1A0414
2. S.CHAITANYA 19JU1A0409
3. P.KRUPAL 19JU1A0428
4. J.KEERTHI KUMAR 19JU1A0424
Name of the Guide: Dr. A.RANGANAYAKULU

Page no. Activity description CO mapped PO mapped

ABSTRACT po1, po2, po3,

C423.1, C423.2,
V C423.5
po10, po12
Introduction, Literature C423.1, C423.2, po1, po2, po3,
1-10 survey C423.5 po4, po9, po10,
po12
Advanced Encryption C423.1, C423.2, po1, po2, po3,
11-31 Standard, Design and C423.3, C423.5 po4, po9, po10,
Implementation of Existing po12
Method
Design and Implementation C423.1, C423.3, po1, po2, po3,
32-54 of Proposed Method, C423.4, C423.5 po4, po5, po10,
Software Description po12
Results, Conclusion, C423.1, C423.2, po1, po2, po3,
55-62 Future Scope, References, C423.3, C423.4, po5, po6, po7,
C423.5
Appendix po8, po9 po10,
po12

KITS DEPT.OF.ECE Page 64

 MAES DATA PATH OPTIMIZATION STRATEGIES FOR LOW POWER MULTI
SECURITY-LEVEL APPLICATIONS

po Po Po Po Po Po Po Po Po Po Po Po P0 Ps Ps Ps
1 2 3 4 5 6 7 8 9 10 11 12 o1 o2 o3
co

C423.1 3 2 2 - - - - - - 2 - 3 - 3 1

C423.2 3 3 3 2 2 - - - 2 2 - 3 1 3 1

C423.3 3 3 3 2 2 - - - - 3 - 3 1 3 2

C423.4 3 3 3 3 3 - - - 3 3 - 3 3 3 2

C423.5 3 2 2 3 2 2 2 - - - - 3 2 3 2

Average 3 2.6 2.6 2.5 2. 2 2 - 2.5 2.5 - 3 3.5 3 1.6

25

P P P P P P P P P P P P PS PS PS
O O O O O O O O O O O O O1 O2 O3
1 2 3 4 5 6 7 8 9 1 1 1
0 1 2
Project 3 3 3 3 3 3 3 3 3 3 2 3 3 2 3

Signature of the Students Signature of the Guide

KITS DEPT.OF.ECE Page 65