2023 IEEE International Symposium on Smart Electronic Systems (iSES)
FPGA Implementation of Modified Lightweight
128-Bit AES Algorithm for IoT Applications
Jeyvarshni Vimalkumar* Harshitha Ramesh Babu*
Department of ECE Department of ECE
NIT-Trichy
Tiruchirappalli, India Tiruchirappalli, India
[email protected]
[email protected]
[email protected]
2023 IEEE International Symposium on Smart Electronic Systems (iSES) | 979-8-3503-8324-9/23/$31.00 ©2023 IEEE | DOI: 10.1109/ISES58672.2023.00069
*The two authors have contributed equally
Abstract—The rapidly increasing use of IoT devices
necessitates a suitable encryption algorithm for data security.
The widely used Advanced Encryption Standard algorithm
(AES) algorithm is computationally complex, thus unsuitable for
resource-constrained IoT devices. The proposed work implements
optimized alternatives for the 128-bit AES algorithm stages,
aiming to minimize power and memory usage. A Modified
Lightweight variant of AES was developed using Verilog HDL
and implemented on Artix-7 Basys-3 FPGA board. It was found
that the total on-chip power required by the modified variant
has been reduced by 81.92% for encryption and 47.21% for
decryption. There is a significant decrease in the number of LUTs
required with 76.84% for encryption and 53.53% for decryption,
making it a suitable algorithm for IoT lightweight applications.
Index Terms—AES, Cryptography, Lightweight Encryption,
IoT, FPGA, Verilog
I. I NTRODUCTION
The proliferation of IoT devices has raised concerns about
cyber-attack vulnerability, making security a top priority.
[1].The Advanced Encryption Standard algorithm (AES) is
the most widely used cryptographic algorithm [2]. It is a
symmetric algorithm which uses 128-bit block cipher and a
variable key length of 128, 192 or 256 bits. The algorithm is
faster since it performs encryption at the byte level. Brute force
attacks are the only possibility to hack the AES algorithm.
AES uses 10, 12 and 14 rounds depending on its key lengths.
Through each round, various permutation and substitution
methods are applied to the block cipher increasing its
confusion and diffusion. However, AES is a computationally
complex algorithm, thus it is not compatible with IoT
networks. Therefore, lightweight algorithms with smaller
hardware and memory footprint can operate more efficiently
on low-power devices with limited processing capabilities. The
objective of this work is to propose a modified lightweight
AES algorithm suitable for IoT connectivity platforms.
II. R ELATED W ORK
Recent research in lightweight cryptography has mainly
focused on designing secure systems for resource-constrained
devices. Eslam Gamal, Eman Shaaban, and Mohamed Hashem
(2009) [3] proposed a lightweight design for the MixColumns
operation for hardware usage. The complexity was reduced
2832-3602/23/$31.00 ©2023 IEEE
DOI 10.1109/iSES58672.2023.00069
Authorized licensed use limited to: ANNA UNIVERSITY. Downloaded on January 28,2025 at 06:20:34 UTC from IEEE Xplore. Restrictions apply.
Bhaskar M
Department of ECE
NIT-Trichy NIT-Trichy
Tiruchirappalli, India
with respect to gate size and number of clock cycles. Ahmed
Tariq Sadiq and Faisal Hadi Faisal (2016) [4] introduced a
modified algorithm in which the step sequence in the Shift
Row step is dependent on some parts of the key value. In this
design, the sequence sub-key is random in the AddRound key
since it is dependent on the key value. This helped to increase
the confusion and diffusion levels.
Farah Tawfiq, Abdul Monem Rahma, and Hala Wahab
[5], suggested a modified AES algorithm for e-commerce
websites by employing techniques like reducing the number of
rounds, removing SubBytes operation, adding a pre-processing
diffusion step (padding and zigzag) and replacing Shift Rows
operation with Shift Columns. This resulted in increased
randomness degree, efficiency, and CPU usage. However, the
algorithm’s complexity remained the same since no changes
were involved in the MixColumn operation.
A. Illy, T. Yélémou, H. Tall and T. M. Dandjinou
[6], proposed a lightweight variant called RLAES, which
optimized energy and improved security in comparison to the
LAES proposed in [7]. In RLAES, a double permutation of
128 bits each preceded by a 10-bit left shift step, replaces
the MixColumn of conventional AES. The number of rounds
is reduced by 4, which optimizes energy consumption and
reduces the execution time of data blocks. However, the
security level is still lower than that of standard AES.
III. M ODIFIED L IGHTWEIGHT AES A LGORITHM
The proposed algorithm optimizes the energy-consuming
steps to make it lightweight, and presents various patterns
of permutation and substitution to increase data confusion
and diffusion. Figure 1 shows the overall block diagram of
the modified lightweight algorithm. Previous research [8] has
found that the encryption steps that consume the maximum
energy are the SubBytes and MixColumn stages.
The proposed modifications are discussed below:
A. Substitution box
S-box( substitution box) is used to obscure the relationship
between the key and the ciphertext. The following function is
used in standard AES for generating the S-box.
(X 8 + X 4 + X 3 + X + 1)
306
 E. Modified Mix Columns operation
MixColumn is an important source of diffusion but is
a computationally complex step. To reduce the complexity
and the number of multipliers and gates, a compact
architecture is proposed [10]. The equations 1,2,3 and 4,5
are for Conventional MixColumn and Inverse MixColumn
respectively:

⎡  ⎤ ⎡ ⎤⎡ ⎤
so c 02 03 01 01 so c
⎢s1 c ⎥ ⎢01

02 03 01⎥ ⎢ ⎥
⎢  ⎥=⎢ ⎥ ⎢ s1 c ⎥ (1)
⎣s2 c ⎦ ⎣01 01 02 03⎦ ⎣s2 c⎦
Fig. 1. Block diagram of modified lightweight AES algorithm

s3 c 03 01 01 02 s3 c

This paper uses the following higher degree polynomial to get Multiplication is distributive over addition in GF (28 ).
a lookup table with different values for more security [9]. Therefore, the operation of multiplication of two elements in
GF (28 ) can be taken as a linear combination of products of
(X 8 + X 6 + X 5 + X + 1) the first element and a single termed polynomial in GF (28 ).
[10]
B. Substitute bytes operation ⎡ ⎤ ⎡ ⎤⎡ ⎤ ⎡ ⎤⎡ ⎤
A3 02 02 00 00 B3 00 00 01 01 B3
Substitute Bytes is a time-consuming step repeated in every ⎢A2 ⎥ ⎢00
⎢ ⎥=⎢ 02 02 00⎥ ⎢B2 ⎥ ⎢01
⎥⎢ ⎥ + ⎢ 00 00 01⎥ ⎢B2 ⎥
⎥⎢ ⎥
round. In the proposed design, this step is performed only once ⎣A1 ⎦ ⎣00 00 02 02⎦ ⎣B1 ⎦ ⎣01 01 00 00⎦ ⎣B1 ⎦
at the start of encryption. This operation substitutes the input A0 02 00 00 02 B0 00 01 01 00 B0
data bits with values from the modified S-box. (2)

C. Zig Zag patterning X 3 = B3 + B 2 X1 = B1 + B0 F0 = 2X3 + B2

The Zigzag pattern rearranges the bits inside the input data X2 = B2 + B1 X0 = B 0 + B 3 F1 = 2X1 + B0
to break the correlation among them. This step is carried
⎡ ⎤ ⎡ ⎤
out only once at the beginning of the encryption process to A3 F0 + X 1
compensate for the elimination of SubBytes in each round of ⎢A2 ⎥ ⎢B3 + 2X2 + X1 ⎥
⎢ ⎥=⎢ ⎥ (3)
the algorithm. This is done to add confusion and diffusion ⎣ A1 ⎦ ⎣ F1 + X 3 ⎦
to the input data [5]. The Zig-Zag pattern followed for A0 B1 + 2X0 + X3
pre-processing in this paper is given in Figure 2.
Calculations for Inverse Mix Column:
⎡ ⎤ ⎡ ⎤⎡ ⎤⎡ ⎤
C3 02 03 01 01 05 00 04 01 B3
⎢C2 ⎥ ⎢01 02 03 01⎥ ⎢ 01⎥ ⎢ ⎥
⎢ ⎥=⎢ ⎥ ⎢00 05 00 ⎥ ⎢ B2 ⎥
⎣C1 ⎦ ⎣01 01 02 03⎦ ⎣04 00 02 03⎦ ⎣B1 ⎦
C0 03 01 01 02 00 04 01 02 B0
(4)
Z0 = 4(A3 + A1 ) Z1 = 4(A2 + A0 )
Fig. 2. Zig-Zag pattern followed for Pre-processing
⎡ ⎤ ⎡ ⎤⎡ ⎤ ⎡ ⎤
C3 A3 05 00 04 01 Z0 + A + 3
⎢C2 ⎥ ⎢A2 ⎥ ⎢00 05 00 01⎥ ⎢ ⎥
D. Shift Row Column operation ⎢ ⎥ = ⎢ ⎥⎢ ⎥ = ⎢ Z1 + A2 ⎥ (5)
⎣C1 ⎦ ⎣A1 ⎦ ⎣04 00 02 03⎦ ⎣ Z0 + A1 ⎦
The Shift Row step is replaced with the Shift Row Column
C0 A0 00 04 01 02 Z + A0
operation, making it difficult for a third party to predict the
operations [5]. This consists of swapping the location of Multipliers from the MixColumn block are used in the
each row and column, providing permutation for the data. computation of Inverse Mix Column operations, thus reducing
The bytes in the Shift Row Column operation are shifted, as the computational complexity of the algorithm.
shown in the following matrix.
⎡ ⎤ ⎡ ⎤ F. Round reduction
A00 A01 A02 A03 A00 A12 A20 A32 In the proposed AES algorithm the number of rounds has
⎢A10 A11 A12 A13 ⎥ ⎢A11 A23 A31 A03 ⎥
⎢ ⎥ ⎢ ⎥ been reduced from ten to six, conserving power and time.
⎣A20 A21 A22 A23 ⎦ → ⎣A22 A30 A02 A10 ⎦
Various studies have indicated that round reduction lowers the
A30 A31 A32 A33 A33 A01 A13 A21 overall time without compromising the security [5].

307

Authorized licensed use limited to: ANNA UNIVERSITY. Downloaded on January 28,2025 at 06:20:34 UTC from IEEE Xplore. Restrictions apply.
 IV. R ESULTS

P̈ercentage of Power Used (%)

Verilog HDL implementation of the proposed algorithm has
100 3 3 5 2
been carried out in Xilinx Vivado. The simulation waveforms
are shown in Fig 3 and Fig 4. 30 40
45 45

A. Behavioral Simulation Results 50 28

Modified AES encryption: 36 6 45
47
Input data : 12345678901234567890123456789012 31 2
12 11
Key : 98765432109876543210980012345600 0 14 4
Encrypted data : 579db4b4f691cd45f3c1dfda6a62dd58

ec

ec
En

En
D

D
d

od
d

od
St

St
Modified AES decryption:

M
Input data : 579db4b4f691cd45f3c1dfda6a62dd58 I/O BRAM Logic Signals Clocks
Key : 98765432109876543210980012345600
Decrypted data : 12345678901234567890123456789012 Fig. 6. Power Summary

Fig. 3. Behavioral simulation of modified encryption
Fig. 4. Behavioral simulation of modified decryption
C. Hardware Implementation
The Basys3 Artix-7 FPGA board is used for implementing
the algorithms. The encryption and decryption module requires
two 128-bit data for the input data and key value. For this
purpose, a Block Random Access Memory (BRAM) is used.
It is designed using the Xilinx Intellectual Property core (IP
core). The first 16 MSB bits of the output were mapped to
the LED pins of the FPGA board to verify the working of the
algorithms. Figures 7 and 8 shows the FPGA output obtained
for the modified AES algorithm.

B. Power and Utilization Summary

Figure 5 depicts the comparison of utilization summary
between standard and modified algorithms for FPGA
implementation. Figure 6 provides a summary of static and
dynamic power consumption.

Fig. 7. FPGA implementation of modified encryption algorithm

60 57

38
Ütilization(%)

40
32

20 16 16 16 15 16
13
8 9 9
4 3 55
0 Fig. 8. FPGA implementation of modified decryption algorithm

Std Enc Mod Enc Std Dec Mod Dec V. O BSERVATIONS AND I NTERPRETATIONS
A. Implementation Results
LUT FF BRAM IO The implementation results of standard and modified
algorithms in Vivado are as shown in Table I. It can be
Fig. 5. Utilization Summary concluded that the modified algorithm is better in terms of
processing time and hardware parameters.

308

Authorized licensed use limited to: ANNA UNIVERSITY. Downloaded on January 28,2025 at 06:20:34 UTC from IEEE Xplore. Restrictions apply.
 TABLE I VI. C ONCLUSION AND F UTURE S COPE
C OMPARISON OF S TANDARD AND M ODIFIED A LGORITHMS
The results show that the total on-chip power required
Parameter Std. Std. Mod. Mod. has been reduced by 81.92% for encryption and 47.21% for
Encryp. Decryp. Encryp. Decryp, decryption. Further, the proposed algorithm is faster than
Processing 290 380 190 310 standard AES in terms of encryption and decryption time
time (us)
Total On Chip 1.234 1.021 0.223 0.539
by 34.48% and 18.42% respectively. The number of LUTs
Power (W) required has reduced by 76.84% for encryption and 53.53%
Slice LUTs 7954 6594 1842 3064 for decryption. The number of FF required has gone down by
FF 3487 3591 1447 1943 58.5% for encryption and 45.8% for decryption. The BRAM
BRAM 2 28.5 6.5 2.5
utilisation has reduced by 91.22% for decryption. Further, the
algorithm has an average Avalanche effect of 51.291% for
B. Evaluation of Confusion and Diffusion levels key bit flip and 53.585% for data bit flip when tested over 3
sets of data for each test, thus providing a good level of data
Confusion and diffusion are properties that define a secure security.The algorithm is thus suitable for IoT applications.
cipher, evaluated using Avalanche effect - a property wherein
a small change in either the key or plaintext results in a The proposed algorithm can be integrated with an
significant change in the ciphertext [7]. A good encryption IoT connectivity platform such as Bluetooth, Wi-Fi etc.
algorithm should have an avalanche effect of > 50%. To Suitable architectures for the communication protocols can
calculate the degree of security, 10 sets of data were used in be developed and interfaced with the modified AES and its
each case on both the standard and modified algorithms. Table performance can be analysed.
II and Table III show the results of 10 such sets of data for the
modified algorithm. Table IV shows the comparison between R EFERENCES
standard and proposed algorithms based on the Avalanche [1] Dutta Indira, Ghosh Bhaskar and Bayoumi Magdy, ”Lightweight
effect values. Cryptography for Internet of Insecure Things: A Survey,” 2019
0475-0481. 10.1109/CCWC.2019.8666557.
[2] R. S. Salman, A. K. Farhan and A. Shakir, ”Lightweight Modifications
TABLE II in the Advanced Encryption Standard (AES) for IoT Applications:
AVALANCHE E FFECT OF M ODIFIED AES ON K EY B IT F LIP A Comparative Survey,” 2022 International Conference on Computer
DATA VALUE = 12345678901234567890123456789012 Science and Software Engineering (CSASE), Duhok, Iraq, 2022, pp.
325-330.
Key Value Cipher Data Avalanche [3] Eslam Gamal Ahmed, Eman Shaaban, Mohamed Hashem “Lightweight
Effect Mix Columns Implementation for AES”, 9th WSEAS International
9876543210987654321f980012345609 055cb8fe8d11f57bdb8a45f1edefbefe 55.038 % Conference on APPLIED INFORMATICS AND COMMUNICATIONS
9876543210987654321f980012345619 7823924d194508ad6d768aa1aa843ec6 (AIC ’09), 20-22 August 2009, Moscow, Russia, PP. 253-258, ISSN:
9876543210987654321f980012345619 7823924d194508ad6d768aa1aa843ec6 48.837 % 1790-5109, ISBN: 978-960-474-107-6.
9876543210987654321e980012345619 69a2bdd12265e2746c28508c6716612a
[4] Sadiq, Ahmed Tariq and Faisal Hadi Faisal. “Modification AES
algorithm based on Extended Key and Plain Text.” Journal of Advanced
9876543210987654321f980012345619 69a2bdd12265e2746c28508c6716612a 50.000 %
Computer Science and Technology 5 (2016): n. pag.
a876543210987654321e980012345619 bdbe096aa7c0bc5e7d936d59c3d232ed
[5] Farah Tawfiq Abdul Hussien, Abdul Monem S. Rahma, Hala Bahjat
Abdul Wahab, ”A Secure Environment Using a New Lightweight
AES Encryption Algorithm for E-Commerce Websites”, Security and
Communication Networks, vol. 2021, Article ID 9961172, 15 pages,
TABLE III 2021.
AVALANCHE E FFECT OF M ODIFIED AES ON DATA B IT F LIP [6] A. Illy, T. Yélémou, H. Tall and T. M. Dandjinou, ”An improvement
K EY VALUE = 9876543210987654321 F 980012345609 of the AES protocol to optimize energy consumption in IoT,” 2022
IEEE Multi-conference on Natural and Engineering Sciences for Sahel’s
Key Value Cipher Data Avalanche Sustainable Development (MNE3SD), Ouagadougou, Burkina Faso,
Effect 2022, pp. 1-5.
12345678901234567890123456789012 055cb8fe8d11f57bdb8a45f1edefbefe 54.615 % [7] H. B. Acla and B. D. Gerardo, ”Security Analysis of Lightweight
12345678a01234567890123456789012 f298512b3b39524d2341a32bc5dc8259 Encryption based on Advanced Encryption Standard for Wireless Sensor
12345678a01234567890123456789012 f298512b3b39524d2341a32bc5dc8259 54.604 % Networks,” 2019 IEEE 6th International Conference on Engineering
22345678a01234567890123456789012 b9c6e6f71073fbfbbea2fd6090e85591
Technologies and Applied Sciences (ICETAS), Kuala Lumpur, Malaysia,
2019, pp. 1-6.
22345678a01234567890123456789012 b9c6e6f71073fbfbbea2fd6090e85591 51.538 %
[8] A. R. Chowdhury, J. Mahmud, A. R. M. Kamal and M. A. Hamid,
22345679a01234567890123456789012 803aaf439e6d3d950aeb258026ceabc7
”MAES: Modified advanced encryption standard for resource constraint
environments,” 2018 IEEE Sensors Applications Symposium (SAS),
Seoul, Korea (South), 2018, pp. 1-6.
[9] Vijay Lingaraddi Hallappanavar, Basavaraj P. Halagali, and Veena Desai,
TABLE IV ”Efficient implementation of aes by modifying s-box.” 2013 IOSR
C OMPARISON OF AVALANCHE E FFECT Journal of Computer Science (IOSR-JCE) e-ISSN: 2278-0661, p-ISSN:
2278-8727, PP 35-39.
Standard AES Modified AES [10] N. C. Iyer, Deepa, P. V. Anandmohan and D. V. Poornaiah,
”Mix/InvMixColumn decomposition and resource sharing in AES,” 2010
Key bit flip 50.26% 51.63%
5th International Conference on Industrial and Information Systems,
Data bit flip 50.41% 53.38%
Mangalore, India, 2010, pp. 166-171.

309

Authorized licensed use limited to: ANNA UNIVERSITY. Downloaded on January 28,2025 at 06:20:34 UTC from IEEE Xplore. Restrictions apply.