Send Orders for Reprints to reprints@benthamscience.

ae
The Open Cybernetics & Systemics Journal, 2015, 9, 1373-1377 1373

Open Access
Hardware Implementation of AES Encryption and Decryption System
Based on FPGA

Shihai Zhu*

College of Information Engineering and Art Design, Zhejiang University of Water Resources and Electric Power,
Hangzhou, 310018, China

Abstract: AES algorithm has played an important role in information security field for a long time since Rijndael algo-
rithm was announced as advanced encryption standard. Hardware implementation based on FPGA of AES algorithm has
the advantages of fast, flexible, short development cycle, etc. Hardware implementation based on FPGA of AES encryp-
tion and decryption system was studied in detail in this paper. First, implementation scheme and key technology to adopt
internal and external mixing pipeline structure were determined, and the overall design flow chart was given. Next, this
design supports three modes of encryption and decryption process of AES algorithm under the condition of data group of
128 bits, key length of 128, 192 and 256 bits respectively. In the following, system optimization design of AES encryption
and decryption algorithm was completed on the same piece of FPGA chip; Finally, coding work and comprehensive com-
pilation were finished by QUARTUS II development tool, and the simulation results by MODELSIM software were also
given. In a word, this design realized the balance of resources and speed to a bigger extent.

Keywords: AES, FPGA, encryption & decryption algorithm, pipeline.

1. INTRODUCTION 2. PRINCIPLE OF AES ENCRYPTION AND DE-

CRYPTION SYSTEM
Advanced encryption standard (AES) has undergone the
development process from software to hardware implemen- AES algorithm is a kind of iterated block cipher, which
tation since it was taken into effect from May, 2002. Along deals with encryption and decryption operations of 128-bit
with network transmission speed is promoted to gigabits data blocks. As advanced encryption standard, both of data
orders of magnitude, the requirement of algorithm execution group length and initial key length of Rijndael algorithm are
speed is becoming more and more high, password algorithm variable. In order to meet the requirements of AES, group
based on software implementation appears insufficient in length is fixed to 128 bits, key length is respectively repre-
performance, therefore it is necessary for people to adopt sented by 128/192/256 bits. During the operations of encryp-
hardware encryption algorithm, which uses some special tion and decryption of AES, first, the inputted data of 128
optimization techniques (such as pipeline and lookup table, bytes are first arranged into 4 * 4 byte matrix, then 10 (128
etc.), thus data flow is greatly improved and the generation bit key), 12 (192 bit key) or 14 (256 bit key) rounds of trans-
time of key is reduced [1, 2]. In addition, encryption algo- formations are conducted according to different key lengths,
rithm and corresponding key generation implemented by the number of round is decided by key length. The imple-
hardware can be encapsulated into a chip which is not easy mentation of AES encryption algorithm includes key exten-
to be read or changed by outside attacker, thus will have a sion process and encryption process [8]. For example, if key
higher physical security [3-5]. Therefore, cryptographic al- length is 128 bits, then encryption process includes an initial
gorithms based on hardware implementation have caught
round of key addition (AddRoundKey), nine times of round
widespread attention of the industry. Reconfigurable hard-
transformations (Round), and the final round of transforma-
ware represented by FPGA has its own inherent characteris-
tion (FinalRound), as shown in Fig. (1).
tics of higher security and speed of hardware and flexibility
and maintainability of software, which has become a hot Every round transformation is composed of four layers,
research direction of block cipher algorithm for hardware which are listed below. The first layer is byte substitution
implementation [6, 7]. We introduced FPGA realization (SubBytes), meaning that S box whose input is 8 bits, and
method of AES encryption and decryption system in this output is also 8 bits acts on each byte of state matrix; The
paper, and the optimization of its speed and resource- second and the third layer are respectively ShiftRows, and
intensive processing techniques was discussed. column transformation (MixColumns), meaning that 4 * 4
state matrix is transformed by line shift and mixed in the
column; The fourth layer is key addition (AddRoundKey),
meaning that each byte of the key and corresponding byte of
state matrix are performed xor operations [9]. The process of
each round is shown as Fig. (2).

1874-110X/15 2015 Bentham Open

1374 The Open Cybernetics & Systemics Journal, 2015, Volume 9 Shihai Zhu

Fig. (1). The whole process of encryption (key length is 128 bits).

Fig. (2). The structure of every round.

Similarly, the realization of AES decryption algorithm system. Specifically speaking, it adopts internal and external
includes key extension process and decryption process. De- mixing pipeline, and at the same time, byte substitution, col-
cryption process is similar to encryption process, and is the umn mixing transformation and key extension operation are
inverse operation of encryption process. The encryption and respectively optimized to achieve the aim of improving the
decryption process of AES algorithm for data group size of processing speed of AES encryption and decryption system
128 bits and initial key length of 128 bits is shown as Fig. (3). and realizing the balance between speed and occupied re-
sources [10-12]. The design process of the whole system is
shown as Fig. (4).
The system is composed of the following modules: data
input and output module, encryption and decryption opera-
tion module, key extension module, and control unit to con-
trol the whole process. Specifically speaking, Control unit
generates control signals required for each module; key ex-
tension module completes the production and dispatching of
keys for each round; encryption and decryption operation
module finishes data round transformation [13-15]. Note that
control signals enter from input interface, data and keys
come from data bus to conduct data transmission, substitute
keys and conduct encryption and decryption operations ac-
cording to control signals of control modules.

3.1. The Work Pattern and Structure of Encryption and

Decryption Module
The work pattern of AES algorithm is divided into feed-
back model and non-feedback. In feedback work pattern, the
Fig. (3). The encryption and decryption process of AES algorithm operations of group encryption and decryption can only be
(128 bits key). performed in sequence, that is to say, encryption or decryp-
tion steps in all the groups must be executed in serial se-
3. FPGA-BASED IMPLEMENTATION OF AES EN- quence; In the non-feedback work pattern, subsequent group
CRYPTION AND DECRYPTION SYSTEM data block operations have nothing to do with previous
Hardware implementation of AES encryption and de- group data block, therefore all operations can be concur-
cryption system in this paper is under the condition of satis- rently performed in theory. In addition, encryption and de-
fying timing requirements, and reducing the whole chip area. cryption speed is different under different work patterns.
Hardware implementation improved the structure of each Encryption and decryption speed of AES algorithm refers to
module within the algorithm and the structure of the whole the number of bits performed in unit time to complete the
Hardware Implementation of AES Encryption and Decryption System The Open Cybernetics & Systemics Journal, 2015, Volume 9 1375

Fig. (4). System design flow chart.

encryption or decryption process, or called throughput, also

known as a unit for megabits per second (Mbit/s). The struc-
ture of encryption and decryption module has a close rela-
tionship with its work pattern, whose basic structure can be
divided into the following three kinds: external pipeline struc-
ture, internal pipeline structure and loop unrolling structure.

3.2. The Design of Encryption and Decryption Module

In AES encryption and decryption system, in order to
improve speed and reduce resource utilization and realize the
balance of speed and resource, internal and external mixing
pipeline structure based on non-feedback work pattern was
adopted. Internal and external mixing pipeline structure of
encryption unit is shown as Fig. (5). Similarly, internal and
external mixing pipeline structure of decryption unit is
shown as Fig. (6).

Fig. (6). Internal and external mixing pipeline structure of decryp-

tion unit.

4. SIMULATION RESULTS AND ANALYSIS

First, we performed function simulation with the purpose
of verifying the correctness of system logic function. Under
the condition of data group of 128 bits, initial key length of
128 bits, system function simulation was performed to verify
the correctness of logical function of AES encryption and
decryption system. A set of test data used by simulation (us-
ing hexadecimal representation) are listed as follows:
Plaintext (128 bits): 3243f6a8885a308d313198a2e0370
734;
Key (128bits): 2b7e151628aed2a6abf7158809cf4f3c;
Ciphertext (128bits): 3925841d02dc09fbdc118597196a0
Fig. (5). Internal and external mixing pipeline structure of encryp- b32;
tion unit.
1376 The Open Cybernetics & Systemics Journal, 2015, Volume 9 Shihai Zhu

Fig. (7). Data input of encryption part of this system.

Fig. (8). Data output of encryption part of this system.

Fig. (9). Data input of decryption part of this system.

Fig. (10). Data output of decryption part of this system.

Hardware Implementation of AES Encryption and Decryption System The Open Cybernetics & Systemics Journal, 2015, Volume 9 1377

Data input and output of encryption part of this system is REFERENCES

shown as Figs. (7) and (8). [1] H. Kim, S. Hong, and J. Lim, “A fast and provably secure higher-
Similarly, data input and output of decryption part of this order masking of AES S-box”, Proceedings of CHES LNCS, vol.
6917, pp. 95-107, 2011.
system is shown as Figs. (9) and (10). [2] C. Carlet, L. Goubin, E. Prouff, M. Quisquater, and M. Rivain,
Test results shows that this system functions exactly, and “Higher order masking schemes for S-boxes”, Proceedings of FSE
LNCS, vol. 7549, pp. 366-384, 2012.
correctly implements AES encryption and decryption system [3] J. D. Golic, “Techniques for random masking in hardware”, IEEE
to encrypt and decrypt data under the condition of plaintext Transactions on Circuits Systems, vol. 54, no. 2, pp. 291-300, 2014.
group of 128 bits, initial key length of 128 bits. [4] D. Canright, and L. Batina, “A very compact ‘perfectly masked’ S-
box for AES”, Proceedings of ACNS LNCS, vol. 5037, pp. 446-
459, 2008.
5. CONCLUSION [5] S. Mangard, E. Oswald, and T. Popp, Power Analysis Attacks:
Revealing the Secrets of Smart Cards. New York: Spinger-Verlag, 2013.
First, we finished software design code description and
[6] Z. Yuan, Y. Wang, J. Li, R. Li, and W. Zhao, “FPGA based opti-
comprehensive compilation by QUARTUS
software of mization for masked AES implementation”, In: Proceedings of
ALTERA corporation based on the overall structure of AES IEEE 54th International MWSCAS, Seoul, Korea, 2011, pp. 1-4.
[7] M. Alam, S. Ghosh, M. J. Mohan, D. Mukhopadhyay, D. R.
encryption and decryption system. Next, we performed de- Chowdhury, and I. S. Gupta, “Effect of glitches against masked
sign simulation by MODELSIM software. Finally, system AES S-box implementation and countermeasure”, IET Information
design and validation results were given. During the design Security, vol. 3, no. 1, pp. 34-44, 2014.
of the whole system, we adopted comprehensive coding [8] E. Trichina, T. Korkishko, and K. H. Lee, “Small size, low power,
side channel-immune AES coprocessor: Design and synthesis re-
style. Open test vector was adopted by function simulation, sults”, Proceedings of AES LNCS, vol. 3373, pp. 113-127, 2005.
and the fact that simulation results and test vector data are [9] S. K. Mathew, F. Sheikh, M. Kounavis, S. Gueron, A. Agarwal, S.
consistent verified the correctness of system logic functions. K. Hsu, H. Kaul, M. A. Anders, and R. K. Krishnamurthy, “53
Gbps native GF(24) 2 composite-field AES-encrypt/decrypt accel-
This design does not have the fastest speed, however, its erator for content-protection in 45 nm high-performance micro-
throughput is dominant in general. Furthermore, this design processors”, IEEE Journal of Solid-State Circuits, vol. 46, no. 4,
pp. 767-776, 2011.
has good speed area ratio. At the same time, the design of the [10] M. McLoone, and J. V. McCanny, “Rijndael FPGA implementa-
system combines encryption with decryption algorithm, tions utilizing look-up tables”, In: Proceedings of IEEE Workshop
which can be completely executed in parallel. In addition, it Signal Processing Systems, Antwerp, Belgium, 2001, pp. 349-360.
[11] A. Hodjat, and I. Verbauwhede, “A 21.54 Gbits/s fully pipelined
achieves the balance of speed and resources under the prem-
processor on FPGA”, In: 12th Annual IEEE Symposium on Field-
ise of ensuring encryption and decryption speed. Programmable Custom Computing Machines, Napa, CA, USA,
2004, pp. 308-309.
CONFLICT OF INTEREST [12] S. Mangard, N. Pramstaller, and E. Oswald, “Successfully attack-
ing masked AES hardware implementations”, Proceedings of
The author confirms that this article content has no con- CHES LNCS, vol. 3659, pp. 157-171, 2005.
[13] E. Oswald, S. Mangard, N. Pramstaller, and V. Rijmen, “A side-
flict of interest. channel analysis resistant description of the AES S-box”, In: Pro-
ceedings of FSE LNCS, vol. 3557, pp. 413-423, 2014.
ACKNOWLEDGEMENTS [14] R. Sakthivel, M. Vanitha, Harish M. Kittur, “Low power high
throughput reconfigurable stream cipher hardware VLSI architec-
We would like to thank the research foundation of water tures”, International Journal of Information and Computer Secu-
conservancy department of Zhejiang province of China for rity, vol. 6, no. 1, pp. 1 - 11, 2014.
[15] K. M. Abdellatif, R. Chotin-Avot, and H. Mehrez, “Low cost solu-
contract RC1339, under which the present work was made tions for secure remote reconfiguration of FPGAs”, International
possible. Journal of Embedded Systems, vol. 6, no. 2/3, pp. 257 - 265, 2014.

Received: June 10, 2015 Revised: July 29, 2015 Accepted: August 15, 2015
© Shihai Zhu; Licensee Bentham Open.

This is an open access article licensed under the terms of the (https://creativecommons.org/licenses/by/4.0/legalcode), which permits unrestricted, non-
commercial use, distribution and reproduction in any medium, provided the work is properly cited.