S-Box is one of the most important module of the Advanced Encryption Standard (AES) algorithm. At present, there are two implementation methods, based on look-up table or finite field. However, the former takes up lots of chip area while the latter is not suitable for high speed application.
This paper describes an efficient S-box computation developed for the Rijndael ciphering system. The mathematical manipulation lies on composite field computation where the element inversion is performed in the Galois Field. This means that the same inversion block could be shared by both encryption and decryption. Unlike table lookup, different look-up table keys are adopted in the encryption and decryption modules. It saves lots of chip area. In the Keyexpansion module, also uses this advantage to replace the lookup table to ensure that the lower chip space.
This development is, on one hand, suitable for applications where table lookup is not applicable or restricted. On the other hand, the development is suitable for a highly-parallel system where data flow can be arranged in pipeline manner.
To optimize area, an optimized implementation of S-BOX is presented. Experiments indicate that chip area taken by S-BOX is significantly reduced, but not at the expense of greatly increasing the time delay.
In addition, this paper also discusses the 128,192, and 256-bit Keyexpansion module design that how to reduce the hardware size. Mainly it reach effect through three kind of the implementation of the keyexpansion using the same set of logic circuits.
Using cadence compiler design tool in 0.13 um technology, compared with S-Box table look-up design, in overall AES we reduce about 18.9% area saved, and 45.7% power saved. compared with Full-set key expansion design, we reduced about 68.8% area saved, and 76.4% power saved.

SBOX 是高級加密標準演算法中重要的模組之一。在目前的作法上，分為兩大類，一種主要是由查表法完成，另一種則用有限域完成。然而，前者會需要很大量的晶片空間，而後者則不適用於高速度的裝置上。
這篇論文主要描述一種有效率且根據Rijndael晶片系統的SBOX計算，裡面的數學運算主要是依賴混合有限域運算中的反元素運算執行，也就是說加密和解密運算裡頭的乘法逆運算可以被分享。與查表法不同的地方在於查表法中加密和解密需要不同的查表法，這將省去大量的晶片空間。而在鑰匙延展模組中，也利用這項優點，取代查表法以確保更低的晶片空間。
這項研究成果，一方面適用於查表法不能被使用或被限制住的情形(比如說需要低面積晶片設計基礎上) ，一方面這像研究成果可適用於高速平行系統(資料可以被排程同時運作) 。為了減低面積而討論出一種優化的SBOX 。實驗結果指出晶片面積所佔的空間的確減低而且不會大大增加延遲時間。
此外這篇論文也探討了128、192、和256位元鑰匙延展模組硬體設計和面積減低，主要則是透過此三種不同位元執行鑰匙延展時，利用同樣一組邏輯電路已達到減低面積的效果。
這篇論文使用cadance編譯工具，在130奈米科技下，與使用查表法的設計比較，整個高級加密標準晶片減低了18.9%的空間，且又省上45.7%的用電。與使用Full-set 鑰匙擴充設計，整個高級加密標準晶片減低了68.8%的空間，且又省上76.4%的用電。

[1] FIPS Publication 197, “Advanced Encryption Standard (AES).” U.S. DoC/NIST, November 26, 2001
[2] National Institute of Standards and Technology (NIST). Advanced Encryption Standard (AES), National Technical Information Service, Springfield, VA 22161, Nov. 2001.
[3] I.M. Verbauwhede, P.R. Schaumont, and, H. Kuo "Deign and Performance Testing of A 2.29 Gb/s Rijndael Processor," IEEE J. of Solid State-Circuit, Vol. 38, No. 3, March 2003, pp. 569 – 572.
[4] Artur Gielata, Pawel Russek, Kazimierz Wiatr “AES hardware implementation in FPGA for algorithm acceleration purpose” ICSES 2008 INTERNATIONAL CONFERENCE ON SIGNALS AND ELECTRONIC SYSTEMS ,KRAKÓW, SEPTEMBER 14-17, 2008
[5] Chen-Hsing Wang, Chieh-Lin Chuang, and Cheng-Wen Wu “An Efficient Multimode Multiplier Supporting AES and Fundamental Operations of Public-Key Cryptosystems” IEEE TRANSACTIONS ON VERY LARGE SCALE INTEGRATION (VLSI) SYSTEMS, VOL. 18, NO. 4, APRIL 2010
[6] Sumio Morioka and Akashi Satoh “An Optimized S-Box Circuit Architecture for Low Power AES Design” IBM Research, Tokyo Research Laboratory, IBM Japan Ltd., 1623-14 Shimotsuruma, Yamato-shi, Kanagawa-ken 242-8502, Japan
[7] Chih-Pin Su, Tsung-Fu Lin, Chih-Tsun Huang, and Cheng-Wen Wu “A Highly Efficient AES Cipher Chip” Laboratory for Reliable Computing Department of Electrical Engineering National Tsing Hua University Hsinchu, Taiwan 30013 ROC
 
[8] Chi-Jeng Chang1, Chi-Wu Huang2, Kuo-Huang Chang1, Yi-Cheng Chen2 and Chung-Cheng Hsieh1 “High Throughput 32-bit AES Implementation in FPGA” *1 Institute of Applied Electronics Technology *2 Department of Industrial Education National Taiwan Normal University
[9] Kuo-Huang Chang1, Yi-Cheng Chen2, Chung-Cheng Hsieh1, Chi-Wu Huang2 and Chi-Jeng Chang1 “Embedded a Low Area 32-bit AES for Image Encryption/Decryption Application” *1 Institute of Applied Electronics Technology *2 Department of Industrial Education National Taiwan Normal University
[10] H. Rahaman1, J. Mathew1, A. Jabir2 and D. K. Pradhan1 “C-testable S-box Implementation for Secure Advanced Encryption Standard” *1 Department of Computer Science, University of Bristol, Bristol BS8 1UB, UK *2 Dept. of Computer Science and Electronics, Oxford Brookes University, Oxford OX33 1HX, UK.
[11] Henri Gilbert and Thomas Peyrin “Super-SBOX Cryptanalysis: Improved Attacks for AES-like permutations”
[12] H. Li and J. Li, “A new compact architecture for AES with optimized shiftrows operation,” in Proc. IEEE ISCAS, May 2007, pp. 1851–1854.
[13] M. Alam, S. Ray, D. Mukhopadhayay, S. Ghosh, D. RoyChowdhury, and I. Sengupta, “An area optimized reconfigurable encryptor for AES Rijndael,” in Proc. Conf. DATE, Apr. 2007, pp. 1–6.
[14] Y.-K. Lai, L.-C. Chang, L.-F. Chen, C.-C. Chou, and C.-W. Chiu, “A novel memoryless AES cipher architecture for networking applications,” in Proc. IEEE ISCAS, May 2004, pp. 333–336.
[15] C.-P. Su, T.-F. Lin, C.-T. Huang, and C.-W. Wu, “A high-throughput low-cost AES processor,” IEEE Commun. Mag., vol. 41, no. 12, pp. 86–91, Dec. 2003.
[16] C.-C. Lu and S.-Y. Tseng, “Integrated design of AES (Advanced Encryption Standard) encrypter and decrypter,” in Proc. IEEE Int. Conf. Appl.-Specific Syst. Architectures, Processors, Jul. 2002, pp. 277–285.
[17] M. Feldhofer, J. Wolkerstorfer and V. Rijmen, “AES implementation on a grain of sand“, Information Secutiry, IEE Proc. 2005
[18] Satoh, A., Morioka, S., Takano, K., and Munetoh, S. “A compact Rijndael hardware architecture with S-Box optimization”. In Boyd, C. (Ed.) Proc. 7th Int. Conf. on the Theory andApplication of Cryptology and Information Security, Advances in Cryptology, ASIACRYPT 2001, Gold Coast Australia,December 2001, LNCS 2248, pp. 239–254. (Springer, 2001)
[19] Pramstaller, N., Mangard, S., Dominikus, S., and Wolkerstorfer, J. “Efficient AES implementations on ASICs and FPGAs”, In Dobbertin, H., Rijmen, V., and Sowa, A. (Eds):Proc. Fourth Workshop on the Advanced Encryption Standard‘‘AES - State of the Crypto Analysis’’, AES 2004, LNCS 3373,pp. 98–112 (Springer, 2004)
[20] A. Rudra et. al., "Efficient Implementation of Rijndael Encryption with Composite Field Arithmetic," Proc. CHES 2001, LNCS Vol. 2162, pp. 175-188, 2001.
[21] Hung Chin Ke,” Enhancing Compression and Encryption of image with FPGA-based Cryptosystems”, Applied informatics international symposium on software engineering, databases, and applications, February 18-21,2002, Innsbruck,Austria, Page(s): 187-192.
[22] Chung-Yi Li, Chih-Feng Chien, Jin-Hua Hong* and Tsin-Yuan Chang “An Efficient Area-Delay Product Design for MixColumns / InvMixColumns in AES” IEEE Department of Electrical Engineering, National Tsing Hua University, Hsinchu, Taiwan, R.O.C.
[23] J. Daemen and V. Rijmen, AES Proposal: Rijndael (Version 2). NIST AES Website : http://csrc.nist.gov/publications/