先進加密標準(Advanced Encryption Standard)演算法是一種新的對稱式加密演算法。此演算法是由美國國家標準與技術協會於西元2001年所公開發表之新標準，以取代當時的資料加密標準(Data Encryption Standard)演算法。近年來，有許多關於AES演算法的硬體實現方式已被發表。然而，在大部分的硬體設計研究中，基於對該演算法之安全性信任之下，利用特殊應用積體電路(Application specific integrated circuit)來設計硬體，然而，由於利用此方式設計之電路的架構及內容是無法進行更新或更改，會導致安全性的可靠度日益降低。

這篇論文中我們針對AES其內部之S-box的部分來進行改良及分析，以期提高此演算法之安全性，在這裡我們利用內嵌式記憶體並搭配我們自行開發之虛擬亂數產生器(Pseudo Random Number Generator)來建構一個可重建式S-box，我們利用現場可程式化之邏輯陣列(Field Programmable Gate Array)來做為硬體實現平台，由於現場可程式化之邏輯陣列擁有嵌入式記憶體以及可重建式電路元件之優點，所以非常適用於此篇論文所提出之硬體架構。
除此之外，AES內部之MixColumn及InvMixColumn的部分對於整個AES電路的面積及速度也佔有一定程度之影響，所以我們亦針對此部分來進行改良，我們提出了整合式Mix/InvMix Column電路架構，對於面積及速度的部分來進行最佳化的動作，以理論值來說，我們所提出之架構只需要5個XOR的延遲時間，即可完成此部分之運算。對於速度上有所提供，同時又減少了約42%的面積。

在硬體實現方面，我們使用Altera公司所設計的Stratix系列之可程式化之邏輯陣列發展平台來實現我們所設計之AES處理器，我們所設計之電路可達到70 MHZ之時脈速度，當加密金鑰長度為128位元時，每秒的資料處理量為0.898 Gbps。

The AES (Advanced Encryption Standard) algorithm is a new standard algorithm of symmetric-key cryptography system. In order to replace DES algorithm, the Rijndael’s algorithm was selected as the Advanced Encryption Standard (AES) by the National Institute of Standards and Technology (NIST). Cryptographic applications are often applied to application specific integrated circuit (ASIC) design as it is trusted in sufficient security level. However, fixed hardware implementations become more and more insecure because it is impossible to update or upgrade in response to new security threats.
For high security level, a reconfigurable S-box utilized RAM based design is constructed in our AES design. And the reconfiguration of S-box can be generated by using our previous proposed pseudo random number generator (PRNG). The PRNG utilized to generate random numbers can construct the look-up table of S-box dynamically. The embedded memory of FPGA is exploited for the reconfigurable S-box in our proposed architecture. Using FPGA with embedded memory is the most cost-effective for RAM based design because for the balance of memory and logic resource.
Mix/InvMix Column dominates both in the logic resource and the critical delay in AES hardware implementation with direct mapping S-boxes. The integrated Mix/InvMix Column circuit based on the proposed decomposition method optimizes the area and the delay. Theoretically, in architecture level, the proposed short-path circuit reduced the area up to 42% with the same 5 XOR gates delay in critical path. The FPGA of Altera Stratix family EP1S25F780C5 is used to implement our AES design. A 70 MHz clock is achieved, and the throughput is 0.898 Gbps for 128-bit keys.

[1] National Institute of Standards and Technology (NIST), Advanced Encryption Standard (AES). Springfield, VA 22161: National Technical Information Service, Nov. 2001.

[2] National Institute of Standards and Technology (NIST), Data Encryption Standard (DES). Springfield, VA 22161: National Technical Information Service, Oct. 1999.

[3] R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems,” Proc. of Communications of the ACM, vol. 21, pp. 120-126, Feb. 1978.

[4] IEEE, IEEE Standard Specifications for Public Key Cryptography. IEEE Standards De-partment, Jan 2000.

[5] http://csrc.nist.gov/CryptoToolkit/aes/

[6] A. Satoh, S. Morioka, K. Takano, and S. Munetoh, “A Compact Rijndael Hardware Ar-chitecture with S-Box Optimization,” Proc. of ASIACRYPT 2001, pp. 239-254, 2001.

[7] J. Wolkerstorfer, E. Oswald, and M. Lamberger, “An ASIC Implementation of the AES SBoxes,” Proc. of RSA Conf. pp. 67-78, Feb. 2002.

[8] T.-F., Lin, C.-P. Su, C.-T. Huang, and C.-W. Wu, “A High-Throughput Low-Cost AES Cipher,” Proc. of IEEE Asia-Pacific Conf. ASIC, pp. 85-88, 2002.

[9] V. Rijmen, “Efficient Implementation of the Rijndael S-Box,” http://www.iaik.tu-graz.ac.at/research/krypto/AES/old/~rijmen/rijndael/sbox.pdf, 2006.

[10] Y.-K. Lai, L.-C. Chang, L.-F. Chen, C.-C. Chou, and C.-W. Chiu, “A novel memoryless AES cipher architecture for networking applications,” Proc. of IEEE ISCAS 2004, vol. 4, pp. IV – 333-336, May 2004.

[11] C.-C. Lu and S.-Y. Tseng, “Integrated design of AES (advanced encryption standard) encrypter and decrypter,” Proc. of IEEE ASAP’02, pp. 277-285, 2002.

[12] X. Zhang and K. K. Parhi, “Implementation approaches for the advanced encryption standard algorithm,” IEEE Circuits Syst. Mag., vol. 2, no. 4, pp. 24-46, Mar. 2002.

[13] X. Zhang and K. K. Parhi, “High-speed VLSI architectures for the AES algorithm” IEEE Trans. On Very Large Integration (VLSI) Systems, vol. 12, iss. 9, pp. 957-967, Sept. 2004.

[14] V. Fisher, M. Drutarovsky, P. Chodowiec, and F. Framain, “InvMixColumn Decomposi-tion and Multilevel Resource Sharing in AES Implementations,” IEEE Trans. On Very Large Integration (VLSI) Systems, vol. 13, no. 8, pp. 989-992, Aug. 2005.

[15] H. Li and Friggstad Z., “An efficient architecture for the AES mix columns operation,” Proc. of IEEE ISCAS 2005, vol. 5, pp. 4637-4640, May 2005.

[16] M. Piotr, “Implementation of the Block Cipher Rijndael Using Altera FPGA”, Public Comments on AES Candidate Algorithms-Round2, 2000.

[17] A. Panato, M. Barcelos, and R. Reis, “An IP of an Advanced Encryption Standard for
Altera/spl trade/devices,” Proc. of IEEE Integrated Circuits and Systems Design, pp.
197-202, Sept. 2002.

[18] Altera, “High-Speed Rijndael Encryption/Decryption Processors.”, Hammercores whitepaper v. 1.0.

[19] Fischer V., “Realization of the Round 2 AES Candidates Using Altera FPGA,” 3rd AES Candidate Conference, 2000.

[20] Y.-J. Huang, Y.-S. Lin, K.-Y. Hung, and K.-C. Lin, “Efficient Implementation of AES IP”, Proc. of IEEE Circuits and Systems, pp. 1418-1421, Dec. 2006.

[21] T. Ichikawa, T. Kasuya, and M. Matsui, “Hardware evaluation of the AES finalists”, Proc. 3rd AES Candidate Conference, pp 279-285, April 2000.

[22] H. Kuo and I. Verbauwhede, “ Architectural optimization for a 1.82 Gbits/sec VLSI im-plementation of the AES Rijndael algorithm”, Proc. Cryptographic Hardware and Em-bedded Systems (CHES) 2001, no. 2162, 2001.

[23] C.-P. Su, C.-L. Horng, C.-T. Huang, and C.-W. Wu,”A Configurable AES Processor for Enhanced Security”, Proc. of the ASP-DAC 2005, pp. 361-366, vol. 1, Jan. 2005.