在這篇論文中，我們提出了一個算術電路能同時支援先進加密標準 (AES)與橢圓曲線加密 (ECC)。 這個算術電路主要由一個能支援雙場乘法的乘法器所構成。這個雙場乘法器能做雙場乘法運算，因此能支援雙場橢圓曲線加密。而AES演算法中的線性部分是一般的矩陣運算，類似普通的乘法運算，因此也可用同一個雙場乘法器來實現。乘法器的大小可當成硬體設計的參數，能針對不同應用的處理速度與硬體面積作考量。在我們實現的加解密處理器中，是以高效能為考量重點，故採用128×32的乘法器。而ECC中以字元為基礎的蒙哥瑪利乘法演算法也針對這種非對稱的乘法器做適當修改。因使用了以字元為基礎的蒙哥瑪利乘法演算法，使我們的處理器能處理128到256間任意位元的ECC運算。我們所實現的加解密處理器能支援AES中的電子碼區塊模式(Electronic Code Block mode)以及密文區塊鏈模式(Cipher Block Chaining mode)。同時，處理器也可支援雙場橢圓曲線的加解密運算。在處理器的輸入輸出部分，採用的是常用的進階高速匯流排(Advanced High Speed Bus)協定，能相容於ARM處理器的系統，減少系統整合所需時間。使用標準0.13微米互補式金氧半導體製程(TSMC 0.13 CMOS)，我們的設計可達到120MHz的操作頻率。在AES模式時，每秒的資料處理量為分別是1.56Gps，1.3Gps和1.11Gps，當加密金鑰長度是128，192，256位元時。而處理器做一個在質數場下的256-bit純量橢圓曲線點乘法需時2.27微秒；做一個在多項式場下的163-bit純量橢圓曲線點乘法需時1.11微秒。在可測性設計方面，針對記憶體使用內建自我測試電路(Built In Self Test)，而邏輯部分則使用全掃瞄測試串(full scan)，最後錯誤涵蓋率(fault coverage)達到98.78%。

We propose an arithmetic unit supporting Advanced Encryption Standard (AES) and Elliptic
Curve Cryptography (ECC). The arithmetic unit is based on a modified dual-field multiplier.
The size of the multiplier is a design parameter for different throughput and area cost trade-
offs. Our high-throughput implementation uses the 128x32 multiplier. The word-based
Montgomery multiplication is modified for this asymmetric multiplier. The cryptographic
processor supports the Electronic Code Block mode (ECB) and Cipher Block Chaining mode
(CBC) for AES and Dual-field: GF(p) and GF(2n) for ECC. The operating frequency of the
processor is 120 MHz by using TSMC 0.13um CMOS process. The throughput of AES are
1.56Gbps, 1.3Gbps, and 1.11Gbps for key size of 128, 192, 256 bits, respectively. A scalar
point multiplication of ECC takes 2.27ms for 256-bit key in GF(p), and 1.11ms for 163-bit
key in GF(2n),respectively.

[1] C.-L. Horng, \An aes cipher chip design using on-the-fly key scheduler", Master Thesis,
Dept. Electrical Engineering, National Tsing Hua University, Hsinchu, Taiwan, June
2003.
[2] A. Satoh and K. Takano, \A scalable dual-field elliptic curve cryptographic processor",
IEEE Trans. on Computers, vol. 52, no. 4, pp. 449{460, Apr. 2003.
[3] NIST, Advanced Encryption Standard (AES), National Technical Information Service,
Springfield, VA 22161, Nov. 2001.
[4] IEEE, \IEEE P1363 standard specification for public-key cryptography",
http://grouper.ieee.org/groups/1363/, 2002.
[5] V. Rijmen, \E±cient implementation of the Rijndael S-box",
http://www.esat.kuleuven.ac.be/~rijmen/rijndael/sbox.pdf.
[6] C» . K. Koc, \RSA hardware implementation", Technical report, RSA Laboratories, RSA
Data Security, Inc., Redwood City, CA, 1995.
[7] Y.-C. Lin, \A word-based RSA public-key crypto-processor core for IC smart card",
Master thesis, Dept. Electrical Engineering, National Tsing Hua University, Hsinchu,
Taiwan, June 2001.
[8] C. Cheng, C.-T. Huang, J.-R. Huang, C.-W. Wu, C.-J. Wey, and M.-C. Tsai, \BRAINS:
A BIST complier for embedded memories", in Proc. IEEE Int'l Symp. on Defect and
Fault Tolerance in VLSI Systems (DFT), Yamanashi, Oct. 2000, pp. 299{307.
[9] S.-Y. Lin, \A dual-‾eld elliptic curve cryptographic processor", Master Thesis, Dept.
Electrical Engineering, National Tsing Hua University, Hsinchu, Taiwan, June 2004.
[10] Jing Wang, Xiaoyang Zeng, and Jun Chen, \A VLSI implementation of ECC combined
with AES", in Solid-State and Integrated Circuit Technology, Oct. 2006, pp. 1899{1904.
[11] J. V. McCanny N. Smyth, M. McLoone, \An adaptable and scalable asymmetric cryp-
tographic processor", in Application-specific Systems, Architeture and Processor, Aug.
2006, pp. 341{346.
[12] I. Verbauwhede, P. Schaumont, and H. Kuo, \Design and performance testing of a
2.29-GB/s Rijndael processor", IEEE Jour. of Solid-State Circuits, vol. 38, no. 3, pp.
569{572, Mar. 2003.
[13] H. Kuo and I. Verbauwhede, \Architectural optimization for a 1.82 Gbits/sec VLSI
implementation of the AES Rijndael algorithm", in Cryptographic Hardware and Em-
bedded Systems (CHES) 2001, C» . K. Ko»c, D. Naccache, and C. Paar, Eds. May 2001,
vol. 2162 of LNCS, Springer-Verlag.