Agile-AES: Implementation of configurable AES primitive with agile design approach

Abstract

In the data-centric era, interconnected devices must be able to communicate efficiently and securely with their hosts even over untrusted networks. This led to the adoption of several end-to-end security protocols that employ various efficient and elegant encryption algorithms, such as Advanced Encryption Standard (AES), often implemented with hardware modules since there is usually no good solution to install security software on the device itself. State-of-the-art AES hardware implementations typically focus on optimizing a single metric, e.g. throughput or area, and are tedious to adapt to a wider set of design constraints. Applying an agile approach to hardware development is increasingly important, and this is especially critical for hardware security primitives that need to be consumed in various systems. In this work, we develop Agile-AES, an open-source, flexible, parameterizable, hardware implementation of AES, combining many best-known practices. The agile and feature-rich implementation was based on the Chisel framework, through which flexibility is instrumented to support various key length, topology, mode of operation, local memory type, S-box fabric, side-channel attack defense techniques, and interfaces. Despite covering a larger design space, our proposed implementation has 50% fewer lines of code compared to existing Verilog versions — a crucial advantage in terms of maintainability and development productivity. To evaluate the QoR out of this implementation approach, we pick representative configurations and evaluate utilization, power and throughput on both entry level and server-grade FPGAs and compare against the Verilog and HLS counterpart implementations. It shows very comparable results to the Verilog implementation and better QoR compared to the HLS-based implementation.