On the S-Box Architectures with Concurrent Error Detection for the Advanced Encryption Standard

Abstract

In this paper, we present a new low-cost concurrent error detection (CED) S-Box architecture for the Advanced Encryption Standard (AES). Because the complexity and the nonlinearity, it is difficult to develop error detection algorithms for the S-Box. Conventionally, a parity checked S-Box is implemented with ROM (read only memory). In some applications, for example, smart cards, both chip size and fault detection are demanded seriously. ROM-based parity checking cannot meet the demands. We propose our CED S-Box (CEDSB) architecture for two reasons. The first is to design a S-Box without ROM. The second is to obtain a compact S-Box with real time error detection. Based on the composite field, we develop the CEDSB architecture to implement the fault detection for the S-Box. The overhead of the CED for the S-Boxes in GF((24)2) and in GF(((22)2)2) are 152 and 132 NAND gates respectively. The amount of extra gates used for the CEDSB is nearly equal to that of the ROM-based CED S-Box (131 NAND gates). The chip area of the ROM-based CED S-Box, the CEDSBs in GF((24)2), and in GF(((22)2)2) are 2996, 558, and 492 NAND gates separately. The chip area of the CEDSB is more compact than a ROM-based CED S-Box.