In this article, we propose the first strategy to obtain extremely small bit-serial ASIC implementations of SPN primitives. Our technique, which we call bit-sliding, is generic and offers many new interesting implementation trade-offs. It manages to minimize the area by reducing the data path to a single bit, while avoiding the use of many scan flip-flops.
Following this general architecture, we could obtain the first bit-serial and the smallest implementation of AES-128 to date (1563 GE for encryption only, and 1744 GE for encryption and decryption with IBM 130nm standard-cell library), greatly improving over the smallest known implementations (about 30% decrease), making AES-128 competitive to many ciphers specifically designed for lightweight cryptography. To exhibit the generality of our strategy, we also applied it to the PRESENT and SKINNY block ciphers, again offering the smallest implementations of these ciphers thus far, reaching an area as low as 1054 GE for a 64-bit block 128-bit key cipher. It is also to be noted that our bit-sliding seems to obtain very good power consumption figures, which makes this implementation strategy a good candidate for passive RFID tags.
Category / Keywords: implementation / Bit-serial implementations, bit-slide, lightweight cryptography, AES, SKINNY, PRESENT Original Publication (with minor differences): IACR-CHES-2017 Date: received 21 Jun 2017, last revised 26 Jun 2017 Contact author: jean jeremy at gmail com, amir moradi at rub de Available format(s): PDF | BibTeX Citation Version: 20170626:063030 (All versions of this report) Short URL: ia.cr/2017/600