BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Talks.cam//talks.cam.ac.uk//
X-WR-CALNAME:Talks.cam
BEGIN:VEVENT
SUMMARY:Side-Channel Attack Resistant ROM-Based AES S-Box - Ken Mai\, Carn
 egie-Mellon University
DTSTART:20100730T150000Z
DTEND:20100730T160000Z
UID:TALK25690@talks.cam.ac.uk
CONTACT:Sergei Skorobogatov
DESCRIPTION:One of the most popular encryption algorithms in use today is 
 the Advanced Encryption Standard (AES). A repeated function within the alg
 orithm that dominates the area and delay of AES implementations is the Sub
 stitution Box (S-Box) that performs a byte-wise substitution on the data b
 ased on an established code book. Most AES algorithm implementations use a
  large complex logic block consisting mainly of XORs to implement the S-Bo
 x. Direct implementation of the S-Box with a read-only memory (ROM) look-u
 p table (LUT) has been eschewed due to difficulty in pipelining the struct
 ure\, hence restricting the throughput. However\, we present a custom ROM-
 based S-Box implementation that can achieve comparable throughput to logic
 -based implementations\, yet is smaller in both area and power. Additional
 ly\, the symmetrical nature of the ROM is well suited towards maintaining 
 power consumption un-correlated to data\, which is key to defeating a comm
 on side-channel attack\, differential power analysis (DPA). In comparison\
 , DPA-resistant logic typically requires a 3--4x penalty in power\, area\,
  and performance.  Our design can sustain a throughput of 6.15 Gbps while 
 using 2x less area than a modern standard cell implementation in a 90 nm p
 rocess\, while significantly reducing data-dependent power consumption.
LOCATION:Room FW11\, Computer Laboratory\, William Gates Building
END:VEVENT
END:VCALENDAR