BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Talks.cam//talks.cam.ac.uk//
X-WR-CALNAME:Talks.cam
BEGIN:VEVENT
SUMMARY:Side-Channel Attack Resistant ROM-Based AES S-Box - Ken Mai\, Carn
 egie-Mellon University
DTSTART:20100730T150000Z
DTEND:20100730T153000Z
UID:TALK25699@talks.cam.ac.uk
CONTACT:Sergei Skorobogatov
DESCRIPTION:One of the most popular encryption algorithms in use today is 
 the Advanced Encryption Standard (AES). A repeated function within the alg
 orithm that dominates the area and delay of AES implementations is the Sub
 stitution Box (S-Box) that performs a byte-wise substitution on the data b
 ased on an established code book. Most AES algorithm implementations use a
  large complex logic block consisting mainly of XORs to implement the S-Bo
 x. Direct implementation of the S-Box with a read-only memory (ROM) look-u
 p table (LUT) has been eschewed due to difficulty in pipelining the struct
 ure\, hence restricting the throughput. However\, we present a custom ROM 
 -based S-Box implementation that can achieve comparable throughput to logi
 c-based implementations\, yet is smaller in both area and power. Additiona
 lly\, the symmetrical nature of the ROM is well suited towards maintaining
  power consumption un-correlated to data\, which is key to defeating a com
 mon side-channel attack\, differential power analysis (DPA). In comparison
 \, DPA -resistant logic typically requires a 3—4x penalty in power\, are
 a\, and performance. Our design can sustain a throughput of 6.15 Gbps whil
 e using 2x less area than a modern standard cell implementation in a 90 nm
  process\, while significantly reducing data-dependent power consumption.\
 n\n
LOCATION:Computer Laboratory\, William Gates Building\, Room FW11
END:VEVENT
END:VCALENDAR