# APPLICATION OF UT MULTIPLIER IN AES ALGORITHM AND ANALYSIS OF ITS PERFORMANCE 

Bindu Swetha Pasuluri ${ }^{1}$, V.J.K.Kishor Sonti ${ }^{2}$,<br>${ }^{1}$ Research Scholar, Department of Electronics and Communication Engineering Sathyabama Institute of Science \& Technology, Chennai, India<br>binduswetha.ece@gmail.com<br>${ }^{2}$ Assoc .Professo, Department of Electronics and Communication Engineering<br>Sathyabama Institute of Science \& Technology, Chennai, India kishoresonti.ece@sathyabama.ac.


#### Abstract

From the previous few years numerous cryptographic algorithms have been implemented, giving scrupulous significance to high safety applications, i.e. for ATMs, smart cards, WWW servers \& many others. Amid the specified cryptographic algorithms, the Advanced Encryption Standard (AES) algorithm is preferred algorithm. The algorithm is implemented in various bit sizes. An AES algorithm recognizes a 128 -bit plain data text and generates a 128 -bit cipher text under the secret key control of $\mathbf{1 2 8}, 192$ or 256 -bits. Moreover in this brief, an AES algorithm with 128/192/256 bits is implemented by using Vedic Mathematics. The conventional pipelined based algorithm is compared with proposed Vedic mathematics based AES algorithm in turns of area. With the help of Xilinx the AES algorithm is simulated and synthesized. Also it can be seen that proposed algorithm occupies approximately $40 \%$ less area when compared with conventional algorithm.


Keywords: AES algorithm, Vedic Mathematics, chipper text, area.

## 1. Introduction

In a fast-paced globe, communication was produced accessible through the use of computers and internet at everybody's finger tips. With technology advances, all transactions such as economic transactions, bill payments, exchange of reliable data via mails and emails can be carried out with ease, via pcs, handheld devices such as mobile phones, tablets, etc. This creates the need for an area-efficient, high-speed cryptographic algorithm that offers the information being exchanged with encryption and decryption.
Several cryptographic algorithms have been found and studied over the previous few years, giving particular significance to the algorithm vulnerability issue in apps that require high safety, i.e. for WWW servers , ATMs, smart cards, etc. In these algorithms, one of the most perfect algorithms is the Advanced Encryption Standard (AES) algorithm because it is resistant to assaults.

Advanced Encryption Standard (AES) is definitely the default option for the purpose of data encryption in networked apps, the recent encryption standard authorized by NIST. Implementing the algorithm's hardware provides better efficiency but provides less suppleness and it is also hard and takes time to execute when compared with the implementing software. A call for suggestions for a fresh symmetrical algorithm called the The National Institute of Standards and Technology (NIST), USA released Advanced Encryption Standard (AES) in 1997.Since 1976, the DES algorithm has been the standard for symmetric algorithms.. Fifteen candidate algorithms were accepted in 1998 and five of these candidates were announced as finalists after one year of research[1,2].
Extensive study has been performed on all these algorithms to discover attacks or weaknesses. All 5 finalists seem to give sufficient safety, according to NIST. A lot of studies has also been performed to evaluate the performance in both software and hardware of these 5 algorithms. In 2000, NIST announced the selection of Rijndael to achieve AES cryptographic algorithm. The blend of safety, effectiveness, flexibility and execution have made Rijndael proposed algorithm as an appropriate choice for the AES.
Some design requirements had to be met by the applicants for the AES algorithm are listed. First of all, the algorithm must be a balanced algorithm and unaffected to all the attacks known. Further, the AES algorithm must be very wellorganized in efficiency and memory for separate devices. It is necessary to handle the design with simple and different significant lengths of 128,192 and 256 bits each. The block cipher's length should be 128 bits[4].
In this brief, sections II deliberates the importance of AES algorithm , Section III discusses the Importance of Vedic Mathematics and implementation of AES algorithm ,Simulation Results are deliberated in Section IV and followed by Conclusion in Section V.

## 2. Significance of AES Algorithm:

The AES recognizes a plain 128 -bit text and generates a chipper text of length 128 -bit with the help of a secret key
control using 128,192 or 256 -bits. It is a network design of substitution-permutation with a single set of steps named as a round. A number of runs depends on the key length of the AES algorithm during implementation of the algorithm.


Figure 1: Process flow diagram of AES algorithm[2] The procedure of AES algorithm is first started with an initial round of taking plain text input and then there are several ordinary rounds, and the final round ends to give the text.To calculate these rounds and a main timetable, only four distinct activities are required. In Rijndael, distinct keylengths can be used depending on the level of safety needed for the implementation. Rijndael is described as a 128,192 or 256bit block cipher with key lengths. The possible block lengths for the Rijndael algorithm are 128,192 or 256 . While the AES algorithm is exactly the same as Rijndael's, only one 128bit block length is described. Although the AES algorithm is the same as the Rijndael, it offers only approximately 128 bit of detailed information [7],[8 ][11].
The Rijndael algorithm is such that all bits from 2 rounds are dependent on each bit, for example complete diffusion. The duration of the key relies on the number of running rounds.

|  |  | Length of the key <br> in words | No. of rounds <br> required- Nr |
| :--- | :--- | :--- | :--- |
| $128 \quad$ bit <br> algorithm | AES | 4 | 10 |
| 192 bit <br> algorithm | AES | 6 | 12 |
| $256 \quad$ bit <br> algorithm | AES | 8 | 14 |

Table 1: Key lengths of AES algorithm
The process of encryption is projected as:
$>\quad$ Firstly. Using S-box Substitution of Bytes should be done
$>\quad$ Next, with the help of different offset, Row shifting operation must be done
$>\quad$ Next, in each column of state array, mixing of data should be carried out
$>\quad$ Finally, with the help of state add a round key.

### 2.1 AddRoundKey

The AddRoundKey procedure is a easy state-to-RoundKey EXOR operation. The RoundKey is obtained with the help of the key schedule from the Cipherkey. RoundKey and state are identical in size and an EXOR procedure per component is performed to acquire the next State:
$S(i, j)=s(i, j) \oplus W(i, j)$.
Whereas s is the present state, S is denoted as the next state and finally $w$ is designated as round key.


Figure 2: Process of Adding Round Key[2]

### 2.2 Procedure of Sub Bytes Data

The SubBytes strategy is similar to the DES algorithm's Sboxes. In the Rijindael algorithm, only one S-box has the key.In differential, linear cryptanalysis, and an assault on the algebraic handling of the S-box design criteria are extremely resistant.

|  |  |  |  |  |  |  |  |  |  |  |  | y |  |  |  |  |  |  |  |  |  |
| :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: |
|  |  | 0 | 1 |  | 2 | 3 | 4 | 4 | 5 | 6 |  | 7 | 8 | 9 |  | a | b | c | d | e | f |
|  | 0 | 63 | 7 c |  | 77 | 76 | f2 | 12 | 6 b | 6 f | c. | 5 | 30 | 01 |  | 67 | 2b | fe | d7 | ab | 76 |
|  | 1 | ca | 82 |  | c9 | 7d | fa | a | 59 | 47 | f0 | f0 | ad | d4 |  | 12 | af | 9 c | at | 72 | c0 |
|  | 2 | b7 | fd |  | 93 | 26 | 36 | 3 | 3 f | f7 | co | cc | 34 | 34.5 |  | e5 | $f 1$ | 71 | d8 | 31 | 15 |
|  | 3 | 04 | c7 |  | 23 | c3 | 18 | 8 | 96 | 05 | 9 | 9a | 07 | 12 |  | 80 | e2 | eb | 27 | b2 | 75 |
|  | 4 | 09 | 83 |  | 2 c | 1 la | 1 l | b | 6e | 5 a | a0 | a 0 | 52 | 326 |  | d6 | b3 | 29 | e3 | $2 f$ | 84 |
|  | 5 | 53 | dl |  | 00 | ed | 20 | 0 | fc | bl |  | 56 | 6a | cb |  | be | 39 | 4 a | 4 c | 58 | cf |
|  | 6 | d0 | ef |  | aa | fb | 43 | 3 | 4d | 33 |  | 85 | 45 | 59 |  | 02 | 7 f | 50 | 3 c | 9f | a8 |
| $X$ | 7 | 51 | a3 | 40 | 40 | 8 f | 92 | 12 | 9d | 38 | f5 | 45 | bc | b6 |  | da | 21 | 10 | ff | $f 3$ | d2 |
|  | 8 | cd | 0 c |  | 13 | ec | 5 f | 5 | 97 | 44 |  | 17 | ct | a7 |  | 7 e | 3d | 64 | 5d | 19 | 73 |
|  | 9 | 60 | 81 |  | $4 f$ | dc | 22 | 2 | 2a | 90 |  | 88 | 46 | ee |  | 68 | 14 | de | 5 e | Ob | db |
|  | a | e0 | 32 |  | 3 a | 0 a | 49 | 9 | 06 | 24 |  | 5 | c2 | d3 |  | ac | 62 | 91 | 95 | et | 79 |
|  | $b$ | e7 | c8 |  | 37 | 6d | 8d | d | d5 | 4 e |  | 19 | 6 | c 56 |  | 44 | ea | 65 | 7a | ae | 08 |
|  | c | ba | 78 |  | 25 | 2 e | Ic | c | $a 6$ | b4 |  | 6 | e8 | dd |  | 74 | If | 46 | bd | 8 b | 8 a |
|  | d | 70 | 3 e |  | 65 | 66 | 48 | 8 | 03 | f6 | Oe | De | 61 | 35 |  | 57 | b9 | 86 | cl | 1 d | 9 e |
|  | e | el | f8 | 98 | 98 | 11 | 69 | 6 | d9 | 8 e | 94 | 94 | 9 b | le |  | 87 | e) | ce | 55 | 28 | df |
|  | f | 8 c | al |  | 89 | Od | bf | ff | e6 | 42 |  | 68 | 41 | 199 |  | 2 d | Of | b0 | 54 | bb | 16 |

Figure 3: The architecture of AES S-Box architecture[2]

### 2.3 Shifting Rows



Figure 4: Process of Shifting Rows[2]
In ShiftRows, with distinct offsets, the state rows are cyclically changed. Here $1^{\text {st }}$ is moved to c1 bytes, then bytes of $2^{\text {nd }}$ row to c 2 bytes, then the rows of $3^{\text {rd }}$ bytes to c 3 bytes. The block duration Nb depends on the values of $\mathrm{c} 1, \mathrm{c} 2$, and c3:

| Nb | c 1 | c 2 | c 3 |
| :---: | :---: | :---: | :---: |
| 4 | 1 | 2 | 3 |
| 6 | 1 | 2 | 3 |
| 8 | 1 | 3 | 4 |

Figure 5: block duration Nb [2]

### 2.4 MixColumns



Figure 6: Process Showing MixColums Procedure[2]
The transformation of the MixColumn is an operation on various columns. The columns in the current state are seen as polynomials above $\mathrm{GF}[3][9$ ] for the purposes of calculating the transformation of the Mix Column.

### 2.5 Process of Key schedule

In AES algorithm, RoundKeys are obtained through a key schedule from the CipherKey.
The quantity of RoundKeys needed for encrypting a database varies according to the block size and the duration of a key as the number of rounds is determined. 11 round keys ( 1 in the
initial round, 9 in standard rounds, 1 in the final round,) must be set for a 128 -bit block length.


Figure 7 : Procedure of Key Scheduling[2]

### 2.6 Process for Decryption

### 2.6.1 The Inverse Cipher Prcoess:

The reversal of the following code is easy and is just the other way around. This section describes the entire inverse state cipher in detail.
A number of decryption steps are taken by the State[7][8]:
a. Firstly, Inversing of shift row has to be taken place
b. Subsequently, S-box conversion is carried out with Inverse Sub Bytes.
c. Next, mix column has to be inversed
d. Finally the sub key has to be inversed.

### 2.6.2 process of Inverse Shift row

The reverse motion of the shift line is the reverse of the encryption technique. The first line has remained the same, and the second row has a spot on the right, the 3rd row has two spots and the 4 th row is three spots. Figure 11 for $\mathrm{Nc}=\mathrm{Nb}=4$ explains the operation of the inverse correct change.

| $S_{0,0}$ | $S_{0,1}$ | $S_{0,2}$ | $S_{0,3}$ |
| :--- | :--- | :--- | :--- |
| $S_{1,0}$ | $S_{1,1}$ | $S_{1,2}$ | $S_{1,3}$ |
| $S_{2,0}$ | $S_{2,1}$ | $S_{2,2}$ | $S_{2,3}$ |
| $S_{3,0}$ | $S_{3,1}$ | $S_{3,2}$ | $S_{3,3}$ |



Figure 8 : Process of Inverse shift row[2]

### 2.6.3 Transformation of Inverse Sub bytes using S-Box

The reverse sub-byte conversion utilizes the reverse S-Box table given in Figure 9.


Figure 9: Inverse S-Box table[2]

### 2.6.4 Inversion of Mix column

The reverse column is transformed on each column separately.

$$
\left[\begin{array}{l}
s_{0 c}^{\prime} \\
s_{1 c}^{\prime} \\
s_{2 c}^{\prime} \\
s_{3 c}^{\prime}
\end{array}\right]=\left[\begin{array}{cccc}
0 e & 0 b & 0 d & 09 \\
09 & 0 e & 0 b & 0 d \\
0 d & 09 & 0 e & 0 b \\
0 b & 0 d & 09 & 0 e
\end{array}\right]\left[\begin{array}{l}
s_{0 c} \\
s_{1 c} \\
s_{2 c} \\
s_{3 c}
\end{array}\right] \text { for } 0 \leq c<\mathrm{Nb}
$$

Figure 10: Inversing mix column[2]

### 2.6.5 Inversion of Round Key

The reverse round key conversion is its own reverse. Every round key is produced for each round.

## 3. Vedic Multiplier

The architecture of the Vedic multiplier is based on the Vedic multiplication formula (Sutra). Traditionally, these Vedic sutras are used in the decimal number system to multiply the two digits. In this assignment, we use the same thoughts in order to formulate the suggested algorithm which is well suited for digital hardware. [ 5,6].
Vedic multiplication is discussed below based on certain algorithms:

### 3.1 Urdhva Tiryakbhyam Sutra:

The architecture of the multiplier was based on the algorithm of ancient Indian Vedic mathematics, Urdhva-Tiryakbhyam (Vertical and Crosswise). UrdhvaTiryakbhyam Sutra is a widely used multiplication formula in every case. It is based on the idea by which all partial products can be produced simultaneously by adding such partial products. The parallelism in the development and summarization of partial goods is described in Figure 7 using Urdhava Triyakbhyam. For the amount of nx n bit the algorithm can be generalized. The multiplier is independent of the clock frequency of the processor by calculating the partial products together with their amount. The multiplier must therefore simultaneously calculate the object and is thus separate from the clock frequency.

## STEP 1



## STEP 4



## STEP 5



STEP 7


Figure 11: Example showing the multiplication process using Urdhava Triyakbhyam.[5,6]

## 4. Implementation of Vedic UT Multiplier AES architecture

AES defines a data encryption and decryption algorithm with the same key. The size of the block is 128 bits limited. The size of the key may be 128,192 , or 256 bits.


Figure 11: Architecture of Pipelined AES Algorithm[9] AES works in a 4 byte, state-appointed matrix. The plaintext is the ultimate cipher text in some stages of conversion. Six rounds plus 32 different key sizes are available. In one round, the state is read in four 4 byte $\mathrm{y} 0 . \mathrm{y} 1, \mathrm{y} 2, \mathrm{y} 3$, and the
parameters are converted; the xor is read in a 16 byte round key; and the result is set to $\mathrm{z} 0, \mathrm{z} 1, \mathrm{z} 2, \mathrm{z} 3$.
The plaintext should first be divided into distinct blocks and then encrypted in some operation mode by using a randomization-based additional initialization vector when aiming for a variable-length .
FIPS 81 specifies the cipher feedback (CFB) mode, output feedback (OFB) mode. NIST specifies the counter (CTR) mode in SP800-38A. The benefit of these methods is to use both encryption and decryption algorithms only. Other primary element besides the Encryption and Decryption module is the Key Expansion Schedule. The AES Encryption / Decryption Standard's safety factor relies primarily on this portion. For better safety, XORed with the initial plain / cipher text is the first round user key in the AES algorithm. And the Expanded Key from the Expanded Key Schedule will be XORed with information next round. The AES extension algorithm is set. To speed up the Key Generation process, choosing pipeline architecture is preferable.

## 5. Simulation Results:

The above AES algorithm is implemented for AES128 bit using Verilog HDL. All findings are based on Xilinx ISE tools simulations. The simulation results obtained are as follows:


Figure 12: Simulation showing the shifting of rows
The state rows are altered cyclically in ShiftRows with separate offsets. The 1 line is shifted to c1 bytes, the 2-to-c2 bytes rows and the 3 -to-c3 bytes rows. The duration of the block Nb depends on $\mathrm{c} 1, \mathrm{c} 2$, and c 3 values..


Figure 13 : The findings of the simulation indicating that the present state columns show the mixColumn conversion.


Figure 14: Simulation results showing the KeySchedule. The RoundKeys required to encrypt one data block depends on the block size and the key length when the round quantity of the data block is determined. For a block length of 128 bits, 11 RoundKeys ( 1 for the original round, nine for the standard rounds and one for the final round) are required.


Figure 15: AES output with 128 bit
The conventional and Proposed Vedic Maths based AES algorithm with 128/192/256 bits are implemented on Vertex-6 FPGA board with device name as $6 \mathrm{vhx} 565 \mathrm{tff} 1924-2$. After the process of synthesis the following results regarding the LUT are slices are depicted in the table below.

Table 2: Comparison of Area for AES Algorithm

| Type /Bit of <br> AES | Number of Slice <br> Registers | Number of Slice <br> LUTs |
| :--- | :--- | :--- |
| Conventional <br> AES -128 bit | 3968 | 3536 |
| Conventional <br> AES-192 bit | 5280 | 4264 |
| Conventional <br> AES-256 bit | 6848 | 6503 |


| Vedic <br> Mathematics <br> based AES- <br> 128 bit | 1677 | 1642 |
| :--- | :--- | :--- |
| Vedic <br> Mathematics <br> based AES- <br> 192 bit | 2333 | 2297 |
| Vedic <br> Mathematics <br> based AES- <br> 256 bit | 3117 | 3085 |

From the above table it is clearly evident that vedic mathematics based AES algorithm uses less number of LUTs and thus occupies less area when compared with conventional type.

## 6. Conclusion

In the brief, we have simulated and synthesised conventional pipelined AES algorithm and vedic maths based AES algorithm by using Xilinx ISE tool. The AES recognizes a 128-bit plain text and generates a 128 -bit cipher text under a 128,192 or 256 -bit secret key control. The UT based vedic sutra has been implemented in the algorithm. When compared the proposed model occupies approximately $40 \%$ less area than the conventional method.The 128 bit AES algorithm occupied 1642 LUTs using Vedic multiplier where as conventional AES algorithm used 3536 LUTS. Similarly UT based 192-bit and 256- bit AES algorithm uses 2297,3085 LUTs respectively where as conventional method uses 4264 and 6503 LUTs respectively

## References

[1] AES page available via http://www.nist.gov/CrypographyToolkit.
[2] Berent, Adam. "Advanced Encryption Standard by Example". Document available at URL http://www.networkdls.com/Articles/AESbyExampl e.pdf (April l 2007) Accessed: June 2013.
[3] Li, Hua, and Zac Friggstad. "An efficient architecture for the AES MixColumns operation". Circuits and Systems, 2005. ISCAS 2005. IEEE
[4] B. Ramkumar and H. M. Kittur, "Low-power and area-efficient carry select adder," IEEE Trans. Very Large Scale Integrated. (VLSI) Syst., vol. 20, no. 2, pp. 371-375, Feb. 2012.
[5] H. D. Tiwari, G. Gankhuyag, C. M. Kim, and Y. B. Cho, "Multiplier design based on ancient Indian Vedic mathematics", Proc. Int SoC Design Conf., pp.65-68. 2008.
[6] S. Patil "Design of speed and power efficient multipliers using Vedic Mathematics with VLSI implementation"IEEE2014.
[7] Iyer, Nalini C., P. V. Anandmohan, and D. V. Poornaiah. "Mix/InvMixColumn decomposition and resource sharing in AES." International Conference on Industrial and Information Systems (ICIIS), on. IEEE, 2010.
[8] Berent, Adam. "Advanced Encryption Standard by Example.", Document available at URL http://www.networkdls.com/Articles/AESbyExampl e.pdf (Aprill 2007) Accessed: June 2013.
[9] Li, Hua, and Zac Friggstad. "An efficient architecture for the AES mix columns operation." Circuits and Systems, 2005. ISCAS 2005. IEEE International Symposium on. IEEE, 2005.
[10] Iyer, Nalini, et al. "Efficient Hardware Architectures for AES on FPGA."Computational Intelligence and Information Technology. Springer Berlin Heidelberg, 249-257, 2011.
[11] Kumar, Saurabh, "VLSI implementation of AES algorithm",ethesis.nitrkl.ac.in,2013.

