The First International Conference of Electrical, Communication, Computer, Power and Control Engineering ICECCPCE'13/December17-18, 2013

FPGA Implementation of a Modified Advanced

Encryption Standard Algorithm
Ali A. Abed

Ali A. Jawad

Department of Computer Engineering

University of Basra, IRAQ
aaad bah@yahoo.com

Department of Electrical Power,

Technical College, Basra, IRAQ
alijwd@ymail.com

Abstract- In this paper, a method to improve the security level

of advanced encryption standard (AES) algorithm is proposed.
The proposed algorithm, which is based on the standard AES,
increases the complexity of the encryption process leading to a
more difficultness against

attacking and

decryption of

the

plaintext without using the correct encryption key. The research

investigates

the

AES

algorithm

with

regard

to

Field

Programmable Gate Array (FPGA) and the Very High Speed

Integrated Circuit Hardware Description Language (VHDL).
ModelSim-Altera Starter Edition Software for Quartus II is
used for simulation and optimization of the structural VHDL
code. All the required transformations of the encryption and
decryption processes are done using a pipelined cyclic design
method to minimize hardware consumptions.

The pipelined

design is implemented on Altera Cyclone IV family of FPGA

devices and a good throughput is achieved with minimal area.

Keywords: Encryption, Decryption, AES, FPGA, VHDL

I.

INTRODUCTION

The National Institute of Standards and Technology

(NIST) decided proposals for the AES algorithm. The AES,
which is a Federal Infonnation Processing Standard (FIPS), is
a cryptographic algorithm implemented to protect electronic
digital data against attacking and it is widely accepted due to
its strong encryption, sophisticated processing and its
resistance to Brute-force attack [1]. It is a 128-bit symmetric
block cipher that can encipher and decipher digital
information. Encryption converts data to unintelligible fonnat
called cipher text. Decryption of the cipher text leads to return
back data to its original plaintext. The cryptographic key that
can be adopted in AES is 128, 192, or 256 bits length [1].
Although key size detennines the level of security, area and
power consumption becomes crucial especially in embedded
hardware in mobile devices [2].
In this paper, the Rijndael algorithm is adopted since it had
the best overall scores in security, performance, efficiency,
flexibility, and implementation ability [3]. The hardware
implementation of the Rijndael algorithm can provide either
high perfonnance or low cost for specific applications. For
some communication systems or servers, it is not favorable to

lose processing speed, which degrades the efficiency of the

system during running of the cryptographic algorithm in
software. Hence, a low cost and small design FPGA
cryptographic card will be designed. The trade-off between
level of security, throughput and area consumption depends on
required need [2]. This card can be used in smart applications
allowing a wide range of secure equipment.
In spite of the many works on AES and FPGA design of
this cryptography algorithm but it can further improved. In [3],
the classical AES is implemented without any modification. In
[4], a modification in AES is done but it is programmed with
MATLAB leading to a non-reduced area logic design. The
author of [5] tried to apply the pipeline principle to the
classical AES algorithm and implemented it with Virtex
FPGA. In this paper, we have done many different facilities
with a modified version of AES.
The rest of the paper is organized as follows: Section II is
concerned with explanation of the encryption process with our
proposed modification. In section III, the decryption process is
displayed. Section IV deal with the VHDL software
implementation of the modified AES. Section V provides the
FPGA hardware implementation of encryption/decryption
system. In section VI, the obtained results and verification are
given with some required discussion. Section I summarize the
main conclusions.

II.

ENCRYPTION PROCESS

The flow chart of this process is illustrated in Figure 1 [3]. It

contains a number of transformations applied sequentially on a
data block in a fixed number of rounds (Nr). This Nr depends
on the length of the encryption key.
A. Bytes Substitution Transformation

Bytesub (state) is a non-linear substitution of bytes that

operates independently on each byte of the state using a
substitution table (S-Box) [4]. The state is four rows of bytes
that the internal operations of AES are performed on it. The
application of the S-Box to each byte of the state is shown in

The First International Conference of Electrical, Communication, Computer, Power and Control Engineering ICECCPCE'13/December17-18, 2013

AddRoundKey( )

number) is multiplied (ANDed) with key number and the

result is added to the old S-Box value. As an example, if
SI,I=[63] then the substitution value is obtained by the
intersection of row 6 with column 3 in the S-Box to get the
value S\,lold=[fb]. After applying of the modified operation,
then S\,INew= [a6]. To recover the encrypted data, an inverse
of the new S-Box is performed and then the decryption
process continued. It is difficult to decrypt cipher text without
adopting the correct key used in the generation of the S-Box.

ByteSub( )
ShiftRow( )
MixColwnn( )
AddRoundKey( )

7<

5d

56

"

A'

74

32

E4

2f

55

46

OS

9d

D6

2D

Db

04

58

47

82

A4

80

63

8b

6d

Of

E2

8,

07

17

1,

E8

Ed

IS

83

AS

F.

34
00

6,

C7

2,

0..

lb

EO

3,

'"

45

B7

1,

85

18

33

9f

86

4,

7,

93

54

8f

3,

36

AS

E1

8.

F6

03

28

9,

89

4f

7b

81

F7

24

8b

f'

C2

0,

72

C,

21

F2

3f

E3

14

2b

75

D4

Al

26

6b

53

79

Cf

FO

F,

A6

62

52

2,

DB

5.

5,

23

C8

Od

61

B,

F5

70

06

f5

A,

8d

"

27

f.

A3

A9

C5

3,

31

EO

D2

Cd

90

13

f'

F3

40

C.

5b

08

99

B8

5'

1,

C1

42

38

"

Fd

2.

"

7f

9,

SO

3d

35

Sf

97

Fl

Of

Ff

41

Bd

2d

25

57

ld

19

05

43

Dd

C,

B3

7d

8,

30

Fb

66

F8

07

80

39

F4

51

88

4d

49

Eb

Cb

44

65

Bl

Ad

E7

67

71

73

03

89

Ab

92

C9

78

29

00

16

A2

94

59

Ob

C4

95

6f

9b

"

3b

69

5,

E9

11

7,

68

48

98

A7

0,

02

C3

CO

D9

87

"

76

C6

D.

85

84

OJ

22

84

Ef

4.

37

82

Dl

96

12

AO

F9

If

77

60

86

'"

10

9!

4b

9.

Figure 4: The New S-Box

ShiftRow( )
AddRoundKey( )

Cb

E9

0,

C4

71

23

87

Ff

2f

9b

F.

"

4,

Fb

07

F3

81

56

28

"

24

38

AS

36

30

8b

A4

25

F6

13

52

f.

6.

49

A2

5b

76

40

C.

9,

57

66

Al

2,

08

Ad

7<

06

39

Ob

95

"

f,

8,

B3

44

03

32

94

7b

54

84

IS

A6

9.

9d

8d

A7

"

34

O.

17

0.

B9

Ed

Fd

E3

B8

3,

45

92

86

65

5d

3f

02

A3

16

98

68

86

69

OJ

OS

8.

F8

6d

64

"

03

Bd

At

C1

D9

D4

Sf

"

Sf

"

2,

00

70

C2

SO

C3

OS

58

E4

F7

C9

5,

3d

46

00

Ab

DB

82

47

Ef

I.

E8

37

F9

E2

B7

42

0,

4.

22

74

96

80

"

C7

3,

C,

Cf

F2

97

Db

88

F,

D!

41

11

9!

3.

F4

5.

D2

C6

90

Cd

78

19

4f

63

'"

20

84

8f

73

04

lb

B,

lB

A4

Eb

E7

3b

35

89

C5

20

ld

75

AO

6,

43

EO

8,

4d

Of

9f

7.

f5

2d

6b

C8

85

8b

A9

7f

51

60

2b

FO

7,

Of

59

10

12

B1

67

El

E6

14

33

AS

Dd

7d

'"

21

55

07

72

31

CO

26

D6

77

8.

82

27

4b

f'

61

99

53

83

B5

6f

Od

48

BO

F5

2.

A,

F1

93

62

9,

79

If

Figure 5: The New Inverse S-Box

Figure 1: Encryption Process

Figure 2 [1].

B. Shift Rows Transformation

50,0

50,1

50,2

50,3

51,0

51,1

51,2

51,3

52,0

52,1

53,0

53,1

New

5'0,0

5'0,1

5'0,2

5'0,3

5\.0

5\,1

5\.2

5\.3

5'2,1

5'2,2

5'2,3

522 5-8ox ......

:,.....
53,2 53,3
5'3,0

'S.3,1 5'3,2 5'3,3

ShiflRows ( ) makes the bytes in the last three rows of the

state to be cyclically left shifted by 1, 2, and 3 bytes for the

rd
d
2n , 3 , and 4th rows (the fIrst row is not shifted) [1]. It
proceeds as follows:

S'r,c=Sr, (c+shift(r,Nb)) mod Nb

for

0::::,

<4 and 0::::,

<Nb

Figure 2: Bytes substitution using the S-Box

Where Nb is number of bytes in each row of the state array,

which is block length divided by 32.

The proposed modification in AES is described in Figure 3.

For Nb=4, shift(l,4)=I , shift(2,4)=2, shift(3,4)=3, as shown in

Figure 6.

Key(i)

S-Box Value (i)

Constant

50,0

50,1

50,2

50,3

51,0

51,1

51,2

51,3

52,0

52,1

52,2

52,3

53,0

53,1

53,2

53,3

1-+

ShiftRows -+

()

50,0

50,1

50,2

50,3

51,1

51,2

51,3

51,0

52,2

52,3

52,0

52,1

53,3

53,0

53,1

53,2

Figure 6: Shift rows transformatIOn

New S-Box Value (i)

Figure 3: Modification in AES

The proposed AES involves the creation of new S-Box and

inverse S-Box depending on Figure 3 as given in Figures 4
and Figure 5. Each value of the old S-Box is modified to
obtain new values for S-Box. The constant value (secret

C. Mixing of Columns Transformation

It is based on Galois field (GF) mUltiplication. Each byte of a

column is replaced with another value that is a function of all
four bytes in the given column. As a result of the
MixColumnO transformation, the four bytes in a column are
replaced by the following four bytes [1]:
S'O,e=({02}.So,e) EB({03}.SI,e) EB S2,e EBS3,e

The First International Conference of Electrical, Communication, Computer, Power and Control Engineering ICECCPCE'13/December17-18, 2013

S'2,e=SO,e EBSI,e EB ({02}.S2,e ) EB ({03},S3,e )

S'3,e=({03}.SO,e) EBSI,e EB S2,e EB({02}.S3,e )
InvByteSub( )
How to calculate: {02. Sr,c} and {03. Sr,e}?

InvShiftRow( )

The multiplication by 02 (which is equivalent to mUltiplication

by x) can be implemented as a 1 bit left shift followed by a
bitwise XOR with (0001 1011) if the leftmost bit of the
original value before the shift is 1.

InvMixColumn( )
AddRoundKey( )

Examples

[i*Nb]

{d4}.{02}=1101 01001 (left shift by 1)

=1010 1000 EB 0001 1011
=1011 0011=[b3]Hex

{03}.{bf}
bf=1011 1111
03=11 = 10 EB OI
Then:
W[O]

{03}. {bf}={I OEBOl}.{1011 111l}

={l011 1111. I O}EB{1011 1111.01}

Figure 7: Decryption Process

={0111 1110 EB 1011 111l} EBOOO1 1011

=1101 1010= [da]Hex
D. Addition of Round Key Transformation

In AddRoundKey ( ) transformation, a round key is added to

the state by a bitwise XOR. Each round key contains Nb
words obtained from the key schedule generation module.
These Nb words are each added with the columns of the state
as follows [1]:

{oS/O,e, S/I,e, S/2,e, S/3,ejLIlw.I+e

- {oS0,0 SI,e, S2,e, S3,ej fJ7
Where /=round no. *Nb; O::S c <Nb; Wi are the key generated
words which will be explained in the next section. The initial
round key addition occurs at round 0 before the fIrst
application of the round function (l::S round < Nr).
E. Key Schedual Generation

A round key is an Nk words array obtained as follows: each

byte of the previous round key is XORed with a constant that
depends on the current round, and the result of the S-Box
lookup for Wi, to constitute the next round key. The fIrst
round key is the original user key. The Nb, Nk and Nr for 128
bit AES is 4, 4 and 10 respectively [1].
III.

DECRYPTION PROCESS

The flow chart of this process is shown in Figure 7 [3]. It is a

direct inverse of the encryption process. Hence, all the
transformations applied for encryption are inversely applied to
decryption. The last round values (data and key) for
encryption are the fIrst round values for decryption and
follows in descending order.

A. Inverse Bytes Substitution Transformation

InvSubByte ( ) is the same as for encryption with replacing

the new S-Box with the new inverse S-Box of Figure 5.
B. Inverse Shift Rows Transformation

InvShijiRows ( ) does the same function of the ShijiRows ( )

but the bytes III the last three rows of the state are cyclically
right shifted. Hence, this transformation proceeds as follows:

S'r, (c+shlji(r,Nb)) mod Nb =Sr,c

for

O::S

r <4 and

O::S

c<Nb

C. Inverse Mixing of Columns Transformation

As a result of the InvMixColumnO transformation, the four

bytes in a column are replaced by the following four bytes:

S'o,e=({Oe}.So,c) EB({Ob}.S"e) EB ({Od.S2,e ) EB({09.S3,c)

S\e=({09}.So,e) EB({Oe}.S"e) EB ({Ob.S2,e ) EB({Od.S3,c)
S'2,e=({Od}.So,e) EB({09}.S"e) EB ({Oe.S2,e ) EB({Ob.S3,c)
S'3,e=({Ob}.So,e) EB({Od}.S"e) EB ({09.S2,e ) EB({Oe,S3,e)

IV.

VHDL SOFTWARE IMPLEMENTATION

VHDL is used because of its flexibility to exchange among

environments. ModelSim-Altera Starter Edition Software for
Quartus II [6] is used for simulation and optimization of the
structural VHDL code. This software is adopted for writing,

The First International Conference of Electrical, Communication, Computer, Power and Control Engineering ICECCPCE'13/December17-18, 2013

debugging and optlllllzmg efforts, fitting, simulating and

checking the perfonnance. A complete VHDL code is written
to satisfy all the required operations of the AES algorithm.

V.

FPGA HARDWARE IMPLEMENTATION

FPGA is an integrated circuit that can be reconfigured within

a fraction of second to perform different functions. FPGA
consists of thousands of configurable logic blocks (CLBs)
connected by programmable interconnections to constitute
digital circuits [7] suitable for embedded systems. For
cryptography, FPGA provides an alternative to Application
Specific Integrated Circuits (ASICs). Implementation of AES
with FPGA has many advantages as compared to
implementation with ASICs such as: shorter design cycle;
cheap CAD tools, verification, and testing; fast, low cost,
multi reprogramming, and multi architectures can be
satisfied; high accuracy design. From a very large number of
FPGA families, we have chosen cyclone IV family from
Altera (Figure 8) for implementing our hardware AES
encryption/decryption system because it has advanced
features that are useful for our application beyond traditional
LUTs and registers.

VI.

RESVLTS AND DISCUSSION

A complete VHDL code is written for encryption and

decryption of our modified AES algorithm. The results are
based on simulations from the Altera ModelSim for
QuartusII. The top module results are applied on Cyclone IV
EP4CE22F17C6N FPGA device.
A. Fitter Summary for Encryption

32%

Logic utilization

B.

%)

Combinational ALUTs

9,816/38,000 (26

Memory ALUTs

0/19,000 ( 0% )

Dedicated logic registers

12,624/38,000(33

%)

Total registers

12624

Total pins

385

Total virtual pins

Total block memory b its

778 ,240/5, 455,872 ( 14% )

DSP block 18-b elements

0/384 (0%)

Total PLLs

0/4(0%)

Total DLLs

0/4(0%)

1 488 ( 79% )

Timing Summary for Encryption

Type

Slack

Worst-case tsu

-0.333 ns 2.000 ns

Worst-case tco
Worst-case

th

Required T i me

1.119 ns 6.000 ns
-0.403 ns -2.000 ns

Clock Setup: 'elk'

0.066 ns 400.00 MHz (

period

2.500 ns )

Clock Hold: 'clk'

0.330 ns 400.00 MHz ( period

2.500 ns )

Total number of failed paths

C. Fitter Summary for Decryption

Logic utilization

Figure 8: Photo of the FPGA Kit

CLKI

15,504/38,000 (41

Memory ALUTs

0/19,000( 0 % )

Dedicated logic registers

The complete hardware implementation of the ciphering

system is shown in Figure 9.

Plaintext/Cipher
text 128 bit

56%

Combinational ALUTs

Output (128 bits)

EncryptionlDecryption

22,256

%)

1 38,000 (59%)

Total registers

22256

Total pins

385

Total virtual pins

Total block memory bits

778,240/5,455,872(14 % )

DSP block 18-brt elements

0/384(0%)

Total PLLs

0/4( 0%)

Total DLLs

0/4( 0%)

1 488 (79% )

En=1 or 0
r-....lI:...__
.
...... _ l _28

..,

CLK2
Secret
Key 128
bit

bit Key Input

D. Timing Summary for Decryption

Type
Worst-case tsu

Key Schedule
Generation

Worst-case tco
Worst-case th

Clock Setup: 'elk'

Clock H old : 'elk'

Slack

Required Time

3.000 ns
0.129ns 5.000 ns
0.081 ns -2.000 ns
1.443 ns 400.00 MHz ( period - 2.500 ns )
0.329ns 400.00 MHz ( period
2.500 ns
0.097 ns

Total number of failed paths

Figure 9: AES Hardware Implementation

E. Simulation Inputs/Outputs for Encryption/Decryption

The input plaintext, cipher key, round keys, round states, and
the final output cipher text of the encryption stage are

The First International Conference of Electrical, Communication, Computer, Power and Control Engineering ICECCPCE'13/December17-18, 2013

simulated in Figure 10. Also, the input cipher text, cipher

key, round keys, round states, and the final output plaintext of
the decryption stage are simulated in Figure II.
II wave - default
File

Edit

View

--- -----

Add

Format

Tools

----------------------------------------- -----

------------- -------------

-.,J

---------

Window

Figure 10: The Encryption Stage Inputs/Outputs

!II wave - default

File

Edit

View

Add

Format

Tools

-- -------

Window

Figure 11: The decryption stage Inputs/Outputs

- -----

------

--

--

-----

The First International Conference of Electrical, Communication, Computer, Power and Control Engineering ICECCPCE'13/December17-18, 2013

I.

CONCLUSIONS

A modified version of AES algorithm was implemented with

a pipelined architecture. Optimized and synthesizable VHDL
code
is
developed
for
the
building
of
AES
encryption/decryption system. Each code segment is tested
individually with sample vectors and output results are
perfect with minimum small time delay and minimized area.
This VHDL code is downloaded in an Altera Cyclone IV
FPGA kit to get embedded hardware equipment for cipher
and inverse cipher system ready to be used in any
communication, network, or control systems.

REFERENCES

[1]
[2]

[3]

[4]

[5]
[6]
[7]

FIPS Publication 197, "Advanced Encryption Standard",

November 26, 200l.
S. EI Adib and N. Raissouni, "AES Encryption Algorithm
Hardware Implementation: Throughput and area Comparison of
128, 192, and 256-bits Key", IJRES, Vol.l, No.2, pp. 6774,
2012.
R. Manteena, "A VHDL Implementation of Advanced
Encryption Standard-Rijndael Algorithm", M.Sc. thesis,
University of South Florida, 2004.
H. M. Azzawi, "A proposed Algorithm to Improve the Security
level of Advanced Encryption Standard", Iraqi Journal of
Applied Physics, Vol. 8, No. 4, pp. 2932, 2012.
K. Lala, et al., "Enhanced Throughput AES Encryption", JECSE,
Vol. 1, No. 4, pp. 21322137.
D. Tietz, "Quartus and ModeISim", Department of Electrical and
Computer Engineering, University of Florida.
A. M. Deshpande et al., "FPGA Implementation of AES
Encryption and Decryption", International Conference on
Control,
Automation,
Communication,
and
Energy
Conservation, 4th 6th June 2009, India.