Professional Documents
Culture Documents
2
4
1 bits)
and the number of RAM bits in a V6-Slice is 256 bits (4
2
5
2 bits). The number of ip-
ops in a V6-Slice is four times the number of those in a V-Slice. For this reason, Table I
gives the number of equivalent V-Slices. The only difference concerns HCrypt [Gaspar
et al. 2010], which uses Virtex-6 FPGA (denoted (
m
A
E
S
-
E
C
B
0
.
1
1
1
8
8
-
-
-
C
u
s
t
o
m
G
P
P
S
b
o
x
i
n
s
t
r
u
c
t
i
o
n
[
B
u
r
k
e
0
0
]
A
l
p
h
a
2
1
2
6
4
A
E
S
-
E
C
B
0
.
0
5
6
0
0
-
-
-
I
n
s
t
.
s
e
t
e
x
t
.
[
T
i
l
l
i
c
h
0
5
]
A
S
I
C
0
.
1
3
m
A
E
S
-
E
C
B
0
.
5
7
2
5
0
-
-
1
6
K
G
0
.
0
8
m
m
2
C
r
y
p
t
o
B
l
a
z
e
[
X
i
l
i
n
x
0
3
]
C
P
L
D
C
o
o
l
R
u
n
n
e
r
A
E
S
-
E
C
B
?
?
-
-
-
I
n
t
e
l
A
E
S
i
n
s
t
.
[
G
u
e
r
o
n
1
0
]
I
n
t
e
l
c
o
r
e
3
2
n
m
A
E
S
-
E
C
B
0
.
7
8
2
6
7
0
-
-
-
A
E
S
P
r
o
c
e
s
s
o
r
[
H
o
d
j
a
t
0
4
a
,
b
]
A
S
I
C
0
.
1
8
m
A
E
S
-
E
C
B
1
1
.
6
0
2
9
5
-
-
7
3
K
G
0
.
7
3
m
m
2
C
r
y
p
t
o
B
o
o
s
t
e
r
[
M
o
s
a
n
y
a
9
9
]
F
P
G
A
X
C
V
1
0
0
0
I
D
E
A
-
E
C
B
1
6
3
3
?
?
-
A
E
S
T
H
E
T
I
C
1
c
o
r
e
[
S
u
0
5
]
A
S
I
C
0
.
2
5
m
A
E
S
-
E
C
B
A
E
S
-
C
B
C
1
2
.
8
0
6
6
-
-
2
0
0
K
G
6
.
2
9
m
m
2
C
r
y
p
t
o
c
o
p
r
o
c
e
s
s
o
r
A
E
S
T
H
E
T
I
C
3
c
o
r
e
s
[
S
u
0
5
]
F
P
G
A
X
C
V
2
V
6
0
0
0
A
E
S
-
E
C
B
A
E
S
-
C
B
C
3
6
.
8
0
5
0
2
7
,
5
6
1
0
-
C
r
C
U
[
C
h
a
v
e
s
0
6
]
F
P
G
A
X
C
V
2
V
P
3
0
A
E
S
-
E
C
B
0
.
5
9
1
0
0
8
4
7
2
1
6
K
B
-
A
E
S
-
M
S
2
c
o
r
e
s
[
P
e
r
i
c
`
a
s
0
8
]
F
P
G
A
X
C
V
2
V
P
3
0
A
E
S
-
E
C
B
A
E
S
-
C
B
C
2
5
.
6
0
1
0
0
2
,
1
6
1
4
3
2
K
B
-
S
A
N
E
S
[
G
o
g
n
i
a
t
0
8
]
F
P
G
A
X
C
V
2
V
P
3
0
A
E
S
-
E
C
B
1
0
.
6
0
3
7
.
8
2
,
1
9
2
0
-
C
r
y
p
t
o
M
a
n
i
a
c
[
W
u
0
1
]
A
S
I
C
0
.
2
5
m
A
E
S
-
E
C
B
1
.
4
2
3
6
0
-
-
1
.
9
3
m
m
2
C
r
y
p
t
o
p
r
o
c
e
s
s
o
r
C
r
y
p
t
o
n
i
t
e
[
B
u
t
c
h
y
0
4
]
F
P
G
A
X
C
V
2
P
3
0
A
E
S
-
E
C
B
5
.
6
2
1
0
0
1
,
7
4
8
3
2
K
B
.
-
o
n
e
-
c
o
r
e
a
n
d
m
u
l
t
i
-
c
o
r
e
C
C
P
r
o
c
4
c
o
r
e
s
[
T
h
e
o
d
o
r
.
0
8
]
F
P
G
A
X
C
V
4
L
X
2
0
0
A
E
S
-
E
C
B
6
.
4
0
9
5
1
8
,
0
4
5
?
-
C
C
P
r
o
c
1
c
o
r
e
[
T
h
e
o
d
o
r
.
0
8
]
A
S
I
C
0
.
1
3
m
A
E
S
-
E
C
B
1
.
6
2
2
5
0
-
-
9
3
K
G
5
.
3
m
m
2
H
C
r
y
p
t
[
G
a
s
p
a
r
1
0
]
F
P
G
A
X
C
V
6
L
X
A
E
S
-
E
C
B
1
.
6
0
1
5
0
7
,
9
6
0
(
)
9
.
7
5
M
B
-
M
C
C
P
[
G
r
a
n
d
1
1
]
F
P
G
A
X
C
V
4
S
X
3
5
A
E
S
-
C
C
M
A
E
S
-
G
C
M
4
.
4
3
9
.
9
1
1
9
2
8
1
1
0
7
M
B
-
C
e
l
a
t
o
r
[
F
r
o
n
t
e
0
8
]
A
S
I
C
0
.
1
3
m
A
E
S
-
C
B
C
S
H
A
-
2
5
6
0
.
2
4
0
.
1
9
1
9
0
-
-
2
0
K
G
0
.
1
m
m
2
C
r
y
p
t
o
a
r
r
a
y
C
r
y
p
t
A
r
r
a
y
[
L
o
m
o
n
a
c
o
0
4
]
F
P
G
A
X
C
V
2
V
P
1
2
5
A
E
S
-
E
C
B
1
.
2
7
8
1
>
5
0
,
0
0
0
0
-
C
O
B
R
A
[
E
l
b
i
r
t
0
3
]
F
P
G
A
X
C
V
1
0
0
0
A
E
S
-
E
C
B
1
.
4
0
1
0
2
>
1
0
,
0
0
0
0
-
ACM Computing Surveys, Vol. 45, No. 4, Article 41, Publication date: August 2013.
Architectures of Flexible Symmetric Key Crypto EnginesA Survey 41:21
T
a
b
l
e
I
I
.
S
u
m
m
a
r
y
o
f
C
r
y
p
t
o
E
n
g
i
n
e
C
h
a
r
a
c
t
e
r
i
s
t
i
c
s
P
r
o
j
e
c
t
a
r
c
h
i
t
e
c
t
u
r
e
N
a
m
e
[
r
e
f
]
Y
o
P
S
u
p
p
o
r
t
e
d
a
l
g
o
r
i
t
h
m
P
r
o
c
e
s
s
i
n
g
a
r
c
h
i
t
e
c
t
u
r
e
K
e
y
s
t
o
r
a
g
e
N
u
m
b
e
r
o
f
c
r
y
p
t
o
c
o
r
e
D
H
R
M
a
i
n
a
p
p
l
i
c
a
t
i
o
n
C
u
s
t
o
m
X
t
e
n
s
a
[
R
a
v
i
0
2
]
2
0
0
2
D
E
S
,
3
D
E
S
,
A
E
S
,
R
S
A
3
2
-
B
i
t
X
t
e
n
s
a
R
I
S
C
p
r
o
c
e
s
s
o
r
c
u
s
t
o
m
i
z
e
d
A
L
U
I
n
m
a
i
n
m
e
m
o
r
y
1
c
r
y
p
t
o
A
L
U
n
o
W
i
r
e
l
e
s
s
d
a
t
a
s
e
c
u
r
i
t
y
S
b
o
x
i
n
s
t
r
u
c
t
i
o
n
[
B
u
r
k
e
0
0
]
2
0
0
0
3
D
E
S
,
I
D
E
A
,
A
E
S
c
a
n
d
i
d
a
t
e
s
S
b
o
x
d
e
d
i
c
a
t
e
d
A
L
U
I
n
m
a
i
n
m
e
m
o
r
y
1
S
b
o
x
l
o
o
k
u
p
t
a
b
l
e
n
o
I
P
S
E
C
,
V
P
N
C
u
s
t
o
m
G
P
P
I
n
s
t
r
u
c
t
i
o
n
s
e
t
e
x
t
e
n
s
i
o
n
[
T
i
l
l
i
c
h
0
5
]
2
0
0
5
A
E
S
C
u
s
t
o
m
S
P
A
R
C
V
8
c
o
m
p
a
t
i
b
l
e
3
2
-
b
i
t
L
E
O
N
-
2
I
n
m
a
i
n
m
e
m
o
r
y
1
S
b
o
x
M
i
x
C
o
l
u
m
n
s
S
h
i
f
t
R
o
w
s
u
n
i
t
n
o
E
m
b
e
d
d
e
d
s
y
s
t
e
m
d
a
t
a
s
e
c
u
r
i
t
y
C
r
y
p
t
o
B
l
a
z
e
[
X
i
l
i
n
x
0
3
]
2
0
0
3
A
E
S
,
R
S
A
C
u
s
t
o
m
8
-
B
i
t
X
i
l
i
n
x
P
i
c
o
B
l
a
z
e
I
n
m
a
i
n
m
e
m
o
r
y
S
b
o
x
,
G
F
m
u
l
t
i
p
l
i
e
r
n
i
t
y
e
s
F
P
G
A
s
y
s
t
e
m
d
a
t
a
s
e
c
u
r
i
t
y
I
n
t
e
l
A
E
S
i
n
s
t
.
[
G
u
e
r
o
n
1
0
]
2
0
1
0
A
E
S
I
n
t
e
l
I
A
-
3
2
I
n
m
a
i
n
m
e
m
o
r
y
1
A
E
S
A
L
U
n
o
P
C
c
l
i
e
n
t
a
n
d
s
e
r
v
e
r
s
e
c
u
r
i
t
y
A
E
S
p
r
o
c
e
s
s
o
r
[
H
o
d
j
a
t
0
4
]
2
0
0
4
A
E
S
-
E
C
B
,
C
B
C
-
M
A
C
,
C
C
M
C
u
s
t
o
m
S
P
A
R
C
V
8
c
o
m
p
a
t
i
b
l
e
3
2
-
b
i
t
L
E
O
N
-
2
E
m
b
e
d
d
e
d
k
e
y
r
e
g
i
s
t
e
r
1
f
u
l
l
h
a
r
d
w
a
r
e
A
E
S
e
n
g
i
n
e
n
o
I
P
S
E
C
,
V
P
N
C
r
y
p
t
o
B
o
o
s
t
e
r
[
M
o
s
a
n
y
a
9
9
]
1
9
9
9
I
D
E
A
,
D
E
S
H
a
r
d
w
a
r
e
r
e
c
o
n
g
u
r
a
b
l
e
c
o
r
e
S
e
s
s
i
o
n
m
e
m
o
r
y
1
f
u
l
l
h
a
r
d
w
a
r
e
b
l
o
c
k
c
i
p
h
e
r
e
n
g
i
n
e
y
e
s
N
e
t
w
o
r
k
s
e
c
u
r
i
t
y
C
r
y
p
t
o
c
o
p
r
o
c
e
s
s
o
r
A
E
S
T
H
E
T
I
C
[
S
u
0
5
]
2
0
0
9
A
E
S
-
E
C
B
,
C
B
C
H
o
s
t
p
r
o
c
e
s
s
o
r
+
h
a
r
d
w
a
r
e
A
E
S
a
c
c
e
l
e
r
a
t
o
r
E
m
b
e
d
d
e
d
k
e
y
g
e
n
e
r
a
t
o
r
r
e
g
i
s
t
e
r
S
i
n
g
l
e
a
n
d
m
u
l
t
i
f
u
l
l
A
E
S
e
n
g
i
n
e
s
(
1
t
o
3
)
y
e
s
N
e
t
w
o
r
k
s
e
c
u
r
i
t
y
C
r
C
U
[
C
h
a
v
e
s
0
6
]
2
0
0
6
A
E
S
-
E
C
B
,
A
E
S
-
C
B
C
,
S
H
A
-
1
2
8
,
S
H
A
-
2
5
6
M
o
l
e
n
p
r
o
c
e
s
s
o
r
+
s
e
v
e
r
a
l
A
E
S
c
o
r
e
s
E
m
b
e
d
d
e
d
k
e
y
r
e
g
i
s
t
e
r
C
r
C
U
n
u
m
b
e
r
n
o
t
l
i
m
i
t
e
d
n
o
T
r
u
s
t
e
d
c
o
m
p
u
t
i
n
g
A
E
S
-
M
S
[
P
e
r
i
c
`
a
s
0
8
]
2
0
1
0
A
E
S
-
E
C
B
,
A
E
S
-
C
B
C
M
o
l
e
n
p
r
o
c
e
s
s
o
r
+
t
w
o
A
E
S
c
o
r
e
s
E
m
b
e
d
d
e
d
k
e
y
r
e
g
i
s
t
e
r
2
A
E
S
c
o
r
e
s
n
o
V
P
N
(
C
o
n
t
i
n
u
e
d
)
ACM Computing Surveys, Vol. 45, No. 4, Article 41, Publication date: August 2013.
41:22 L. Bossuet et al.
T
a
b
l
e
I
I
.
(
C
o
n
t
i
n
u
e
d
)
P
r
o
j
e
c
t
a
r
c
h
i
t
e
c
t
u
r
e
N
a
m
e
[
r
e
f
]
Y
o
P
S
u
p
p
o
r
t
e
d
a
l
g
o
r
i
t
h
m
P
r
o
c
e
s
s
i
n
g
a
r
c
h
i
t
e
c
t
u
r
e
K
e
y
s
t
o
r
a
g
e
N
u
m
b
e
r
o
f
c
r
y
p
t
o
c
o
r
e
D
H
R
M
a
i
n
a
p
p
l
i
c
a
t
i
o
n
S
A
N
E
S
[
G
o
g
n
i
a
t
0
8
]
2
0
0
5
A
E
S
,
S
H
A
.
.
.
o
t
h
e
r
s
R
e
c
o
n
g
u
r
a
b
l
e
h
a
r
d
w
a
r
e
a
c
c
e
l
e
r
a
t
o
r
E
m
b
e
d
d
e
d
k
e
y
r
e
g
i
s
t
e
r
U
p
t
o
4
p
a
r
a
l
l
e
l
c
r
y
p
t
o
p
r
i
m
i
t
i
v
e
s
y
e
s
E
m
b
e
d
d
e
d
s
y
s
t
e
m
s
e
c
u
r
i
t
y
C
r
y
p
t
o
M
a
n
i
a
c
[
W
u
0
1
]
2
0
0
1
A
E
S
,
D
E
S
,
3
D
E
S
4
-
w
i
d
e
4
S
t
a
g
e
V
L
I
W
p
r
o
c
e
s
s
o
r
I
n
t
e
r
n
a
l
s
h
a
r
e
d
d
a
t
a
m
e
m
o
r
y
4
c
r
y
p
t
o
A
L
U
s
b
y
p
r
o
c
e
s
s
o
r
n
o
I
P
S
E
C
,
V
P
N
C
r
y
p
t
o
p
r
o
c
e
s
s
o
r
C
r
y
p
t
o
n
i
t
e
[
B
u
t
c
h
y
0
4
]
2
0
0
4
A
E
S
,
D
E
S
,
M
D
5
2
6
4
-
b
i
t
d
e
d
i
c
a
t
e
d
A
L
U
I
n
m
a
i
n
m
e
m
o
r
y
T
w
o
d
e
d
i
c
a
t
e
d
A
L
U
s
n
o
I
P
S
E
C
,
V
P
N
o
n
e
-
c
o
r
e
a
n
d
m
u
l
t
i
-
c
o
r
e
C
C
P
r
o
c
[
T
h
e
o
d
o
r
0
8
]
2
0
0
8
A
E
S
c
a
n
d
i
d
a
t
e
s
V
L
I
W
b
a
s
e
d
p
r
o
c
e
s
s
o
r
I
n
m
a
i
n
m
e
m
o
r
y
4
S
b
o
x
c
l
u
s
t
e
r
s
n
o
S
y
m
m
e
t
r
i
c
e
n
c
r
y
p
t
i
o
n
a
c
c
e
l
e
r
a
t
o
r
H
C
r
y
p
t
[
G
a
s
p
a
r
1
0
]
2
0
1
0
A
E
S
E
C
B
,
C
F
B
,
O
F
B
,
C
T
R
2
3
2
-
b
i
t
d
e
d
i
c
a
t
e
d
A
L
U
I
n
d
e
d
i
c
a
t
e
d
s
e
c
u
r
e
d
r
e
g
i
s
t
e
r
2
A
E
S
c
i
p
h
e
r
s
o
r
d
e
c
i
p
h
e
r
s
y
e
s
N
e
t
w
o
r
k
s
e
c
u
r
i
t
y
,
V
P
N
M
C
C
P
[
G
r
a
n
d
1
1
]
2
0
1
1
A
E
S
,
S
H
A
.
.
.
o
t
h
e
r
s
M
u
l
t
i
-
c
o
r
e
p
r
o
c
e
s
s
o
r
I
n
d
e
d
i
c
a
t
e
d
r
e
g
i
s
t
e
r
F
r
o
m
2
t
o
8
r
e
c
o
n
g
u
r
a
b
l
e
c
r
y
p
t
o
c
o
r
e
s
y
e
s
S
o
f
t
w
a
r
e
r
a
d
i
o
s
e
c
u
r
i
t
y
C
e
l
a
t
o
r
[
F
r
o
n
t
e
0
8
]
2
0
0
8
A
E
S
,
D
E
S
,
3
D
E
S
,
S
H
A
-
2
5
6
4
4
8
-
b
i
t
p
r
o
c
e
s
s
i
n
g
e
l
e
m
e
n
t
s
I
n
m
a
i
n
m
e
m
o
r
y
1
6
p
r
o
c
e
s
s
i
n
g
e
l
e
m
e
n
t
s
y
e
s
N
e
t
w
o
r
k
s
e
c
u
r
i
t
y
C
r
y
p
t
o
a
r
r
a
y
C
r
y
p
t
A
r
r
a
y
[
L
o
m
o
n
a
c
o
0
4
]
2
0
0
4
A
E
S
,
D
E
S
,
3
D
E
S
M
a
t
r
i
x
o
f
4
-
b
i
t
p
r
o
c
e
s
s
i
n
g
e
l
e
m
e
n
t
s
I
n
m
a
i
n
m
e
m
o
r
y
D
e
p
e
n
d
o
f
a
a
r
r
a
y
s
i
z
e
y
e
s
N
e
t
w
o
r
k
s
e
c
u
r
i
t
y
C
O
B
R
A
[
E
l
b
i
r
t
0
3
]
2
0
0
3
b
l
o
c
k
c
i
p
h
e
r
s
4
4
3
2
-
b
i
t
r
e
c
o
n
g
u
r
a
b
l
e
c
r
y
p
t
o
g
r
a
p
h
i
c
e
l
e
m
e
n
t
I
n
m
a
i
n
m
e
m
o
r
y
1
6
r
e
c
o
n
g
u
r
a
b
l
e
e
l
e
m
e
n
t
s
y
e
s
V
P
N
Y
e
a
r
o
f
P
u
b
l
i
c
a
t
i
o
n
D
e
s
i
g
n
f
o
r
h
a
r
d
w
a
r
e
r
e
c
o
n
g
u
r
a
t
i
o
n
.
ACM Computing Surveys, Vol. 45, No. 4, Article 41, Publication date: August 2013.
Architectures of Flexible Symmetric Key Crypto EnginesA Survey 41:23
Fig. 11. Area vs. throughput/MHz for FPGA implementation.
(in terms of throughput). Nevertheless, the results presented in Table I, Figure 10, and
Figure 11 are directly extracted from publications featuring specic hardware setups.
Some results are given for a complete system(i.e., including the communication process,
management of the system, etc.) and other results are only given for the cipher (often
without taking key management into account). This means that a direct comparison of
these results could lead to misinterpretation. We recommend that interested readers
read the paper concerned to get more details about the context of experimental setup
and interpretation of results.
To help the reader, Table II gives summarizes previously presented crypto engine
features and capabilities. Most of the solutions in the table focus on data security
applications such as Internet security (IPSec), Virtual Private Network (VPN), and
secure embedded systems. The main application eld of each proposal depends to a
great extent on the year of publication. Each application eld has specic constraints,
for example, embedded system security has limited silicon resources and a limited
power budget whereas communication network security requires a high processing rate
to fully exploit the available network bandwidth. Other applications can be found in
the literature such as e-voting [Neff 2011], Digital Rights Management (DRM) [Coburn
et al. 2005], hardware-constrained sensor network node security [Roman et al. 2007],
and software radio security [Grand et al. 2009].
It is interesting to note that in most of the previously presented architectures, se-
cret key and/or session key secure storage were not considered as a security feature.
That is to say, the most important part of the algorithm security was not taken into
consideration in the design of the crypto engine. This lack of security could represent
a signicant failure in many works.
Concerning the technical development of crypto engines, the previously presented
works and the works presented next cover a 12-year period (from1999 to 2011), they are
from distinct elds of application including microprocessor design, multicore proces-
sors, hardware design, FPGA implementation, and recongurable architecture (coarse
grain). Table III lists, the works and the scientic eld of each work (of course, the eld
of applied cryptography could appear in all works) in chronological order. In Table III,
we can observe a trend in an increasing number of designers paying more attention to
all design aspects, in order to meet the triple constraints of crypto engine design, as
described in the Introduction of this article.
We can also observe that works which only aim at customization of a GPP with
an ALU dedicated to cryptographic computations are less common today. This
ACM Computing Surveys, Vol. 45, No. 4, Article 41, Publication date: August 2013.
41:24 L. Bossuet et al.
Table III. Technical Scope of Each Work (in chronological order)
Processor Multi-core Hardware FPGA Recongurable
Name [ref] design processor design implementation architecture
CryptoBooster [Mosanya 99]
Sbox instruction [Burke 00]
CryptoManiac [Wu 01]
Custom Xtensa [Ravi 02]
CryptoBlaze [Xilinx 03]
COBRA [Elbirt 03]
AES processor [Hodjat 04 a,b]
Cryptonite [Butchy 04]
CryptArray [Lomonaco 04]
AESTHETIC [Su 05]
Instruction set extension
[Tillich 05]