Low Power Secure AES S-Box using Adiabatic
Logic Circuit
Cancio Monteiro
Graduate School of Engineering, Gifu University
1-1 Yanagido, Gifu-shi, 501-1193, Japan
Email: canciotimor@gmail.com
Abstract—Numerous works on advanced encryption standard
(AES) S-box architecture have been done using composite field
arithmetic in Galois field. However, to the best of our knowledge,
less information is available on both a secure circuit and the low
power consumption. In this work, we implement our previous
proposed charge-sharing symmetric adiabatic logic (CSSAL) in
an 8-bit S-box circuit using multi-stage positive polarity Reed-
Muller (PPRM) representation over composite field technique.
The logic sharing method for frequently same logic function
usage in the combination logic is applied. Consequently, the low-
complexity, high resistive and the low-power consumption are
achieved. The results in this paper are obtained from the SPICE
simulation with 0.18-µm 1.8-V standard CMOS technology at
operating frequency of 1.25-70 MHz. Base on the logic speed,
security performance and low-power requirement, we deduce that
our proposed logic is applicable for contactless smart cards, RFID
tags, and wireless sensors.
I. I NTRODUCTION
In the last century, the modern cryptology has mainly fo-
cused on cryptosystems resistant against side-channel analysis
(SCA), which has become a special threat for chipper design-
ers, software developers, and hardware engineers working to
secure private information stored in cryptographic devices such
as smart card, RFID tags, USB token, and wireless sensors.
SCA can be used to unveil the secret key of cryptographic
devices by analyzing side-channel information, such as power
consumption, computing time, and electromagnetic radiation.
Among these SCA attack techniques, differential power analy-
sis (DPA) attacks are the most popular type of power analysis
attacks to reveal the secret information in cryptosystem. A
DPA attack seeks to reveal the secret key of a smart card by
statistically analyzing power fluctuations that occurs while the
device encrypts and decrypts large blocks of data [1]. Apart
from the DPA attacks, the electromagnetic radiation attacks
in [2]–[3] have been extensively studied. DEMA attacks can
reveal secret information because the current flow during
the switching of the CMOS gates causes a variation of the
surrounding electromagnetic field that can be monitored by
positioning an inductive probe around the microcontroller chip.
On the basis of cryptanalysis knowledge to unveil secure
information in the preceding data encryption standard, an
efficient algorithm for both hardware and software implemen-
tations was standardized by the NIST in 2001 as the Advanced
Encryption Standard (AES) [4], which operates over GF (28 )
for computational efficiency, high resistance to cryptanalysis,
hardware and software compatibility, and flexibility. Since the
new AES standard was announced, much effort has been
978-1-4673-6104-0/13/$31.00 ©2013 IEEE
Authorized licensed use limited to: INDIAN INST OF INFO TECH AND MANAGEMENT. Downloaded on September 07,2020 at 19:51:35 UTC from IEEE Xplore. Restrictions apply.
Yasuhiro Takahashi, Toshikazu Sekine
Faculty of Engineering, Gifu University
1-1 Yanagido, Gifu-shi, 501-1193, Japan
Email: {yasut, sekine}@gifu-u.ac.jp
Secret Key
Byte
Plaintext 32-bit
Byte
S-Box S-Box
Circuit Output
ATTACK POINT
Fig. 1. Attack point in a partial AES S-box circuit.
expanded [5]–[9] to simplify the finite field over GF (28 ) in
the S-box transformation to GF ((24 )2 ) and GF (((22 )2 )2 ) for
low cost, low power consumption, and low complexity.
A typical target point of attackers in a cryptosystem is
depicted in Fig. 1. The attackers may have control over
the plaintext by guessing the secret key values in statistical
analysis from DPA measurement result in the output of the S-
box circuit. Therefore, the S-box circuit needs to be accurately
designed to keep secrecy of processed private information. As
a countermeasure to the related issue, there are two types
of adoption technique that have been implemented so far,
such as hiding and masking at the cell level. The goal of
hiding countermeasures is to make the power consumption of
the cryptographic devices independent of intermediate values
and independent of the operation that are performed, which
have reported by the sense amplifier based logic (SABL)
[10], wave dynamic differential logic (WDDL) [11], three-
phase dual-rail pre-charged logic (TDPL) [12]. Among those
implemented logic styles in cell library, majority of them
applied conventional CMOS logic operation that causes the
high spike current occurrence and huge energy consuming.
As a result, the DPA and DEMA attacks are a bit difficult to
avoid. Hence, our approach here is to implement our previously
proposed CSSAL [13] in the 8-bit S-box circuit using PPRM
representation [6] for low peak current transition and low
energy consumption by exploiting an adiabatic switch principle
[14]. In comparison to our work, we have also implemented in
the same S-box circuit using several dual-rail adiabatic logic
styles, such as SyAL [15], 2N-2N2P [16], and the ECRL [17].
All the comparative results describe in this work are done in
the SPICE simulation at the cell level.
II. P ROPOSED C HARGE -S HARING S YMMETRIC
A DIABATIC L OGIC
A. Adiabatic Logic Technique
Adiabatic switching is commonly used in minimizing en-
ergy lost during charging/discharging period at all nodes of
the circuit. The main idea of adiabatic switching is shown in
 R Vpc
R

Vdd C Vpc C Disch MP1

MP3 MP2

Vdd Vpc Out

Out

MN1 MN2

t τ t
(a) Step voltage ( τ = 0) (b) Ramped step voltage Disch
Supply current [ µA]

MN13
400 Disch Disch Disch
Peak supply current of conventional CMOS logic A A B B
MN5 MN6 MN9 MN10
200 Peak supply current of adiabatic logic MN14 MN15 MN16
B A A B
MN7 MN8 MN11 MN12
0

-200 Eval MN18

-400 Disch
0 2 4 6 8 10 12
Time [ns]
(c) MN17

Fig. 2. Comparison of the supply currents for the equivalent RC models of the RC model of RC model of RC model of 2N-2N2P,
CSSAL SyAL ECRL
CMOS logic (a) step voltage and adiabatic logic (b) ramped step voltage. (c) Out Out Out Out
The peak supply current of the adiabatic logic is significantly lower than that Out Out

of the conventional CMOS logic under the same parameters and conditions.

Fig. 2(b), which indicates a transition that is considered suf-

ficiently slow that heat is not significantly emitted. Adiabatic
2
dissipated energy: Eadiabatic = 2(RC/τ )CVdd , where R is 1.8
the effective resistance in driven device, C is the output node Voltage-[V] Vpc A Input
B Voltage
capacitance to be switched, τ is time over which the switching 0
occurs, and the Vdd is the voltage to be switched across. 1.8

Ideally, the charging Eadiabatic tends to zero by increasing Output

Voltage
the length of the τ . Conversely, the conventional CMOS logic 0
12
operation is shown in Fig. 2(a), with the following equation:
Current-[µ A]

8
2
Econv. = CVdd /2; where, it is possible to reduce the charging CSSAL
Supply
4
energy only by reducing Vdd or capacitor C. Figure 1(c) shows Current
0
a comparison of peak supply current for equivalent RC models
of the conventional CMOS logic and the adiabatic logic. The -4
0 40 80 120 160
instantaneous peak supply current of the adiabatic logic is : CSSAL
Time-[ns]

significantly lower than that of the conventional CMOS logic :SyAL

: SAL
style. : 2N-2N2P

Fig. 3. Proposed CSSAL NAND/AND logic structure (top).Simulated

B. Logic Structure transient response of AND/AND gate for input (A,B) transition from (0→1,
0→0) at 12.5 MHz clock frequency (bottom). The equivalent RC model in the
Detail proposed charge-sharing symmetric adiabatic logic niddle of this figure describes the floating capacitors during the input transition
which is indicated by gray color in the background.
(CSSAL) operation was described in [13]. We present here
CSSAL NAND/AND logic in Fig. 3(top), and its equivalent
RC model at pull-down network labeled in Fig. 3(middle), TABLE I. T RANSISTOR COUNTS AND GATE SIZE OF INDIVIDUAL
which is aiming to describe that there are always same amount LOGICS IN AN 8- BIT S- BOX CIRCUIT (0.18-µm 1.8-V CMOS STANDARD
of charges for all possible input transition compare to the CELL )
SyAL, 2N-2N2P and the ECRL. Figure 3(bottom) shows the Transistor counts
representative supply current transition when dual-input (A, B) Circuit Buffer AND XOR S-box
condition is (0→1, 0→0), which certify that the proposed CSSAL 9 19 19 8,115
logic’s supply current transition has same peak values, and SyAL 5 15 15 6,095
be able to consume uniform low power for various input tran- 2N-2N2P 6 8 10 4,176
sition, while the others display huge visible different supply ECRL 4 6 8 3,166
current transitions. Size (Gates)
Buffer AND XOR Average Power of S-box
C. Multi-Stage PPRM Architecture (µW@10MHz)
This work 148 141 216 28
The target S-box circuit of multi-stage PPRM architecture (CSSAL)
depicted in Fig. 4 has been proposed by Satoh et al . in Satoh[6] ? 701 51
[6]. Three sub-components of the conventional composite field
were converted into PPRM form: the pre-inversion section, the
inversion section, and the post-inversion section, as described
in the appendix of [6]. In our proposed CSSAL S-box circuit, others, as shown in Table 1. Moreover, we utilize a logic
we apply three power clock supply for each section which sharing method instead of a multiple logic recurrence method
completely avoid glitch current, consume uniform transitional that uses the same input signals; hence, the dual-input logic
energy and significant energy reduction in our comparative complexity is reduced to approximately 31% that of Satoh’s
results, even though the transistor counts much higher than design in [6], as shown in the same Table 1.

Authorized licensed use limited to: INDIAN INST OF INFO TECH AND MANAGEMENT. Downloaded on September 07,2020 at 19:51:35 UTC from IEEE Xplore. Restrictions apply.
 4 CSSAL
6 .8
4 Emax.: 6.76pJ
8
x 2 xλ x 4
δ −1 8 6 .7
δ 4
x−1 +
4
x x 4 affine
6 .6

4 Emin.: 6.5pJ
6 .5
0 3 2 6 4 9 6 128 16 0 19 2 224 256

Fluctuation of energy per power clock cycle-[pJ]

SyAL
15 Emax.: 15.21pJ
Delay chain
14
4 4
28 13
8 AND XOR 4 AND 12 XOR 4 AND 32 XOR 8
Input array array 4 array array 4 array array 12
Output
11 Emin.: 10.78pJ
PPRM Stage2
0 3 2 6 4 9 6 128 16 0 19 2 224 256
PPRM Stage1 PPRM Stage3
2N-2N2P
4 0
Emax.: 33.04pJ
Vpc0 Vpc1 Vpc2 3 0

Charge Evaluation 20
sharing Hold Recovery
10

Primary Input 0 Emin.: 3.49pJ

0 3 2 6 4 9 6 128 16 0 19 2 224 256
Vpc0 ECRL
(Internal wire “a,b,c”) 3 0
Vpc1 25 Emax.: 24.19pJ
(Internal wire “d”) 20
Vpc2 15
(Output signal) 10
5
Fig. 4. Conventional composite field AES S-box (top), multi-stage PPRM 0 Emin.: 2..87pJ
0 3 2 6 4 9 6 128 16 0 19 2 224 256
representation (middle) and the implementation of proposed triple Vpcs in the
Number of power clock’s energy consumption of 8-bit S-Box circuit
CSSAL multistage PPRM representation for 8-bit S-box circuit (bottom)
Fig. 5. Energy fluctuation of all investigating adiabatic logics; proposed
CSSAL, SyAL, 2N-2N2P, and the ECRL, respectively, in the 8-bit S-box for
III. S IMULATION AND R ESULT 256 energy data sample.
A. Condition
every respective
qP transition, and standard deviation is define
The typical result provided in this paper was obtained using as σE =
En 2
i=E1 (Ei − Ē) /n.
SPICE simulation with a 0.18-µm, 1.8-V standard CMOS
technology. To validate this proposal, we have simulated and We measure the parameters of NED and NSD which means
compared our proposed CSSAL with SyAL, 2N-2N2P, and the ability of the logic against power analysis attack. An
the ECRL using the same parameters. We attach 10fF load important property of NES and NSD explain how consumed
capacitor to all output nodes of Buffer, NAND/AND, and energy is more constant for different input transition if we
XNOR/XOR in our simulation as optimal design for future achieve more small values. Hence, by observing the result
chip measurement comparison. The range of power clock in Table II, the proposed CSSAL S-box has unique ability
frequency for all investigating logics in this work varies depend to withstand DPA attack, because it has smallest values of
on the active frequency range of each circuit, i .e., the proposed NED and NSD for all active frequency band; moreover, the
CSSAL S-box circuit is 1.25–70 MHz, SyAL S-box circuit CSSAL S-box has the lowest and uniform peak current which
is 1.25–80 MHz, and the both of 2N-2N2P and ECRL S- is able to reduce the electromagnetic radiation for DEMA
box circuit are 1.25–60 MHz. Moreover, the investigation in attacks in practical measurement. Further similar graphical
respect to logic security, we perform the calculation result at information depicted in Fig. 5 perform all calculation data of
1.25MHs (minimum frequency), 12.5 MHz (relatively close 256 transitional energy sample. This graph explains that the
to carrier frequency of contactless smart card: 13.56 MHz), energy fluctuation of CSSAL is between 6.5-6.76 pJ, which has
50 MHz (the cumulative maximum frequency). The objective very small differences compare to the other S-box circuits. In
of these frequency range investigation is to verify the logic addition, it has been recognized that, the conventional CMOS
resistance between active frequency bands. Furthermore, the logic style such as TDPL and SABL logics are well known
DPA attacks analyze different peak of power consumption to and stronger to DPA attacks in secure logic implementation;
reveal the secret-key during encryption and decryption; hence, however the comparative data are not available in this work,
our job is to accomplish specific analysis on the various energy because they are suitable to operate in the 8-bit S-box using
consumption per input transitions. PPRM representation by our SPICE simulation result.
Apart from the logic ability for resistance against SCA
B. Results attacks, the power reduction is also one of the research targets.
It is obviously described by the graphical information in
The simulation results of this comparison study are sum-
Fig. 6 that our proposed CSSAL S-box has significant energy
marized in Table II for all investigating logics in 8-bit S-
reduction about more than 49% energy saving than the other
box circuit. The data of powerR consumption of each cir-
T adiabatic S-box circuits in this work.
cuit are drawn as: Ediss = 0 Vpc (t)Ipc (t)dt, which is
adopted as figure of merit to measure the resistance against
power analysis attacks. The calculation for normalized energy IV. C ONCLUSION
deviation (NED) is defined as (Emax − Emin )/Emax and The investigation and comparison of secure adiabatic logic
PEn standard deviation (NSD) is σE /E [7]. The E
normalized in a partial 8-bit AES S-box using PPRM representation for
= ( i=E 1
Ei )/n is the average of energy dissipation over countermeasure against SCA attacks have been thoroughly

Authorized licensed use limited to: INDIAN INST OF INFO TECH AND MANAGEMENT. Downloaded on September 07,2020 at 19:51:35 UTC from IEEE Xplore. Restrictions apply.
 TABLE II. S IMULATION AND CALCULATION RESULTS OF 8- BIT S- BOX CIRCUIT IN PPRM REPRESENTATION USING PROPOSED CSSAL, S YAL,
2N-2N2P, AND ECRL, RESPECTIVELY AT 1.25 MH Z , 12.5 MH Z , AND 50 MH Z INPUT POWER CLOCK FREQUENCY

Energy variation of an 8-bit S-box circuit using PPRM representation

Logic Proposed CSSAL SyAL 2N-2N2P ECRL
Freq.-[MHz] 1.25 12.5 50 1.25 12.5 50 1.25 12.5 50 1.25 12.5 50
Emin [fJ] 3.11 6.5 13.52 4.85 10.78 24.87 1.83 3.49 6.48 1.75 2.87 5.32
Emax [fJ] 3.42 6.76 14.04 5.87 15.21 36.64 12.66 33.04 51.79 8.25 24.19 39.43
E [fJ] 3.35 6.67 13.87 5.12 13.29 30.34 6.94 18.86 27.53 5.10 13.82 22.23
σE [fJ] 0.05 0.04 0.09 0.13 0.79 1.85 1.88 5.70 8.34 1.31 4.24 6.77
NED [%] 9.08 3.91 3.55 17.36 29.15 32.13 85.81 89.43 87.483 78.76 88.14 86.52
NSD [%] 1.37 0.57 0.66 2.58 5.97 6.10 27.17 30.22 30.31 25.81 30.96 30.48

10
[3] A. Dehbaoui, S. Ordas, L. Torres, M. Robert, P. Maurine, “Implemen-
9 tation and efficiency evaluation of construction-based countermeasures
against electromagnetic analysis,” in Proc. of Int. Conf. Design and Tech.
8
of Integrated Systems in Nanoscale Era (DTIS ’11), Athens, Greece,
Energy dissipation-[nJ]

7 April 4–8, pp. 1–6.

6 [4] National Institute of Standards and Technology (NIST), “The Ad-
5
4 197.pdf).
3 [5] A. Satoh, S. Morioka, K. Takano, S. Munetoh, “A Compact Rijndael
: CSSAL S-Box
2
: SyAL S-Box
1 : 2N-2N2P S-Box
: ECRL S-Box
0 power AES design”, in Proc. of 4th International Workshop on CHES’03,
0 10 20 30 40 50 60 70
Input power clock frequency-[MHz]
Fig. 6. Simulated energy dissipation comparison of all investigating adiabatic
logics; CSSAL, SyAL, 2N-2N2P, and the ECRL, respectively, in multi-stage
PPRM 8-bit S-box circuit at operating frequency of 1.25MHz–100MHz.
carried out in this work. To the best of our knowledge, the
DPA and DEMA attacks reveal the secret information by
statistically analyzing the power fluctuations and the current
amplitude of the attacked hardware such as smart cards. Hence,
as an alternative solution for these challenges, the dual-rail
adiabatic logic is an interesting approach for reducing the
information leakage caused by dynamic power and various
high dynamic currents in the CMOS logic operation. The
investigation results of low-power adiabatic logic styles have
shown that the proposed CSSAL S-box has significant energy
reduction, improves the security performance to withstand
DPA attacks, consumes less power, and can be operated in
low frequency bands, such as contactless smart cards (13.56
MHz), RFID tags, and wireless sensors.
ACKNOWLEDGMENT
The custom circuits discussed in this paper have been
simulated with Cadence and Synopsys tools through the chip
fabrication program of the VLSI Design and Education Centre
(VDEC) at the University of Tokyo in collaboration with
ROHM Corporation.
R EFERENCES
[1] P. C. Kocher, J. Jaffe, and B. Jun, “Differential power analysis,” in Proc.
Int. Advances in Cryptology Conference (CRYPTO ’99), Santa Barbara,
CA, Aug. 15–19, 1999, pp. 388–397.
[2] E. De Mulder, S B. Ors, B. Preneel, and I. Verbauwhede, “Differential
electromagnetic attack on an FPGA implementation of elliptic curve
cryptosystems,” in Proc. World Automation Congress (WAC ’06), Bu-
dapest, Hungary, July 24–26, 2006, pp. 1–6.
vanced Encryption Standard (AES)”, FIPS Publication 197 (2001). [On-
line] Available URL: (http://csrc.nist.gov/publications/fips/fips197/fips-
Hardware Architecture with S-Box Optimization”, in Proc. of Advances
in Cryptology–ASIACRYPT’01, 2001, pp. 239–254.
[6] S. Morioka, A. Satoh, “An Optimized S-Box circuit architecture for low
80 2003 pp. 172–186.
[7] J.-H. Chen, S.-J. Huang, W.-C. Lin, Y-K. Lu, M.-D. Shieh, “Exploration
of low-cost configurable S-Box designs for AES applications”, in Proc.
of International Conference on Embedded Software and Systems (ICESS),
2008, pp. 422–428.
[8] P.V.S. Shastry, A. Agnihotri, D. Kachhwaha, J. Singh, “A Combinational
Logic Implementation of S-box of AES”, in Proc. of IEEE 54th Interna-
tional Midwest Symposium on Circuits and Systems (MWSCAS), 2011,
pp. 1–4.
[9] W. Yi, J. Li, R. Li. and W. Zhao, “FPGA based optimization for masked
AES implementation” in Proc. MWSCAS2011, pp. 1–4.
[10] K. Tiri, M. Akmal, and I. Verbauwhede, “A dynamic and differential
CMOS logic with signal independent power consumption to withstand
differential power analysis on smart cards,” in Proc. European Conf.
Solid-State Circuits (ESSCIRC ’02), Firenze, Italy, 2002, Sept. 24–26,
pp. 403–406.
[11] K. Tiri, I. Verbauwhede, “A logic level design methodology for a
secure DPA resistant ASIC or FPGA implementation,” in Proc. Design,
Automation and Test in Europe Conf. and Exhibition, 16-20 Feb. 2004,
pp. 246–251.
[12] M. Bucci, L. Giancane, R. Luzzi, and A. Trifiletti, “Three-phase dual-
rail pre-charge logic,” in Proc. Workchop on Cryptographic Hardware
and Embedded Systems (CHES ’06), Yokohama, Japan, Oct. 10–13, pp.
232–241.
[13] C. Monteiro, Y. Takahashi, and T. Sekine, “A comparison of cellular
multiplier cell using secure adiabatic logics,” in Proc. of Int. Conf. Cir-
cuit/System, Computers and Communications (ITC-CSCC ’12), Sapporo,
Japan, July 14–18, 4pages (CD-ROM, ISBN: 978-4-88552-273–4).
[14] W. C. Athas, L. J. Svesson, J. G. Koller, N. Traztzanis and E. Y.-
C. Chuo, “Low power digital system based on adiabatic-switching
principles,” IEEE Trans. VLSI System, vol. 2, no. 4, Dec. 1994, pp. 398–
406.
[15] B.-D. Choi, K.E. Kim, K-S. Chung, and D.K. Kim, “Symmetric
adiabatic logic circuits against differential power analysis,” in ETRI
Journal, vol. 32, no. 1, Feb. 2010, pp. 166–168.
[16] A. Kramer, J.S. Denker, B. Flower, and J. Moroney, “2nd Order Adia-
batic Computation 2N-2P and 2N-2N2P Logic Circuits”, in Proceedings
of the IEEE International Symposium on Low Power Design, 1995, pp.
191–196.
[17] Y. Moon, and D.K. Jeong, “An efficient charge recovery logic circuit”,
in IEEE J. Solid-State Circuits, vol. 31, no. 4, 1996, pp. 514–522.

Authorized licensed use limited to: INDIAN INST OF INFO TECH AND MANAGEMENT. Downloaded on September 07,2020 at 19:51:35 UTC from IEEE Xplore. Restrictions apply.