1. A HIGH THROUGHPUTAND ERROR TOLERANTAES DESIGNPrepared byR.GIRITHARANE.G.S.PILLAY ENGINEERING COLLEGE.

2. INTRODUCTION: The Advanced Encryption Standard (AES) has been lately acceptedas the symmetric cryptography standard for confidential datatransmission. The AES cipher is specified as a number of repetitions oftransformation rounds that convert the input plain-text into the finaloutput of cipher-text. All rounds consists of several processing steps including one thatdepends on the encryption key. A set of reverse rounds applied totransform cipher-text back into the original plain-text using the sameencryption key. 3. PROPOSED The proposed schemes are independent of the way the S-box and theinverse S-box are constructed. Therefore, they can be used for both S-boxes and the inverse S-boxesusing lookup tables and those utilizing logic gates based on composite fields. Furthermore, for each composite field constructions, there exists eightpossible isomorphic mapping. Therefore, after the exploitation of a new common sub expressionelimination algorithm, the isomorphic mapping that result in the minimalimplementation area cost is chosen. 4. CONTINUING A high throughput hardware implementations of our proposedCFA AES S-boxes are reported. In order to avoid data corruption due to SEUs a novel faulttolerant model of AES is presented which is based on theHamming error correction code. This reduces the data corruption and increase the performance. Thus the data corruption due to Single Event Upset can beavoided and the performance was increased. 5. AES: The AES standard specifies the Rijndael algorithm , a symmetric block cipher thatcan process data blocks of 128 bits using cipher keys with lengths of 128, 192 and 256bit. Rijndael are designed to handle additional block sizes and key length, however theyare not adopted in this standard. Throughout the remainder of this standard, the algorithm specified will be referred toas the AES algorithm. The algorithms may be used with three different key lengths indicated above andtherefore these different flavors may be referred to as AES-128, AES-192,andAES-256. 6. CONTINUING The input and output for the AES algorithm each consist of sequences of 128bits. These sequences will sometimes be referred to as blocks and the number ofbits they contain will be referred to as their length. The Cipher Key for the ESalgorithm is a sequence of 128, 192 or 256 bits. Other input, output and Cipher Keylengths are not permitted by this standard. The bits within such sequences will be numbered starting at zero and ending atone less than the sequence length. The number i attached to a bit is known as itsindex and will be in one of the ranges 0 < i < 128, 0 < i < 192 or 0 < i < 256depending on the block length and key length (specified above) 7. DERIVATION OF MULTI P L ICATIVEINVERSE INS -BOX ALGORITHM US ING CFA In AES, the encryption of the data is performed on blocks ofbyte,through the representation in GF(28) with the specified fieldpolynomial q(x)=x8+x4+x3+x+1. Every round in AES consists of fouridentical transformations, i.e., SubBytes, ShiftRows, MixColumns, andAddRoundKey. In a nutshell, the S-box function, which is claimed to bemost resource consuming operation, involves finding a multiplicativeinverse over GF(28) and followed by an affine transformation. 8. C ON T IN U IN G The following summarizes the step in performing multiplicativeinversion using CFA:1) map all elements of field A to composite field B usingisomorphism function; b= f(a)= a;2) compute the multiplicative inverse over B; x= b-1(except ifb=0,then x=0)3) remap the computation result to A, using the inverseisomorphism function; a = f (x) = -1x. 9. CONTINUING Mapping Galois Field from GF(28) to GF(((22)2)2)requires three stages ofisomorphism and field polynomials which are stated (in a general form) as follows: r(y) = y2 + y + v ( isomorphism for GF( 28 ) / GF( 24 ) ) (1) s(z) = z2+ z + N ( isomorphism for GF( 24 ) / GF( 22 ) ) (2) t(w) = w2 + w + 1 ( isomorphism for GF( 22 ) / GF( 2 ) ) (3) In this work, we present CFA for multiplicative inverse (in S-box algorithm) overthe composite field GF(((22)2)2) with respect to both polynomial basis and normalbasis. 10. CONTINUING As w2 + w + 1 =0 is the only irreducible polynomial of degree 2 over GF(2)there is no other candidate coefficient for (3). For (1) and (2), we need to determineall the possible coefficients of v,,N and T in both normal and polynomial bases. In order to promote simplicity in CFA, we can either have the trace or the normof r(y) and s(z) equal to unity but not both. To our best knowledge, previous studies attempted optimization only with tracesof field polynomials equal to unity. For instance, the work of Zhang and Parhi [8] used a polynomial basisrepresentation, while the work of Canright [7] used a normal basis representation. 11. CONTINUING Therefore, we extend these studies by choosing the norms ( and ) ofthe field polynomials to be unity for both polynomial and normal bases.Following this approach, there are two possible T values for s(z) to beirreducible over GF(22). Meanwhile, for r(y) to be irreducible overGF((22)2) there will be eight choices for with respect to each of the Tvalue. These two new constructions (hereafter, referred to as Case I and CaseII) are then compared with the ones in [7] and [8]. 12. CONTINUING Eventually, based on the thorough reviews of these architectures, we derived yetanother new normal basis composite field AES S-box that uses a combination ofnorm and trace unities in different field polynomials. In total, we propose three newconstructions listed as follows. CaseI Using polynomial basis representation with field polynomials normsequal to unity (both and _ in (1) and (2) equal to unity). CaseII Using normal basis representation with field polynomialsnorms equal tounity (both and _ in (1) and (2) equal to unity). CaseIII Using normal basis representation ( in (1) and _ in (2) equal to unity). 13. TA B L E IPA I R S OF _ AND _ THA T R E SULT IN MINIMA LCOMP L E X I T Y IN _ _ A R E DE T E RMINED 14. HARDWARE IMPLEMENTATIONOF CFA AES S -BOXES In this section, we discuss on the actual hardware implementation ofthe proposed CFA AES S-box constructions. First, we manually coded thecircuit using a hardware description language for all of the three proposedCFA AES S-boxes. Next, we employ ANF representation along with astrategic fine-grained pipeline registers insertion, in an attempt to validatethe feasibility of the proposed compact CFA AES S-boxes in achievinghigh throughput hardware implementations. 15. REQUIREMENTS: The proposed system is implemented on Altera FPGA Platform. We implemented all the proposed systems( Case 1, Case 2, Case 3) hadbeen implemented in CYLONE II EP2C5T144C6 and were synthesizedusing Quartus II. Clocked at 100MHz. Here two groups of hardware implementations are performed:- Original CFA AES S-boxes-Seven Stages pipelined ANF-CFA AES S-boxes. 16. FAULT-TOLERANT MODEL OFTHE AES ALGORITHAM This section presents a novel fault-tolerant model for the AESalgorithm, which is immune to radiation-induced SEUs occurringduring encryption and can be used in hardware implementations onboard small OE satellites . The model is based on a self-repairingEDAC scheme, which is built in the AES algorithmic flow and utilizesthe Hamming error correcting code . 17. CALCULATION OF HAMMINGCODE: The parity check bits of each byte of the S-Box LUTs are pre-calculated.These Hamming code bits can be formally expressed as below:h(SRD[a]) hRD[a]h((SRD[a] f{2g}) h2RD[a]h((SRD[a] f{03g}) h3RD[a] (1)where a is the state byte and h represents the calculationof the Hamming code. 18. CONTINUING The Hamming code of the state byte a is a four-bit parity code,represented by bits (p3,p2,p1,p0), which are derived as follows:p3 is parity bit group of b7,b6,b4,b3,b1p2 is parity bit group of b7,b5,b4,b2,b1p1 is parity bit group of b6,b5,b4,b0p0 is parity bit group of b3,b2,b1,b0 (2) 19. DETECTION AND CORRECTION OFFAULT US ING HAMMING CODE BITS :The Hamming code matrix of the Sub Bytes transformation is predicted by referring tothe hRD table. The Hamming code matrix prediction for Shift Rows involves a simplecyclic rotation of the Sub Bytes Hamming code bits[14]. The Hamming code state matrixfor Mix Columns is predicted with the help of the hRD, h2RD and h3RD parity bits andit is expressed by the equations below:h0,j = h2RD[a0,j ] h3RD[a1,j ] hRD[a2,j ] hRD[a3,j ]h1,j = hRD[a0,j ] h2RD[a1,j ] h3RD[a2,j ] hRD[a3,j ]h2,j = hRD[a0,j ] hRD[a1,j ] h2RD[a2,j ] h3RD[a3,j ]h3,j = h3RD[a0,j ] hRD[a1,j ] hRD[a2,j ] h2RD[a3,j ]0 < j