A DESIGN OF A FAST PARALLEL-PIPELINED IMPLEMENTATION OF AES: ADVANCED ENCRYPTION STANDARD

Transcription

1 International Journal of Computer Siene & Information Tehnology (IJCSIT) Vol 6, No 6, Deemer 2014 A DESIGN OF A FAST PARALLEL-PIPELINED IMPLEMENTATION OF AES: ADVANCED ENCRYPTION STANDARD Ghada F.Elkaany, Hea K.Aslan and Mohamed N.Rasslan Informatis Department, Eletronis Researh Institute, Cairo, Egypt ABSTRACT The Advaned Enryption Standard (AES) algorithm is a symmetri lok ipher whih operates on a sequene of loks eah onsists of 128, 192 or 256 its. Moreover, the ipher key for the AES algorithm is a sequene of 128, 192 or 256 its. AES algorithm has many soures of parallelism. In this paper, a design of parallel AES on the multiproessor platform is presented. While most of the previous designs either use pipelined parallelization or take advantage of the Mix_Column parallelization, our design is ased on omining pipelining of rounds and parallelization of Mix_Column and Add_Round_Key transformations. This model is divided into two levels: the first is pipelining different rounds, while the seond is through parallelization of oth the Add_Round_Key and the Mix_Column transformations. Previous work proposed for pipelining AES algorithm was ased on using nine stages, while, we propose the use of eleven stages in order to exploit the soures of parallelism in oth initial and final round. This enhanes the system performane ompared to previous designs. Using two-levels of parallelization enefits from the highly independeny of Add_Round_Key and Mix_Column/ Inv_Mix_Colum transformations. The analysis shows that the parallel implementation of the AES ahieves a etter performane. The analysis shows that using pipeline inreases signifiantly the degree of improvement for oth enryption and deryption y approximately 95%. Moreover, parallelizing Add_Round_Key and Mix_Column/ Inv_Mix_Column transformations inreases the degree of improvement y approximately 98%. This leads to the onlusion that the proposed design is salale and is suitale for real-time appliations. KEYWORDS Advaned Enryption Standard AES, Parallel proessing, Pipelining 1. INTRODUCTION On June 2, 1997, the Amerian National Institute for Standardization and Tehnology (NIST) proposed a ompetition to propose a new enryption algorithm to replae the aging and inreasingly vulnerale Data Enryption Standard (DES). The new Advaned Enryption Standard (AES) hosen from the ompetitors was Rijndael [1 and 2]. Sine eoming the AES, Rijndael has een the fous of ountless analyses and has een implemented oth in hardware and software for many different platforms. To aelerate the AES omputation time, parallel omputing is inorporated [3-19]. DOI: /ijsit

2 International Journal of Computer Siene & Information Tehnology (IJCSIT) Vol 6, No 6, Deemer 2014 In this paper, a design of parallel AES on the multiproessor platform is presented. While most of the previous designs either use pipelined parallelization or take advantage of the Mix_Column parallelization, our design is ased on omining pipelining of rounds and parallelization of Mix_Column and Add_Round_Key transformations. This model is divided into two levels: the first one is pipelining different rounds, while the seond one is through parallelization of oth the Add_Round_Key and the Mix_Column transformations. Previous work proposed for pipelining AES algorithm was ased on using nine stages, while, we propose the use of eleven stages in order to exploit the soures of parallelism in oth initial and final round. The paper is organized as follows: in Setion 2, a desription of AES algorithm and a survey of different designs for its implementation in parallel are detailed. Then, the proposed design is illustrated in Setion 3. In Setion 4, a performane evaluation of the proposed design is given. Finally, the paper onludes in Setion RELATED WORK 2.1. Advaned Enryption Standard (AES) The Advaned Enryption Standard (AES) algorithm is a symmetri lok ipher whih an onvert data to an unintelligile form (enryption) and onvert the data ak into its original form (deryption). Both enryption and deryption onsist of sequenes of loks eah onsists of 128- its. Moreover, the ipher key for the AES algorithm is a sequene of 128, 192 or 256 its. Internally, the AES algorithm s operations are performed on a two-dimensional (2-D) array of ytes alled the State array. The State array onsists of four rows of ytes, eah ontaining "N " ytes, where "N " is the lok length divided y 32 (the word size). Desription of the AES Algorithm The AES algorithm onsists of three distint phases as shown in Figure 1 [3]: In the first phase, an initial addition (XORing) is performed etween the input data (plaintext) and the given key (ipher key). Then, in the seond phase, a numer of standard rounds (Nr-1) are performed, whih represents the kernel of the algorithm and onsumes most of the exeution time. The numer of these standard rounds depends on the key size; nine for 128-its, eleven for 192-its, or thirteen for 256-its. Eah standard round inludes four fundamental algerai funtion transformations on arrays of ytes namely: (1) Byte sustitution using a sustitution tale (Sox) (2) Shifting rows of the State array y different offsets (ShiftRow) (3) Mixing the data within eah olumn of the State array (Mix_Column), and (4) Adding a round key to the State array (Key-Addition). Finally, the third phase of the AES algorithm represents the final round of the algorithm, whih is similar to the standard round, exept that it does not have Mix_Column operation. For detailed information of the aovementioned transformations, the reader ould refer to [1]. 40

3 International Journal of Computer Siene & Information Tehnology (IJCSIT) Vol 6, No 6, Deemer 2014 Figure 1. The AES algorithm (Nr: 10, 12, or 14 depending on key length) [4] 2.2. The Parallel Advaned Enryption Standard (AES) Advaned Enryption Standard (AES) an e deployed in fully hardware [3-11], hyrid softwarehardware [12-16], and fully software implementations [17-19]. This fat allows parallelization of AES in different ways. In literature, parallelizing Rijndael has een visited many times for hardware implementation. In [4], Yoo et al. presented a hardware-effiient design that inreases AES throughput y making use of a high-speed parallel pipelined arhiteture. Yoo et al. used an effiient inter-round and intra-round pipeline design in order to ahieve a high throughput in enryption. In eah round, there are three pipeline stages, the first stage follows the yte-su operation, the seond one is loated after the shift-row operation, and the last stage is efore data output. Moreover, this design has one pipeline stage in key generation loks. On the other hand, Hodjad el at. [5] introdue a design that has four or seven pipeline stages, one after a yte-su operation and three or six in a yte-su operation. In [7], Ananth et al. present a fully pipelined AES enryption/deryption system that is fully unrolled in order to implement a very deep level of pipelining (i.e. all ten ipher rounds were unrolled.) For more designs for hardware implementation of AES, the reader ould refer to [8-11]. On the other hand, AES in software-hardware o-design is performed y using extended speial instrutions and the other transforms are performed y general instrutions [12-16]. S. Mahmoud 41

4 International Journal of Computer Siene & Information Tehnology (IJCSIT) Vol 6, No 6, Deemer 2014 [12] presented a parallel implementation for AES algorithm y using the MPI (Message Passing Interfae) ased luster approah. MPI is one of the most estalished methods used in parallel programming mainly. This is due to the fat that the relative simpliity of deploying the method y writing a set of lirary funtions or an API (Appliation Program Interfae) allale from C, C++ or Fortran Programs. In [13], So-In shows that the 16-ytes AES lok an e individually enrypted. As an essential tehnique of AES parallelism is to exeute parallel AES y applying eah thread or eah node into eah AES lok to estalish a omplete enrypted parallel lok. This tehnique exludes the key expansion step required efore entering the parallel state. So-In applies AES enryption in ECB mode for the sake of performane evaluation. Similarly, CTR mode an e enrypted without the dependeny of the previous loks, ut not other modes. Other designs that use instrution set to inrease the effiieny of 32-it proessors for AES enryption algorithm ould e find in [14-16]. In [17], Brisk et al. introdue an example of fully software implementation of AES. In their work, they derived the asymptoti sequential runtime for the algorithm and desrie two parallel implementations. The first one is optimal in terms of time onsuming and the other one is optimal in terms of ost. In the ost-optimal implementation, they sarifie aeleration in order to redue the numer of proessors required for enryption. Other examples of fully software implementations are presented in [18 and 19]. In this paper, a design of parallel AES on the multiproessor platform is presented. While most of the previous designs either use pipelined parallelization or take advantage of the Mix_Column parallelization, in our work, we design a parallel model for the AES algorithm. This model is divided into two levels. The first one is pipelining different rounds, while the seond one is through parallelization oth Add_Round_Key and Mix_Column transformations. In the next setion, the proposed parallel AES design is presented. 3. THE PROPOSED PARALLEL ADVANCED ENCRYPTION STANDARD (AES) DESIGN Advaned Enryption Standard (AES) algorithm has many soures of parallelization as mentioned in Setion 2. In this work, we design a parallel model for the AES algorithm, this model is divided into two levels. The first one is pipelining different rounds, while the seond one is through parallelization oth the Add_Round_Key and the Mix-Column. In this setion, the parallel design of the AES algorithm is explained, while in the next setion its analysis is detailed The Parallel Enryption Model Based on the AES desription in Setion 2.1, AES algorithm is divided into three distint phases. The first phase ontains the initial round. The Seond phase ontains "Nr-1" standard rounds, in whih eah round inludes four transformations namely: Byte_Su, Shift_Row, Mix_Column, and Add_Round_Key. Finally, the third phase ontains the final round. That is similar to any standard round, exept that it does not have Mix_Column transformation. Both Byte_Su, and Shift_Row transformations are exeuted sequentially eause they operate on single ytes, independently of their position in the State matrix. On the other hand, Mix_Column and Add_Round_Key operations an e exeuted in parallel. While the Add_Round_Key operation is used to perform an arithmeti XOR operation, the Mix_Column transformation, whih represents 42

5 International Journal of Computer Siene & Information Tehnology (IJCSIT) Vol 6, No 6, Deemer 2014 the kernel of the AES algorithm and onsumes most of the exeution time, is used to perform 64 XOR operations and 32 shift operations. In this work, we design a parallel model for the AES algorithm, this model is divided into two levels. The first one is pipelining different rounds (from round zero to round 10), while the seond one is through parallelization of oth Add_Round_Key and Mix-Column transformations Pipelined Enryption Rounds As shown in Figure 1, round numer zero (initial round) through round numer "N r, N r =10" represent the individual rounds in the AES-128 enryption. The pipelining etween these rounds will ahieve a high performane implementation. The data generated in eah individual round is used as the input to the next round. This is one of the easiest methods where high performane an e ahieved in a very minimal amount of time, thus, reduing the overall design implementation yle. We assume that our system ontains eleven stages {S 0,S 1,S 2,.., S 9, and, S 10 }, and the total numer of proessors equals "M". Moreover, eah proessor has its loal memory, and the proessor and its memory are alled proessing element. The "M" proessing elements onneted to eah other via multiport Shared Memory (SM). The ontent of a multi-port memory an e aessed through different ports simultaneously. In our work, eah stage an e performed y M r proessing elements PEs, where M r = M/11. Eah group of "M r " PEs has a diret independent aess to a ertain memory module, and eah PE has a dediated path to eah module in order to ahieve a etter performane. On the other hand, different stages are onneted through pipelined stream. That is to say, the pipelined stream ontains eleven funtions eah funtion is exeuted y a single stage. There is a pipeline stage etween eah round and the parallelization inside eah round whih will e desried in Setion Our pipeline design is different from [4] y adding two stages S 0 and S 10 to the pipeline stream. Eah of these stages are used to exeute the Add_Round_Key transformation (this transformation onsists of sixteen XOR operations), i.e. the design is fully pipelined. This tehnique of pipelining will inrease the onurreny and redue the total exeution time Parallelization inside Individual Round Eah individual round onsists of four transformations. As mentioned earlier, Mix_Column and Add_Round_key transformations an e exeuted in parallel. Add_Round_key onsists of 16 independent XOR operations, therefore, it ould e exeuted in parallel. In addition, Mix_Column transformation onsists of 64 XOR operations and 32 shift operations. Mix_Column represents the kernel of the AES algorithm and onsumes most of the exeution time. This neessitates its implementation in parallel to redue its exeution time. In this setion, the mathematial derivation of Mix_Column is disussed in details. In our design, "E" represents the matrix used for enryption, while "D" represents the matrix used for deryption. On the other hand, we assume that "B i " and "C i " are the input and output of the Mix_Column operation in ase of enryption, and are inversed at the deryption proess. In order to enrypt "L" numer of data loks ( 1 i L ), E, B i, and C i, for eah lok an e represented as follows: 43

6 International Journal of Computer Siene & Information Tehnology (IJCSIT) Vol 6, No 6, Deemer 2014 B i = i i i i,1,5,9,13 i,2 i,6 i,10 i,14 i,3 i,7 i,11 i,15 i,4 i,8 i,12 i,16 02 and E = C i = E * B i (1) i i i i,1,5,9,13 i,2 i,6 i,10 i,14 i,3 i,7 i,11 i,15 i,4 i,8 i,12 i,16 02 = i 01 * i 03 i 02 i,1,5,9, i,2 i,6 i,10 i,14 i,3 i,7 i,11 i,15 i,4 i,8 i,12 i,16 (2) Mix_Column transformation is then represented y the following set of equations and is illustrated in Figure 2: i,1 = (2 i,1 ) (3 i,5 ) i,9 i,1 (3) i,5 = i,1 (2 i,5 ) (3 i,9 ) i,13 (4) i,9 = i,1 i,5 (2 i,9 ) (3 i,13 ) (5) i,13 = (3 i,1 ) i,5 i,9 (2 i,13 ) (6) This is repeated for the other three olumns of the matrix. The aove desription shows that the elements of Mix_Column matrix an e omputed independently. The Mix_Column transformation an e exeuted y more than one proessor. The maximum numer of proessors is thirty-two proessors in eah stage. Figure 3 represents the proposed parallel design for the AES enryption operation, while Figure 4 desries the details of omputing eah matrix element in parallel. As shown in this figure, two proessors an ooperate to ompute one or more element i,j. 44

7 International Journal of Computer Siene & Information Tehnology (IJCSIT) Vol 6, No 6, Deemer 2014 Figure 2: Dataflow graphs for AES algorithm (Enryption Mode): Mix-Column operation 45

8 International Journal of Computer Siene & Information Tehnology (IJCSIT) Vol 6, No 6, Deemer 2014 Figure 3: Parallelization of AES enryption operation 46

9 International Journal of Computer Siene & Information Tehnology (IJCSIT) Vol 6, No 6, Deemer The Deryption Model Figure 4: Exeute the Mix_Column operation As the enryption operation, the parallelization of deryption an e done in two levels. In the first level of parallelism (pipelining different rounds), the deryption operation is done in the same way as the enryption operation (Setion 3.1.1). In order to derypt "L" numer of data loks ( 1 i L ), D, C i, and B i, for eah lok an e represented as follows: i C i = i i i,1,5,9,13 i,2 i,6 i,10 i,14 i,3 i,7 i,11 i,15 i,4 i,8 i,12 i,16 0E and D = 09 0D 0B 0B 0D 0E 0B 09 0E 0D D 0B 0E B i = D * C i (7) 47

10 International Journal of Computer Siene & Information Tehnology (IJCSIT) Vol 6, No 6, Deemer 2014 i i i i,1,5,9,13 i,2 i,6 i,10 i,14 i,3 i,7 i,11 i,15 i,4 i,8 i,12 i,16 = 0E 09 0D 0B 0B 0E 09 0D 0D 0B 0E D * 0B 0E i i i i,1,5,9,13 i,2 i,6 i,10 i,14 i,3 i,7 i,11 i,15 i,4 i,8 i,12 i,16 (8) Inv_Mix_Column is then represented y the following set of equations and illustrated in Figure 5: i,1 = (0E i,1 ) (0B i,5 ) (0D i,9 ) (09 i,13 ) (9) i,5 = (09 i,1 ) (0E i,5 ) (0B i,9 ) (0D i,13 ) (10) i,9 = (0D i,1 ) (09 i,5 ) (0E i,9 ) (0B i,13 ) (11) i,13 = (0B i,1 ) (0D i,5 ) (09 i,9 ) (0E i,13 ) (12) This is repeated for the other three olumns of the matrix. As mentioned earlier, oth Inv_Mix_Column and Add_Round_key transforms an e exeuted in parallel. Inv_Mix_Column transformation onsists of 160 XOR operations and 192 shift operations. Similar to Mix_Columnu matrix, the elements of Inv_Mix_Column matrix an e omputed independently. The Inv_Mix_Column transformation an e exeuted y at most 64 proessors in eah stage. Figure 6 desries the details of omputing eah matrix element in parallel when using 16 proessors. As shown in this figure, four proessors an ooperate to ompute one or more element i,j. In the next setion, analysis of the proposed design is detailed. 4. ANALYSIS OF THE PROPOSED PARALLEL AES DESIGN In this setion, for oth enryption and deryption operations, we disuss the mathematial derivation of the proposed parallel AES design on a pipeline arhiteture of eleven stages. In our design, "M r " proessing elements ooperate to exeute eah stage (as disussed in Setion 3). For simpliity, we assume a lok and key sizes of 128 its. 48

11 International Journal of Computer Siene & Information Tehnology (IJCSIT) Vol 6, No 6, Deemer 2014 Figure 5: Dataflow graphs for AES algorithm (deryption mode) Inv_Mix_Column operation 49

12 International Journal of Computer Siene & Information Tehnology (IJCSIT) Vol 6, No 6, Deemer

13 International Journal of Computer Siene & Information Tehnology (IJCSIT) Vol 6, No 6, Deemer Enryption Operation Figure 6: Exeute the Inv_Mix_Column operation The total sequential time "T ES " needed to exeute the enryption operation is given y: T ES = T Add_Round_Key + {(N r -1) * T Nr-1 } + T Nr (13) Where T Nr-1 = T Byte_Su + T Shift_Row + T Mix_Column + T Add_Round_Key (14) T Nr = T Byte_Su + T Shift_Row + T Add_Round_Key (15) T Add_Round_Key = 16 * T XOR (16) (T XOR : the time needed to exeute one XOR operation) T Shift_Row = 48 * T shift (17) 51

14 International Journal of Computer Siene & Information Tehnology (IJCSIT) Vol 6, No 6, Deemer 2014 (T shift : the time needed to exeute one shift operation) T Mix_Column = 16 * (2*T shift + 4*T XOR ) (18) T XOR = 6 * T shift (19) From equations (13, 14, 15, 16, 17, 18, and 19), we dedue: T ES = 880*T XOR + 10 T Byte_Su (20) T Byte_Su is very small and an e negleted. For "L" loks, the total sequential time is given y: T LES = L* T ES = 880*L*T XOR (21) Pipelining the AES enryption rounds Assuming that the total numer of proessing elements M =11* M r, and "M r " proessing elements are used to exeute eah stage, the pipeline time "T pipeline " is given y: T pipeline = L*t 1 + 9*t 2 + t 3 (22) 9 1 T pipeline = L* t 1 * t2 * t3 (23) L L Where t 1 : is the time needed to exeute the initial round t 2 :is the time needed to exeute any round N j (1 j 9) t 3 : is the time needed to exeute the final round t 1 = T Add_Round_Key = 16* T XOR (24) t 2 = T Byte_Su + T Shift_Row + T Mix_Column + T Add_Round_Key = T Byte_Su + 48* T Shift + 16 * (2*T shift + 4*T XOR ) +16* T XOR (25) t 3 = T Byte_Su +T Shift_Row + T Add_Round_Key = T Byte_Su + 48* T Shift + 16* T XOR (26) T Byte_Su is very small and an e negleted. From Eqs. (22 to 26), the pipelined time "T pipeline " is given y: 10 16* TXOR 48*Tshift + 16*TXOR T pipeline = L L * (27) 9 * 32*T shift + 64*TXOR L Parallelization of Add_Round_Key and Mix_Column transformations We assume that the total numer of PEs that ompute eah round equals to "M r ", where 2 M r 32. Therefore, the time needed to exeute Add_Round_key transformation is given y: 52

15 International Journal of Computer Siene & Information Tehnology (IJCSIT) Vol 6, No 6, Deemer 2014 T Add_Round_Key = 16 * T XOR (28) M r While, the time needed for exeute Mix_Column transformation is given y: T Mix_Column = 32 * Max T,T T ) (29) Where M r PEk PEk 1 ov T PEk = (T shift + 3*T XOR ) (30) T PEk 1 = (T shift + T XOR ) (31) T = the overhead Time ov 4.2. Deryption Operation The total sequential time "T DS " needed to exeute the deryption operation is given y: T DS = T Add_Round_Key + (N r -1) * T Nr-1 + T Nr (32) Where T Nr-1 = T Inv_Byte_Su + T Inv_Shift_Row + T Inv_Mix_Column + T Add_Round_Key (33) T Nr = T Inv_Byte_Su + T Inv_Shift_Row+ T Add_Round_Key (34) T Inv_Mix_Column = 16 * (12*T shift + 10*T XOR ) (35) By using the same assumptions at Eqs. (16-19), and from Eqs. (32-35), we dedue: T DS = 1984*T XOR + 10 T Inv_Byte_Su (36) T Inv_Byte_Su is very small and an e negleted. For "L" loks, the total sequential time is given y: T LDS = L*T DS =1984*L*T XOR (37) Pipelining the AES deryption rounds As disussed in the previous susetion (enryption ase), the pipeline time is given y: T pipeline = L*t 4 + 9*t 5 + t 6 (38) 9 1 T pipeline = L* t 4 * t5 * t6 (39) L L Where t 4 : is the time needed to exeute the initial round t 5 : is the time needed to exeute any round N j (1 j 9) t 6 : is the time needed to exeute the final round t 4 = T Add_Round_Key = 16*T XOR (40) 53

16 International Journal of Computer Siene & Information Tehnology (IJCSIT) Vol 6, No 6, Deemer 2014 t 5 = T Inv_Byte_Su +T Inv_Shift_Row + T Inv_Mix_Column + T Add_Round_Key = T Inv_Byte_Su + 48* T Shift + (192*T shift + 160*T XOR ) +16 * T XOR (41) t 6 = T Inv-Byte_Su +T Inv_Shift_Row + T Add_Round_Key = T Inv_Byte_Su + 48* T Shift + 16* T XOR (42) From Eqs. (37-42) and with the assumption that T Inv_Byte_Su is very small and an e negleted, the pipelined time "T pipeline " is given y: 10 16* TXOR T pipeline = L L* 9 * 192* T L 48* T + 16 * T 160* T shift shift XOR XOR Parallelization of Add_Round_Key and Inv_Mix_Column transformations Assuming that the total numer of PEs that ompute eah round equals "M r ", where 4 M r 64, therefore, the total time for Add_Round_Key transformation is given y: T Add_Round_Key = M r (43) 16 * T XOR (44) While, the time needed to exeute the Inv_Mix_Column transformation is given y: 64 M r T Inv_Mix_Column = * MaxT,T,T,T Where PEk PEk1 PEk2 PEk3 Tov T PEk = (3*T shift + 4*T XOR ) (46) T PEk 1 = (3*T shift + 2*T XOR ) (47) T PEk 2 = (3*T shift + 3*T XOR ) (48) T PEk 3 = (3*T shift + T XOR ) (49) T ov = the overhead time 4.3. Disussion of Results In literature, there are some metris [20] used to evaluate the system performane suh as: Exeution time (parallel time) T par is referred to the total running time of the program. Speedup S p, whih relates the time taken to solve the prolem on a single proessor mahine to the time taken to solve the same prolem using parallel implementation. Effiieny, Ep, is defined as the ratio S p /M. Degree of improvement is the perentage of improvement in system performane with respet to sequential exeution and an e determined y (T s -T par )/T s. Tales 1 and 3 illustrate the improvement of the proposed design with respet to the sequential model for oth enryption and deryption operations. On the other hand, Tales 2, and 4 show the (45) 54

17 International Journal of Computer Siene & Information Tehnology (IJCSIT) Vol 6, No 6, Deemer 2014 effet of parallelization of oth Add_Round_Key and Mix_Column/ Inv_Mix_Column transformations for the ases of enryption and deryption respetively for different numer of loks (L = 10, 25, and 40). Tale (1): Degree of improvement with respet to sequential time (T LES = L*880*T XOR ) (a) Pipelined enryption without parallelization of Add_Round_Key and Mix_Column Numer of loks Sequential time Pipelining time Degree of improvement L= *T XOR 1024*T XOR 88% L= *T XOR *T XOR 94.2% L= *T XOR 1556*T XOR 95.5% () Pipelined enryption with parallelization of Add_Round_Key and Mix_Column M r L=10 L=25 L= % 96% 97% 4 95% 97% 98.5% % 98.8% 98.9% Tale (2): The effet of parallelization of Add_Round_Key and Mix_Column (a) L=10 Mr Exeution time Speedup Effiieny Degree of improvement *T XOR *T XOR % 4 388*T XOR % 8 234*T XOR % () L=25 M r Exeution time Speed up Effiieny Degree of improvement *T XOR *T XOR % *T XOR % 8 264*T XOR % () L=40 M r Exeution time Speed up Effiieny Degree of improvement *T XOR *T XOR % 4 508*T XOR % 8 292*T XOR % Tale (3): Degree of improvement with respet to sequential time (T LDS = L*1984*T XOR ) (a) Pipelined deryption without parallelization of Add_Round_Key and Inv_Mix_Column Numer of loks Sequential time Pipelining time Degree of improvement L= *T XOR 1984*T XOR 90% L= *T XOR 2224*T XOR 95.5% L= *T XOR 2464*T XOR 96.8% 55

18 International Journal of Computer Siene & Information Tehnology (IJCSIT) Vol 6, No 6, Deemer 2014 () Pipelined enryption with parallelization of Add_Round_Key and Mix_Column M r L=10 L=25 L= % 97.2% 98% % 98.2% 98.8% % 98.9% 99% Tale (4): The effet of parallelization of Add_Round_Key and Inv_Mix_Column (a) L=10 M r Exeution time Speedup Effiieny Degree of improvement *T XOR T XOR % T XOR % 8 444* T XOR % T XOR % () L=25 M r Exeution time Speedup Effiieny Degree of improvement *T XOR T XOR % 4 864T XOR % T XOR % T XOR % () L=40 M r Exeution time Speedup Effiieny Degree of improvement *T XOR T XOR % T XOR % T XOR % T XOR % From the aove tales, the following fats ould e dedued: - Tales 1(a) and 3(a) show that using pipeline inreases signifiantly the system performane for the ases of enryption and deryption. In addition, as the numer of loks inreases, for ases of enryption and deryption, the degree of improvement inreases. - - As shown in Tale 1() and 3(), as the numer of proessors used to exeute eah stage (2 to 16) inreases, the improvement degree inreases irrespetive of the lok size. To otain a reasonale effiieny, we will e satisfied with an improvement degree equals to 98%. Whih an e satisfied when M r =8 for the enryption ase and M r =16 for the deryption ase. - Tales 2 and 4 show the effet of parallelizing Add_Round_Key and Mix_Column/ Inv_Mix_Column transformations on the system performane inside eah stage. The omparison with the ase of using only one proessor is illustrated. As the numer of proessors inreases, the total exeution time dereases. In addition, the speedup inreases for oth enryption and deryption operations. Moreover, the improvement degree inreases 56

19 International Journal of Computer Siene & Information Tehnology (IJCSIT) Vol 6, No 6, Deemer 2014 irrespetive of the lok size. This is true for L =10, 25, and 40. This leads to the onlusion that the proposed design is salale and is suitale for real-time appliations. Previous work proposed for pipelining AES algorithm was ased on using nine stages. In our work, we propose the use of eleven stages in order to exploit the soures of parallelism in oth initial and final round. This enhanes the system performane ompared to previous designs. In addition, we use two-levels of parallelism: the first level is pipelining different rounds (from round zero to round 10), while the seond one is through parallelization oth the Add_Round_Key and the Mix-Column transformations. Using two-levels of parallelization enefits from the highly independeny of Mix_Column/Inv_Mix_Colum transformation whih leads to a etter performane. 5. CONCLUSIONS The Advaned Enryption Standard (AES) algorithm is a symmetri lok ipher whih operates on a sequene of loks eah onsists of 128, 192 or 256 its. Moreover, the ipher key for the AES algorithm is a sequene of 128, 192 or 256 its. AES algorithm has many soures of parallelism. In this work we proposed an optimized version of AES algorithm. Both the enryption and the deryption algorithms have een optimized. In the present paper, we detailed a design for implementation of AES algorithm on a multiproessor platform. While most of the previous designs either use pipelined parallelization or take advantage of the Mix_Column parallelization, our design is ased on omining pipelining of rounds and parallelization of Mix_Column and Add_Round_Key transformations. This model is divided into two levels: the first one is pipelining different rounds, while the seond one is through parallelization of oth the Add_Round_Key and the Mix_Column transformations. Previous work proposed for pipelining AES algorithm was ased on using nine stages, while, we propose the use of eleven stages in order to exploit the soures of parallelism in oth initial and final round. This enhanes the system performane ompared to previous designs. Using two-levels of parallelization enefits from the highly independeny of Add_Round_Key and Mix_Column/ Inv_Mix_Colum transformations. The analysis shows that using pipeline inreases signifiantly the degree of improvement for oth enryption and deryption y approximately 95%. Moreover, parallelizing Add_Round_Key and Mix_Column/ Inv_Mix_Column transformations inreases the degree of improvement y approximately 98%. To otain a reasonale effiieny, we will e satisfied with an improvement degree equals to 98%. This ould e ahieved using eight proessors for eah stage in ase of enryption and sixteen proessors for the deryption ase. Sine, the inrease of numer of proessors will derease the effiieny. The analysis shows that the improvement degree inreases irrespetive of the lok size. This is true for L =10, 25, and 40. This leads to the onlusion that the proposed design is salale and is suitale for real-time appliations. REFRENCES [1] Joan Daemen and Vinent Rijmen, (1998) "AES Proposal: Rijndael" [2] W.Stallings (2010), Cryptography and Network Seurity: Priniples and Pratie, Prentie Hall. [3] Mostafa I. Soliman and Ghada Y. Aozaid, (2010) "FastCrypto: Parallel AES Pipelines Extension for General-Purpose Proessors", Neural, Parallel, and Sientifi Computations, No. 18, pp [4] S.-M. Yoo, D. Kotturi, D.W. Pan, and J. Blizzard, (2005) "An AES rypto hip using a high-speed parallel pipelined arhiteture", Miroproessors and Mirosystems, No.29, pp

20 International Journal of Computer Siene & Information Tehnology (IJCSIT) Vol 6, No 6, Deemer 2014 [5] A.Hodjat, and I. Verauwhede (2004), "A Gits/s fully pipelined AES proessor on FPGA", in Pro. of 12th Annual IEEE Symposium on Field-Programmale Custom Computing Mahines (FCCM'04), pp [6] Bin Liu, and Bevan M. Baas (2013) "Parallel AES Enryption Engines for Many-Core Proessor Arrays", IEEE Transations on Computers, Vol. 62, no. 3, pp [7] C.Ananth and K. Ramu (2008) "Fully pipelined implementations of AES with speeds exeeding 20 Gits/s with S-oxes implemented using logi only", Tehnial report Department of ECE, George Mason University. [8] Y.Mitsuyama, M. Kimura, T. Onoye, and I. Shirakawa, (2005) "Arhiteture of IEEE802.11i Cipher Algorithms for Emedded Systems", IEICE Transations on Fundamentals of Eletronis, Communiations and Computer Sienes, Vol. E88-A, no.4, pp [9] S.Arrag, A. Hamdoun, A. Tragha and S. Khamlih, (2012) "Design and Implementation A different Arhitetures of Mix_Column in FPGA", International Journal of VLSI Design and Communiation Systems, Vol. 3, Issue 4, p.11. [10 ]M.Anitha and S. Priya, (2014) "Design of Low Power Mixolumn in Advaned Enryption Standard Algorithm", International Journal of Sientifi and Engineering Researh (IJSER), Vol. 5, Issue 4, pp [11] P.Noo-intara, S. Chantarawong, and S. Choomhuay, (2004) "Arhitetures for MixColumn Transform for the AES", in Pro. of ICEP 2004, Phuket, Thailand, pp [12] Sair Mahmud, (2004) "A Study on Parallel Implementation of Advaned Enryption Standard (AES)", M.S. thesis, Computer Siene, Independent University, Bangladesh, May, [13] C.So-In, S. Poolsanguan, C. Poonrioon, K. Rujirakul, and C. Phudphut, (2013) "Performane Evaluation of Parallel AES Implementations over CUDAGPU Framework", International Journal of Digital Content Tehnology and its Appliations (JDCTA), Vol.7, no.5, pp [14] S.Tillih, and J. Großshädl, (2006) "Instrution Set Extensions for Effiient AES Implementation on 32-it Proessors, Cryptographi Hardware and Emedded Systems (CHES)", Leture Notes in Computer Siene, Vol.4249, pp [15] A.Elirt, (2007) "Fast and Effiient Implementation of AES Via Instrution Set Extensions", in Pro. of the 21st International Conferene on Advaned Information Networking and Appliations Workshops (AINAW'07), Niagara Falls, Ont., May, Vol.1, pp [16] S.Gueron, (2012) "Intel Advaned Enryption Standard (AES) Instrutions Set. Intel", White Paper, " [17] Brisk, A. Kaplan, and M. Sarrafzadeh (2003), "Parallel Analysis of the Rijndael Blok Cipher", in Pro. of the IASTED International Conferene of Parallel and Distriuted Computing and Systems, Marina del Rey, USA, 3-5 Nov. [18] Jung Ho Yoo, (2011) "Fast Software Implementation of AES-CCM on Multiproessors", Algorithms and Arhitetures for Parallel Proessing, Leture Notes in Computer Siene, Vol. 7017, pp [19] M.S. Arun, and V. Saminathan, (2014) "Parallel AES Enryption with Modified Mix-olumns For Many Core Proessor Arrays", International Journal of Engineering Siene and Innovative Tehnology (IJESIT), Vol. 3, Issue 3, pp [20] J.Hennessy and D. Patterson, (2003), Computer Arhiteture: a Quantitative Approah, Morgan Kaufmann Pulishers. AUTHORS Ghada F. ElKaany is an Assistant Professor at Eletronis Researh Institute, Cairo-Egypt. She reeived her B. S. degree, M. S. degree and Ph. D. degree in Eletronis and Communiations Engineering from Faulty of Engineering, Cairo University, Egypt in 1990, 1994 and 2007 respetively. Her researh interests inlude: High Performane Computing (HPC), omputer network seurity, rootis, and image proessing. 58

21 International Journal of Computer Siene & Information Tehnology (IJCSIT) Vol 6, No 6, Deemer 2014 Hea K. Aslan is a Professor at Eletronis Researh Institute, Cairo-Egypt. She reeived her B.S. degree, M.S. degree and Ph.D. degree in Eletronis and Communiations Engineering from the Faulty of Engineering, Cairo University, Egypt in 1990, 1994 and 1998 respetively. Aslan has supervised several masters and Ph.D. students in the field of omputer networks seurity. Her researh interests inlude: Key Distriution Protools, Authentiation Protools, Logial Analysis of Protools and Intrusion Detetion Systems. Mohamed N. Rasslan is an Assistant Professor at Eletronis Researh Institute, Cairo, Egypt. He reeived the B.S., M.S., degrees from Cairo University and Ain Shams University, Cairo, Egypt, in 1999 and 2006 respetively, and his Ph.D. from Conordia University, Canada His researh interests inlude: Cryptology, Digital Forensis, and Networks Seurity. 59