 Open Access
 Total Downloads : 363
 Authors : K.Surendra Babu, K.Rajasekhar
 Paper ID : IJERTV1IS6373
 Volume & Issue : Volume 01, Issue 06 (August 2012)
 Published (First Online): 30082012
 ISSN (Online) : 22780181
 Publisher Name : IJERT
 License: This work is licensed under a Creative Commons Attribution 4.0 International License
An Area Efficient High Speed Fault Detection Scheme for Advanced Encryption Standard Using Composite Fields
An Area Efficient High Speed Fault Detection Scheme for Advanced Encryption Standard Using Composite Fields
1K.Surendra Babu
K.Rajasek har 2
M.Tech,VLSI System Design, Asst. Professor,M.Tech,
Ak ula Sreeramulu Engineering College . Ak ula Sreeramulu Engineering College.
Abstract
In this paper, we present a lightweight concurrent fault detection scheme for the AES. The selection of appropriate fault detection scheme for the AES mak es it robust to internal defects and fault attack s. In the proposed approach, the composite field Sbox and inverse Sbox are divided into block s and the predicted parities of these block s are obtained. By using exhaustive searches We obt ained the optimum solutions for the least overhead paritybased fault detection structures. It suggests both the ASIC and FPGA implementations of the fault detection structures using the obtained optimum composite fields, have better hardware and time complexities compared to their counterparts.
Keywords: AES (Advanced Encryption Standard ), ASIC
(applicationspecific integrated circuit), FPGA (field programmable gatearray).

INTRODUCTION
In todays digital world, encryption is emerging as a disintegrable part of all communication networks and information processing systems, for protecting both stored and in transit data.
A. Drawback s of Software
There are other important drawbacks in software implementation of any encryption algorithm, including lack of CPU instructions operating on very large operands, word size mismatch on different operating systems and less parallelism in software. In addition, software implementation does not fulfill the required speed for time critical encryption applications. Thus, hardware implementation of encryption algorithms is an important alternative, since it provides ultimate secrecy of the encryption key, faster speed and more efficiency through higher levels of parallelism.

ENCRYPTION METHODS

Key Based Approach
Different versions of AES algorithm exist today (AES128, AES196, and AES256) depending on the size of the encryption key. In this project, a hardware model for implementing the AES128 algorithm was developed using the Verilog hardware description language. A unique feature of the design proposed in this project is that the round keys, which are consumed during different iterations of encryption, are generated in parallel with the encryption process.

Language
The hardware model was then completely verified using a testbench, which took advantage of the Verilog, is programming feature, by constructing random test objects and providing them to the model. Then , the verified model was synthesized using the Synopsis Design Compiler tool to get an estimate of the number of gates, area and timing of the hardware model. Finally, the performances of software and hardware implementations were compared.

Finite Fields
In this section, the preliminaries on nite elds (also known as Galois elds) used in the subsequent sections are presented. The detailed description of these elds can be found in a number of publications, see for example [18] and [19]. According to Lin and Costello in [19], the denition of a nite eld is as follows. Let F be a set of elements on which two binary operations of addition and multiplication, shown by + and Â· , respectively, are dened. Then, the set F and these operations construct a nite eld if the following conditions are satised:

The set F be commutative under addition. The identity element in addition is zero.

The nonzero elements of set F be commutative under multiplication. The identity element in multiplication is one.

Multiplication be distributive over addition, i.e., for a, b and c in set F we have a Â· (b + c) = a Â· b + a Â· c.

The number of elements in the eld be nite. In the AES,
the irreducible polynomial of P(x) = x^8 + x^4 + x^3 + x
+ 1 is used to construct GF(2^8). Each element in GF(2^8) is represented by a polynomial of degree 7, having 8 coecients in GF(2). Furthermore, all the eld operations are carried out using the above mentioned irreducible polynomial.


Cryptosystems and Public k ey cryptography
Cryptography is the process of encrypting the plain text into an incomprehensible cipher text by the process of Encryption and the conversion back to plain text by process of Decryption.
Most encryption algorithms are based on 2 general principles,

Substitution, in which each element in plain text is mapped to some other element to form the cipher text

Transposition, in which elements in plaintext are rearranged to form cipher text.


Number of k eys used
If both the sender and the receiver use a same key then such a s ystem is referred to as Symmetric, singlekey, secretkey or conventional encryption. If the sender and receiver use different keys, then such a system is called Asymmetric, Twokey, or publickey encryption.Processing of Plain text: A Block cipher process es the input one block at a time, producing an output block for each input block. A Stream cipher processes the input elements continuously producing output elements on the fly. Most of the cryptographic algorithms are either symmetric or asymmetric key algorithms.

Secret Key Cryptography
This type of cryptosystem uses the same key for both encryption and decryption. Some of the advantages of such a system are

Very fast relative to public key cryptography

Considered secure, as long as the key is strong Symmetric key cryptosystems have some disadvantages too. Exchange and administration of the key becomes complicated. Nonrepudiation is not possible. Some of the
examples of Symmetric key cryptosystems include DES, 3 DES, RC4, RC5 etc.


Public Key Cryptography
This type of cryptosystems uses different keys for encryption and decryption. Each user has a public key, which is known to all others, and a private key, which remains a secret. The private key and public key are mathematically linked. Encryption is performed with the public key and the decryption is performed with the private key. Public key cryptosystems are considered to be very secure and supports Nonrepudiation. No exchange of keys is required thus reducing key administration to a minimum. But it is much slower than Symmetric key algorithms and the cipher text tend to be much larger than plaintext. Some of the examples of public key cryptosystems include DiffieHellman, RSA and Elliptic Curve Cryptography.


AES ROUNDS AND TRANSFORMATIONS
Here we briey explain the four transformations of each round of the encryption. Each transformation in every round of encryption/decryption acts on its 128bit input which is considered as a four by four matrix, called state (shown in dotted rectangles in Figure 2.1), whose entries are eight bits. The transformations in each round of encryption except for the last round are as follows:

SubBytes: The rst transformation in each round is the bytes substitution,called SubBytes, which is implemented by
16 Sboxes. These Sboxes are nonlinear transformations
which substitute the 128bit input state with a 128bit output state. In the Sbox, each byte of the state (Ii in Figure 2.1) is substi10 tuted by a new byt (Bi in Figure 2.1). Sbox will be explained in detail in the next section.

ShiftRows: ShiftRows is the second transformation in which the four bytes of the rows of the input state are cyclically shifted to the left and the rst row is left unchanged as shown in the leftmost part of Figure 2.1. The number of left shifts for each row is equal to the number of that row. Let us denote rows as rowi where, i, 0 i 3, is the row number. Then, for row0 no shift, for row1 one shift, for row2 two shifts and for row3 three shifts are required.

MixColumns: The third transformation is Mixcolumns in which each entry in the output state is constructed by the multiplication of a column in the input state with a xed polynomial over GF(2^8). The output state is obtained by multiplying the columns of the input state modulo x^4 + 1 with the xed polynomial of a(x) = (03)x^3+(01)x^2+(01)x+(02), where the coecients are
used in the AES rounds. Therefore, the implementations of these two transformations aects the implementation of the whole AES tremendously. Later in this chapter, the im11 plementation variations of the Sbox and inverse Sbox including the composite eld implementations are explained in detail.


SECURITY OF AES
Three possible approaches to attacking the AES algorithm are as follows:
Brute Force: This involves trying out all the possible private keys.
Mathematical attack s: There are several approaches, all equivalent in effect to factoring the product of 2 primes.
Timing attack s: These depend on the running time of the decryption algorithm.
Choosing large p and q values can prevent such attacks. Security of RSA thus lies in choosing the value n, which makes such attacks extremely difficult.

PROPOSED SYSTEM
In our proposed approach we introduce fault detection not only in Sbox and Inverse Sbox and also in all other five levels in order to find the most optimum solutions and we also analyzed all required parameters to proved that the proposed system is not only effective in fault detection and also give proper efficiency in speed, power and area through hardware implementation.
AES
Version
Key
Length
(Nk words)
Block Size (Nb words)
Number of
Rounds
(Nr rounds)
AES128
4
4
10
AES192
6
4
12
AES256
8
4
14
Table 1 AES Variations
The basic processing unit for the AES algorithm is a byte. As a result, the plaintext, cipher text and the cipher key are arranged and processed as arrays of bytes:
Block length = 128 bits, 0 <= n < 16 Key length = 128 bits, 0 <= n < 16 Key length = 192 bits, 0 <= n < 24 Key length = 256 bits, 0 <= n < 24
All byte values in the AES algorithm are presented as the concatenation of their individual bit values between braces in the order {b7, b6, b5, b4, b3, b2, b1, b0}. These bytes are interpreted as finite field elements using a polynomial representation:
inhexadecimal form. The matrix representation of Mixcolumns is shown in Figure 2.1. As seen in this gure,
the output state is constructed by multiplying the entries of
b x7
b x6
b x5
b x4
b x3
b2 x
b1 x
b0 x
7
i
b xi
i 0
7
6
5
4
3
the input state by a xed matrix whose entries are in the hexadecimal form.

AddRoundKey: The nal transformation is AddRoundKey which XORs the input state with the key of that round, i.e., ki, 0 i 10. The AES key expansion unit in Figure 2.1 takes the 128bit original key, k0, as input and produces a linear array of expanded keys, k1 to k10. Each key is added to the input by 128 twoinput XOR gates. Among the four transformations in the encryption and decryption of AES, only Sbox for encryption and inverse Sbox for decryption are nonlinear and complex operations. Furthermore, not on ly is the Sbox one of the four round transformations, but it is also used in the key expander unit which generates the keys
All the AES algorithm operations are performed on a two dimensional 4×4 array of bytes which is called the State, and any individual byte within the State is referred to as sr,c, where letter r represent the row and letter c denotes the column. At the beginning of the encryption process, the State is populated with the plaintext. Then the cipher performs a set of substitutions and permutations on the State. After the cipher operations are conducted on the State, the final value of the state is copied to the cipher text output as is
shown.
Input Bytes State Array Output Bytes
in0
in4
in8
in12
in1
in5
in9
in13
in2
in6
in10
in14
in3
in7
in11
in15
s0,0
s0,1
s0,2
s0,3
s1,0
s1,1
s1,2
s1,3
s2,0
s2,1
s2,2
s2,3
s3,0
s3,1
s3,2
s3,3
out0
out4
out8
out12
out1
out5
out9
out13
out2
out6
out10
out14
out3
out7
out11
out15
Figure 1 State Population and Results
At the beginning of the cipher, the input array is copied into the State according the following scheme:
s[r,c] = in [r + 4c]for 0 r 4 and 0 c 4 ,
and at the end of the cipher the State is copied into the output array as shown below:
' 0
b
b
b
1
0
0
0
1
1
1
1
b0
1
1
1
0
0
0
1
1
1
b1
1
1
1
1
0
0
0
1
1
b2
0
1
1
1
1
0
0
0
1
b3
0
1
1
1
1
1
0
0
0
b
0
0
1
1
1
1
1
0
0
b5
1
0
0
1
1
1
1
1
0
b6
1
0
0
0
1
1
1
1
1
b7
0
' 1 '
2
b
b
' 3 '
4 4
b
b
' 5
6
b
' 7
The Sbox table shown in Table 2 is constructed by performing the two transformations described earlier for all possible values of a byte, ranging from {00} to {ff}. For example the substitution value for {53} would be determined by the intersection of the row with index 5 and the column with index 3.
B. Shiftrows ( ) Transformation
The ShiftRows transformation cyclically shifts the
out[r+4c] = s[r,c] for 0 r
4 and 0 c 4
last three rows of the state by different offsets. The first row


CIPHER TRANSFORMATIONS
s0,0
s0,1
s0,2
s0,3
s1,0
s1,1
s1,2
s1,3
s2,0
s2,1
s2,2
s2,3
s3,0
s3,1
s3,2
s3,3
The AES cipher either operates on individual bytes of the State or an entire row/column. At the start of the cipher, the input is copied into the State as described in Section 2.2. Then, an initial Round Key addition is performed on the State. Round keys are derived from the cipher key using the Key Expansion routine. The key expansion routine generates a series of round keys for each
is left unchanged in this transformation. Each byte of the second row is shifted one position to the left. The third and fourth rows are shifted left by two and three positions, respectively. The ShiftRows transformation is illustrated in Figure 4.
ShiftRows
round of transformations that are performed on the State.
The transformations performed on the state are similar among all AES versions but the number of transformation rounds depends on the cipher key length.
A. Subbytes ( ) Transformation
Sbox
The SubBytes is a byte substitution operation performed on individual bytes of the State, as shown in Figure 3, using a substitution table called Sbox.
State Array
State Array
State Array
s0,0
s0,1
s0,2
s0,3
s1,0
s1,2
s1,3
s1,1
s2,0
s2,2
s2,3
s2,1
s3,0
s3,1
s3,2
s3,3
s
1,1
State Array
s
0,0
s
0,1
s
0,2
s
0,3
s
1,0
s
1,2
s
1,3
s
1,1
s
2,0
s
2,2
s
2,3
s
2,1
s
3,0
s
3,1
s
3,2
s
3,3
s0,0
s0,1
s0,2
s0,3
s1,1
s1,2
s1,3
s1,0
s2,2
s2,3
s2,0
s2,1
s3,3
s3,0
s3,1
s3,2
Figure 3 ShiftRows Transformation
C Mixcolumns ( ) Transformation
This transformation operates on the columns of the State, treating each columns as a four term polynomial the finite field GF(28). Each columns is multiplied modulo x4+1 with a fixed fourterm polynomial a(x) = {03}x3 + {01}x2 +
{01}x + {02} over the GF(28). The MixColumns transformation can be expressed as a matrix multiplication as shown below:
Figure 2 SubBytes Transformation
The invertible Sbox table is constructed by performing the following transformation on each byte of the State. [1]

Take the multiplicative inverse in the finite field GF(28) of the byte.

Apply the following transformation to the byte:
'
s
0,c
s
'
1,c
s
'
2,c
s
'
3,c
0,c
02
03
01
01
s
01
02
03
01
s
01
01
02
03
s
03
01
01
02
s0
0,c
0,c
,c
The MixColumns transformation replaces the four
b' b b

b b

bytes of the processed column with the following values:
i i (i 4) mod8
(i 5) mod8
(i 6) mod8
(i 7) mod8 i
'
0,c
({02}
s0,c )
({03}
s1,c )
s2,c
s3,c
s
The bi is the ith bit of the byte and ci is the ith bit of a constant byte with the value of {63}. The combination of the two transformations can be expressed in matrix form as shown below:
'
s
1,c
s
'
0,c
s0,c s0,c
({02}
s1,c
s1,c ) ({02}
({03}
s2,c )
s2,c ) ({03}
s3,c s3,c )
s
'
1,c
({03}
s0,c
s1,c )
s2,c
({02}
s3,c )


FAULT DETECTION IN THE AES
is:
For the AES algorithm the irreducible polynomial
For fault detection of the encryption or decryption in AES one may use redundant units [16], [44]. In [16]
m(x) = x8 + x 4 + x3 + x +1.[1]
s0,1
s0,1
The MixColumns transformation is illustrated in Figure 5. This transformation together with ShiftRows, provide substantial diffusion in the cipher meaning that the result of the cipher depends on the cipher inputs in a very complex way. In other words, in a cipher with a good diffusion, a single bit change in the plaintext will completely change the ciphertext in an unpredictable manner.
MixColumns
S0,1
s0,0
s0,2
s0,3
S1,1
s1,0
s1,2
s1,3
s2,0
S2,1
s2,2
s2,3
s3,0
s3,2
s3,3
S3,1
S0,1
s0,0
s0,2
s0,3
S1,1
s1,1
s1,3
s1,0
s2,2
S2,1
s2,0
s2,1
s3,3
s3,1
s3,2
S3,1
algorithmlevel, roundlevel and operationlevel concurrent error detection for the AES are used. In the algorithmlevel, comparing the plain text with the output of a decryption after an encryption is proposed. The roundlevel error detection uses similar ideas in the rounds, where, the output of a round in encrytion is applied to a round in decryption and is compared with the input. The operationlevel (or transformationlevel) error detection uses the inversion of a transformation in each round and compares the output with the input. Figure 2.5a shows the operation level concurrent error detection for Sbox and inverse Sbox presented in [16]. In this gure, the 8bit input I of the Sbox (8bit input B of the inverse Sbox) is compared with the output of two consecutive transformations, Sbox and inverse Sbox (inverse Sbox and Sbox) using an 8bit comparator to generate the error indication ag.WORKING OF PROJECT
A. Design Hierarchy
The proposed AES128 hardware model is a 3level hierarchical design as shown in Figure 8. The root module in the hierarchy is the AES128_cipher_top. This module implements the AES128 pseudo code displayed in Figure 2. It has two 128bit inputs for receiving the cipher key and the
s1,1
s2,1
s3,1
s1,2
s2,3
s3,0
State Array
State Array
plaintext. There is also a single bit input signal, Ld, which
Figure 4 MixColumns Transformation
D. Addroundk ey ( ) Transformation:
During the AddRoundKey transformation, the round key values are added to the State by means of a simple Exclusive Or (XOR) operation. Each round key consists of Nb words that are generated from the KeyExpansion routine. The round key values are added to the columns of the state in the following way:
is used to indicate the availability of a new set of plaintext or cipher key on the input ports. The completion of the encryption process is indicated by asserting the done single bit output.
s
'
0,c
'
, s
1,c
'
, s
2,c
'
, s
3,c
s0,c
, s1,c
, s2,c
, s3,c
wround*Nb c
ciphertext
128 b
plaintext
128 b
cipherkey
128 b
AES128_Cipher_Top
for 0 c Nb
AES128_Key_Expand
In the equation above, the round value is
between 0
round
Nr . When round=0, the cipher key
done
ld rst clk
AES128_Rcon
itself is used as the round key and it corresponds to the initial AddRoundKey transformation displayed in the pseudo code in Figure 2.
s0,1
s0,1
The AddRoundKey transformation is illustrated in Figure 5.
s1,1
s2,1
s3,1
s1,2
s2,3
s3,0
= round * Nb
S0,1
s0,0
s0,2
s0,3
s1,1
S1,1
s1,3
s1,0
s2,2
S2,1
s2,0
s2,1
s3,3
s3,1
s3,2
S3,1
AddRoundKey
l
S3,1
s0,0 s0,2 s0,3
s1,0S1,1 s1,2 s1,3
Wl+c
s2,0S2,1 s2,2 s2,3
s3,0S3,1 s3,2 s3,3
State Array Round Keys State Array
Figure 5 AddRoundKey Transformation
Figure 6 Design Hierarchy
A unique feature of the proposed design is that the AES128_Key_Expand module is pipelined with the AES128_cipher_top module. While the AES128_cipher_top module is performing an iteration of the encryption transformations on the State using the previously generated round keys, the AES128_Key_Expand produces the next rounds set of keys to be used by the root module in the next encryption iteration.

AES128 Encryption Process
The AES128_cipher_top module state diagram is shown in Figure 9. There are ten rounds of transformations represented by r1 to r10 states. The four cipher
transformations introduced in section 2.3 are applied to each state. The r0 state corresponds to the initial AddRoundKey transformation in Figure 2.
ld
rst clk
cipherkey
128 b
After leaving the Reset state, the AES128_Cipher_Top module waits for assertion of the Ld signal, which indicates that a valid set of plaintext and cipher key is available on the input ports. After reaching the r0 state, there is a transition on every clock cycle for the next ten cycles, as ten rounds of encryption is applied to the State.
After going through ten rounds of transformations, the done signal is asserted to indicate the completion of cipher and availability of the ciphertext on the corresponding output port.
Vol. 1 Issue 6, August – 2012
32 b
w0
32 b
w1
32 b
w2
32 b w3
clk
r2
clk
clk
clk
!rst
Ld
r0
r4
clk
Reset rst Wait for
!Ld
r5
clk
clk
r10
r6
States
————— R0 R9
Outputs
————–
done=0 ciphertext= z
clk
r9
r7
clk
R10
done=1 ciphertext= <valid>
clk
r8
clk
Ld
Figure 7 AES128_Cipher_Top Module State Diagram

AES128 Round Key Generation
The round keys used by the AES128_Cipher_Top module are generated based on the state diagram shown in Figure 10. The AES128_Key_Expand and the AES128_RCon modules are responsible for generating the round keys. These two modules operate based on the state diagram shown in Figure 10, which is slightly different than the one used for the encryption process.
Figure 9 AES128_Key_Expand Module
ld
32 b rcon
rst clk
r3
r1
AES128_Key_Expand
There is a 32bit round constant value, which is used by the key expansion algorithm to generate the round keys. This value varies for each encryption round and for Nr=1 to Nr=10 is given by [{02}i1,{00},{00},{00}]. The AES128_RCcon module is used to generate this value as shown in Figure 13. The AES128_RCon module also operates based on the state diagram shown in Figure 10.
!rst
rst
Reset
Ld
r0
clk
r1
!Ld
AES128_RCon
clk clk
r2
r3
clk
r4
clk
r5
D.Sbox
Figure 10 AES128_Rcon Module
The structure of the Sbox is divided into 5 blocks
r10 r6
clk
as shown in Figure 3.3a and the parity of each block is predicted as a function of inputs to that block. The
clk
States Outputs Â·
————— ———————————
R0 R10 w0 = roundkey(Round*i)
w1 = roundkey(Round*i+1) w2 = roundkey(Round*i+2) w3 = roundkey(Round*i+3)
r9
r8
clk
r7
clk
clk
formulations for the predicted parities as functions of inputs
are obtained in this section. Since there exist three nite eld multipliers using GF(((2^2)^2)^2)2.
Figure 8 AES128_Key_Expand Module State Diagram
In the state diagram shown above, the Ld signal is checked in the r0 state and if asserted, then the cipher key is provided to the AES128_Cipher_Top module to be used for the initial AddRoundKey transformation.
The AES128_Key_Expand module generates four 32bit keys for each round of the encryption process, by using the cipher key. Figure 12 shows the block diagram of the AES128_Key_Expand module. The cipher key is passed to this module through a 128bit input port, and the round keys are generated on the four output ports.


IMPLEMENTATION OF ALGORITHM

Synthesis Methodology
The first step in the synthesis process is to read all te components in the design hierarchy. There are three components in the 3level design hierarchy that needs to be synthesized. Since the RTL model utilizes a Verilo g Pack age, then the synthesis tool needs to enable the semantics of a package. In addition, the synthesis tool needs to know if there are multiple instances of calling an automatic function in the design, to preserve separate values for each instance.
After reading the design files, they are Analyzed
and Elaborated through which the RTL code is converted into the Synopsys Design Compiler(SDC) internal format. [6] The intermediate results are stored in the defined work ing library.
After this step, a 40MHz clock signal is applied to the clock port of the root module, and the synthesis tool is programmed not to modify the clock tree during the optimization phase. In addition, an arbitrary input delay of 5ns with respect to the clock port is applied to all input and output ports (except the clock port itself) to set a safe margin by considering any unintended source of delay such as the delay associated with driving module/modules.
Then, the design is constrained with hypothetical maximum area equal to zero to force the tool to make the gate level netlist as compact as possible.
In the next steps, the tool is programmed to consider a unique design for each cell instance by removing the multiplyinstantiated hierarchy in the current design. Then , the synthesis script removes the boundaries from all the components in the design hierarchy and removes all levels of hierarchy. Finally, the tool compiles the design with high effort and reports any warning related the mapping and final optimization step. At the end, the tool generates reports for the optimized gate level netlist area, the worst combinational path timing, and any violated design constraint.

Synthesis Timing Result:
The synthesis tool optimizes the combinational paths in a design. In General, four types of combinational paths can exist in any design: [3]

Input port of the design under test to input of one internal flipflip

Output of an internal flipflip to input of another flipflip

Output of an internal flipflip to output port of the design under test

A combinational path connecting the input and output ports of the design under test
The last DC command in the script developed in
previous section, instructs the tool to report the path with the worst timing. In this case, the path with the worst timing is a combinational path of type two. The delay associated with this path is the summation of delays of all combinational gates in the path plus the Clock ToQ delay of the originating flipflop, which was calculated as 24.09ns. By considering the setup time of the destination flipflop in this path, which is 0.85ns, the 40MHz clock signal satisfies the worst combinational path delay. The delays of combinational gates, setup time of flipflops and Clock ToQ values are derived from the LSI_10k library file that was used for the mapping step during synthesis. The synthesis timing report is shown below:


Synthesis Area Result
The synthesis area report shows the total number of cells and nets in the netlist. It also uses the area parameter associated with each cell in the LSI_10K library file, to calculate the total combinational and sequential area of the netlist. The total area of the gate level netlist is unknown since it depends on total area of the interconnects, which itself is a function of the wiring load model used in physical design. The total cell area in the netlist is reported as 22978 units, which is the sum of combinational and sequential areas. The synthesis area report is shown below

Synthesis Constraint Violators
To enforce the synthesis tool to create the most compact netlist, the area of the gate level netlist was constrained to zero during the synthesis process. As a result, the only constraint violation, which is expected, is related to the area as shown bellow


RESULT AND DISCUSSION

Area Utilization Report
Figure 11. Simulated output.

Performance Report
Figure 12.Fmax. summary report of slow carner.

Performance Report
Figure 13.Fmax. summary report of fast carnera.

Synthesis Report
Figure 14. RTL Schematic report

Map viewer
Fig 15. Technology map viewer

Power Analyzes
Fig.16 Power dissipation report


CONCLUSION
In our project we perused the concept of Cryptography including the various schemes of system based on the kind of key and a few algorithms such as RSA and AES. We studied in detail the mathematical foundations for AES based systems, basically the concepts of rings, fields, groups, Galois finite fields and their properties. The various algorithms for the computation of the scalar product of a point were studied and their complexity were analyzed.
The advantage of this over the other Fault detection systems are proved by parameters .The key strength of this systems in comparison to other is fault detection is impleted
in all levels of algorithm implementation and this will increase reliability.
REFERENCES

M . Akkar and C. Giraud, An Implementation of DES and AES, Secure against Some Attacks, In Proc. of the Workshop on Cryptographic Hardware and Embedded Systems (CHES2001), Paris, France, pp. 315325, M ay 2001.

R. Anderson, E. Biham, and L. Knudsen, Serpent: A Proposal for the Advanced Encryption Standard, AES algorithm submission, June 1998.

G. Bertoni, L. Breveglieri, I. Koren, P. M aistri, and V. Piuri, Error Analysis and Detection Procedures for a Hardware Implementation of the Advanced Encryption Standard, IEEE Trans. on Computers, vol. 52, no. 4, pp. 492505, April 2003.

G. Bertoni, L. Breveglieri, I. Koren, and P. M aistri, An ecient hardwarebased fault diagnosis scheme for AES: performances and cost, In Proc. of the IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems (DFT2004), Cannes, France, pp. 130138, Oct. 2004.

D. Boneh, R. A. DeM illo, and R. J. Lipton, On the Importance of Eliminating Errors in Cryptographic Computations, Journal of Cryptology, vol. 14, no. 2, pp. 101119, 2001.

L. Breveglieri, I. Koren, and P. M aistri, Incorporating Error Detection and Online Reconguration into a Regular Architecture for the Advanced Encryption Standard, In Proc. of the IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems (DFT2005), M onterey, CA, USA, pp. 7280, Oct. 2005.

D. Canright, A Very Compact Rijndael Sbox, Naval Postgraduate School Technical Report: NPSMA05001, M ay 2005.

G. C. Cardarilli, M . Ottavi, S. Pontarelli, M . Re, and A. Salsano, Fault localization, error correction, and graceful degradation in radix 2 signed digitbased adders, IEEE Trans. on Computers, vol. 55, no. 5, pp. 534540, M ay 2006.

G. C. Cardarilli, S. Pontarelli, M . Re, and A. Salsano, A self
checking Reed Solomon encoder: design and analysis, In Proc. of the IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems (DFT2005), M onterey, CA, USA, pp. 111119, Oct. 2005.

S. Fenn, M . Gossel, M . Benaissa, and D. Taylor, OnLine
Error Detection for BitSerial M ultipliers in GF(2^m ), Journal of Electronic Testing: Theory and Applications, vol. 13, no. 1, August 1998.

A. Hodjat and I. Verbauwhede, AreaThroughput TradeOs for Fully Pipelined30 to 70 Gbits/s AES Processors, IEEE Trans. on Computers, vol. 55, no. 4,pp. 366372, April 2006.

T. Ichikawa et al, Hardware Evaluation of the AES Finalists, In Proc. 3th AES Candidate Conference, New York, April 2000.