Personal tools

High-Throughput Authenticated Encryption Architectures based on Block Ciphers

From iis-projects

Jump to: navigation, search

Block diagram illustrating the OCB-Serpent architecture with four fully-unrolled Serpent cores.

Short Description

In order to fulfill today’s high-throughput requirements in secure environments with data rates beyond 100 Gbit/s, so-called authenticated encryption (AE) schemes based on block ciphers are used. These schemes provide both confidentiality and authenticity by interleaving the encryption and the authentication process.

So far, the Advanced Encryption Standard (AES) running in the Galois/Counter mode of operation (GCM-AES) represents a de-facto standard in the literature. In this project we investigate potential high-speed alternatives to GCM- AES by substituting AES with the Serpent block cipher and GCM with the Offset Codebook (OCB) mode of operation. The encryption part has been implemented us- ing four fully-unrolled, parallel cipher cores. Compared to GCM, OCB requires no universal hashing function, which is known to be one of the bottlenecks of GCM-AES regarding its throughput. Instead, it utilizes the block cipher to calculate the authentication tag.

The following four block cipher/mode of operation combinations have been mapped and compared on an Altera Stratix IV FPGA:

  • OCB-Serpent
  • GCM-Serpent

All combinations fulfilled the 100 Gbit/s requirement and OCB-Serpent turned out to be the fastest scheme reach- ing a throughput of 133 Gbit/s. In terms of logic block usage, the Serpent cores occupy significantly more re- sources since each Serpent core is based on 1024 four-bit S-boxes, whereas an AES core requires only 160 eight-bit S-boxes.

Status: Completed




  • M. Muehlberghuber, C. Keller, N. Felber, C. Pendl, "100 Gbit/s Authenticated Encryption Based on Quantum Key Distribution",

2012 IEEE/IFIP 20th International Conference on VLSI and System-on-Chip (VLSI-SoC), Santa Cruz, California, USA, 7-10 Oct 2012