Comparison between three RTL implementations of the multiplicative inverse calculation of galois field elements based on a standard cells library

Abstract

Most problems found during implementation of Galois Field (GF) arithmetic in Very-Large-Scale-Integration (VLSI) circuits, are the area occupied by the blocks responsible for the product of two elements and by the calculation of the multiplicative inverse of an element. This last, is the main routine applied on the S-Box and Inv S-Box functions of the Advanced Encryption Standard (AES) Rijndael algorithm. Therefore, on a complete implementation of the AES algorithm in hardware, one may expect that approximate 50% of the circuit area is occupied only with those instances. As an example, a simple pipeline implementation of the Rijndael algorithm may require more than 160 instances of the S-Box blocks, only in the encrypter of a GF (28). Since the multiplicative inverse applied in S-Box or Inv S-Box can be implemented by different methods and they consume considerable space in a VLSI implementation, it is desired to determine the most appropriated solution for VLSI circuits. Therefore, in this work we implemented three different approaches for the calculation of the multiplicative inverse in a GF (28) and map them into digital blocks. The digital blocks were then transcribed into a hardware description language (HDL), converted to Register Transfer Level (RTL) and synthesized over the same standard cells library. A comparison between these implementations regarding the estimated circuit area, the number of clock cycles and the maximum operation frequency, for a GF (28) of the AES are here presented.