Optimized Implementation on FPGA - 2024.2 English - XD160

Vitis Libraries

Document ID
XD160
Release Date
2024-11-29
Version
2024.2 English

Like in AES encryption, separate key expansion away from decryption. You must call updateKey() before use a new cipher key to decrypt message.

Based on similar consideration in AES encryption implementation, you can also merge inverse SubBytes and Inverse MixColumns into one look-up table as long as operation flow is re-ordered appropriately. Therefore, adopt that Inverse MixColumns and AddRoundKey are exchanged with each other in one operation round. However, generated key at KeyExpansion stage must be followed by one extra Inverse MixColumns operation for correct decryption. It is helpful because of hardware overhead of matrix multiplication in GF(2^8) is reduced obviously. Furthermore, this addition operation is executed only once for most cases which plenty of blocks are decrypted with sharing the same cipher key. The optimized flow is shown below.

optimzied decryption flow

Since each round of process needs one round key in reverse order, and that indicates the dependency between KeyExpansion and decryption process, KeyExpansion is separated from the whole decryption loop.

In addition, to eliminate an unnecessary inverse SubBytes operation in the common loop-up table within decryption process, one same SubBytes process should be operated on round keys before they come into Inverse MixColumns step. For the last round in one block decryption, Inverse MixColumns are skipped.