A Low-Area ASIC Implementation of AEGIS128—A fast Authenticated Encryption Algorithm


Due to the lack of proper dedicated authenticated encryption algorithms, the CAESAR cryptographic competition aims to find new such algorithms. The goal of authenticated encryption is to provide both confidentiality and authenticity within a single algorithm. This paper introduces the first application-specific integrated circuit of AEGIS128, which is one promising submission to the CAESAR competition. The dedicated hardware design is optimized towards yielding the smallest area for AEGIS128. Using a 013 μm low-leakage process from Faraday Technology, the design requires merely 13,558 gate equivalents or 0.06942mm² . Simulations of this design at a clock frequency of 100MHz result in 65 Mbps data throughput.

Austrian Workshop on Microelectronics
Robert Schilling
Robert Schilling
Security Architect

My research interests include the hardware-software codesign to protect software against fault attacks.