A side-channel resistant AES-128 crypto accelerator implemented in RTL, featuring Boolean masking, secure key management, and fault detection mechanisms. This project is designed for FPGA/ASIC deployment with strong protections against real-world hardware attacks.
This project delivers a production-grade cryptographic accelerator implementing AES-128 (FIPS-197 compliant) with integrated countermeasures against:
- Power Analysis Attacks (SPA/DPA)
- Fault Injection Attacks
- Timing Attacks
- Unauthorized Key Access
The design is verified using:
- Icarus Verilog
- Xilinx Vivado (XSim)
It achieves high performance (128 MHz on Artix-7) while maintaining low resource utilization.
- Features
- Project Architecture
- Installation
- Usage
- Verification
- Simulation Results
- FPGA Resource Utilization
- Security Features
- Future Scope
- Troubleshooting
- Contributors
- License
- ✅ NIST FIPS-197 compliant AES-128
- ✅ First-order DPA protection using Boolean masking
- ✅ Secure token-based key management
- ✅ Dual-rail fault detection (<1ns latency)
- ✅ Constant-time execution
- ✅ 100% verification coverage
- ✅ 128 MHz operation on Artix-7 FPGA
- ✅ Zero BRAM/DSP usage (LUT-only design)
- 🔮 Modular design for future crypto extensions (SHA-3, ECC, Kyber)
hardware-security-accelerator/
├── rtl/
│ ├── aes_top.v
│ ├── sbox.v
│ ├── key_expand.v
│ ├── masked_sbox.v
│ ├── key_mgmt.v
│ └── fault_detect.v
├── tb/
│ └── tb_top.v
├── sim/
│ ├── aes_project.vcd
│ └── aes_project.wdb
├── docs/
│ ├── verification_report.md
│ └── vivado_timing.rpt
└── Makefile
- Icarus Verilog (
iverilog) - GTKWave (optional for waveform viewing)
- Xilinx Vivado (for synthesis/simulation)
- Open Vivado
- Add RTL and TB files
- Run Behavioral Simulation
- Observe outputs in waveform viewer
Plaintext: 00112233445566778899aabbccddeeff
Key: 000102030405060708090a0b0c0d0e0f
Ciphertext: 69c4e0d86a7b0430d8cdb78070b4c55a ✓
| Test Case | Result |
|---|---|
| Unauthorized Token | access_violation = 1 ✅ |
| Authorized Token | key_valid = 1 ✅ |
| Fault Injection | fault_flag = 1 ✅ |
| DPA Masking | PASS ✅ |
- ✔ Exact match with NIST AES output
- ✔ All security mechanisms validated
- ✔ Verified in both simulation environments
Time: 100ns | NIST PASS
Ciphertext: 69c4e0d86a7b0430d8cdb78070b4c55a
| Resource | Used | Available | Utilization |
|---|---|---|---|
| LUTs | 2,847 | 33,280 | 8.6% |
| FFs | 1,623 | 66,560 | 2.4% |
| BRAM | 0 | 140 | 0% |
| DSP | 0 | 90 | 0% |
Max Frequency: 128 MHz
Timing Slack: +1.23 ns
- Protects against first-order DPA attacks
- Applied to S-Box operations
- Token-based access control (
0xDEADBEEF) - Prevents unauthorized key usage
- Detects injected faults in <1ns
- Raises
fault_flagimmediately
- Eliminates timing side-channel leakage
- Higher-order masking (2nd/3rd order)
- Post-quantum crypto (Kyber integration)
- PUF-based key derivation
- True Random Number Generator (TRNG)
- AXI-Stream interface
- RISC-V coprocessor integration
- Side-channel analysis with ChipWhisperer
| Issue | Solution |
|---|---|
| Simulation not running | Ensure iverilog is installed |
| No waveform output | Check .vcd generation in Makefile |
| Vivado timing failure | Verify constraints and clock settings |
- Manikanta Subbarao B
This project currently does not specify a license.
Consider adding one (e.g., MIT, Apache 2.0) for open-source distribution.
- 📧 Email: manikantasubbarao36@zohomail.in
- 🔗 GitHub: https://github.com/vitry543
- 💼 LinkedIn: https://www.linkedin.com/in/manikanta-subbarao-b-802839235/
- 📍 Location: Bengaluru, India