|
AES IP-Cores for Encryption/Decryption and Key Expansion
|
These cores implement the AES (Advanced Encryption
Standard,
Rijndael) encryption standard, as described in the NIST (National
Institute of Standards and Technology) Federal Information
processing Standard (FIPS) Publication 197 document. The cores
cover both encryption/decryption functions and key expansion,
supporting any or all of the proposed key sizes (128/192/256-bit).
Our cores implement all the building blocks individually giving the
user the greatest possible flexibility. These cores are designed to
be simple to use and can be integrated into any AES design with
minimum effort.
Features
- Implements AES (Rijndael) to latest NIST FIPS PUB 197
- Full support for all AES key sizes (128, 192 and 256-bits)
- Separate cores for encryption, decryption and round key generation
- Simple external interface
- Code optimized for use in Xilinx FPGA technologies
- Data throughput up to 2 Gbps in Virtex-4 FPGAs
- Low cost
Deliverables
- Fully synthesizable RTL VHDL code and NGC netlists for Xilinx FPGAs
- VHDL simulation model and test bench with FIPS test vectors and
random tests
- User documentation
Available Cores
Prices
| Core type |
Full RTL VHDL code1 |
NGC netlists2 |
| Standard Encryption |
$9,000 |
$3,600 |
| Standard Decryption |
$9,000 |
$3,600 |
| Standard Encryption/Decryption |
$13,500 |
$5,400 |
| Standard Key Expander |
$6,000 |
$2,400 |
Notes:
- One-time fee, standard multi-reuse terms according to SignOnce license
agreement. All prices in US dollars.
- Price applies to one particular FPGA type. NGC netlists for additional
FPGA types available for a reduced fee, depending on the particular license
agreement.
Data Sheet
Standard Encryption Core AES_ENC
Function Description
This entity is an AES encryption component that uses an external key
expander. The component processes each round in a single clock
cycle. Plain text input, round key schedule input and cipher text
output ports are 128 bits wide.
When the start signal is asserted, input data is loaded and a new
encryption operation is started. After a latency of 11, 13 or 15
master clock cycles (depending on the key size of 128, 192 or 256
bits) the ready signal is asserted and the cipher text output is
valid. The round key index cycles through all needed values and is
valid one clock cycle before the round key schedule data is
required. This allows the use of external synchronous RAM to store the
round key schedules. A new encryption operation can be started
whenever the round key index is zero. One clock cycle later the output
of a previous operation becomes available.
Block Diagram
Timing Diagram
Implementation Statistics
| FPGA Family | Example Device | Fmax (MHz)1
| Data Throughput (Mbps)2 | Slices | BRAM |
| Spartan-3™ | XC3S1000-4 | 100 | 1163 | 280 | 8 |
| Virtex-2™ | XC2V500-4 | 118 | 1373 | 335 | 8 |
| Virtex-2 Pro™ | XC2VP7-5 | 154 | 1792 | 302 | 8 |
| Virtex-4™ | XC4VLX25-11 | 174 | 2025 | 289 | 8 |
Notes:
- Fmax is quoted assuming all core inputs are sourced from registers and all core outputs drive registers. This has been done by
putting a wrapper around the core to best represent real applications. The keep hierarchy flag has been set in the synthesis
tool.
- Quoted values are calculated for 128-bit keys. The maximum data throughput in ECB mode is as follows:
Max Throughput (Mbps) = (128 / (Nr+1)) x Master Clock Frequency (MHz) where Nr=10, 12, 14 for 128/192/256-bit keys.
Standard Decryption Core AES_DEC
Function Description
This entity is an AES
decryption component that uses an external key expander. The component
processes each round in a single clock cycle. Cipher text input, round
key schedule input and plain text output ports are 128 bits wide.
When the start signal is asserted, input data is loaded and a new
decryption operation is started. After a latency of 11, 13 or 15
master clock cycles (depending on the key size of 128, 192 or 256
bits) the ready signal is asserted and the plain text output is
valid. The round key index cycles through all needed values and is
valid one clock cycle before the round key schedule data is
required. This allows the use of external synchronous RAM to store the
round key schedules. A new decryption operation can be started
whenever the round key index is zero. One clock cycle later the output
of a previous operation becomes available.
Block Diagram
Timing Diagram
Implementation Statistics
| FPGA Family | Example Device | Fmax (MHz)1
| Data Throughput (Mbps)2 | Slices | BRAM |
| Spartan-3™ | XC3S1000-4 | 80 | 931 | 469 | 8 |
| Virtex-2™ | XC2V500-4 | 95 | 1105 | 467 | 8 |
| Virtex-2 Pro™ | XC2VP7-5 | 126 | 1466 | 464 | 8 |
| Virtex-4™ | XC4VLX25-11 | 174 | 2025 | 461 | 8 |
Notes:
- Fmax is quoted assuming all core inputs are sourced from registers and all core outputs drive registers. This has been done by
putting a wrapper around the core to best represent real applications. The keep hierarchy flag has been set in the synthesis
tool.
- Quoted values are calculated for 128-bit keys. The maximum data throughput in ECB mode is as follows:
Max Throughput (Mbps) = (128 / (Nr+1)) x Master Clock Frequency (MHz) where Nr=10, 12, 14 for 128/192/256-bit keys.
Standard Encryption/Decryption Core AES_ENC_DEC
Function Description
This entity is a combined encryption/decryption component
with external key expander. The component processes each round in a
single clock cycle. Plain/cipher text input, round key schedule input
and cipher/plain text output ports are 128 bits wide.
When the start signal is asserted, input data is loaded and a new
operation is started. Depending on the state of a select signal the
operation is either encryption or decryption. After a latency of 11,
13 or 15 master clock cycles (depending on the key size of 128, 192 or
256 bits) the ready signal is asserted and the plain text output is
valid. The round key index cycles through all needed values and is
valid one clock cycle before the round key schedule data is
required. This allows the use of external synchronous RAM to store the
round key schedules. A new operation can be started whenever the
round key index is zero. One clock cycle later the output of a
previous operation becomes available.
Block Diagram
Timing Diagram
Implementation Statistics
| FPGA Family | Example Device | Fmax (MHz)1
| Data Throughput (Mbps)2 | Slices | BRAM |
| Spartan-3™ | XC3S1000-4 | 75 | 873 | 593 | 8 |
| Virtex-2™ | XC2V500-4 | 91 | 1059 | 594 | 8 |
| Virtex-2 Pro™ | XC2VP7-5 | 115 | 1338 | 582 | 8 |
| Virtex-4™ | XC4VLX25-11 | 157 | 1827 | 681 | 8 |
Notes:
- Fmax is quoted assuming all core inputs are sourced from registers and all core outputs drive registers. This has been done by
putting a wrapper around the core to best represent real applications. The keep hierarchy flag has been set in the synthesis
tool.
- Quoted values are calculated for 128-bit keys. The maximum data throughput in ECB mode is as follows:
Max Throughput (Mbps) = (128 / (Nr+1)) x Master Clock Frequency (MHz) where Nr=10, 12, 14 for 128/192/256-bit keys.
Standard Key Expander Core KEY_EXPANDER_WITH_STORAGE
Function Description
This entity implements a key
expander for 128/192/256-bit AES keys. The key is entered as a series
of 32-bit words. All round keys are stored in internal dual port RAM
which can be accessed directly from the encryption and decryption
entities.
When the start signal is asserted, the first 32-bit key word part is
loaded and a new expansion operation is started. The remaining key
word parts are loaded in the following cycles until the whole key is
loaded. A new operation can be started whenever the busy output is
inactive (low).
Block Diagram
Timing Diagram
Implementation Statistics
| FPGA Family | Example Device | Fmax (MHz)1
| Clock Cycles for Key Expansion2 | Slices | BRAM |
| Spartan-3™ | XC3S1000-4 | 102 | 44/52/60 | 244 | 2 |
| Virtex-2™ | XC2V500-4 | 118 | 44/52/60 | 240 | 2 |
| Virtex-2 Pro™ | XC2VP7-5 | 161 | 44/52/60 | 225 | 2 |
| Virtex-4™ | XC4VLX25-11 | 187 | 44/52/60 | 247 | 2 |
Notes:
- Fmax is quoted assuming all core inputs are sourced from registers and all core outputs drive registers. This has been done by
putting a wrapper around the core to best represent real applications. The keep hierarchy flag has been set in the synthesis
tool.
- The number of clock cycles required for a complete key expansion depends on the key size and is N = 4*(Nr+1), where
Nr=10, 12, 14 for 128/192/256-bit keys.
|
173 KB