- Encrypts and decrypts using the AES Rijndael Block Cipher Algorithm
- Satisfies Federal Information Processing Standard (FIPS) Publication 197 from the US National Institute of Standards and Technology (NIST)
- Processes 128-bit data in 32-bit blocks
- Employs user-programmable key size of 128, 192, or 256 bits
- Four architectural versions:
- AES-GCM-S is more compact:
32-bit data path size
Processes each 128-bit data block in 44/52/60 clock cycles for 128/192/256-bit cipher keys, respectively
- AES-GCM-F yields higher transmission rates: 128-bit data path
Processes each 128-bit block in 11/13/15 clock cycles for 128/192/256-bit cipher keys, respectively
- Higher throughput versions (AES-GCM-X or AES-GCM-X2) can process 128 bits/cycle or 256 bits/cycle and have a 128-bit datapath size
- Arbitrary IV length for fast version
- Works with a pre-expended key or can integrate the optional key expansion function
- Simple, fully synchronous, reusable design
- Available as fully functional and synthesizable VHDL or Verilog, or as a netlist for popular programmable devices
- Complete deliverables include test benches, C model and test vector generator
Call or click.
- AES Advanced Encryption Standard Core
- AES-P Programmable Advanced Encryption Standard Core
- AES-CCM Advanced Encryption Standard Core
- AES-XTS Advanced Encryption Standard Core
- KEXP Key Expander Core
AES Core Links
FIPS 197, Advanced Encryption Standard (AES): download PDF
AES test suite: The Advanced Encryption Standard Algorithm Validation Suite (AESAVS): download PDF
AES-GCM AES-GCM Authenticated Encrypt/Decrypt Core
The AES-GCM encryption IP core implements Rijndael encoding and decoding in compliance with the NIST Advanced Encryption Standard. It processes 128-bit blocks, and is programmable for 128-, 192-, and 256-bit key lengths.
Four architectural versions are available to suit system requirements. The Standard version (AES-GCM-S) is more compact, using a 32-bit datapath and requiring 44/52/60 clock cycles for each data block (128/192/256-bit cipher key, respectively). The Fast version (AES-GCM-F) achieves higher throughput using a 128-bit datapath and requiring 11/13/15 clock cycles for each data block depending on key size. For applications where throughput is critical there are two additional versions. The AES-GCM-X can process 128 bits/cycle and the AES-GCM-X2 can process 256 bits/cycle respectively independent of the key size.
GCM stands for Galois Counter. GCM is a generic authenticate-and-encrypt block cipher mode. A Galois Field (GF) multiplier/accumulator is utilized to generate an authentication tag while CTR (Counter) mode is used to encrypt.
The AES-GCM cores are fully synchronous design and have been evaluated in a variety of technologies, and is available optimized for ASICs or FPGAs.
This core can be mapped to any any Intel, Lattice, MicroSemi, or Xilinx programmable device, or to any ASIC technology, provided sufficient silicon resources are available. Please contact CAST Sales to get accurate characterization data for your specific implementation requirements. Meanwhile, we provide the following representative results (each in a new pop-up window):
The AES-GCM can be utilized for a variety of encryption applications including:
- Protected network routers
- Electronic financial transactions
- Secure wireless communications
- Secure video surveillance systems
- Encrypted data storage
The core as delivered is warranted against defects for ninety days from purchase. Thirty days of phone and email technical support are included, starting with the first interaction. Additional maintenance and support options are available.
The core has been verified through extensive synthesis, place and route and simulation runs. It has also been embedded in several products, and is proven in FPGA technologies.
This core implements encryption functions and as such it is subject to export control regulations. Export to your country may or may not require a special export license. Please contact CAST to determine what applies in your specific case.
The AES-GCM is available as a soft core (synthesizable HDL) for ASIC technologies and as a firm core (netlist) for FPGA technologies, and includes everything required for successful implementation. The ASIC version includes:
- HDL RTL source code
Sophisticated HDL Testbench (self checking)
C Model & test vector generator
Simulation script, vectors & expected results
Comparing AES Encryption/Decryption Cores
|AES* (-S or -F)||AES-P (-S or -F)||
AES-GCM or AES-CCM
(-S or -F)
|AES-GCM, AES-CCM or AES-XTS
(-X or -X2)
|Run time Programmable Encryption or Decryption operation||yes||yes||yes||yes|
|Run-time Programmagle Cipher-Key length||yes||yes||yes||yes|
|Run-time Programmable Block Cipher mode||no||yes||no||no|
|Number of bits/cycle for128/192/256 key||2.91/2.46/2.13 or
* only one encryption/deceryption mode supported by each release of the core