- Encrypts and decrypts using the AES Rijndael Block Cipher Algorithm
- Satisfies Federal Information Processing Standard (FIPS) Publication 197 from the US National Institute of Standards and Technology (NIST)
- Processes 128-bit data in 32-bit blocks
- Employs user-programmable key size of 128, 192, or 256 bits
- Four architectural versions:
- Standard is more compact:
32-bit data path size
Processes each 128-bit data block in 44/52/60 clock cycles for 128/192/256-bit cipher keys, respectively
- Fast yields higher transmission rates:
128-bit data path
Processes each 128-bit block in 11/13/15 clock cycles for 128/192/256-bit cipher keys, respectively
Higher throughput versions can process 128 bits/cycle or 256 bits/cycle
- Arbitrary IV length for fast version
- Works with a pre-expended key or can integrate the optional key expansion function
- Simple, fully synchronous, reusable design
- Available as fully functional and synthesizable VHDL or Verilog, or as a netlist for popular programmable devices
- Complete deliverables include test benches, C model and test vector generator
Call or click.
- AES Advanced Encryption Standard Core
- AES-P Programmable Advanced Encryption Standard Core
- AES-CCM AES CCM Advanced Encryption Standard Core
- KEXP Key Expander Core
AES Core Links
FIPS 197, Advanced Encryption Standard (AES): download PDF
AES test suite: The Advanced Encryption Standard Algorithm Validation Suite (AESAVS): download PDF
AES-GCM AES-GCM Authenticated Encrypt/Decrypt Core
The AES-GCM encryption IP core implements Rijndael encoding and decoding in compliance with the NIST Advanced Encryption Standard. It processes 128-bit blocks, and is programmable for 128-, 192-, and 256-bit key lengths.
Four architectural versions are available to suit system requirements. The Standard version (AES-S) is more compact, using a 32-bit datapath and requiring 44/52/60 clock cycles for each data block (128/192/256-bit cipher key, respectively). The Fast version (AES-F) achieves higher throughput, using a 128-bit datapath and requiring 11/13/15 clock cycles for each data block. The higher throughput (AES-X & AES-X2) versions can process 128 bits/cycle and 256 bits/cycle respectively.
GCM stands for Galois Counter. GCM is a generic authenticate-and-encrypt block cipher mode. A Galois Field (GF) multiplier/accumulator is utilized to generate an authentication tag while CTR (Counter) mode is used to encrypt.
The AES-GCM core is a fully synchronous design and has been evaluated in a variety of technologies, and is available optimized for ASICs or FPGAs.
AES-GCM reference designs have been evaluated in a variety of technologies. See representative implementation results (in a new pop-up window):
The AES-GCM can be utilized for a variety of encryption applications including:
- Protected network routers
- Electronic financial transactions
- Secure wireless communications
- Secure video surveillance systems
- Encrypted data storage
The core as delivered is warranted against defects for ninety days from purchase. Thirty days of phone and email technical support are included, starting with the first interaction. Additional maintenance and support options are available.
The core has been verified through extensive synthesis, place and route and simulation runs. It has also been embedded in several products, and is proven in FPGA technologies.
This core implements encryption functions and as such it is subject to export control regulations. Export to your country may or may not require a special export license. Please contact CAST to determine what applies in your specific case.
The AES-GCM is available as a soft core (synthesizable HDL) for ASIC technologies and as a firm core (netlist) for FPGA technologies, and includes everything required for successful implementation. The ASIC version includes:
- HDL RTL source code
Sophisticated HDL Testbench (self checking)
C Model & test vector generator
Simulation script, vectors & expected results
Comparing AES Encryption/Decryption Cores
|Run time Programmable Encryption or Decryption operation||yes||yes||yes||yes|
|Run-time Programmagle Cipher-Key length||yes||yes||yes||yes|
|Run-time Programmable Block Cipher mode||no||yes||no||no|
|Number of cycles per data block 128/192/256 key||44/52/60 or 11/13/15||44/52/60 or 11/13/15||44/52/60 or 11/13/15||44/52/60 or 11/13/15|
* only one encryption/deceryption mode supported by each release of the core