Encryption Primitives

Hardware crypto engines for SHA, AES, Ascon & other standards

These IP cores help you add fast, efficient hardware encryption engines to systems for a variety of applications. 

The Encryption Primitives family covers several popular security standards:

  • A hardware engine core for Ascon, the NIST-validated lightweight Encryption standard;
  • A set of NIST-validated Advanced Encryption Standard (AES) encryption and decryption cores with varying combinations of features, performance, and silicon size (see below);
  • several Secure Hashing Algorithm (SHA) crypto engine cores, including NIST-validated SHA-3 (Keccak) and SHA-256, plus SHA-384 and SHA-512; and
  • an MD5 Message Digest Algorithm Processor.

Smart design and easy integration features make each of these cores ready to add encryption functions to your particular system. For more comprehensive security of complete System on Chip designs, see the GEON SoC Security Platform.

These AES cores have been proven in multiple customer systems. They provide the most desired AES IP features, including:

  • Conformance to Federal Information Processing Standard (FIPS) Publication 197 from the US National Institute of Standards and Technology (NIST) 
  • Both Encryption and Decryption
  • Support for 128, 192 or 256-bit cipher keys, selectable during operation
  • Data I/O and internal processing done on 32-bit or 128-bit quantities depending on core version
  • External Key Expansion

The several versions of AES cores we provide offer a range of features and characteristics,

  • Single mode (smallest size)
    • Support CCM, CTR, ECB, CBC, CFB, GCM, OFB, XTS modes
    • Mode needs to be selected before delivery
    • Can be customized to support more than a single mode
  • Programmable mode
    • Supports ECB, CBC, CFB, OFB, CTR modes
    • Mode is programmable on-the-fly
  • Processing of each block varies by core version
    • Standard (-S) version in 44/52/60 clocks for 128/192/256-bit key
    • Fast (-F) version in 11/13/15 clocks for 128/192/256-bit key
    • High throughput (-X) version process 128 bits/cycle
    • Higher throughput (-X2) version process 256 bits/cycle 

The AES Key Expander is useful for applications that require the encryption key to change often. It provides on-the-fly key expansion, selectable for key lengths of 128, 192, or 256 bits. A 32-bit version and a faster 128-but version are available.

Customization of the AES cores to even better match your system requirements is available as an option.

  • The AES Engine and Key Expander can be modified to support a single key size, for smaller implementations; or
  • they can be modified to support only encryption (not decryption), for the smallest  implementations; or
  • a custom pipeline AES Engine can multiply encryption throughput.

Review the features and characteristics of the AES cores we offer with this comparison table. 

AES Cores Comparison Table PDF
Products in Family


Advanced Encryption Standard Engine

Programmable Advanced Encryption Standard Engine

AES-CCM Authenticated Encrypt/Decrypt Engine

AES-GCM Authenticated Encrypt/Decrypt Engine

AES-XTS Storage Encrypt/Decrypt Engine

ASCON Authenticated Encryption & Hashing Engine

AES Key Expander

SHA-3 Secure Hash Crypto Engine

256-bit SHA Secure Hash Crypto Engine

SHA-384 and SHA-512 Secure Hash Crypto Engine


Message Digest Algorithm Processor

Let's talk about your project and our IP solutions

Request Info