Achronix uses CAST's AES Encryption IP Core to provide secure FPGAs.
Silicon IP Cores
AES-GCM
AES-GCM Authenticated Encrypt/Decrypt Engine
The AES-GCM encryption IP core implements Rijndael encoding and decoding in compliance with the NIST Advanced Encryption Standard. It processes 128-bit blocks, and is programmable for 128-, 192-, and 256-bit key lengths.
Four architectural versions are available to suit system requirements. The Standard version (AES-GCM-S) is more compact, using a 32-bit datapath and requiring 44/52/60 clock cycles for each data block (128/192/256-bit cipher key, respectively). The Fast version (AES-GCM-F) achieves higher throughput using a 128-bit datapath and requiring 11/13/15 clock cycles for each data block depending on key size.
For applications where throughput is critical there are two additional versions. The High Throughput AES-GCM-X can process 128 bits/cycle and the Higher Throughput AES-GCM-X2 can process 256 bits/cycle respectively independent of the key size.
GCM stands for Galois Counter. GCM is a generic authenticate-and-encrypt block cipher mode. A Galois Field (GF) multiplier/accumulator is utilized to generate an authentication tag while CTR (Counter) mode is used to encrypt.
The AES algorithm requires an expanded key for encryption or decryption. The KEXP AES key expander core is available as an AES-GCM core option for the standard and fast versions. It is included for the higher throughput versions.
During encryption, the key expander can produce the expanded key on the fly while the AES core is consuming it. For decryption, though, the key must be pre-expanded and stored in an appropriate memory before being used by the AES core. This is because the core uses the expanded key backwards during decryption. In some cases, a key expander is not required. This might be the case when the key does not need to be changed (and so it can be stored in its expanded form) or when the key does not change very often (and thus it can be expanded more slowly in software).
The AES-GCM can be utilized for a variety of encryption applications including protected network routers, electronic financial transactions, secure wireless communications, secure video surveillance systems, and encrypted data storage.
The core has been verified through extensive synthesis, place and route and simulation runs. It has also been embedded in several products, and is proven in FPGA technologies.
Support
The core as delivered is warranted against defects for ninety days from purchase. Thirty days of phone and email technical support are included, starting with the first interaction. Additional maintenance and support options are available.
Deliverables
The core is available in ASIC (RTL) or FPGA (netlist) formats, and includes everything required for successful implementation. The ASIC version includes
- HDL RTL source
- Sophisticated HDL Testbench (self-checking)
- C Model & test vector generator
- Simulation script, vectors & expected results
- Synthesis script
- User documentation
The AES-GCM can be mapped to any ASIC technology or FPGA device (provided sufficient silicon resources are available). The following are sample ASIC pre-layout results reported from synthesis with a silicon vendor design kit under typical conditions, with all core I/Os assumed to be routed on-chip. The provided figures do not represent the higher speed or smaller area for the core. Please contact CAST to get characterization data for your target configuration and technology.
AES-GCM Standard (-S)
| Technology | Logic Resources |
Memory Resources |
Freq. (MHz) |
Throughput (Gbps) |
|---|---|---|---|---|
| TSMC 7nm | 11,421 eq. gates | - | 1,000 | 2.91 |
| TSMC 16nm | 11,550 eq. gates | - | 800 | 2.33 |
| TSMC 28nm HPC | 11,378 eq. gates | - | 700 | 2.04 |
Throughput for a 128-bit key size
AES-GCM Fast (-F)
| Technology | Logic Resources |
Memory Resources |
Freq. (MHz) |
Throughput (Gbps) |
|---|---|---|---|---|
| TSMC 7nm | 27,631 eq. gates | - | 1,700 | 19.78 |
| TSMC 16nm | 30,000 eq. gates | - | 1,400 | 16.29 |
| TSMC 28nm HPC | 33,679 eq. gates | - | 1,200 | 13.96 |
Throughput for a 128-bit key size
AES-GCM High Throughput (-X)
| Technology | Logic Resources |
Memory Resources |
Freq. (MHz) |
Throughput (Gbps) |
|---|---|---|---|---|
| TSMC 7nm | 257,711 eq. gates | - | 1,700 | 217.6 |
| TSMC 16nm | 287,008 eq. gates | - | 1,500 | 192.0 |
| TSMC 28nm HPC | 330,414 eq. gates | - | 1,300 | 166.4 |
AES-GCM Higher Throughput (-X2)
| Technology | Logic Resources |
Memory Resources |
Freq. (MHz) |
Throughput (Gbps) |
|---|---|---|---|---|
| TSMC 7nm | 496,217 eq. gates | - | 1,700 | 435.2 |
| TSMC 16nm | 517,915 eq. gates | - | 1,300 | 332.8 |
| TSMC 28nm HPC | 631,607 eq. gates | - | 1,200 | 307.2 |
The provided figures do not represent the higher speed or smaller area for the core. Please contact CAST to get characterization data for your target configuration and technology.
The AES-GCM can be mapped to any AMD FPGA device (provided sufficient silicon resources are available). The following are sample results with all core I/Os assumed to be routed on-chip. The provided figures do not represent the higher speed or smaller area for the core. Please contact CAST to get characterization data for your target configuration and technology.
AES-GCM Standard (-S)
| Technology | Logic Resources |
Memory Resources |
Freq. (MHz) |
Throughput (Mbps) |
|---|---|---|---|---|
| Kintex-7 (-3) | 910 LUT | 2 BRAM | 300 | 873 |
| Virtex-7 (-3) | 907 LUT | 2 BRAM | 275 | 800 |
| Kintex UltraScale (-3) | 910 LUT | 2 BRAM | 425 | 1,236 |
| Kintex UltraScale+ (-3) | 904 LUT | 2 BRAM | 550 | 1,600 |
| Versal (-2) | 865 LUT | 2 BRAM | 450 | 1,309 |
Throughput for a 128-bit key size
AES-GCM Fast (-F)
| Technology | Logic Resources |
Memory Resources |
Freq. (MHz) |
Throughput (Mbps) |
|---|---|---|---|---|
| Kintex-7 (-3) | 1,846 LUT | 8 BRAM | 250 | 2,909 |
| Virtex-7 (-3) | 1,846 LUT | 8 BRAM | 250 | 2,909 |
| Kintex UltraScale (-3) | 1,808 LUT | 8 BRAM | 375 | 4,364 |
| Kintex UltraScale+ (-3) | 1,905 LUT | 8 BRAM | 475 | 5,527 |
| Versal (-2) | 1,638 LUT | 8 BRAM | 400 | 4,655 |
Throughput for a 128-bit key size
AES-GCM High Throughput (-X)
| Technology | Logic Resources |
Memory Resources |
Freq. (MHz) |
Throughput (Gbps) |
|---|---|---|---|---|
| Kintex-7 (-3) | 9,881 LUT | 108 BRAM | 250 | 32.0 |
| Virtex-7 (-3) | 9,942 LUT | 108 BRAM | 250 | 32.0 |
| Kintex UltraScale (-3) | 11,485 LUT | 108 BRAM | 325 | 41.6 |
| Kintex UltraScale+ (-3) | 9,409 LUT | 108 BRAM | 350 | 44.8 |
| Versal (-2) | 11,618 LUT | 104 BRAM | 350 | 44.8 |
AES-GCM Higher Throughput (-X2)
| Technology | Logic Resources |
Memory Resources |
Freq. (MHz) |
Throughput (Gbps) |
|---|---|---|---|---|
| Kintex-7 (-3) | 23,897 LUT | 216 BRAM | 200 | 51.2 |
| Virtex-7 (-3) | 23,064 LUT | 216 BRAM | 200 | 51.2 |
| Kintex UltraScale (-3) | 24,949 LUT | 216 BRAM | 250 | 64.0 |
| Kintex UltraScale+ (-3) | 24,809 LUT | 216 BRAM | 300 | 76.8 |
| Versal (-2) | 21,088 LUT | 216 BRAM | 300 | 76.8 |
The provided figures do not represent the higher speed or smaller area for the core. Please contact CAST to get characterization data for your target configuration and technology.
The AES-GCM can be mapped to any Intel FPGA device (provided sufficient silicon resources are available). The following are sample Intel® results with all core I/Os assumed to be routed on-chip. The provided figures do not represent the higher speed or smaller area for the core. Please contact CAST to get characterization data for your target configuration and technology.
AES-GCM Standard (-S)
| Technology | Logic Resources |
Memory Resources |
Freq. (MHz) |
Throughput (Mbps) |
|---|---|---|---|---|
| Arria 10 GX (-1) | 702 ALMs | 4 RAMB | 300 | 873 |
| Cyclone 7 (-7) | 669 ALMs | 4 RAMB | 160 | 465 |
| Stratix V (-1) | 665 ALMs | 4 RAMB | 340 | 989 |
| MAX 10 (-7) | 1,317 LEs | 8 M9K | 130 | 378 |
Throughput for a 128-bit key size
AES-GCM Fast (-F)
| Technology | Logic Resources |
Memory Resources |
Freq. (MHz) |
Throughput (Mbps) |
|---|---|---|---|---|
| Arria 10 GX (-1) | 1,456 ALMs | 16 RAMB | 280 | 3,258 |
| Cyclone 10 GX (-5) | 1,484 ALMs | 16 RAMB | 200 | 2,327 |
| Stratix V (-1) | 1,482 ALMs | 16 RAMB | 320 | 3,607 |
| MAX 10 (-7) | 2,542 LEs | 32 M9K | 130 | 1,513 |
Throughput for a 128-bit key size
AES-GCM High Throughput (-X)
| Technology | Logic Resources |
Memory Resources |
Freq. (MHz) |
Throughput (Gbps) |
|---|---|---|---|---|
| Arria 10 GX (-1) | 9,543 ALMs | 216 RAMB | 200 | 25.6 |
| Cyclone 10 GX (-5) | 10,286 ALMs | 216 RAMB | 200 | 25.6 |
| Stratix V (-1) | 9,652 ALMs | 216 RAMB | 225 | 28.8 |
AES-GCM Higher Throughput (-X2)
| Technology | Logic Resources |
Memory Resources |
Freq. (MHz) |
Throughput (Gbps) |
|---|---|---|---|---|
| Agilex (-1) | 19,342 ALMs | 432 RAMB | 240 | 61.4 |
| Arria 10 GX (-1) | 18,607 ALMs | 432 RAMB | 100 | 25.6 |
| Stratix V (-1) | 17,935 ALMs | 432 RAMB | 200 | 51.2 |
Engineered by Ocean Logic.
Features List
- Encrypts and decrypts using the AES Rijndael Block Cipher Algorithm
- NIST Certified
- Implemented according to the National Institute of Standards and Technology (NIST) Special Publication 800-38D
- Processes 128-bit data in 32-bit blocks
- Employs user-programmable key size of 128, 192, or 256 bits
- Any size IV length
- Easy integration & implementation
- Works with a pre-expanded key or can integrate the optional key expansion function
- Fully synchronous, uses only the rising clock-edge, single-clock domain, no false or multicycle timing paths, scan-ready, LINT-clean, reusable design
- Simple input and output interface, optionally bridged to AMBA™ interfaces or integrated with a DMA engine.
- Available in VHDL or Verilog source code format, or as a targeted FPGA
Resources
FIPS 197, Advanced Encryption Standard (AES): download PDF
AES test suite: The Advanced Encryption Standard Algorithm Validation Suite (AESAVS): download PDF
This core implements encryption functions and as such it is subject to export control regulations. Export to your country may or may not require a special export license. Please contact CAST to determine what applies in your specific case.