AES-XTS
AES-XTS Storage Encrypt/Decrypt Engine

The AES-XTS encryption IP core implements hardware encryption/decryption for sector-based storage data. It uses the AES block cipher, in compliance with the NIST Advanced Encryption Standard, as a subroutine. The core processes 128 bits per cycle, and is programmable for 128- and 256-bit key lengths.

Two architectural versions are available to suit system size and throughput requirements. The High Throughput XTS-X is more compact and can process 128 bits/cycle independent of the key size. The Higher Throughput XTS-X2 can process 256 bits/cycle independent of the key size. Both versions have a 128-bit data path.

The AES-XTS cores are fully synchronous designs and have been evaluated in a variety of technologies, and are available optimized for ASICs or FPGAs. 

An AES encryption operation transforms a 128-bit block into a block of the same size. The encryption key can be chosen among two different sizes: 128 or 256 bits. The key is expanded during cryptographic operations.  

The AES algorithm consists of a series of steps repeated a number of times (rounds). The number of rounds depends on the size of the key and the data block. The intermediate cipher result is known as state. Initially, the incoming data and the key are added together in the AddRoundKey module. The result is stored in the State Storage area. 

Number of rounds as a function of key size.
  KSIZE = 0 KSIZE = 1
Rounds 10 14

The state information is then retrieved and the ByteSub, Shiftrow, MixColumn and AddRoundKey functions are performed on it in the specified order. At the end of each round, the new state is stored in the State Storage area. These operations are repeated according to the number of rounds.  

The final round is anomalous as the MixColumn step is skipped. The cipher is output after the final round. XTS mode 

The XTS mode of AES has been specifically designed to encrypt fixed size data where a possible threat has access to the stored data. The size of the ciphertext is the same as the plaintext. 

Each data unit can be independently processed. 

The last two properties allow to transparently add encryption to a data storage system without changing the data layout of existing components. 

Key Expansion 

The AES algorithm requires an expanded key for encryption or decryption. The KEXP AES key expander core is included with the AES-XTS core. 

During encryption, the key expander can produce the expanded key on the fly while the AES core is consuming it. For decryption, though, the key must be pre-expanded and stored in an appropriate memory before being used by the AES core. This is because the core uses the expanded key backwards during decryption. 

The core has been verified through extensive synthesis, place and route and simulation runs. It has also been embedded in several products, and is proven in FPGA technologies. 

Support 

The core as delivered is warranted against defects for ninety days from purchase. Thirty days of phone and email technical support are included, starting with the first interaction. Additional maintenance and support options are available. 

Deliverables 

The core is available in ASIC (RTL) or FPGA (netlist) forms, and includes everything required for successful implementation. The ASIC version includes 

    HDL RTL source 

    Sophisticated HDL Testbench (self checking) 

    C Model & test vector generator 

    Simulation script, vectors & expected results 

    Synthesis script 

    User documentation   

The AES-XTS can be mapped to any ASIC technology or FPGA device (provided sufficient silicon resources are available). The following are sample ASIC pre-layout results reported from synthesis with a silicon vendor design kit under typical conditions, with all core I/Os assumed to be routed on-chip. The provided figures do not represent the higher speed or smaller area for the core. Please contact CAST to get characterization data for your target configuration and technology.

AES-XTS High Throughput (-X)  ASIC Implementation Results

ASIC Technology Number of eq. gates Fmax (MHz) Throughout (Gbps)
TSMC 7nm 343,969 800 102.40
TSMC 16nm 365,001 800 102.40
TSMC 28nm 386,750 800 102.40

AES-XTS Higher Throughput (-X2) ASIC Implementation Results

ASIC Technology Number of eq. gates Fmax (MHz) Throughout (Gbps)
TSMC 7nm 653,874 800 204.80
TSMC 16nm 695,237 800 204.80
TSMC 28nm 740,196 800 204.80

The AES-XTS can be mapped to any ASIC technology or FPGA device (provided sufficient silicon resources are available). The following are sample Intel results with all core I/Os assumed to be routed on-chip. The provided figures do not represent the higher speed or smaller area for the core. Please contact CAST to get characterization data for your target configuration and technology.

AES-XTS High Throughput (-X)  Intel Implementation Results

Family

ALMs

RAM bits

Freq. (MHz)

Throughout (Gbps)

Arria 10 GX (-1)
4,674
1,843,200
170
 21.76
Stratix V (-1)
4,831
1,843,200
210
 26.88

AES-XTS Higher Throughput (-X2) Intel Implementation Results

Family

ALMs

RAM bits

Freq. (MHz)

Throughout (Gbps)

Arria 10 GX (-1)
8,526
3,547,136
150
 38.40
Stratix V (-1)
8,921
3,547,136
180
  46.08

The AES-XTS can be mapped to any ASIC technology or FPGA device (provided sufficient silicon resources are available). The following are sample Xilinx results with all core I/Os assumed to be routed on-chip. The provided figures do not represent the higher speed or smaller area for the core. Please contact CAST to get characterization data for your target configuration and technology.

AES-XTS High Throughput (-X) Xilinx Implementation Results

Family

LUTs

BRAMs

Freq. (MHz)

Throughout (Gbps)

Virtex-7 (-3)
4,089
116
225
 28.8
Virtex UltraScale (-3)
4,054
116.5
300
38.4
Kintex UltraScale (-3)
4,065
116.5
325
41.6
Kintex UltraScale (-1)
4,242
116.5
200
25.6
Kintex UltraScale+ (-1)
4,180
116
250
32.0
Kintex UltraScale+ (-3)
4,052
116.5
325
 41.6

AES-XTS Higher Throughput (-X2) Xilinx Implementation Results

Family

LUTs

BRAMs

Freq. (MHz)

Throughout (Gbps)

Virtex-7 (-3)
6,941
224
200
 51.2
Virtex UltraScale (-3)
6,801
224.5
275
70.4
Kintex UltraScale (-3)
6,894
224.5
325
83.2
Kintex UltraScale (-1)
7,317
224
200
51.2
Kintex UltraScale+ (-1)
7,286
224.5
250
64.0
Kintex UltraScale+ (-3)
6,894
224.5
325
83.2

Related Content

This product is sourced from Technology Partner Ocean Logic.

Features List

  • Encrypts and decrypts using the AES Rijndael Block Cipher Algorithm
  • Implemented according to the IEEE P1619™/D16 standard
  • Capable of processing 128 bits/cycle
  • Employs user-programmable key size of 128 or 256 bits
  • Two architectural versions:
    • The AES-XTS-X version is smaller and can process 128 bits/cycle for all key sizes
    • The AES-XTS-X2 version can process 256 bits/cycle for all key sizes
  • Arbitrary IV length
  • Works with the integrated key expansion function
  • NIST Certified
  • Simple, fully synchronous, reusable design
  • Available as fully functional and synthesizable VHDL or Verilog, or as a netlist for popular programmable devices
  • Complete deliverables include test benches, C model and test vector generator

Resources

NIST: Approved Block Ciphers

FIPS 197, Advanced Encryption Standard (AES): download PDF

AES test suite: The Advanced Encryption Standard Algorithm Validation Suite (AESAVS): download PDF

Let's talk about your project and our IP solutions

Request Info

This core implements encryption functions and as such it is subject to export control regulations. Export to your country may or may not require a special export license. Please contact CAST to determine what applies in your specific case.