AES-XTS
AES-XTS Storage Encrypt/Decrypt Engine

The AES-XTS encryption IP core implements hardware encryption/decryption for sector-based storage data. It uses the AES block cipher, in compliance with the NIST Advanced Encryption Standard, as a subroutine. The core processes 128 bits per cycle, and is programmable for 128- and 256-bit key lengths.

Two architectural versions are available to suit system size and throughput requirements. The High Throughput XTS-X is more compact and can process 128 bits/cycle independent of the key size. The Higher Throughput XTS-X2 can process 256 bits/cycle independent of the key size. Both versions have a 128-bit data path.

XTS (XEX-based Tweaked Codebook Mode with Ciphertext Stealing) is a mode of AES that has been specifically designed to encrypt fixed-size data where a possible threat has access to the stored data.

The AES algorithm requires an expanded key for encryption or decryption. The KEXP AES key expander core is included with the AES-XTS core.

During encryption, the key expander can produce the ex-panded key on the fly while the AES core is consuming it. For decryption, though, the key must be pre-expanded and stored in an appropriate memory before being used by the AES core. This is because the core uses the expanded key backwards during decryption.

The AES-XTS can be utilized for a variety of encryption applications including full disk encryption (FDE), cloud storage encryption, network security and embedded systems to secure sensitive data such as in IoT devices or automotive systems.

The core has been verified through extensive synthesis, place and route and simulation runs. It has also been embedded in several products, and is proven in FPGA technologies. 

Support 

The core as delivered is warranted against defects for ninety days from purchase. Thirty days of phone and email technical support are included, starting with the first interaction. Additional maintenance and support options are available. 

Deliverables 

The core is available in ASIC (RTL) or FPGA (netlist) formats, and includes everything required for successful implementation. The ASIC version includes 

  •     HDL RTL source 
  •     Sophisticated HDL Testbench (self-checking) 
  •     C Model & test vector generator 
  •     Simulation script, vectors & expected results 
  •     Synthesis script 
  •     User documentation 

The AES-XTS can be mapped to any ASIC technology or FPGA device (provided sufficient silicon resources are available). The following are sample ASIC pre-layout results reported from synthesis with a silicon vendor design kit under typical conditions, with all core I/Os assumed to be routed on-chip. The provided figures do not represent the higher speed or smaller area for the core. Please contact CAST to get characterization data for your target configuration and technology.

AES-XTS High Throughput (-X)  ASIC Implementation Results

Technology Logic
Resources
Memory
Resources
Freq
(MHz)
Throughput
(Gbps)
TSMC 7nm 343,934 eq. gates - 1,250 160.0
TSMC 16nm 404,168 eq. gates - 1,200 153.6
TSMC 28nm HPC 459,156 eq. gates - 1,000 128.0

 

AES-XTS Higher Throughput (-X2) ASIC Implementation Results

Technology Logic
Resources
Memory
Resources
Freq
(MHz)
Throughput
(Gbps)
TSMC 7nm 808,095 eq. gates - 1,700 435.2
TSMC 16nm 934,843 eq. gates - 1,300 332.8
TSMC 28nm HPC 1,046,111 eq. gates - 1,100 281.6

The AES-XTS can be mapped to any AMD FPGA device (provided sufficient silicon resources are available). The following are sample Intel results with all core I/Os assumed to be routed on-chip.

AES-XTS High Throughput (-X) AMD Implementation Results

Technology Logic
Resources
Memory
Resources
Freq.
(MHz)
Throughput
(Gbps)
Kintex-7 (-3) 3,573 LUT 116 BRAM 225 28.8
Virtex-7 (-3) 3,587 LUT 116 BRAM 225 28.8
Kintex UltraScale (-3) 3,584 LUT 116 BRAM 300 35.4
Kintex UltraScale+ (-3) 3,620 LUT 116 BRAM 350 44.8
Versal (-2) 3,811 LUT 116 BRAM 300 38.4

 

AES-XTS Higher Throughput (-X2) AMD Implementation Results

Technology Logic
Resources
Memory
Resources
Freq.
(MHz)
Throughput
(Gbps)
Kintex-7 (-3) 6,002 LUT 224 BRAM 200 51.2
Virtex-7 (-3) 6,002 LUT 224 BRAM 175 44.8
Kintex UltraScale (-3) 6,110 LUT 224 BRAM 275 70.4
Kintex UltraScale+ (-3) 5,991 LUT 224 BRAM 300 76.8
Versal (-2) 6,141 LUT 224 BRAM 275 70.4

The provided figures do not represent the higher speed or smaller area for the core. Please contact CAST to get characterization data for your target configuration and technology.

The AES-XTS can be mapped to any Intel® FPGA device (provided sufficient silicon resources are available). The following are sample Intel results with all core I/Os assumed to be routed on-chip.

AES-XTS High Throughput (-X)  Intel Implementation Results

Technology Logic
Resources
Memory
Resources
Freq.
(MHz)
Throughput
(Gbps)
Arria 10 GX (-1) 4,674 ALM 228 RAMB 170 21.76
Stratix V (-1) 4,831 ALM 228 RAMB 210 26.88

 

AES-XTS Higher Throughput (-X2) Intel Implementation Results

Technology Logic
Resources
Memory
Resources
Freq.
(MHz)
Throughput
(Gbps)
Arria 10 GX (-1) 8,526 ALM 436 RAMB 150  38.40
Stratix V (-1) 8,921 ALM 436 RAMB 180 46.08

The provided figures do not represent the higher speed or smaller area for the core. Please contact CAST to get characterization data for your target configuration and technology.

Related Content

Features List

  • Encrypts and decrypts using the AES Rijndael Block Cipher Algorithm
  • Implemented according to the IEEE P1619™/D16 standard
  • NIST-Validated
  • Capable of processing 128 bits/cycle
  • Employs user-programmable key size of 128 or 256 bits
  • Two architectural versions:
    • The AES-XTS-X version is smaller and can process 128 bits/cycle for all key sizes
    • The AES-XTS-X2 version can process 256 bits/cycle for all key sizes
  • Arbitrary IV length
  • Easy integration & implementation
    • Works with the integrated key expansion function
    • Fully synchronous, uses only the rising clock-edge, single-clock domain, no false or multicycle timing paths, scan-ready, LINT-clean, reusable design
    • Simple input and output interface, optionally bridged to AMBA™ interfaces or integrated with a DMA engine
  • Available in VHDL or Verilog source code format, or as a targeted FPGA netlist

Resources

NIST: Approved Block Ciphers

FIPS 197, Advanced Encryption Standard (AES): download PDF

AES test suite: The Advanced Encryption Standard Algorithm Validation Suite (AESAVS): download PDF

Let's talk about your project and our IP solutions

Request Info

This core implements encryption functions and as such it is subject to export control regulations. Export to your country may or may not require a special export license. Please contact CAST to determine what applies in your specific case.