The KEXP IP core performs AES key expansion, and is an option for the AES, AES-P, AES-CCM and AES-GCM cores. It processes 128-bit blocks, and is programmable for 128-, 192-, and 256-bit key lengths.

Two architectural versions are available to suit system requirements. The Standard version (KEXP-P) is more compact and is used with AES cores using a 32-bit datapath. The Fast version (KEXP-F) achieves higher throughput in conjunction with AES cores using a 128-bit datapath.

The KEXP core is a fully synchronous design and has been evaluated in a variety of technologies, and is available optimized for ASICs or FPGAs.

Applications

The KEXP can be utilized for a variety of encryption applications including:

- Protected network routers
- Electronic financial transactions
- Secure wireless communications
- Secure video surveillance systems
- Encrypted data storage

Symbol Diagram

![Symbol Diagram](image)

Functional Description

The KEXP is a highly integrated implementation of the AES key expansion. The input key is expanded and it can be used during encryption on the fly, without the need to store the whole key in a buffer.

During decryption, the expanded key needs to be fed backwards. This core can perform backward expansion on the fly without the need for an additional buffer.

Rising the input on the GO port triggers the beginning of the expansion of the KEY input.

The key size selection can be selected by the KSIZE input. Valid values for KSIZE are "00", "01" and "10" selecting 128,
192 or 256 bits respectively. The KSIZE inputs must not be changed while the data is processed.

The core then raises the KEY_REQ signal requesting the key. It then starts to expand the key according to the AES algorithm.

During the expansion process, the expanded key data is available at the output KEY.

The expanded data is output in the correct order for use with AES cores during encryption.

At the end of the expansion operation, the signal KEY_LAST is raised. The core is immediately ready for another expansion operation and, in fact, the KEY_REQ signal is raised immediately after that.

**Backward Key Expansion**

During decryption, the expanded key must be fed to an AES core backwards. Backwards expansion works similarly to forward expansion and it is activated by raising the E_D input.

### Implementation Results

The KEXP can be mapped to any Intel FPGA device (provided sufficient silicon resources are available). The following are sample Intel results with all core I/Os assumed to be routed on-chip.

#### KEXP Standard Version Intel Results

<table>
<thead>
<tr>
<th>Family</th>
<th>Logic</th>
<th>RAM bits</th>
<th>Freq. (MHz)</th>
</tr>
</thead>
<tbody>
<tr>
<td>Arria 10 GX (-2)</td>
<td>456 ALMs</td>
<td>0</td>
<td>100</td>
</tr>
<tr>
<td>Stratix V (-1)</td>
<td>426 ALMs</td>
<td>0</td>
<td>150</td>
</tr>
<tr>
<td>MAX 10 (-7)</td>
<td>851 LEs</td>
<td>0</td>
<td>100</td>
</tr>
</tbody>
</table>

#### KEXP Fast Version Intel Results

<table>
<thead>
<tr>
<th>Family</th>
<th>Logic</th>
<th>RAM bits</th>
<th>Freq. (MHz)</th>
</tr>
</thead>
<tbody>
<tr>
<td>Arria 10 GX (-2)</td>
<td>780 ALMs</td>
<td>4,096</td>
<td>80</td>
</tr>
<tr>
<td>Arria 10 GX (-2)</td>
<td>827 ALMs</td>
<td>0</td>
<td>80</td>
</tr>
<tr>
<td>Stratix V (-1)</td>
<td>754 ALMs</td>
<td>4,096</td>
<td>100</td>
</tr>
<tr>
<td>Stratix V (-1)</td>
<td>825 ALMs</td>
<td>0</td>
<td>100</td>
</tr>
<tr>
<td>MAX 10 (-7)</td>
<td>800 LEs</td>
<td>4,096</td>
<td>50</td>
</tr>
<tr>
<td>MAX 10 (-7)</td>
<td>1,636 LEs</td>
<td>0</td>
<td>50</td>
</tr>
</tbody>
</table>

The provided figures do not represent the higher speed or smaller area for the core. Please contact CAST to get characterization data for your target configuration and technology.

### Export Permits

This core implements encryption functions and as such it is subject to export control regulations. Export to your country may or may not require a special export license. Please contact CAST to determine what applies in your specific case.

### Support

The core as delivered is warranted against defects for ninety days from purchase. Thirty days of phone and email technical support are included, starting with the first interaction. Additional maintenance and support options are available.

### Verification

The core has been verified through extensive synthesis, place and route and simulation runs. It has also been embedded in several products, and is proven in FPGA technologies.

### Deliverables

The core is available in ASIC (RTL) or FPGA (netlist) formats, and includes everything required for successful implementation. The Intel version includes

- Targeted FPGA netlist
- Sophisticated HDL Testbench (self-checking)
- C Model & test vector generator
- Simulation & synthesis scripts
- Vectors & expected results
- User documentation