Silicon IP Cores
AES-XTS
AES-XTS Storage Encrypt/Decrypt Engine
The AES-XTS encryption IP core implements hardware encryption/decryption for sector-based storage data. It uses the AES block cipher, in compliance with the NIST Advanced Encryption Standard, as a subroutine. The core processes 128 bits per cycle, and is programmable for 128- and 256-bit key lengths.
Two architectural versions are available to suit system size and throughput requirements. The High Throughput XTS-X is more compact and can process 128 bits/cycle independent of the key size. The Higher Throughput XTS-X2 can process 256 bits/cycle independent of the key size. Both versions have a 128-bit data path.
XTS (XEX-based Tweaked Codebook Mode with Ciphertext Stealing) is a mode of AES that has been specifically designed to encrypt fixed-size data where a possible threat has access to the stored data.
The AES algorithm requires an expanded key for encryption or decryption. The KEXP AES key expander core is included with the AES-XTS core.
During encryption, the key expander can produce the ex-panded key on the fly while the AES core is consuming it. For decryption, though, the key must be pre-expanded and stored in an appropriate memory before being used by the AES core. This is because the core uses the expanded key backwards during decryption.
The AES-XTS can be utilized for a variety of encryption applications including full disk encryption (FDE), cloud storage encryption, network security and embedded systems to secure sensitive data such as in IoT devices or automotive systems.
The core has been verified through extensive synthesis, place and route and simulation runs. It has also been embedded in several products, and is proven in FPGA technologies.
Support
The core as delivered is warranted against defects for ninety days from purchase. Thirty days of phone and email technical support are included, starting with the first interaction. Additional maintenance and support options are available.
Deliverables
The core is available in ASIC (RTL) or FPGA (netlist) formats, and includes everything required for successful implementation. The ASIC version includes
- HDL RTL source
- Sophisticated HDL Testbench (self-checking)
- C Model & test vector generator
- Simulation script, vectors & expected results
- Synthesis script
- User documentation
The AES-XTS can be mapped to any ASIC technology or FPGA device (provided sufficient silicon resources are available). The following are sample ASIC pre-layout results reported from synthesis with a silicon vendor design kit under typical conditions, with all core I/Os assumed to be routed on-chip. The provided figures do not represent the higher speed or smaller area for the core. Please contact CAST to get characterization data for your target configuration and technology.
AES-XTS High Throughput (-X) ASIC Implementation Results
Technology | Logic Resources |
Memory Resources |
Freq (MHz) |
Throughput (Gbps) |
---|---|---|---|---|
TSMC 7nm | 343,934 eq. gates | - | 1,250 | 160.0 |
TSMC 16nm | 404,168 eq. gates | - | 1,200 | 153.6 |
TSMC 28nm HPC | 459,156 eq. gates | - | 1,000 | 128.0 |
AES-XTS Higher Throughput (-X2) ASIC Implementation Results
Technology | Logic Resources |
Memory Resources |
Freq (MHz) |
Throughput (Gbps) |
---|---|---|---|---|
TSMC 7nm | 808,095 eq. gates | - | 1,700 | 435.2 |
TSMC 16nm | 934,843 eq. gates | - | 1,300 | 332.8 |
TSMC 28nm HPC | 1,046,111 eq. gates | - | 1,100 | 281.6 |
The AES-XTS can be mapped to any Altera® FPGA device (provided sufficient silicon resources are available). The following are sample Altera results with all core I/Os assumed to be routed on-chip.
AES-XTS High Throughput (-X) Altera Implementation Results
Technology | Logic Resources |
Memory Resources |
Freq. (MHz) |
Throughput (Gbps) |
---|---|---|---|---|
Arria 10 GX (-1) | 4,674 ALM | 228 RAMB | 170 | 21.76 |
Stratix V (-1) | 4,831 ALM | 228 RAMB | 210 | 26.88 |
AES-XTS Higher Throughput (-X2) Altera Implementation Results
Technology | Logic Resources |
Memory Resources |
Freq. (MHz) |
Throughput (Gbps) |
---|---|---|---|---|
Arria 10 GX (-1) | 8,526 ALM | 436 RAMB | 150 | 38.40 |
Stratix V (-1) | 8,921 ALM | 436 RAMB | 180 | 46.08 |
The provided figures do not represent the higher speed or smaller area for the core. Please contact CAST to get characterization data for your target configuration and technology.
The AES-XTS can be mapped to any AMD FPGA device (provided sufficient silicon resources are available). The following are sample Intel results with all core I/Os assumed to be routed on-chip.
AES-XTS High Throughput (-X) AMD Implementation Results
Technology | Logic Resources |
Memory Resources |
Freq. (MHz) |
Throughput (Gbps) |
---|---|---|---|---|
Kintex-7 (-3) | 3,573 LUT | 116 BRAM | 225 | 28.8 |
Virtex-7 (-3) | 3,587 LUT | 116 BRAM | 225 | 28.8 |
Kintex UltraScale (-3) | 3,584 LUT | 116 BRAM | 300 | 35.4 |
Kintex UltraScale+ (-3) | 3,620 LUT | 116 BRAM | 350 | 44.8 |
Versal (-2) | 3,811 LUT | 116 BRAM | 300 | 38.4 |
AES-XTS Higher Throughput (-X2) AMD Implementation Results
Technology | Logic Resources |
Memory Resources |
Freq. (MHz) |
Throughput (Gbps) |
---|---|---|---|---|
Kintex-7 (-3) | 6,002 LUT | 224 BRAM | 200 | 51.2 |
Virtex-7 (-3) | 6,002 LUT | 224 BRAM | 175 | 44.8 |
Kintex UltraScale (-3) | 6,110 LUT | 224 BRAM | 275 | 70.4 |
Kintex UltraScale+ (-3) | 5,991 LUT | 224 BRAM | 300 | 76.8 |
Versal (-2) | 6,141 LUT | 224 BRAM | 275 | 70.4 |
The provided figures do not represent the higher speed or smaller area for the core. Please contact CAST to get characterization data for your target configuration and technology.
Engineered by Ocean Logic.
Features List
- Encrypts and decrypts using the AES Rijndael Block Cipher Algorithm
- Implemented according to the IEEE P1619™/D16 standard
- NIST-Validated
- Capable of processing 128 bits/cycle
- Employs user-programmable key size of 128 or 256 bits
- Two architectural versions:
- The AES-XTS-X version is smaller and can process 128 bits/cycle for all key sizes
- The AES-XTS-X2 version can process 256 bits/cycle for all key sizes
- Arbitrary IV length
- Easy integration & implementation
- Works with the integrated key expansion function
- Fully synchronous, uses only the rising clock-edge, single-clock domain, no false or multicycle timing paths, scan-ready, LINT-clean, reusable design
- Simple input and output interface, optionally bridged to AMBA™ interfaces or integrated with a DMA engine
- Available in VHDL or Verilog source code format, or as a targeted FPGA netlist
Resources
FIPS 197, Advanced Encryption Standard (AES): download PDF
AES test suite: The Advanced Encryption Standard Algorithm Validation Suite (AESAVS): download PDF