Hardware-based security for high-level protection.

XIP1111B: AES128-GCM

Advanced Encryption Standard (128-bit key), Galois Counter Mode IP Core


XIP1111B from Xiphera is a balanced Intellectual Property (IP) core implementing the Advanced Encryption Standard (AES) in Galois Counter Mode (GCM). AES-GCM is a widely used cryptographic algorithm for Authenticated Enryption with Associated Data (AEAD) purposes, as it provides both data confidentiality and authenticity.

XIP1111B has been designed for easy integration with FPGA- and ASIC-based designs in a vendor-agnostic design methodology, and the functionality of XIP1111B does not rely on any FPGA manufacturer-specific features.

Key features

  • Compact resource requirements: The entire XIP1111B requires less than 2800 Adaptive Lookup Modules (ALMs) (Intel® Cyclone® V), and does not require any multipliers, DSPBlocks or internal memory [1] in a typical FPGA implementation.
  • Performance: Despite its compact size, XIP1111B achieves a throughput in the Gbps range [2], for example 2.5 Gbps in Xilinx® Artix® -7 family.
  • Standard Compliance: XIP1111B is fully compliant with both the Advanced Encryption Algorithm (AES) standard, as well as with the Galois Counter Mode (GCM) standard.
  • Test Vector Compliance: XIP1111B passes all test vectors specified in MACsec GCM-AES Test Vectors.
  • 32-bit FIFO Interfaces [3] ease the integration of XIP1111B with other FPGA logic and/or control software.


The main functionality of XIP1111B depends on the mode of operation. When XIP1111B operates in the encryption and authentication tag calculation mode, it encrypts the incoming plaintext blocks into ciphertext blocks, and in addition to this also calculates a 128 bits long authentication tag from both the incoming plaintext and associated data.

When XIP1111B operates in the decryption and tag validity cheching mode, it decrypts the incoming ciphertext blocks into plaintext blocks, and validates the received authentication tag value by calculating the tag from the incoming ciphertext and associated data blocks and comparing the resulting tag value with the received tag value. As defined by the GCM mode of operation, associated data is included in the authentication tag calculation.

XIP1111B can also operate with zero-length associated data, meaning that XIP1111B treats all signals on the input data_in as plaintext to be encrypted or as ciphertext to be decrypted. XIP1111B can also operate with zero-length plaintext or ciphertext, in which case it acts only as an authenticator or authentication validity checker.

XIP1111B outputs first the associated data, followed by encrypted plaintext or decrypted ciphertext (depending on the mode of operation), and as the last output the tag value and associated status signals.

For more technical and commercial details, including FPGA resources & peak performance as well as ordering instructions, open the full product brief in PDF. Contact us by sending and email to email_career.png, and we’ll get back to you as soon as possible.

Open full product brief

Block diagram

Internal high-level block diagram of XIP1111B

Figure 1: Internal high-level block diagram of XIP1111B.


[1] The parameterizable input and output FIFOs may optionally be instantiated with internal memory blocks, but the actual XIP1111B kernel requires only logic resources.

[2] As is typical for AEAD algorithms, the highest throughput is achieved for long messages.

[3] XIP1111B is also available with 128-bits long interfaces, please contact email_career.png for details.

Visit the product family page