Hardware-based security for high-level protection.

XIP1123B: Versatile AES-256 IP Core

Advanced Encryption Standard (256-bit key), ECB, CBC, OFB, CFB, and CTR Mode of Operation


Introduction

XIP1123B from Xiphera is a balanced [1] and versatile Intellectual Property (IP) core implementing the Advanced Encryption Standard (AES) with a 256-bit key in five dynamically selectable modes of operation: Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), Output Feedback (OFB), and Counter (CTR).

The four different modes of operation (CBC, CFB, OFB, and CTR) all protect data confidentiality, and are widely used in numerous security designs and cryptographic protocols. XIP1123B also supports the ECB mode of operation as a building block for other AES modes of operation, but importantly the standalone use of ECB is not recommended for cryptographically secure applications. The design of XIP1123B allows for every individual 128-bit data block (din —plaintext in encryption mode, ciphertext in decryption mode) to use a different key, a different Initialization Vector (IV) [2], and a different mode of operation [3].

XIP1123B has been designed for easy integration with FPGA- and ASIC-based designs in a vendor-agnostic design methodology, and the functionality of XIP1123B does not rely on any FPGA manufacturer-specific features.

Key features

  • Compact resource requirements: The entire XIP1123B requires 3869 Adaptive Lookup Modules (ALMs) (Intel ® Cyclone ® 10 GX), and does not require any multipliers or DSPBlocks [4].
  • Performance: XIP1123B achieves an impressive throughput in the Gbps range, for example 3.23+ Gbps in Xilinx ® Kintex ® UltraScale+.
  • Standard Compliance: XIP1123B is fully compliant with both the Advanced Encryption Algorithm (AES) standard, as well as with the ECB, CBC, CFB, OFB, and CTR modes of operation.
  • Versatility: The key, initialization vector (IV), and the mode of operation can dynamically updated for every 128-bit data block.

Functionality

XIP1123B supports five different AES modes of operation: Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), Output Feedback (OFB), and Counter (CTR). The four modes of operation (CBC, CFB, OFB, and CTR) use an internal AES256-ECB block as the encryption/decryption engine, but the internal connectivity between 128-bit data block, initialization vector, and the AES256-ECB block inputs and outputs is different; additionally the modes differ in the interdependencies between successsive encryption/decryption rounds.

When decrypting ciphertext blocks into plaintext, the CBC mode of operation requires the internal AES256-ECB block to operate in decryption mode, whereas the other three supported modes of operation (CFB, OFB, and CTR) use the internal AES256-ECB block in encryption mode. This means that if CBC support is not required, a considerable amount of FPGA resources can be saved; contact us for details.


For more technical and commercial details, including FPGA resources & peak performance as well as ordering instructions, open the full product brief in PDF. Contact us by sending and email to email_career.png, and we’ll get back to you as soon as possible.

Open full product brief

Block diagram

Figure 1: Internal high-level block diagram of XIP1123B

Figure 1: Internal high-level block diagram of XIP1123B.

Footnotes

[1] Xiphera’s balanced (denoted by ’B’ at the end of the ordering code) IP cores strike a balanced compromise between performance and FPGA resource usage.

[2] ECB mode of operation does not use an IV.

[3] If less than the default 5 (five) modes of operation are required the FPGA resource requirements are reduced; contact email_career.png for details.

[4] The AES S-boxes can be implemented either in FPGA logic or internal memory blocks depending on the customer’s preference.


Visit the product family page