Hardware-based security for high-level protection.

XIP1183B: AES256-XTS

Advanced Encryption Standard (256-bit key), XTS mode IP Core


XIP1183B from Xiphera is a balanced [1] Intellectual Property (IP) core implementing the Advanced Encryption Standard (AES) with 256-bit long key in XTS mode.

XTS is a mode of operation for a block cipher that is used primarily for protecting the confidentiality of data at rest. Consequently, AES-XTS is widely used for encrypting the contents of hard drives and other storage devices.

AES-XTS is a tweakable block cipher, and as it instantiates the underlying AES block cipher twice, the key material for AES-XTS is twice longer than for the constituent individual AES block ciphers.

The encrypted data depends not only on the plaintext and encryption key, but also on the logical address of the data on the storage device. This means that identical plaintexts get encrypted differently at different logical addresses.

XIP1183B has been designed for easy integration with FPGA- and ASIC-based designs in a vendor-agnostic design methodology, and the functionality of XIP1183B does not rely on any FPGA manufacturer-specific features.

Key features

  • Moderate resource requirements: The entire XIP1183B requires 6074 Adaptive Lookup Modules (ALMs) (Intel ® Cyclone ® 10 GX), and does not require any multipliers or DSP Blocks [2].
  • Performance: XIP1183B achieves an impressive throughput in the Gbps range, for example 3.20+ Gbps in Xilinx ® Kintex ® UltraScale+.
  • Standard Compliance: XIP1183B is compliant with both the Advanced Encryption Algorithm (AES) standard and the XTS standard.
  • Optional Ciphertext stealing support.
  • Increased performance can be achieved by parallel instantiations of XIP1183B.


AES256-XTS works by first encrypting the tweak value [3] with an AES block. The encrypted tweak value is then multiplied [4] with a value derived from the Block Sequence Number [5] of the 128-bit block inside the data unit.

The resulting value is then used in an Exlusive OR (XOR) operation both at the input and output of another AES block (“datapath AES”), which uses a different 256-bit key from the AES block responsible for encrypting the tweak value.

Decryption is an identical operation to encryption, with the exception that the datapath AES operates in the decryption mode.

For more technical and commercial details, including FPGA resources & peak performance as well as ordering instructions, open the full product brief in PDF. Contact us by sending and email to email_career.png, and we’ll get back to you as soon as possible.

Open full product brief

Block diagram

Figure 1: Internal high-level block diagram of XIP1183B

Figure 1: Internal high-level block diagram of XIP1183B.


[1] Xiphera’s balanced (denoted by ’B’ at the end of the ordering code) IP cores strike a balanced compromise between performance and FPGA resource usage.

[2] The AES S-boxes can be implemented either in FPGA logic or internal memory blocks depending on the customer’s preference.

[3] The AES-XTS standard defines the tweak as a 128-bit value used to represent the logical position of the data being encrypted or decrypted, which in practice is most often the address of an individual sector on the storage media.

[4] The multiplication is performed in Galois field GF (2128) defined by the polynomial x128 + x7 + x2 + x + 1.

[5] The default configuration of XIP1183B uses a 4kB sector size, but this can be easily parameterized.

Visit the product family page