

# XIP1103H: AES256-CTR

Advanced Encryption Standard (256-bit key), Counter Mode IP Core

| Product Brief      |  |  |  |  |
|--------------------|--|--|--|--|
| ver. 1.0           |  |  |  |  |
| September 20, 2023 |  |  |  |  |

sales@xiphera.com

#### Introduction

XIP1103H from Xiphera is a high-speed Intellectual Property (IP) core implementing the Advanced Encryption Standard (AES) [1] in Counter Mode (CTR) [2].

The Counter mode of operation effectively turns a block cipher into a stream cipher, and provides a number of advantages from an implementation point of view. These include the ability to use the same key expansion functionality and datapath for both encryption and decryption, and the possibility to parallelize the FPGA-based implementation by unrolling and pipelining.

XIP1103H has been designed for easy integration with FPGA- and ASIC-based designs in a vendor-agnostic design methodology, and the functionality of XIP1103H does not rely on any FPGA manufacturer-specific features.

## **Key Features**

- Moderate resource requirements: The entire XIP1103H requires 17076 Adaptive Lookup Modules (ALMs) (Intel<sup>®</sup> Agilex<sup>®</sup> F), and does not require any multipliers or DSPBlocks<sup>1</sup>.
- Performance: Despite its moderate size, XIP1103H achieves a throughput in the tens of Gbps range, for example 87.07+ Gbps in Xilinx<sup>®</sup> Versal<sup>®</sup> Prime.
- **Standard Compliance:** XIP1103H is fully compliant with both the Advanced Encryption Algorithm (AES) standard [1], as well as with the Counter Mode (CTR) standard [2].
- 128-bit and 256-bit Interfaces ease the integration of XIP1103H with other FPGA logic and/or control software.

<sup>&</sup>lt;sup>1</sup>The AES S-boxes can be implemented either in FPGA logic or internal memory blocks depending on the customer's preference



Figure 1: Internal high-level block diagram of XIP1103H, encryption mode

# Functionality

XIP1103H encrypts<sup>2</sup> the incoming 128 bits long plaintext blocks by XORing (exclusive-OR) them with the encrypted successive values of a counter. The counter is initialized with a 128 bits long initialization vector<sup>3</sup>, which is then incremented by one after each encryption with the same secret key.

XIP1103H is a high-speed version of the Counter mode of operation, and due to the full unrolling of the AES datapath can output a 128 bits long ciphertext block every clock cycle. The key expansion —which is identical for both encryption and decryption operation —is performed on-the-fly and if the same key is used for successive plaintext blocks does not affect the throughput or latency of XIP1103H.

## **Block Diagram**

The internal high-level block diagram of XIP1103H is depicted in Figure 1.

## Interfaces

The external interfaces of XIP1103H are depicted in Figure 2.

This Product Brief describes a high-level overview of the functionality and capabilities of XIP1103H. Please contact sales@xiphera.com for a complete datasheet with a detailed description of the input

<sup>&</sup>lt;sup>3</sup>The initialization vector consists of a 32 bits long nonce, and a 96 bits long initial value.



 $<sup>^{2}</sup>$ The operation is identical in the decryption direction, where the only difference is decrypting ciphertext into plaintext.



Figure 2: External interfaces of XIP1103H

and output signals, startup procedure of XIP1103H, example simulation waveforms, and the FPGA resource requirements of your targeted FPGA family.

#### **FPGA Resources and Performance**

Table 1 presents the FPGA resource requirements for representative implementations on different FPGA architectures. On request, the resource estimates can also be supplied for other FPGA families.

| Device                                                           | Resources            | $f_{MAX}$  | Max. throughput $^*$ |
|------------------------------------------------------------------|----------------------|------------|----------------------|
| Intel <sup>®</sup> Agilex <sup>®</sup> F <sup>†</sup>            | 17076 ALM            | 808.41 MHz | 103.48               |
| Intel <sup>®</sup> Stratix <sup>®</sup> 10 GX <sup>†</sup>       | 17344 ALM            | 489.00 MHz | 62.59                |
| Xilinx <sup>®</sup> Versal <sup>®</sup> Prime <sup>‡</sup>       | 15132 LUT            | 680.27 MHz | 87.07                |
| Xilinx <sup>®</sup> Zynq <sup>®</sup> MPSoC <sup>‡</sup>         | 14717 LUT            | 742.39 MHz | 95.03                |
| Xilinx <sup>®</sup> Versal <sup>®</sup> Prime <sup>‡</sup>       | 15596 LUT            | 727.80 MHz | 93.16                |
| Xilinx <sup>®</sup> Virtex <sup>®</sup> UltraScale+ <sup>‡</sup> | 14662 LUT            | 777.00 MHz | 99.46                |
| Lattice <sup>®</sup> ECP5 <sup>® §</sup>                         | 24565 LE, 200 EBR    | 128.90 MHz | 16.50                |
| Microchip <sup>®</sup> PolarFire <sup>®</sup> <sup>¶</sup>       | 28790 4LUT, 12 uSRAM | 152.84 MHz | 19.56                |

Table 1: Resource usage and performance of XIP1103H on representative FPGA families. AES S-boxes implemented either in internal memory blocks or lookup tables (4 and 6 inputs supported).

## Example Use Cases

XIP1103H protects the confidentiality of the encrypted plaintext, and to additionally provide authenticity protection XIP1103H can be used as a building block in AES-GCM (Galois Counter Mode) (for

<sup>&</sup>lt;sup>¶</sup>Libero 2022.1.0.10, default compilation settings, industrial speedgrade.



 $<sup>^{*}</sup>Throughput = f_{MAX} * 128 \ bits$ 

<sup>&</sup>lt;sup>†</sup>Quartus<sup>®</sup> Prime Pro 21.1.0, default compilation settings, industrial speedgrade.

<sup>&</sup>lt;sup>‡</sup>Vivado 2020.2, default compilation settings, industrial speedgrade.

<sup>&</sup>lt;sup>§</sup>Diamond 3.12.0, default compilation settings, industrial speedgrade.

example, Xiphera's IP cores XIP1113B and XIP1113H have XIP1103H for confidentiality protection). An alternative way to protect both confidentiality and authenticity is to use XIP1103H in combination with a keyed message authentication code (such as Xiphera's KMAC IP core).

# Ordering and Deliverables

Please contact sales@xiphera.com for pricing and your preferred delivery method. XIP1103H can be shipped in a number of formats, including netlist, source code, or encrypted source code. Additionally, synthesis scripts, a comprehensive testbench, and a detailed datasheet including an integration guide are included.

## Export Control

XIP1103H protects data confidentiality and is a dual-use product as defined in the Wassenaar Arrangement. Consequently, the export of XIP1103H is controlled by Council Regulation (EC) No 428/2009 of 5 May 2009 and its subsequent changes.

XIP1103H can be immediately shipped to all European Union member states, Australia, Canada, Japan, New Zealand, Norway, Switzerland, United Kingdom, and the United States.

Export to other countries requires authorization from The Ministry for Foreign Affairs of Finland, and a typical processing time for an export authorization is a few weeks.

#### **About Xiphera**

Xiphera specializes in secure and efficient implementations of standardized cryptographic algorithms on Field Programmable Gate Arrays (FPGAs) and Application Specific Integrated Circuits (ASICs). Our fully in-house designed product portfolio includes individual cryptographic Intellectual Property (IP) cores, as well as comprehensive security solutions built from a combination of individual IP cores.

Xiphera is a Finnish company operating under the laws of the Republic of Finland, and is fully owned by Finnish citizens and institutional investors.

#### Contact

Xiphera Oy Tekniikantie 12 FIN-02150 Espoo Finland sales@xiphera.com +358 20 730 5252

#### References

[1] Specification for the Advanced Encryption Standard (AES). Federal Information Processing Standards Publication 197, 2001.



[2] Morris J. Dworkin. SP 800-38A 2001 Edition. Recommendation for Block Cipher Modes of Operation: Methods and Techniques. Technical report, Gaithersburg, MD, United States, 2001.

