

# XIP1183B: AES256-XTS

# Advanced Encryption Standard (256-bit key), XTS mode IP Core

| Product Brief      |
|--------------------|
| ver. 1.0           |
| September 20, 2023 |

sales@xiphera.com

#### Introduction

XIP1183B from Xiphera is a balanced<sup>1</sup> Intellectual Property (IP) core implementing the Advanced Encryption Standard (AES) [1] with 256 bits long key in XTS [2] mode.

AES-XTS is block-oriented cipher used primarily for protecting the confidentiality of data at rest. Consequently, AES-XTS is widely used for encrypting the contents of hard drives and other storage devices.

AES-XTS is a *tweakable* block cipher, and as it instantiates the underlying AES block cipher twice, the key material for AES-XTS is twice longer than for the constituent individual AES block ciphers.

The encrypted data depends not only on the plaintext and encryption key, but also on the logical address of the data on the storage device. This means that identical plaintexts get encrypted differently at different logical addresses.

XIP1183B has been designed for easy integration with FPGA- and ASIC-based designs in a vendor-agnostic design methodology, and the functionality of XIP1183B does not rely on any FPGA manufacturer-specific features.

#### **Key Features**

• Moderate resource requirements: The entire XIP1183B requires 19326 4-input Lookup Tables (4LUTs) (Lattice<sup>®</sup> CertusPro-NX<sup>®</sup>), and does not require any multipliers or DSPBlocks<sup>2</sup>.

 $<sup>^{1}</sup>$ Xiphera's balanced (denoted by 'B' at the end of the ordering code) IP cores strike a balanced compromise between performance and FPGA resource usage.

<sup>&</sup>lt;sup>2</sup>The AES S-boxes can be implemented either in Lattice<sup>®</sup> FPGA logic or internal memory blocks depending on the customer's preference





- Performance: XIP1183B achieves an impressive throughput in the Gbps range, for example 793.58+ Gbps in Lattice<sup>®</sup> CertusPro-NX<sup>®</sup> .
- **Standard Compliance:** XIP1183B is compliant with both the Advanced Encryption Algorithm (AES) standard [1], and the XTS standard [2].
- Optional Ciphertext stealing support as defined in [2].
- Increase Performance can be achieved by paralle instantiations of XIP1183B.

#### Functionality

AES256-XTS works by first encrypting the tweak value<sup>3</sup> with an AES block. The encrypted tweak value is then multiplied<sup>4</sup> with a value derived from the Block Sequence Number<sup>5</sup> of the 128 bits long block inside the data unit.

The resulting value is then used in an Exlusive OR (XOR) operation both at the input and output of another AES block ("datapath AES"), which uses a different 256 bits long key from the AES block responsible for encrypting the tweak value.

Decryption is an identical operation to encryption, with the exception that the datapath AES operates in decryption mode.

## Block Diagram

The internal high-level block diagram of XIP1183B is depicted in Figure 1.



<sup>&</sup>lt;sup>3</sup>The AES-XTS standard [2] defines the tweak as a 128 bits long value used to represent the logical position of the data being encrypted or decrypted, which in practice is most often the address of an individual sector on the storage media.

<sup>&</sup>lt;sup>4</sup>The multiplication is performed in Galois field  $GF(2^{128})$  defined by the polynomial  $x^{128} + x^7 + x^2 + x + 1$ .

<sup>&</sup>lt;sup>5</sup>The default configuration of XIP1183B uses a 4kB sector size, but this can be easily parameterized.

#### Interfaces



The external interfaces of XIP1183B are depicted in Figure 2.

Figure 2: External interfaces of XIP1183B

This Product Brief describes a high-level overview of the functionality and capabilities of XIP1183B. Please contact sales@xiphera.com for a complete datasheet with a detailed description of the input and output signals, startup procedure of XIP1183B, example simulation waveforms, and the FPGA resource requirements of your targeted FPGA family.

## FPGA Resources and Performance

Table 1 presents the Lattice<sup>®</sup> FPGA resource requirements for representative implementations on different Lattice<sup>®</sup> FPGA architectures. On request, the resource estimates can also be supplied for other Lattice<sup>®</sup> FPGA families.

| Device                                                      | Resources         | $f_{MAX}$ | Max. throughput* |
|-------------------------------------------------------------|-------------------|-----------|------------------|
| Lattice <sup>®</sup> CertusPro-NX <sup>®</sup> <sup>†</sup> | 19326 LUT4, 8 EBR | 99.20 MHz | 793.58 Mbps      |
| Lattice <sup>®</sup> ECP5 <sup>® ‡</sup>                    | 15930 LUT4, 8 EBR | 92.56 MHz | 740.46 Mbps      |

Table 1: Resource usage and performance of XIP1183B on representative Lattice<sup>®</sup> FPGA families. AES S-boxes implemented either in internal memory blocks or lookup tables (4 and 6 inputs supported).

Mention configuration

<sup>&</sup>lt;sup>‡</sup>Diamond 3.12.0, default compilation settings, synthesised with Synplify.



 $<sup>{}^{*}</sup>Throughput = \frac{f_{MAX}*128 \ bits}{16 \ clock \ cycles}$ , achieved for encrypting/decrypting an entire sector.

<sup>&</sup>lt;sup>†</sup>Radiant 2022.1.0, default compilation settings, synthesised with Synplify.

#### Example Use Cases

XIP1183B protects the confidentiality of the encrypted plaintext, and identical plaintext is encrypted into a different ciphertext at different memory addresses.

When using XIP1183B with storage media whose natural bit width is smaller than 128 bits, it is recommended to integrate XIP1183B with a memory controller IP core to enable encrypting and decrypting 128-bits data units.

#### Ordering and Deliverables

Please contact sales@xiphera.com for pricing and your preferred delivery method. XIP1183B can be shipped in a number of formats, including netlist, source code, or encrypted source code. Additionally, synthesis scripts, a comprehensive testbench, and a detailed datasheet including an integration guide are included.

## Export Control

XIP1183B protects data confidentiality and is a dual-use product as defined in the Wassenaar Arrangement. Consequently, the export of XIP1183B is controlled by Council Regulation (EC) No 428/2009 of 5 May 2009 and its subsequent changes.

XIP1183B can be immediately shipped to all European Union member states, Australia, Canada, Japan, New Zealand, Norway, Switzerland, United Kingdom, and the United States.

Export to other countries requires authorization from The Ministry for Foreign Affairs of Finland, and a typical processing time for an export authorization is a few weeks.

## **About Xiphera**

Xiphera specializes in secure and efficient implementations of standardized cryptographic algorithms on Field Programmable Gate Arrays (FPGAs) and Application Specific Integrated Circuits (ASICs). Our fully in-house designed product portfolio includes individual cryptographic Intellectual Property (IP) cores, as well as comprehensive security solutions built from a combination of individual IP cores.

Xiphera is a Finnish company operating under the laws of the Republic of Finland, and is fully owned by Finnish citizens and institutional investors.

#### Contact

Xiphera Oy Tekniikantie 12 FIN-02150 Espoo Finland sales@xiphera.com +358 20 730 5252



#### References

- [1] Specification for the Advanced Encryption Standard (AES). Federal Information Processing Standards Publication 197, 2001.
- [2] IEEE Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices. *IEEE Std.* 1619-2018, 2018.

