

# XIP1183H: AES256-XTS

# Advanced Encryption Standard (256-bit key), XTS mode IP Core

Product Brief ver. 1.0 October 30, 2024

sales@xiphera.com

#### Introduction

XIP1183H from Xiphera is a high-speed<sup>1</sup> Intellectual Property (IP) core implementing the Advanced Encryption Standard (AES) [1] with 256-bit long key in XTS [2] mode.

XTS is a mode of operation for a block cipher that is used primarily for protecting the confidentiality of data at rest. Consequently, AES-XTS is widely used for encrypting the contents of hard drives and other storage devices.

AES-XTS is a *tweakable* block cipher, and as it instantiates the underlying AES block cipher twice, the key material for AES-XTS is twice longer than for the constituent individual AES block ciphers.

The encrypted data depends not only on the plaintext and encryption key, but also on the logical address of the data on the storage device. This means that identical plaintexts get encrypted differently at different logical addresses.

XIP1183H has been designed for easy integration with FPGA- and ASIC-based designs in a vendor-agnostic design methodology, and the functionality of XIP1183H does not rely on any FPGA manufacturer-specific features.

## **Key Features**

• Moderate resource requirements: The entire XIP1183H requires 34927 Lookup Tables (LUTs) (AMD® Versal® Prime), and does not require any multipliers or DSP Blocks<sup>2</sup>.

<sup>&</sup>lt;sup>1</sup>Xiphera's high-speed (denoted by 'H' at the end of the ordering code) IP cores are designed to maximize the achievable FPGA performance.

<sup>&</sup>lt;sup>2</sup>The AES S-boxes can be implemented either in AMD® FPGA logic or internal memory blocks depending on the customer's preference.

• Performance: XIP1183H achieves an impressive throughput in the tens of Gbps range, for example 43.48+ Gbps in AMD® Versal® Prime.

- Standard Compliance: XIP1183H is compliant with both the Advanced Encryption Algorithm (AES) standard [1] and the XTS standard [2].
- Optional Ciphertext stealing support as defined in [2].
- Increased Performance can be achieved by parallel instantiations of XIP1183H.
- Support for Burst-Mode Sector Writes and Reads with the default sector size of 4kB<sup>3</sup>.

## **Functionality**

AES256-XTS works by first encrypting the tweak value<sup>4</sup> with an AES block. The encrypted tweak value is then multiplied<sup>5</sup> with a value derived from the Block Sequence Number<sup>6</sup> of the 128-bit block inside the data unit.

The resulting value is then used in an Exlusive OR (XOR) operation both at the input and output of another AES block ("datapath AES"), which uses a different 256-bit key from the AES block responsible for encrypting the tweak value. The default configuration of XIP1183H encrypts/decrypts an entire disk sector in burst mode.

Decryption is an identical operation to encryption, with the exception that the datapath AES operates in the decryption mode.

## **Block Diagram**

The internal high-level block diagram of XIP1183H is depicted in Figure 1.

#### Interfaces

The external interfaces of XIP1183H are depicted in Figure 2.

This Product Brief describes a high-level overview of the functionality and capabilities of XIP1183H. Please contact sales@xiphera.com for a complete datasheet with a detailed description of the input and output signals, startup procedure of XIP1183H, example simulation waveforms, and the FPGA resource requirements in your targeted FPGA family.

#### FPGA Resources and Performance

Table 1 presents the AMD® FPGA resource requirements for representative implementations on different AMD® FPGA architectures. On request, the resource estimates can also be supplied for

2



October 30, 2024

<sup>&</sup>lt;sup>3</sup>The default sector size is parameterizable.

<sup>&</sup>lt;sup>4</sup>The AES-XTS standard [2] defines the tweak as a 128-bit value used to represent the logical position of the data being encrypted or decrypted, which in practice is most often the address of an individual sector on the storage media.

<sup>&</sup>lt;sup>5</sup>The multiplication is performed in Galois field  $GF(2^{128})$  defined by the polynomial  $x^{128} + x^7 + x^2 + x + 1$ .

<sup>&</sup>lt;sup>6</sup>The default configuration of XIP1183H encrypts/decrypts an entire 4kB sector in burst mode.



Figure 1: Internal high-level block diagram of XIP1183H



Figure 2: External interfaces of XIP1183H

other AMD® FPGA families.

| Device                                                     | Resources | $f_{MAX}$  | Max. throughput** |
|------------------------------------------------------------|-----------|------------|-------------------|
| AMD® Versal® Prime‡                                        | 34927 LUT | 339.67 MHz | 43.48 Gbps        |
| AMD® Zynq® MPSoC§                                          | 33543 LUT | 298.42 MHz | 38.20 Gbps        |
| AMD® Versal® Prime¶                                        | 34899 LUT | 302.66 MHz | 38.74 Gbps        |
| $AMD^{\texttt{@}}\ Virtex^{\texttt{@}}\ UltraScale +^{\S}$ | 33145 LUT | 366.17 MHz | 46.87 Gbps        |

Table 1: Resource usage and performance of XIP1183H on representative AMD® FPGA families. AES S-boxes implemented either in internal memory blocks or lookup tables (4 and 6 inputs supported).

3

<sup>\*\*</sup> $Throughput = f_{MAX} * 128 \ bits$ , achieved for encrypting/decrypting an entire sector.



October 30, 2024

<sup>&</sup>lt;sup>‡</sup>Vivado 2020.3, default compilation settings, industrial speedgrade.

<sup>§</sup>Vivado 2020.2, default compilation settings, industrial speedgrade.

<sup>&</sup>lt;sup>¶</sup>Vivado 2022.1, default compilation settings, industrial speedgrade.

## **Example Use Cases**

XIP1183H protects the confidentiality of the encrypted plaintext, and identical plaintext is encrypted into a different ciphertext at different memory addresses.

When using XIP1183H with storage media whose natural bit width is smaller than 128 bits, it is recommended to integrate XIP1183H with a memory controller IP core to enable encrypting and decrypting 128-bits data units.

## Ordering and Deliverables

Please contact sales@xiphera.com for pricing and your preferred delivery method. XIP1183H can be shipped in a number of formats, including netlist, source code, or encrypted source code. Additionally, synthesis scripts, a comprehensive testbench, and a detailed datasheet including an integration guide are included.

## **Export Control**

XIP1183H protects data confidentiality and is a dual-use product as defined in the Wassenaar Arrangement. Consequently, the export of XIP1183H is controlled by Council Regulation (EC) No 428/2009 of 5 May 2009 and its subsequent changes.

XIP1183H can be immediately shipped to all European Union member states, Australia, Canada, Japan, New Zealand, Norway, Switzerland, United Kingdom, and the United States.

Export to other countries requires authorization from The Ministry for Foreign Affairs of Finland, and a typical processing time for an export authorization is a few weeks.

## **About Xiphera**

Xiphera specializes in secure and efficient implementations of standardized cryptographic algorithms on Field Programmable Gate Arrays (FPGAs) and Application Specific Integrated Circuits (ASICs). Our fully in-house designed product portfolio includes individual cryptographic Intellectual Property (IP) cores, as well as comprehensive security solutions built from a combination of individual IP cores.

Xiphera is a Finnish company operating under the laws of the Republic of Finland, and is fully owned by Finnish citizens and institutional investors.

#### **Contact**

Xiphera Oy Tekniikantie 12 FIN-02150 Espoo Finland sales@xiphera.com +358 20 730 5252



### References

[1] Specification for the Advanced Encryption Standard (AES). Federal Information Processing Standards Publication 197, 2001.

[2] IEEE Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices. *IEEE Std. 1619-2018*, 2018.



5