The AES-GCM encryption IP core implements Rijndael encoding and decoding in compliance with the NIST Advanced Encryption Standard. It processes 128-bit blocks, and is programmable for 128-, 192-, and 256-bit key lengths.
Four architectural versions are available to suit system requirements. The Standard version (AES-GCM-S) is more compact, using a 32-bit datapath and requiring 44/52/60 clock cycles for each data block (128/192/256-bit cipher key, respectively). The Fast version (AES-GCM-F) achieves higher throughput using a 128-bit datapath and requiring 11/13/15 clock cycles for each data block depending on key size. For applications where throughput is critical there are two additional versions. The AES-GCM-X can process 128 bits/cycle and the AES-GCM-X2 can process 256 bits/cycle respectively independent of the key size.
GCM stands for Galois Counter. GCM is a generic authenticate-and-encrypt block cipher mode. A Galois Field (GF) multiplier/accumulator is utilized to generate an authentication tag while CTR (Counter) mode is used to encrypt.
The AES-GCM cores are fully synchronous design and have been evaluated in a variety of technologies, and is available optimized for ASICs or FPGAs.
This core can be mapped to any any Intel, Lattice, MicroSemi, or Xilinx programmable device, or to any ASIC technology, provided sufficient silicon resources are available. Please contact CAST Sales to get accurate characterization data for your specific implementation requirements.
- Encrypts and decrypts using the AES Rijndael Block Cipher Algorithm
- Implemented according to the National Institute of Standards and Technology (NIST) Special Publication 800-38D
- NIST Certified
- Processes 128-bit data in 32-bit blocks
- Employs user-programmable key size of 128, 192, or 256 bits
- Four architectural versions:
- AES-GCM-S is more compact:
- 32-bit data path size
- Processes each 128-bit data block in 44/52/60 clock cycles for 128/192/256-bit cipher keys, respectively
- AES-GCM-F yields higher transmission rates: 128-bit data path
- Processes each 128-bit block in 11/13/15 clock cycles for 128/192/256-bit cipher keys, respectively
- Higher throughput versions (AES-GCM-X or AES-GCM-X2) can process 128 bits/cycle or 256 bits/cycle and have a 128-bit datapath size
- Arbitrary IV length for fast version
- Works with a pre-expended key or can integrate the optional key expansion function
- Simple, fully synchronous, reusable design
- Available as fully functional and synthesizable VHDL or Verilog, or as a netlist for popular programmable devices
- Complete deliverables include test benches, C model and test vector generator
- HDL RTL source code
- Sophisticated HDL Testbench (self checking)
- C Model & test vector generator
- Simulation script, vectors & expected results
- Synthesis script
- User documentation
- Protected network routers
- Electronic financial transactions
- Secure wireless communications
- Secure video surveillance systems
- Encrypted data storage
Block Diagram of the AES-GCM Authenticated Encrypt/Decrypt Core IP Core