The AES-GCM encryption IP core implements Rijndael encoding and decoding in compliance with the NIST Advanced Encryption Standard. It processes 128-bit blocks, and is programmable for 128-, 192-, and 256-bit key lengths.
Four architectural versions are available to suit system requirements. The Standard version (AES-GCM-S) is more compact, using a 32-bit datapath and requiring 44/52/60 clock cycles for each data block (128/192/256-bit cipher key, respectively). The Fast version (AES-GCM-F) achieves higher throughput using a 128-bit datapath and requiring 11/13/15 clock cycles for each data block depending on key size. For applications where throughput is critical there are two additional versions. The AES-GCM-X can process 128 bits/cycle and the AES-GCM-X2 can process 256 bits/cycle respectively independent of the key size.
GCM stands for Galois Counter. GCM is a generic authenticate-and-encrypt block cipher mode. A Galois Field (GF) multiplier/accumulator is utilized to generate an authentication tag while CTR (Counter) mode is used to encrypt.
The AES-GCM cores are fully synchronous design and have been evaluated in a variety of technologies, and is available optimized for ASICs or FPGAs.
This core can be mapped to any any Intel, Lattice, MicroSemi, or Xilinx programmable device, or to any ASIC technology, provided sufficient silicon resources are available. Please contact CAST Sales to get accurate characterization data for your specific implementation requirements.