The Rijndael algorithm was chosen above other candidates to form the final AES standard, which was ratified by NIST. The AES algorithm is capable of using cryptographic keys of 128, 192 and 256 bits to encrypt and decrypt data in blocks of 128 bits. In the terminology of encryption the input data is called Plaintext, the ciphered data is Ciphertext and the key is termed the Cipher Key.

The ciphering of Plaintext progresses as a series of Rounds and the Cipher Key generates a set of Round Keys in a process known as Key Expansion. Key Expansion can either generate Round Keys and store them for several encryption/decryption operations or generate them on-the-fly.

• AES GCM for MACsec IEEE Std.802.1 AE-2006
• AES GCM for IPsec ESP RFC 4106
• AES GMAC for IPsec RFC 4543
• AES XCBC for IPsec RFC 3566
• AES CCM for IPsec ESP RFC 4309 and RFC 3610
• AES CCM for WiMax and WLAN

NIST Special Publication 800-38A details different cryptographic modes ECB, CBC, CFB, OFB and CTR that make use of the AES algorithm. The standard mode of AES is called Electronic Code Book (ECB), and this is the simplest of all the modes, from which the other modes are derived. Although the AES-ECB provides confidentiality through a large codebook it needs additional components to provide security against attacks. For instance if the key is not changed then the same Plaintext will always be encrypted to the same Ciphertext. This can be exploited if the attacker has specific knowledge of the type of information being transmitted and any repetitions present. To overcome this AES-CBC (Cipher Block Chaining) adds an initialization vector IV and a feedback loop to AES-ECB, which ensures that the ciphered data is mixed back with the input data to form a stream with the absence of repetition.

AES-CBC can also provide authentication that the data has not been tampered with between encryption and reception. This is called AES-CBC MAC (Message Authentication Code) which is described in NIST Special Publication 800-38B. If the data has been tampered with the MAC calculated at the receiver will be incorrect.

Other popular modes include the Counter mode AES-CTR which is particularly suited to high data rates. The combination of AES-CTR with AES-CBC-MAC is called AES-CCM (Counter with cipher block Chaining Message authentication code) and is fully described in NIST Special Publication 800-38C. There are variations on the Counter including one where the count is generated from a Galois field and this is called AES-GCM.

EnSilica provide a sophisticated range of AES related IP for use in ASIC or FPGA target technologies. As each configuration is specific to customer requirements we have prepared individual IP modules that enable a flexible trade-off of throughput with area to get the most optimized solution. The base suite consists of Encryption, Decryption, Key Expansion and Cryptographic Mode modules that together cover all the combinations required for encryption and authentication. All modules support the three key sizes, selectable dynamically per-packet. For the lowest gatecount the modules can be configured to support only one key size. In addition the AES modules are available as eSi-RISC peripherals.

The Encryption module has 128-bit input and output buses for both Plaintext and Ciphertext respectively. It makes single cycle accesses to a 128-bit Round Key memory during the encryption process. Encryption using a 128-bit key therefore takes just 11 clock cycles. The Round Keys can either be generated on-the-fly or stored in a memory.

The Decryption module also has 128-bit input and output buses for both Ciphertext and Plaintext respectively. Decryption using a 128-bit key also takes just 11 clock cycles. The Round Keys must be pre-stored in a memory because they are read out in reverse order, and cannot be generated on-the-fly.

The Key Expansion module works in synchronization with the encryption module and produces a new Round Key every clock cycle. The Key Expansion module may not be needed in some applications if a processor is available to calculate the Round Keys offline.
For FPGA targets the IP makes full use of block memory for intermediate results storage and round keys. Where appropriate for simultaneous encryption and decryption it instances a dual-ported Round Key memory, which can be shared for efficiency.
EnSilica’s AES implementations are amongst the most efficient on the market and supplied with full documentation, testbenches and synthesis scripts.

• Mix and match Encryption, Decryption, Key Expansion and Modes
• Maximum flexibility: Run time support for all three key sizes
• Lowest gatecount: Configure only for the key size required by your application
• Encryption
  • Low FPGA logic usage – Stratix III: 305 ALUTs
  • Utilises FPGA block memory – Stratix III: 34,816 (20 M9k)
  • High throughput – Stratix III: Fmax 235 MHz => 2.3 Gbps typical
• Decryption
  • Low FPGA logic usage – Stratix III: 448 ALUTs
  • Utilises FPGA block memory – Stratix III: 34,816 (20 M9k)
  • High throughput – Stratix III: Fmax 211 MHz => 2.3 Gbps typical
• Key Expansion
  • Low FPGA logic usage – Stratix III: 623 ALUTs
  • Utilises FPGA block memory – Stratix III: 8,192 (4 M9k)
  • High throughput – Stratix III: Fmax 204 MHz => 2.3 Gbps typical

SNOW 3G is a word oriented stream cipher that generates a sequence of 32-bit words under the control of a 128-bit key and a 128-bit initialization vector. The words are used to mask Plaintext. First a key initialization is performed, and then with every clock tick it produces a new 32-bit output word.

The implementation is very efficient in both FPGA and ASIC, being a combination of an LFSR and a finite state machine.

• LTE/3GPP

Although DES and specifically TDES are secure in practical applications the more modern AES is now commonly used instead.

For legacy systems and backwards compatibility the DES and TDES are still commonplace and require hardware support for efficient calculation.

• DES and TDES have been used since 1976 in commercial and US Government applications