The compact, high-performance DesignWare® Pipelined AES-GCM/CTR Core implements the AES-GCM/CTR algorithm as specified in the National Institute of Standards and Technology (NIST) Special Publication 800-38D, “Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC.” AES-GCM/CTR is the algorithm of choice for high-performance cryptographic systems. It uses the Advanced Encryption Standard (AES) algorithm in counter mode (CTR) and a high-performance MAC algorithm based on Galois Field multiplication with CTR mode encryption, which can be pipelined for high throughput operations.
The implementation of a secure communications design requires the ability to do both cipher operations and message authentication. The AES algorithm in CTR can be pipelined and is capable of performing hardware encryption and decryption at high speed.
For message authentication, the GCM makes use of binary Galois Field multiplications that can be computed in parallel with the encrypt/decrypt operations, permitting higher throughput than chaining-based authentication algorithms.
The AES-GCM/CTR Core algorithm is well suited to high-performance applications because it:
- Reaches throughput of up to 100 Gbps (contact Synopsys for higher throughput solutions)
- Is rendered efficiently in hardware
- Offers universal message authentication for incremental authentication of packet header information that can’t be encrypted
The DesignWare Pipelined AES-GCM/CTR Core has been selected as the mandatory cipher for 802.1AE (MACsec) – the Ethernet link security standard. AES-GCM/CTR is an optional cipher in IPsec with all three key sizes specified, i.e. 128-, 192-, and 256-bit keys. It is also used in other applications, such as tape storage and secure shell protocols.
As part of Synopsys’ Security IP portfolio, the silicon-proven DesignWare Pipelined AES-GCM/CTR Core is a flow-through, scalable design allowing for context switching between multiple data streams and configures to support a wide performance range.
Downloads and Documentation
- Scalable architecture configurable from 18 to 128 bits/cycle (15 – 100 Gbps)
- Flow-through design
- Interleaved capabilities on any number of contexts
- Stall mitigation when context switching
- Supports 128-, 192- and 256-bit keys GCM and GMAC modes
- Scalable context switch rate 96-bit IV support with no external logic
- Flow-through AAD option as a configuration parameter
- Internal generation of hash key