VOCAL’s Advanced Encryption Standard (AES) IP Core firmware offerings include a unified encryption/decryption module or separate encryption and decryption modules. The modules are designed to use registers to hold the software expanded key. An optional key expansion module is available for use with any of the AES modules. The module interfaces can be 32, 64 or 128 bits wide. Contact us to discuss your security application requirements.
Advanced Encryption Standard (AES)
The Advanced Encryption Standard (AES) is a computer security standard developed by NIST to replace DES that became effective in 2002 . The cryptography scheme is a symmetric block cipher that encrypts and decrypts 128-bit blocks of data. Lengths of 128, 192, and 256 bits are standard key lengths used by AES.
The algorithm consists of four stages that make up a round which is iterated 10 times for a 128-bit length key, 12 times for a 192-bit key, and 14 times for a 256-bit key. The first stage “SubBytes” transformation is a non-linear byte substitution for each byte of the block. The second stage “ShiftRows” transformation cyclically shifts (permutes) the bytes within the block. The third stage “MixColumns” transformation groups 4-bytes together forming 4-term polynomials and multiplies the polynomials with a fixed polynomial mod (x4+1). The fourth stage “AddRoundKey” transformation adds the round key with the block of data.
The AES is composed of three distinct invertible transforms based on the Wide Trial Strategy design method. The Wide Trial Strategy design method provides resistance against linear and differential cryptanalysis. In the Wide Trail Strategy, every layer has its own function:
- The linear mixing layer: guarantees high diffusion over multiply rounds
- The non-linear layer: parallel application of S-boxes that have the optimum worst-case non-linearity properties.
- The key addition layer: a simple XOR of the round key to the intermediate state
Applications of AES
- Cipher for Wireless Communications
- Ecrypted data storage
- The Secure Real-time Transport Protocol (SRTP) – RFC 3711
- The Use of AES-192 and AES-256 in Secure RTP – RFC 6188
- AES-GCM Authenticated Encryption in the Secure Real-time Transport Protocol (SRTP) – RFC 7714
- An Interface and Algorithms for Authenticated Encryption – RFC 5116
- ITU H.235 (H.323 Security)
- Secure JPEG2000 (JPSEC)
AES IP Core Deliverables
Deliverables for all AES IP Cores:
- Fully synchronous design
- Fully functional and synthesizable VHDL soft-core
- Testbench files to show operation
- VHDL microprocessor interface module
- C Code for wrapper interface, test vector generation and functional verification
AES IP Core Specifications
Common specifications for all AES Cores include:
- All implementations in accordance with FIPS PUB 197
- ECB (Electronic Codebook) implementation per NIST SP800-38A
- Pipelined to run two 128-bit values at the same time
- Supports all AES key sizes (128, 192, 256)
- Supports software key expansion
- Uses key registers to hold key