AES256 IP Core Data Sheet

Features 1

General Description. 2

Functional Description. 3

1.      AES256ENC. 3

1.1.        Key setting. 4

1.2.        Encryption control 4

2.      AES256DEC. 5

2.1.        Key setting. 6

2.2.        Decryption control 6

Verification Methods 7

Recommended Design Experience. 7

Ordering Information. 7

Revision History. 7

 

 

 

 

  Core Facts

Provided with Core

Documentation

User Guide, Design Guide

Design File Formats

Encrypted HDL

Instantiation Templates

VHDL

Reference Designs & Application Notes

Vivado Project,

See Reference design manual

Additional Items

Demo on ZCU106

Support

Support Provided by Design Gateway Co., Ltd.

 

 

Design Gateway Co.,Ltd

E-mail:    ip-sales@design-gateway.com

URL:       design-gateway.com

 

Features

·     Support AES ECB mode standard.

·     Support 256-bit key size.

·     Support input data width128-bit.

·     Throughput rate at 8.53 Mbits/MHz.

·     Speed up to 4.26 Gbps @500MHz.

·     128-bit data calculation time is constant at 15 clock cycles

 

 

Table 1: Example Implementation Statistics for Encryption

Family

Example Device

Fmax (MHz)

CLB

Regs

CLB

LUTs

CLB1

IOB

BRAMTile

Design Tools

Zynq-Ultrascale+

xczu7ev-ffvc1156-2-e

500

299

1315

212

-

-

Vivado2021.1

Kintex-UltraScale+2

xcku5p-ffvb676-2-e

525

283

1310

237

-

-

Vivado2021.1

Virtex-Ultrascale+2

xcvu9p-flga2104-2L-e

525

411

1462

237

-

-

Vivado2021.1

 

Table 2: Example Implementation Statistics for Decryption

Family

Example Device

Fmax (MHz)

CLB

Regs

CLB

LUTs

CLB1

IOB

BRAMTile

Design Tools

Zynq-Ultrascale+

xczu7ev-ffvc1156-2-e

500

291

1578

271

-

-

Vivado2021.1

Kintex-UltraScale+2

xcku5p-ffvb676-2-e

525

275

1585

267

-

-

Vivado2021.1

Virtex-Ultrascale+2

xcvu9p-flga2104-2L-e

525

307

1607

285

-

-

Vivado2021.1

 

Notes:

1)      Actual logic resource dependent on percentage of unrelated logic

2)      The results were obtained from implementation in the same environment, but have not been tested on the actual board.

 

Table 3: Example Implementation Statistics for Encryption (Versal)

Family

Example Device

Fmax (MHz)

CLB

Regs

CLB

LUTs

Slice1

IOB

BRAMTile

Design Tools

Versal AI Core2

xcvc1902-vsva2197-2MP-e-S

440

289

1670

287

-

-

Vivado2021.1

 

Table 4: Example Implementation Statistics for Decryption (Versal)

Family

Example Device

Fmax (MHz)

CLB

Regs

CLB

LUTs

Slice1

IOB

BRAMTile

Design Tools

Versal AI Core2

xcvc1902-vsva2197-2MP-e-S

440

329

1443

264

-

-

Vivado2021.1

 

 

 

Figure 1: Block Diagram

 

General Description

AES256 IP Core (AES256IP) implement the advanced encryption standard (AES) algorithm which is widely used in many applications like file encryption, processor security, and secure file transfer protocol.

 

AES is a symmetric block cipher algorithm of the Rijndael family. Please find more details in the Federal Information Processing Standards Publication (FIPS PUB) 197.

 

AES256IP is consisted of AES256ENC module, that is encryption module and AES256DEC module, that is decryption module as shown in Figure 1.

 

Functional Description

1.     AES256ENC

Table 5: Interface signals of AES256ENC

Signal name

Dir

Description

RstB

In

IP core system reset. Active low.

Clk

In

IP core system clock.

Key setting signals

KeyInValid

In

KeyInValid is a user signal to specify data valid of KeyIn.

Assert to ‘1’ to set up KeyIn into AES256ENC.

 

KeyIn [255:0]

In

KeyIn is 256-bit key data of key setting.

KeyIn must be valid when KeyInValid is asserted to ‘1’.

 

KeyInBusy

Out

KeyInBusy specifies busy status of Key setting.

Assert to ‘1’ after user set KeyInValid, until the last cycle of operation.

KeyInValid or DataInValid will be ignored while KeyInBusy is ‘1’.

 

KeyInFinish

Out

KeyInFinish specifies finish status of Key setting.

Assert to ‘1’ at the last cycle of operation.

 

Encryption control signals

DataInValid

In

DataInValid is a user signal to specify data valid of DataIn.

Assert to ‘1’ to indicate that DataIn is valid and start encryption process.

 

DataIn [127:0]

In

DataIn is 128-bit input data.

DataIn must be valid when DataInValid is asserted to ‘1’.

 

DataInBusy

Out

DataInBusy specifies busy status of encryption.

Assert to ‘1’ after user set DataInValid, until the last cycle of operation.

KeyInValid or DataInValid will be ignored while DataInBusy is ‘1’.

 

DataInFinish

Out

DataInFinish specifies finish status of encryption.

Assert to ‘1’ at the last cycle of operation.

CipherOutValid

Out

CipherOutValid specify data valid for CipherOut.

Assert to ‘1’ when encryption finished.

 

CipherOut [127:0]

Out

CipherOut is 128-bit data output of encryption.

Valid when CipherOutValid is asserted to ‘1’.

 

 

 

 

Figure 2: AES256ENC operation timing diagram

 

AES256ENC operation is as simple as 2 steps to use as below.

1.1.   Key setting

Key setting is the first step to use AES256ENC. As shown in Figure 2, AES256ENC is started key setting process when KeyInValid=‘1’ and takes 14 clocks cycles to finish the process (KeyInBusy=‘0’). After that, this KeyIn is used for every encryption and can be changed via KeyInValid is asserted to ‘1’.

 

1.2.   Encryption control

As shown in Figure 2. After key setting, AES256ENC starts the process when DataInValid=‘1’. DataInBusy is set to be ‘1’ in next cycle and wait for 14 clock cycles, Process will finish when DataInBusy is set to be ‘0’. After that, Encrypted data is set to CipherOut [127:0] signal while CipherOutValid signal is set to be ‘1’.

For the best performance of encryption process, Figure 3 shows the timing diagram of continuous and pipelining encryption. User can used DataInFinish signal to generate DataInValid in the next cycle for start next encrytion.

 

 

Figure 3: Continuous and pipelining encryption

2.     AES256DEC

Table 6: Interface signals of AES256DEC

Signal name

Dir

Description

RstB

In

IP core system reset. Active low.

Clk

In

IP core system clock.

Key setting signals

KeyInValid

In

KeyInValid is a user signal to specify data valid of KeyIn.

Assert to ‘1’ to indicate that KeyIn is valid and start key setting.

 

KeyIn [255:0]

In

KeyIn is 256-bit key data of key setting.

KeyIn must be valid when KeyInValid is asserted to ‘1’.

 

KeyInBusy

Out

KeyInBusy specifies busy status of Key setting.

Assert to ‘1’ after user set KeyInValid, until the last cycle of operation.

KeyInValid or CipherInValid will be ignored while KeyInBusy is ‘1’.

 

KeyInFinish

Out

KeyInFinish specifies finish status of Key setting.

Assert to ‘1’ at the last cycle of operation.

 

Decryption control signals

CipherInValid

In

CipherInValid is a user signal to specify data valid of CipherIn.

Assert to ‘1’ to indicate that CipherIn is valid and start decryption process.

 

CipherIn [127:0]

In

CipherIn is 128-bit encrypted input data.

CipherIn must be valid when CipherInValid is asserted to ‘1’.

 

CipherInBusy

Out

CipherInBusy specifies busy status of decryption.

Assert to ‘1’ after user set CipherInValid, until the last cycle of operation.

KeyInValid or CipherInValid will be ignored while CipherInBusy is ‘1’.

 

CipherInFinish

Out

CipherInFinish specifies finish status of decryption.

Assert to ‘1’ at the last cycle of operation.

 

DataOutValid

Out

DataOutValid specify data valid for DataOut.

Assert to ‘1’ when decryption finished.

 

DataOut [127:0]

Out

DataOut is 128-bit data output of decryption.

Valid when DataOutValid is asserted to ‘1’.

 

 

 

 

Figure 4: AES256DEC operation timing diagram

 

AES256DEC operation is as simple as 2 steps to use as below.

2.1.   Key setting

Key setting is the first step to use AES256DEC. As shown in Figure 4, AES256DEC is started key setting process when KeyInValid=‘1’ and takes 14 clocks cycles to finish the process (KeyInBusy=‘0’). After that, this KeyIn is used for every decryption and can be changed via KeyInValid is asserted to ‘1’.

 

2.2.   Decryption control

As shown in Figure 4. After key setting, AES256DEC starts the process when CipherInValid=‘1’. CipherInBusy is set to be ‘1’ in next cycle and wait for 10 clock cycles, Process will finish when CipherInBusy is set to be ‘0’. After that, decrypted data is set to DataOut[127:0] signal while DataOutValid signal is set to be ‘1’.

For the best performance of decryption process, Figure 5 shows timing diagram of continuous and pipelining decryption. User can used CipherInFinish signal to generate CipherInValid in the next cycle for start next decryption.

 

 

Figure 5: Continuous and pipelining decryption

Verification Methods

AES256 IP Core functionality were verified on real board design by using ZCU106 Evaluation Board.

 

Recommended Design Experience

The user must be familiar with HDL design methodology to integrate this IP into system.

 

Ordering Information

This product is available directly from Design Gateway Co., Ltd. Please contact Design Gateway Co., Ltd. For pricing and additional information about this product using the contact information on the front page of this datasheet.

 

Revision History

Revision

Date

Description

1.00

1/Aug/2022

New release

1.02

29/Aug/2022

New design to improve performance

1.03

27/Sep/2022

Update pictures and description

1.04

15/Feb/2023

Add more resource information