ChaCha20Poly1305-IP Core Datasheet
|
Core Facts |
|
|
Provided with Core |
|
|
Documentation |
User Guide, Design Guide |
|
Design File Formats |
Encrypted File |
|
Instantiation Templates |
VHDL |
|
Reference Designs & Application Notes |
Vivado Project, See Reference design manual |
|
Additional Items |
Demo on ZCU106 board |
|
Support |
|
|
Support Provided by Design Gateway Co., Ltd. |
|
Design Gateway Co., Ltd
E-mail: ip-sales@design-gateway.com
URL: design-gateway.com
Features
· Fully compliant with ChaCha20Poly1305 AEAD standard (RFC 8439)
· Supports 256-bit key size and 96-bit IV
· Supports zero-length AAD or data input
· Peak throughput rate of 64 Mbits/MHz
Table 1 Example Implementation Statistics
|
Family |
Example Device |
Fmax (MHz)
|
CLB Regs
|
CLB LUTs
|
CLB1 |
DSP |
BRAMTile |
Design Tools |
|
Zynq-Ultrascale+ |
xczu7ev-ffvc1156-2-e |
170 |
3796 |
7314 |
1149 |
40 |
0 |
Vivado 2022.1 |
Notes:
1) The actual logic resource depends on the percentage of unrelated logic.
Figure 1 ChaCha20Poly1305-IP Block Diagram
General Description
The ChaCha20Poly1305 IP Core (ChaCha20Poly1305-IP) implements the ChaCha20 stream cipher together with the Poly1305 message authentication code (MAC), following the IETF standard for Authenticated Encryption with Associated Data (AEAD).
ChaCha20 provides high-speed encryption and decryption with strong resistance against timing attacks, while Poly1305 ensures message authentication and integrity. Together, they form a widely adopted AEAD construction. The core supports a 256-bit key size and a 96-bit IV size. It also supports zero-length Additional Authenticated Data (AAD) or plaintext input, making it flexible for a wide range of secure applications.
There are two main operations in ChaCha20Poly1305-IP:
1) ChaCha20 Encryption/Decryption: generates a keystream to encrypt or decrypt data.
2) Poly1305 Authentication: computes a tag over ciphertext and Additional Authenticated Data (AAD) to verify integrity.
Functional Description
ChaCha20Poly1305-IP interface signals can be divided into three parts as follows: key setting signals, parameter setting signals, and data control signals.
Table 2 Interface signals of ChaCha20Poly1305-IP
|
Signal name |
Dir |
Description |
|
RstB |
In |
IP core system reset. Active low. |
|
Clk |
In |
IP core system clock. |
|
version[31:0] |
Out |
32-bit version number of ChaCha20Poly1305-IP. |
|
Key setting signals |
||
|
KeyInReady |
Out |
Indicates that the IP is ready to accept a new key. |
|
KeyInValid |
In |
Indicates that KeyIn is valid. |
|
DecryptEn |
In |
Set to: ‘0’ = encryption, ‘1’ = decryption. Must be valid when KeyInValid is asserted. |
|
BypassEn |
In |
Set to ‘0’ = normal ChaCha20Poly1305 operation, ‘1’ = bypass (data passes through unmodified). Must be valid when KeyInValid is asserted. |
|
KeyIn[255:0] |
In |
256-bit encryption/decryption key. Must be valid when KeyInValid is asserted. |
|
IV[95:0] |
In |
96-bit IV data for ChaCha20 operation. Must be valid when KeyInValid is asserted. |
|
Input data control signals |
||
|
AADInReady |
Out |
Indicates that the IP is ready to accept input AAD. |
|
AADInLast |
In |
Marks the final word of input AAD. |
|
DataInReady |
Out |
Indicates that the IP is ready to accept input plaintext or ciphertext. |
|
DataInValid |
In |
Indicates that DataIn is valid. |
|
DataInLast |
In |
Marks the final word of input plaintext or ciphertext. |
|
DataInByteEn[15:0] |
In |
Byte-enable for DataIn. This signal must contain contiguous 1's starting from the least significant bit (little-endian format). |
|
DataIn[127:0] |
In |
128-bit input data. Acts as AAD input when AADInReady = ‘1’, otherwise carries plaintext (for encryption) or ciphertext (for decryption). Must be valid when DataInValid is asserted. |
|
Output data control signals |
||
|
AADOutValid |
Out |
Indicates that DataOut is valid for AAD. |
|
AADOutLast |
Out |
Marks the DataOut final word of output AAD. |
|
DataOutValid |
Out |
Indicates that DataOut is valid for plaintext or ciphertext. |
|
DataOutLast |
Out |
Marks the DataOut final word of output plaintext or ciphertext. |
|
DataOutByteEn[15:0] |
Out |
Byte-enable for DataOut. This signal must contain contiguous 1's starting from the least significant bit (little-endian format). |
|
DataOut[127:0] |
Out |
128-bit output data. Acts as AAD input when AADOutValid = ‘1’, otherwise carries plaintext (for encryption) or ciphertext (for decryption) when DataOutValid = ‘1’. |
|
TagOutValid |
Out |
Asserted to 1 when the authentication tag is valid. |
|
TagOut[127:0] |
Out |
128-bit output tag. Valid when TagOutValid is asserted. |
Note:
* To encrypt/decrypt an empty DataIn, assert DataInValid and AADInLast/DataInLast to ‘1’, then set DataInByteEn to all-zero.
ChaCha20Poly1305-IP supports three operation modes:
· Encryption mode
In Encryption mode, when DecryptEn and BypassEn are both set to ‘0’ while KeyInValid is asserted, the IP operates as an encryptor. The key and IV (nonce) must be valid together with KeyInValid.
Then user can start sending AAD to DataIn when AADInReady is asserted. The last word of AAD must be indicated with AADInLast. Once all AAD has been received, the IP will begin to accept plaintext input through DataIn when DataInReady is asserted.
The output data is provided on DataOut, where AADOutValid indicates AAD output and DataOutValid indicates ciphertext output. After all data has been processed, the authentication tag is output on TagOut with TagOutValid asserted. On the next clock cycle, KeyInReady returns to ‘1’, and the IP is ready for the next operation. Timing diagram is shown in Figure 2.
Figure 2 ChaCha20Poly1305-IP
encryption mode timing Diagram
· Decryption mode
In Decryption mode, when DecryptEn is set to ‘1’ and BypassEn is set to ‘0’ while KeyInValid is asserted, the IP operates as a decryptor. The operation identical to Encryption mode, except that the input data is ciphertext and the output data is plaintext. Timing diagram is shown in Figure 3.
Figure 3 ChaCha20Poly1305-IP decryption mode timing Diagram
· Bypass mode
In Bypass mode, when BypassEn is set to ‘1’, the IP passes data directly from DataIn to DataOut without performing encryption or decryption.
Although the data path is bypassed, the user must still provide proper control signals: AADInLast must be asserted to mark the end of the AAD phase, and DataInLast must be asserted to mark the end of the data phase.
The output data is provided on DataOut, where AADOutValid indicates valid AAD output and DataOutValid indicates valid data output. The operation is considered finished when both DataOutValid and DataOutLast are asserted. On the next clock cycle, KeyInReady returns to ‘1’, and the IP is ready for the next operation. Timing diagram is shown in Figure 4.
Figure 4 ChaCha20Poly1305-IP bypass mode timing Diagram
Verification Methods
The ChaCha20Poly1305-IP Core functionality was verified by simulation and also proved on real board design by using ZCU106 Evaluation Board.
Recommended Design Experience
The user must be familiar with HDL design methodology to integrate this IP into a system.
Ordering Information
This product is available directly from Design Gateway Co., Ltd. Please contact Design Gateway Co., Ltd. For pricing and additional information about this product, use the contact information on the front page of this datasheet.
Revision History
|
Revision |
Date (D-M-Y) |
Description |
|
1.00 |
14-Oct-25 |
Initial release |