






Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
Information about ocean logic's aes cryptoprocessor family, which is a hardware implementation of the advanced encryption standard (aes) algorithm. The general description, applications, features, and available options of the aes core family. It also includes details on encryption and decryption, key expansion, and core throughput.
Typology: Study notes
1 / 10
This page cannot be seen from the preview
Don't miss anything!
Rev 1.
This core family implements various aspects of the AES (Advanced Encryption Standard) algorithm. Simple, fully synchronous design with low gate count.
♦ Electronic financial transactions. ♦ Secure communications. ♦ Secure video surveillance systems. ♦ Encrypted data storage.
♦ Implemented according to the FIPS 197 documentation. ♦ Also available in CBC, CFB and OFB modes. ♦ Key size of 128, 192 and 256 bits. ♦ Both encryption and decryption supported. ♦ Fully synchronous design. ♦ Available as fully functional and synthesizable VHDL or Verilog soft-core. ♦ Test benches provided. ♦ Xilinx and Altera netlists available.
AES
Core
Data Output
Data
Key
Control
Input
Input
The OL_AES core family is a hardware implementation of various aspects of the AES algorithm as described in NIST’s released documentation, suitable for a variety of applications.
The AES algorithm was selected by NIST on October 20, 2000 amongst a group of competing algorithms. The algorithm chosen by NIST, Rijndael offers strong and secure encryption with the added flexibility of variable key block sizes.
Compared to the DES and the triple DES algorithms AES provides an even higher level of security.
An AES encryption operation consists in the transformation of a 128 bits block into a block of the same size.
The encryption key can be chosen among three different sizes: 128, 192 or 256 bit. The key is expanded during cryptographic operations.
A block diagram of the AES core is shown below.
AddRoundKey State Storage ByteSub ShiftRow MixColumn Area
KEY
DIN
DOUT
Key Expander
Figure 1 AES core block diagram.
The AES algorithm consists of a series of steps repeated a number of times (rounds). The number of rounds depends on the size of the key and the data block. The intermediate cipher result is known as state.
Rounds 10 12 14 Table 1 Number of rounds as a function of key size.
Initially, incoming data and key are added together in the AddRoundKey module. The result is stored in the State Storage area.
The state information is then retrieved and the ByteSub, Shiftrow, MixColumn and AddRoundKey are performed on it in the specified order. At the end of each round the new state is stored in the State Storage area. These operations are repeated according to the number of rounds. The final round is anomalous as the MixColumn step is skipped.
After the final round the cipher is output.
Equivalent Inverse Cipher algorithm as outlined in the AES documentation. Consequently encryption and decryption pre-expanded keys are not equivalent. Ocean Logic can provide an additional module so that encryption and decryption pre-expanded keys are the same. The symbol of the core is shown below.
Figure 2 OL_AES_ED symbol
Name Type Description RSTN Input Core reset, active low. CLK Input Core clock signal. EN Input Synchronous enable signal. When LOW the core ignores all its inputs and all its outputs must be ignored. GO Input When HIGH, a cryptographic operation is started. E_D Input Encryption is performed when LOW, decryption when HIGH. KEY[31:0] Input Pre-expanded input key. KSIZE[1:0] Input Input key size. DIN[31:0] Input Input data. DIN_REQ Output Input data request signal. DOUT[31:0] Output Output data. DOUT_VLD Output Output data valid.
Rising the input on the GO port triggers the beginning of a cryptographic operation on the data DIN using the KEY as key. The key size selection can be performed on the core by the KSIZE input. Valid values for KSIZE are “00”,”01” and “10” selecting 128, 192 or 256 bits respectively. The KSIZE inputs must not be changed while the data is processed.
The core then raises the DIN_REQ signal requesting the data block. It then starts to process the state according to the AES algorithm. The timing diagram below shows how the data is fed to the core at the start.
KSIZE[1:0] Valid
E_D Valid
Figure 3 Key and data input at the start of encryption.
The KSIZE parameter is passed to the core after the GO signal is raised. Input of the KEY data continues for all the duration of the cryptographic operation.
Both data and key are input serially, 32 bits at the time. The diagram above shows the case where the input data is 128 bits. The ordering of the data is shown in the figure below.
31 23 15 7 0
Word 1
D D D D Word N
D D D D Word 0
D D D D
4n 4n+1 4n+2 4n+
0 1 2 3
4 5 6 7
Figure 4 AES core data ordering.
When all the rounds are completed the DOUT_VLD signal is raised and the encrypted data starts to flow out. This is shown in the timing diagram below.
KEXP
Figure 6 OL_KEXP_ED symbol
Name Type Description RSTN Input Core reset, active low. CLK Input Core clock signal. EN Input Synchronous enable signal. When LOW the core ignores all its inputs and all its outputs must be ignored. GO Input When HIGH, key expansion is started. E_D Input Key is expanded for encryption or decryption. KSIZE[1:0] Input Input key size. KIN[31:0] Input Unexpanded key input. KEY_REQ Output Input key request signal. ADDR[5:0] Output Address for the key expanded data KEY[31:0] Output Expanded key data. KEY_LAST Output Last expanded key data.
Rising the input on the GO port triggers the beginning of the expansion of the KEY input. The key size selection can be performed on the core by the KSIZE input. Valid values for KSIZE are “00”,”01” and “10” selecting 128, 192 or 256 bits respectively. The KSIZE inputs must not be changed while the data is processed.
The core then raises the KEY_REQ signal requesting the key. It then starts to expand the key according to the AES algorithm.
The timing diagram below shows how the data is fed to the core at the start in the case of a 128 bit key.
Figure 7 Key input at the start of expansion.
During the expansion process, the expanded key data is available at the output KEY. At the end of the expansion operation, the signal KEY_LAST is raised. The core is immediately ready for another expansion operation and, in fact, the KEY_REQ signal is raised immediately after. The diagram below illustrates this.
Last
Figure 8 Last expanded key data and start of new expansion.
Any expansion operation can be aborted at any time by lowering the GO signal. Also, the core can be stalled at any time by lowering the synchronous enable signal EN.
Table 3 shows the number of cycles required for a key expansion operation as a function of key size.
PO BOX 768 - Manly NSW 1655 - Australia Tel: +61-2-99054152 Fax: +61-2- E-Mail: info@ocean-logic.com URL : http://www.ocean-logic.com/