CoreAES128
Product Summary
Intended Use
•
•
Whenever Data is Transmitted Across an Accessible
Medium (Wires, Wireless, etc.)
E-commerce Transactions Where Dedicated
Encryption/Decryption Hardware Can Ease the
Load on Servers
Personal Security Devices
Bank
Transactions
where
State-of-the-Art
Financial Security Is Mandatory
•
–
Compiled RTL Simulation
Supported in Actel Libero IDE
Model
Fully
RTL Version
–
–
Verilog and VHDL Core Source Code
Core Synthesis Scripts
•
Actel-Developed Testbench (Verilog and VHDL)
Synthesis and Simulation Support
•
•
Synthesis: Synplicity
®
, Synopsys
®
(Design Compiler
®
/ FPGA Compiler
™
/ FPGA Express
™
), Exemplar
™
Simulation: OVI-Compliant Verilog Simulators and
Vital-Compliant VHDL Simulators
•
•
Key Features
•
•
•
•
•
•
•
•
Compliant with FIPS PUB 197
ECB (Electronic Codebook) Implementation per
NIST SP 800-38A
Example Source Code Provided for CBC, CFB, OFB,
and CTR Modes
128-bit Cipher Key
Encryption and Decryption Possible with the Same
Core
44-Clock Cycle Operation to Encrypt or Decrypt
128 Bits of Data
Pause/Resume
Functionality
Encryption or Decryption at Will
Provides Redundant Security
to
Continue
•
Core Verification
•
Actel-Developed Simulation Testbench Verifies
CoreAES128 against Tests Available on the
National Institute of Standards and Technology
(NIST) Website:
http://csrc.nist.gov/encryption/aes/rijndael/
User Can Easily Modify Testbench Using Existing
Format to Add Custom Tests
Contents
General Description ................................................... 2
CoreAES128 Device Requirements ............................ 4
CoreAES128 Verification ............................................ 4
I/O Signal Descriptions ............................................... 4
CoreAES128 Initialization .......................................... 4
CoreAES128 Operation .............................................. 4
Cipher Key Expansion ................................................ 6
Encryption .................................................................. 7
Decryption .................................................................. 8
Pause/Resume ............................................................. 9
Clear/Abort ............................................................... 10
Modes of Operation ................................................ 10
Ordering Information .............................................. 11
Export Restrictions ................................................... 11
List of Changes ......................................................... 12
Datasheet Categories ............................................... 12
Supported Families
•
•
•
•
Fusion
ProASIC3/E
ProASIC
PLUS®
Axcelerator
®
Core Deliverables
•
Evaluation Version
–
Compiled RTL Simulation Model Fully
Supported in Actel Libero
®
Integrated Design
Environment (IDE)
Structural Verilog and VHDL Netlists (with and
without I/O Pads) Compatible with the Actel
Designer Software Place-and-Route Tool
•
Netlist Version
–
December 2005
© 2005 Actel Corporation
v 4 .0
1
CoreAES128
General Description
The CoreAES128 macro implements the Advanced
Encryption Standard (AES), which provides a means of
securing data. AES utilizes the Rijndael algorithm, which
is described in detail in the
Federal Information
Processing Standards (FIPS) Publication (PUB) 197
and is
shown in
Figure 1 on page 2.
The AES (Rijndael) algorithm takes as input 128 bits of
plaintext data and 128 bits of a cipher key. After several
rounds of computation, it produces a 128-bit ciphered
version of the original plaintext data as output.
1
During
the rounds of the algorithm, the data bits are subjected
to byte substitution, data shift operations, data mixing
operations, and addition (XOR) operations, with an
expanded version of the original 128-bit cipher key.
Data input
Expand key into
schedules for each
round of computation
Cipher key
Add
round key
Byte
substitution
Repeat
9 times
Row
shift
Column
mix
Add
round key
Byte
substitution
Row
shift
Add
round key
Data output
Figure 1 •
AES Algorithm (128-bit Cipher Key)
CoreAES128 consists of four main blocks (Figure
2 on
page 3).
1. Data schedule logic – computes the intermediate
data values at each round of the AES algorithm.
2. State correlator logic – maintains coherency
between data and key schedule logic.
3. Key schedule logic – controls the intermediate key
schedules at each round of the AES algorithm.
4. Key expansion logic – expands the original 128-bit
key for use in encryption or decryption operations.
1.
FIPS PUB 197
allows for key sizes of 128, 192, and 256 bits; however, this implementation supports a cipher key size of 128
bits only.
2
v4.0
CoreAES128
Data In
Data
Schedule
Logic
Data Out
State
Correlator
Data Valid
Cipher Key
Key
Expansion
Logic
Key
Schedule
Logic
Key Expanded
Figure 2 •
CoreAES128 Block Diagram
Design Security
Figure 3
shows a typical system diagram.
Note that the cipher key, which is the
"secret" key, can be made up of FPGA logic cells,
preventing the possibility of design and data theft. Actel
Flash-based (ProASIC
PLUS
) devices employ FlashLock™
technology, and Actel antifuse-based (Axcelerator)
devices use FuseLock™ technology, each of which secures
the cipher key and the rest of the logic. The output of
the CoreAES128 macro should be connected to registers
or FIFOs, since it is only valid for one clock cycle, as
shown by example in the
"Encryption" section on page 7
and the
"Decryption" section on page 8.
Actel FPGA
Local Device
Plaintext
(Unencrypted)
Data
Source
Other
Logic
Registers or
FIFO
CoreAES128
Other
Logic
To other logic or
global distribution,
e.g., Internet, etc.
Encrypted
Data
Output
Cipher
Key
Figure 3 •
Typical CoreAES128 System
v4.0
3
CoreAES128
CoreAES128 Device Requirements
The CoreAES128 macro has been implemented into the Actel ProASIC3/E, ProASIC
PLUS
and Axcelerator device families.
A summary of the implementation data is listed in
Table 1.
Table 1 •
CoreAES128 Device Utilization and Performance
Cells or Tiles
Family
Fusion
ProASIC3/E
ProASIC
PLUS
Axcelerator
Sequential Combinatorial
529
529
316
425
4664
4664
5239
2687
Total
5193
5193
5555
3112
RAM blocks
20
20
24
10
Utilization
Device
AFS600-2
A3PE600-2
APA450-STD
AX500-3
Total
38%
38%
46%
39%
Performance Throughput
75 MHz
75 MHz
35 MHz
100 MHz
224 Mbps
224 Mbps
102 Mbps
291 Mbps
Note:
Data in this table achieved using typical synthesis and layout settings.
Data throughput is computed by taking the bit width of
the data (128 bits), dividing by the number of cycles (44),
and multiplying by the clock rate (performance); the
result is listed in Mbps (millions of bits per second).
CoreAES128 Initialization
After a reset condition, as illustrated in
Figure 5 on page
5,
the CoreAES128 macro performs a self-initialization
process. This initialization process takes 1,024 clock cycles
to perform, after which the READY signal becomes active
at logic '1'. Once READY is active, the CoreAES128 macro
is ready for cipher key expansion, followed by encrypt or
decrypt operations.
CoreAES128 Verification
The comprehensive verification simulation testbench
(included with the Netlist and RTL versions of the core)
verifies the CoreAES128 macro against test cases listed
on the NIST website for AES:
http://csrc.nist.gov/encryption/aes/rijndael/.
The verification testbench applies several tests to the
CoreAES128 macro, including variable text tests, variable
key tests, table tests, and Monte Carlo tests. Using the
supplied user testbench as a guide, the user can easily
customize the verification of the core by adding or
removing tests.
CoreAES128 Operation
As shown on the left side of
Figure 1 on page 2,
the AES
algorithm requires an expanded version of the original
cipher key for use in encrypting or decrypting data. Upon
a power-up condition, the cipher key and the expanded
version of the cipher key are undefined. Therefore, they
must be setup after the initialization process, described
in the
"CoreAES128 Initialization" section on page 4,
and
before encryption or decryption operations can take
place. The following procedures (located in the
"Cipher
Key Expansion" section on page 6)
for writing and
expanding the cipher key must be repeated any time a
new 128-bit cipher key is required, such as after a reset
or power-up condition. Note: if the same cipher key is to
be used for all encryption and decryption operations, the
following procedures for writing and expanding the
cipher key only need to be performed once.
I/O Signal Descriptions
The port signals for the CoreAES128 macro are defined in
Table 2
and illustrated in
Figure 4 on page 5.
All signals
are either "Input" (input only) or "Output" (output
only).
Table 2 •
CoreAES128 I/O Signal Descriptions
Name
NRESET
CLK
EN
CLR
ED
Type
Input
Input
Input
Input
Input
Description
Active-low asynchronous reset
System clock: reference clock for all internal logic
Enable signal: set to '1' for normal continuous encrypt/decrypt operation, set to '0' to pause
Synchronous clear signal: set to '1' to clear logic at any time
Encrypt/decrypt: '1' to encrypt, '0' to decrypt
4
v4.0
CoreAES128
Table 2 •
CoreAES128 I/O Signal Descriptions (Continued)
Name
D[127:0]
K[31:0]
KSEL[1:0]
KWR
KEXP
Q[127:0]
QVAL
READY
KRDY
Type
Input
Input
Input
Input
Input
Output
Output
Output
Output
Description
Data in: 128-bit data input bus
Key: 32-bit cipher key input bus
Key select: selection bits to direct K[31:0] to one of four 32-bit words comprising internal 128-bit cipher
key
Key write: set to '1' to write K[31:0] to one of four 32-bit words comprising internal 128-bit cipher key
Key expand: set to '1' to expand the 128-bit internal key
Data out: 128-bit ciphertext (encrypt operation)/plaintext (decrypt operation) output bus
Q Valid: '1' indicates that valid encrypt/decrypt data is available on Q[127:0]
Ready: '1' indicates that CoreAES128 has finished its initialization sequence 1,024 clock cycles after the
rising edge of NRESET
Key ready: '1' indicates that the internal 128-bit cipher key was expanded and the macro is ready for
encryption/decryption
NRESET
CLK
EN
CLR
ED
D[127:0]
K[31:0]
KSEL[1:0]
KWR
KEXP
Figure 4 •
CoreAES128 I/O Signal Diagram
CoreAES128
Q[127:0]
QVAL
READY
KRDY
cycle
CLK
NRESET
READY
1
2
3
...
1022 1023 1024
Don't care
Undefined
Figure 5 •
CoreAES128 Initialization
v4.0
5
京公网安备 11010802033920号
Copyright © 2005-2026 EEWORLD.com.cn, Inc. All rights reserved
电子工程世界
