AES-IP-37 AES Key Wrap Accelerators

The AES-IP-37 (EIP-37) is IP for accelerating the AES Key Wrap cipher algorithm (NIST-Key-Wrap & RFC3394) up to 6 Gbps. Designed for fast integration, low gate count and full transforms, the AES-IP-37 accelerator provides a reliable and cost-effective embedded IP solution that is easy to integrate into SoCs that need high speed key wrap and (key) storage or key import and export systems.

AES key wrap family of accelerators.

Available in three configurations / performance grades.

Library element for storage solutions.

How the AES-IP-37 AES Key Wrap Accelerators work

The AES-IP-37 is a family of the cryptographic library elements in the Rambus hardware IP library (formerly of Inside Secure). The accelerators include I/O registers, encryption and decryption cores, and the logic for feedback modes and key scheduling.

Sustained performance ranges from 1 to 6 Gbps depending on the configuration and area. Gate count is between 33K and 62K gates (excluding memory) depending on the configuration. Multiple AES-IP-37 cores can be cascaded.

Key wrap performance of the low gate count version is around 100K key wraps of unwraps (for 80-Byte key data), for the high end it is around 500K to 700K depending on frequency.

AES-IP-37 AES Key Wrap Accelerators
AES-IP-37 AES Key Wrap Accelerators
Watch Anti-Tampering Technologies Webinar

Anti-Tampering Technologies

The design of chip anti-tamper protection needs to adapt and scale with rising threats. Adversaries range from high school hackers to well-funded state actors. Given the threats, it’s useful to think about anti-tamper countermeasures as a hierarchy of safeguards that parallel the type, effort and expense of attacks. Watch this webinar to learn the eleven kinds of tampering attacks and their required skills and resources, and countermeasures for each of these attacks.

AES-IP-37 Information

Key benefits:

  • Silicon-proven implementation
  • Fast and easy to integrate into SoCs
  • Flexible layered design
  • Complete range of configurations
  • World-class technical support


  • Wide bus interface (128-bit data, 256-bit keys) or 32-bit register interface
  • Key/KEK sizes: 128, 192 and 256 bits
  • Includes key scheduling hardware
  • Supported modes: NIST AES Key Wrap
  • Memory interface for key, intermediate and result data storage up to 4096 bits 
(Maximum supported input data block size is 512 bytes) 

  • Fully synchronous design
  • Low Speed, Medium Speed, High Speed versions
  • Support for two ECC (Error Correcting Code) bits from the external memory
  • Multiple IV loading options 

  • Unwrap result verification



  • AES-IP-32 AES ECB accelerators
  • AES-IP-36 AES ECB/CBC/CTR accelerators
  • AES-IP-37 AES Key Wrap accelerators
  • AES-IP-38 AES XTS/GCM accelerators
  • AES-IP-39 AES ECB/CBC/CTR/CCM/GCM accelerators
Introduction to Side-Channel Attacks eBook

Introduction to Side-Channel Attacks

Side-channel attacks conducted against electronic gear are relatively simple and inexpensive to execute. Such attacks include simple power analysis (SPA) and Differential Power Analysis (DPA). As all physical electronic systems routinely leak information, effective side-channel countermeasures should be implemented at the design stage to ensure protection of sensitive keys and data.

Rambus logo