CRYPT-IP-120 AES Crypto, SHA-2 Hash Core with DMA

The CRYPT-IP-120 combines local key storage, an AES cipher (AES-IP-39), a SHA-2 hash (HASH-IP-57) and DMA capability into an easy to integrate, silicon-proven package. Designed for fast integration into SoCs, and featuring low gate count and full transforms, the CRYPT-IP-120 DMA crypto engine provides a reliable and cost-effective embedded solution for high speed processing pipelines.

AES, SHA-2, and DMA in a single IP core

Performance @ 500MHz

  • 1 Gbps AES-128, 192
  • 8 Gbps AES-256
  • 4 Gbps SHA-256
Optional algorithms and customization

CRYPT-120 Advantages

The CRYPT-IP-120 DMA crypto core provides hardware cryptographic algorithm implementations for optimal performance, user experience, battery lifetime and robust security.

  • Significant performance boost compared to software execution on the host processor.
  • Ability to store keys in an integrated RAM via DMA, and keep these inaccessible from (but usable by) the host/application.

The flexibility of the CRYPT-IP-120 architecture allows customization to individual requirements, including SNOW3G, Kasumi, AES-XTS and other basic IP modules.

CRYPT-IP-120 Features

Specifications CRYPT-IP-120b CRYPT-IP-120c-c CRYPT-IP-120c-h CRYPT-IP-120d-h CRYPT-IP-120f
Control Interface Simple register based control interface
Operation done interrupt
DMA done interrupt
DMA Controller4 Check Icon Check Icon Check Icon Check Icon Check Icon

AHB Master & Slave Interfaces5

Check Icon Check Icon Check Icon Check Icon Check Icon
Local Key Store3 Check Icon       Check Icon
AES1 Check Icon       Check Icon
SHA   224, 256 224, 256, 384, 5122 224, 256, 384, 5122 224, 256  
Gate Count (fab and process node-dependent) 49-53K        


  1. AES Algorithm (AES)
    • 128, 192 and 256-bit key support
    • AES-CCM
    • AES-GCM (Optional, by default available)
    • Internal GCM hash key calculation
    • Key load via the Key Store only
    • IV writing and reading via slave interface
    • Data load via the slave and DMA
    • Data readout via the slave and DMA
    • Tag readout via the slave and DMA
  1. Hash Configuration
    • Basic hash
    • HMAC (using several basic hash operations)
    • Digest and length load via the slave
    • Data load via the slave and DMA
    • Digest readout via the slave and DMA
  1. Key Store
    • Secure management of sensitive security parameters
    • Local 8 x 128-bit (or 4 x 192-bit/256-bit) encryption key storage
    • Writable via DMA only
    • Key store RAM: 32×32 bit 1 port RAM
  1. DMA controller
    • Two channels (inbound, outbound)
    • 16-bit DMA length
  1. AMBA interface
    • AHB interface (AMBA V2.0)
      • 32-bit AHB slave interface for configuration and data
      • 32-bit AHB master interface for keys, crypto and hash blocks
      • Optional use of privileged accesses for key reads
    • AXI interface (AMBA V3.0)
      • 32-bit and 64-bit AXI master and slave interface available on request
Introduction to Side-Channel Attacks eBook

Introduction to Side-Channel Attacks

Side-channel attacks conducted against electronic gear are relatively simple and inexpensive to execute. Such attacks include simple power analysis (SPA) and Differential Power Analysis (DPA). As all physical electronic systems routinely leak information, effective side-channel countermeasures should be implemented at the design stage to ensure protection of sensitive keys and data.

Rambus logo