At Rambus, we create cutting-edge semiconductor and IP products, spanning memory and interfaces to security, smart sensors and lighting.
The AES-IP-38 (EIP-38) is IP for accelerating the AES symmetric cipher algorithm supporting GCM or XTS modes at extreme speeds up to 100 Gbps+ @ 850 MHz. Designed for fast integration, fast key switching and high performance, the AES-IP-38 accelerator provides a reliable and cost-effective embedded IP solution that is easy to integrate into high speed crypto pipelines. The IP supports Cipher Text Stealing (CTS) in combination with AES-XTS.
AES XTS/GCM family of high speed accelerators.
Available in 12 configurations / performance grades.
Full key and data path integrity option.
The AES-IP-38 is a family of the cryptographic library elements in the Rambus hardware IP library (formerly of Inside Secure). For example, the AES-IP-38 is the cipher core embedded in all MACSec protocol aware security engines. The accelerators include I/O registers, encryption and decryption cores, and the logic for feedback modes and key scheduling.
Even though the Advanced Encryption Standard (AES) algorithm was designed to allow high-speed implementations, its regular feedback modes such as CBC, CFB, and OFB are not ideal for supporting very high-speed networking applications. The AES-GCM and AES-XTS algorithms do not use these regular AES feedback modes and allow very high-speed encryption and authentication by enabling an implementation to make use of parallelism. Typical uses cases for AES-GCM and AES-XTS are high-speed transmission (virtual private networking) and disk storage (protection of data at rest). For transmission protection, AES-GCM can for instance implement authenticated encryption at the network layer (IPsec) or at the data link layer (IEEE 802.1ae). The AES-GCM (Galois Counter Mode) has, since its publication in 2005, been used in many IPsec and MACsec applications. It is a very efficient algorithm, suitable to achieve very high performances. AES-XTS has been adopted by IEEE P1619 for protection of data at rest. The AES-IP-38 also supports the legacy AES-LRW algorithm. Within the AES-IP-38 product family a range of AES-XTS configurations is available that allows efficient key switching while maintaining throughputs for small sector sizes, ex- and including CTS.
Sustained performance for any object sizes ranges from 6 to 100 Gbps+ depending on the configuration and area. Gate count is between 90K and 650K gates depending on the configuration. Multiple AES-IP-38 cores can be cascaded. Tailored for storage solutions, a dedicated configuration offering full key and data path integrity is available.
The design of chip anti-tamper protection needs to adapt and scale with rising threats. Adversaries range from high school hackers to well-funded state actors. Given the threats, it’s useful to think about anti-tamper countermeasures as a hierarchy of safeguards that parallel the type, effort and expense of attacks. Watch this webinar to learn the eleven kinds of tampering attacks and their required skills and resources, and countermeasures for each of these attacks.
Flexible, layered design:
Data Integrity Protection:
Side-channel attacks conducted against electronic gear are relatively simple and inexpensive to execute. Such attacks include simple power analysis (SPA) and Differential Power Analysis (DPA). As all physical electronic systems routinely leak information, effective side-channel countermeasures should be implemented at the design stage to ensure protection of sensitive keys and data.