10G/25G/40G/50G AES Encryption Core
Overview
The 10G/25G/40G/50G AES Encryption Core is a high performance and yet low footprint AES engine for 10G/s – 50G/s application. Typical applications are providing bulk encryption for 25GE, 10GE, OTU3, OTU2 and OTU2e as well as legacy SONET/SDH OC192/STM-64.
Key Features
- Compliant with Advanced Encryption Standard Fips197 with key size 256-bits.
- Integrates Galois/Counter (GCM) authenticated encryption/decryption mode of operation in accordance with NIST 800-38D
- Supports 96-bit Initialization Vector (IV)
- Supports up to 16B Authentication TAG
- Supports variable size Additional Authenticated Data (AAD)
- Operates in single 256-bit AES key or dual 2×256-bit AES Key in configurable key switching schemes.
- On-the-fly key expansion for both encryption and decryption.
- Customizable new KEY acceptance and failed KEY exchange handling
- Supports OTNsec OPUk encryption/decryption.
- Supports inbound SW communication for key exchange through ODUk OH
- Optional Scrambled SW communication channels to enhance confidentiality
- Optimized parallel high speed architecture suitable for ASIC or FPGA implementation.
- Supported bus width options: 10G/25G/40G/50G – 16 bytes or 32 bytes
- Processor interface with 32-bit data-bus
- Modes of operations supported: GCM, CTR, GMAC.
Benefits
- All our AES Cores support the following features:
- Simultaneous 2-key system (can be extended to multi-key system)
- Active/standby keys mode (default)
- Odd/even key mode
- Random 2-key switching mode
- Customizable new KEY acceptance and failed KEY exchange handling
- Authentication modes
- Authentication bypass (for ultra-low latency application)
- HW-assisted or SW hosted Authentication
- GCM/CTR/GMAC or others
- Optional AIS or NULL filled OPU when authentication failed
- Authentication alarms and PM counters
Block Diagram
