Vendor: Nuclei System Technology Category: Symmetric Crypto

Cryptographic engine using the DES, Triple-DES or AES

The cryptographic processor (CRYP) can be used both to encrypt and decrypt data using the DES, Triple-DES, AES or SM4 algorithms.

Overview

The cryptographic processor (CRYP) can be used both to encrypt and decrypt data using the DES, Triple-DES, AES or SM4 algorithms. It is a fully compliant implementation of the following standards:

  • The data encryption standard (DES) and Triple-DES (TDES) as defined by Federal Information Processing Standards Publication (FIPS PUB 46-3, Oct 1999), and the American National Standards Institute (ANSI X9.52).
  • The advanced encryption standard (AES) as defined by Federal Information Processing Standards Publication (FIPS PUB 197, Nov 2001).
  • SM4 encryption standard GB/T 32907-2016.
  • Multiple key sizes and chaining modes are supported:
  • DES/TDES chaining modes ECB and CBC, supporting standard 56-bit keys with 8-bit parity per key.
  • SM4 chaining modes ECB, CBC, CTR, GCM, GMAC, CCM for key sizes of 128 bits.
  • AES chaining modes ECB, CBC, CTR, GCM, GMAC, CCM for key sizes of 128, 192 or 256 bits.

The CRYP is a 32-bit bus peripheral. It supports DMA transfers for incoming and outgoing data (two DMA channels are required). The peripheral also includes input and output FIFOs (each 8 words deep) for better performance.

Key features

  • Compliant implementation of the following standards:
    • NIST FIPS publication 46-3, Data Encryption Standard (DES)
    • ANSI X9.52, Triple Data Encryption Algorithm Modes of Operation
    • NIST FIPS publication 197, Advanced Encryption Standard (AES)
  • AES symmetric block cipher implementation
    • 128-bit data block processing
    • Support for 128-, 192- and 256-bit cipher key lengths
    • Encryption and decryption with multiple chaining modes: Electronic Code Book (ECB), Cipher Block Chaining (CBC), Counter mode (CTR), Galois Counter Mode (GCM), Galois Message Authentication Code mode (GMAC) and Counter with CBC-MAC (CCM)
    • 11 (respectively 15) clock cycles for processing one 128-bit block of data with a 128-bit (respectively 256-bit) key in AES-ECB mode
    • Integrated key scheduler with its key derivation stage (ECB or CBC decryption only)
  • SM4 symmetric block cipher implementation
    • 128-bit data block processing
    • Support for 128-bit cipher key lengths
    • Encryption and decryption with multiple chaining modes: Electronic Code Book (ECB), Cipher Block Chaining (CBC), Counter mode (CTR), Galois Counter Mode (GCM), Galois Message Authentication Code mode (GMAC) and Counter with CBC-MAC (CCM)
    • 33 clock cycles for processing one 128-bit block of data with a 128-bit key in SM4-ECB mode
    • Integrated key scheduler with its key derivation stage (ECB or CBC decryption only)
  • DES/TDES encryption/decryption implementation
    • 64-bit data block processing
    • Support for 64-, 128- and 192-bit cipher key lengths
    • Encryption and decryption with support of ECB and CBC chaining modes
    • Direct implementation of simple DES algorithms (a single key K1 is used)
    • 17 (respectively 51) clock cycles for processing one 64-bit block of data in DES (respectively TDES) ECB mode
    • Software implementation of ciphertext stealing
  • Features common to DES/TDES AES and SM4
    • ICB slave peripheral, accessible through 32-bit word single accesses only
    • 256-bit register for storing the cryptographic key (8x 32-bit registers)
    • 128-bit registers for storing initialization vectors (4x 32-bit)
    • An internal IN FIFO of eight 32- bit words, corresponding to four incoming DES blocks or two AES blocks
    • An internal OUT FIFO of eight 32-bit words, corresponding to four processed DES blocks or two AES blocks
    • Automatic data flow control supporting direct memory access (DMA) using one channel. Single transfers are supported
    • Data swapping logic to support 1, 8, 16 or 32 bit data
    • Possibility for software to suspend a message if the cryptographic processor needs to process another message with higher priority (suspend/resume operation)

Files

Note: some files may require an NDA depending on provider policy.

Specifications

Identity

Part Number
CRYP
Vendor
Nuclei System Technology
Type
Silicon IP

Provider

Nuclei System Technology
HQ: China
Nuclei System Technology is a top RISC-V processor IP vendor based in China . Nuclei is dedicating to develop configurable low-power and high-performance 32/64-bit RISC-V processors and related solutions for AIoT applications. Nuclei has developed several series products to address the full range of embedded system applications, including N100, N200, N300, N/NX/UX 600, with extensible and security features. We have collaborated with many well-known companies for silicon-proven solutions, e.g. the first RISC-V general MCU - GDVF103 with GigaDevice.

Learn more about Symmetric Crypto IP core

RoT: The Foundation of Security

The goal of this white paper is to provide a primer introduction to RoT and how to choose a right RoT as the trust anchor for a novel hardware based security architecture

Frequently asked questions about Symmetric Cryptography IP cores

What is Cryptographic engine using the DES, Triple-DES or AES?

Cryptographic engine using the DES, Triple-DES or AES is a Symmetric Crypto IP core from Nuclei System Technology listed on Semi IP Hub.

How should engineers evaluate this Symmetric Crypto?

Engineers should review the overview, key features, supported foundries and nodes, maturity, deliverables, and provider information before shortlisting this Symmetric Crypto IP.

Can this semiconductor IP be compared with similar products?

Yes. Buyers can compare this product with similar semiconductor IP cores or IP families based on category, provider, process options, and structured technical specifications.

×
Semiconductor IP