IP Catalog > Security IP > DPA and FIA Countermeasures IP > AES Authenticated Encryption Accelerator with DPA or with DPA and FIA

AES Authenticated Encryption Accelerator with DPA or with DPA and FIA

Overview

The SCA-resistant AES-IP-3X family of crypto accelerator cores provide semiconductor manufacturers with superior AES cipher acceleration. The cores are easily integrated into ASIC/SoC and FPGA devices and offer a high-level of resistance to various Side Channel Attacks like Differential Power Analysis (DPA), and optionally offer detection of Fault Injection Attacks (FIA).

Key Features

  • Accelerates AES according to FIPS-197 supporting all key sizes
  • NIST SP 800-38A: Recommendation for Block Cipher Modes of Operation
  • NIST SP 800-38B Block Cipher with Cipher-based Message Authentication Code (CMAC)
  • NIST SP 800-38C Block Cipher with Counter with Cipher Block Chaining-Message Authentication Code (CCM)
  • NIST SP 800-38D Block Cipher with Galois/Counter Mode (GCM)
  • NIST SP 800-38E XEX-based tweaked-codebook (XTS)
  • Common Criteria v3.1 ISO/IEC 15408-1/-2/-3, certificate CC-22-0397779 2022-07-29, EAL4+ AVA_VAN.5, ALC_DVS.2, ATE_DPT.2
  • SCA Test Vector Leakage Assessment shows no leakage beyond 100 million operations

Benefits

  • The SCA-resistant AES-IP-3X cores perform AES encryption with SCA countermeasures using only 1 clock cycle (or 2 or 8 clock cycles for smaller configurations) per AES round, outperforming any existing solution. The cores support SCA- and FIA-resistant AES encryption and decryption in any AES mode, with 128-, 192- or 256-bit keys. The AES-IP cores implement so called double-size wide-bus interfaces (to carry two DPA shares for each protected input and output bus) and include key input, entropy data input, IV input, cipher data input, and cipher data output buses.
  • The unique AES cores implement highly-efficient digital SPA, DPA, CPA, DEMA, CEMA and perform at 1, 2 or 8 cycles per AES round. The fastest Rambus AES SCA protected core has no overhead comparing to regular unprotected cores, outperforming competing solutions by a factor of 2.
  • The countermeasures are extensively validated using Test Vector Leakage Assessment methodology and show no leakage beyond 100 million operations (or 10 for smaller configurations). This results in a core that is protected against side-channel attacks beyond 1 billion operations. The FIA-resistant core detects faults that are injected by, for example, lasers or EM pulses.

Deliverables

  • Complete Documentation
    • Integration guide
    • Reference manual
  • RTL Package
    • Verilog RTL for synthesis and simulation
    • Standard EDA tool flow scripts and support files
    • Verification test bench and test vectors

Technical Specifications

Foundry, Node
Any
Maturity
In production
Availability
Now
Request Info

Related IPs

×
Semiconductor IP