The AES XP-DPA-FIA IP core belongs to the FortiCrypt product family. It is intended for applications that require extremely high performance and implements AES GCM for high-volume authenticated network communications and AES XTS for high-volume storage encryption. The AES XP IP core employs a multi-pipelined architecture with a configurable number of pipelines. In AES GCM, in addition to the protection of AES, it protects the GHASH authentication mechanism.
This is a unique solution in the market since it combines multi-pipelined architecture with protection against SCA and FIA.
The AES XP-DPA-FIA IP Core, as well as all the FortiCrypt products, is based on RAMBAM – the next-generation purely algorithmic, implementation-agnostic protection scheme of AES. It is designed to provide the highest level of protection against side-channel attacks (SCA) and fault injection attacks (FIA), including SIFA.
The RAMBAM protection scheme utilizes masking methods based on finite field arithmetic that implement attack resistance without incurring extra latency costs.
The core protection mechanism was verified using the rigorous Test Vector Leakage Assessment (TVLA) test at 1B traces, both by FortifyIQ and by a third-party Common Criteria lab. Resistance to attacks was validated analytically and on a physical device. The cores are fully synthesizable and do not require custom cells or special place & route handling.
DPA- and FIA-resistant Ultra High Bandwidth FortiCrypt AES IP core
Overview
Key Features
- Ultra-high bandwidth due to multi-pipeline architecture, HUNDREDs Gbps (@500 MHz on a 45nm tech. process)
- Extensible pipeline architecture
- Low latency
- Passes the rigorous Test Vector Leakage Assessment (TVLA) test at 1B traces
- Protected against fault injection attacks, including SIFA
- Tunable protection level
- Optional embedded internal PRNG for random masking
- NIST FIPS-197 compliant
- AES-128/192/256 encryption and decryption
- XTS or GCM modes of operation
- Auxiliary key port hidden from software
- Configurable choice of interfaces
- Bare cryptographic core
- AMBA, AXI, or APB
- Optional input data FIFO
- External DMA support
- Fully synthesizable
Benefits
- Ultra-high bandwidth due to multi-pipeline architecture, HUNDREDs Gbps (@500 MHz on a 45nm tech. process)
- GCM authentication tag protection (patent pending)
- Ultra-strong side-channel attack protection (at least 1B traces)
- Protected against fault injection attacks including SIFA
- Highest-level security verified, both by FortifyIQ and by a third-party Common Criteria lab.
- A purely digital solution, agnostic to the specific implementation (ASIC/FPGA, etc.)
Block Diagram
Applications
- Communications
- Automotive
- Secure internet protocols (SSL/TLS, IPSec)
- Content protection (Set-Top Boxes, SoCs)
- Virtual Private Networks (VPN)
Deliverables
- Synthesizable Verilog RTL source code
- Documentation
- Testbench
- SDC constraints for synthesis
- Technical support and assistance
Technical Specifications
Maturity
Silicon proven
Availability
Now
Related IPs
- DPA- and FIA-resistant Ultra Low Power FortiCrypt AES IP core
- Advanced DPA- and FIA-resistant FortiCrypt AES SW library
- DPA and FIA-Resistant Ultra-Compact FortiCrypt AES IP core
- DPA- and FIA-Resistant Balanced FortiCrypt AES IP Core
- Ultra High Performance AES-XTS/ECB Core
- Complete memory system supporting any combinations of SDR SDRAM, DDR, DDR2, Mobile SDR, FCRAM, Flash, EEPROM, SRAM and NAND Flash, all in one IP core