Verilog implementation of the symmetric block cipher AES (Advanced Encryption Standard) as specified in NIST FIPS 197. This implementation supports 128 and 256 bit keys.
Verilog implementation of the symmetric block cipher AES (NIST FIPS 197).
The core is completed, has been used in several FPGA and ASIC designs. The core is well tested and mature.
This implementation supports 128 and 256 bit keys. The implementation is iterative and process one 128 block at a time. Blocks are processed on a word level with 4 S-boxes in the data path. The S-boxes for encryption are shared with the key expansion and the core can thus not do key update in parallel with block processing.
The encipher and decipher block processing datapaths are separated and basically self contained given access to a set of round keys and a block. This makes it possible to hard wire the core to only encipher or decipher operation. This allows the synthesis/build tools to optimize away the other functionality which will reduce the size to about 50%. This has been tested to verify that decryption is removed and the core still works.
For cipher modes such as CTR, CCM, CMAC, GCM the decryption functionality in the AES core will never be used and thus the decipher block processing can be removed.
This is a fairly compact implementation. Further reduction could be achived by just having a single S-box. Similarly the performane can be increased by having 8 or even 16 S-boxes which would reduce the number of cycles to two cycles for each round.
There are several branches available that provides different versions of the core. The branches are not planned to be merged into master. The branches available that provides versions of the core are:
This version of AES implements the key expansion using an on-the-fly mechanism. This allows the initial key expansion to be removed. This saves a number of cycles and also remove almost 1800 registers needed to store the round keys. Note that this version of AES only supports encryption. On-the-fly key generation does not work with decryption. Decryption must be handled by the block cipher mode - for example CTR.
This version of AES supports two separate banks of expanded keys to allow fast key switching between two keys. This is useful for example in an AEAD mode with CBC + CMAC implemented using a single AES core.
An experimental version of the core in which the S-box is implemented using circuit minimized logic functions of a ROM table. The specific table used is the 113 gate circuit by the CMT team at Yale.
Some area and performance results using the cmt_sbox compared to master.
Tool: Quartus Prime 19.1.0
Device: Cyclone V (5CGXFC7C7F23C8)
master (S-box implemented with a table)
cmt_sbox
Tool: Vivado 2019.2
Device: Kintex-7 (7k70tfbv676-1)
master:
cmt_sbox:
This core is supported by the FuseSoC core package manager and build system. Some quick FuseSoC instructions:
install FuseSoC
pip install fusesoc
Create and enter a new workspace
mkdir workspace && cd workspace
Register aes as a library in the workspace
fusesoc library add aes /path/to/aes
...if repo is available locally or... ...to get the upstream repo
fusesoc library add aes https://github.com/secworks/aes
To run lint
fusesoc run --target=lint secworks:crypto:aes
Run tb_aes testbench
fusesoc run --target=tb_aes secworks:crypto:aes
Run with modelsim instead of default tool (icarus)
fusesoc run --target=tb_aes --tool=modelsim secworks:crypto:aes
List all targets
fusesoc core show secworks:crypto:aes
The core has been implemented in standard cell ASIC processes.
Target frequency: 20 MHz Complete flow from RTL to placed gates. Automatic clock gating and scan insertion.
The core has been implemented in Altera and Xilinx FPGA devices.
This means that we can do more than 2 Mblocks/s or 256 Mbps performance.
Removing the decipher module yields: