SoftIP IP Group of Alphawave IP
SoftIP IP Group of Alphawave IP

Sub-2.5G AES Encryption Core

EN
CN

The sub-2.5G AES Encryption Core is a special low footprint and low-power implementation of AES engine for application requiring less than 2.5G/s. Because of its tiny footprint and low power, it works exceptionally well in system utilizing Gigabit Ethernet, fiber channel, custom linkage using RSlink/ethernet, GFP, dedicated VPN links, OTU1 and SONET/SDH OC48/12/3 and STM-16/4/1 environment. This core can also be used in wireless and satellite communications.Encryption Process

Common Hardware Features

All our AES Cores support the following features:

  • Simultaneous 2-key system (can be extended to multi-key system)
    • Active/standby keys mode (default)
    • Odd/even key mode
    • Random 2-key switching mode
    • Customizable new KEY acceptance and failed KEY exchange handling
  • Authentication modes
    • Authentication bypass (for ultra-low latency application)
    • HW-assisted or SW hosted Authentication
    • GCM/CTR/GMAC or others
    • Optional AIS or NULL filled OPU when authentication failed
    • Authentication alarms and PM counters

Core Features

  • Compliant with Advanced Encryption Standard Fips197 with key size 256-bits.
  • Integrates Galois/Counter (GCM) authenticated encryption/decryption mode of operation in accordance with NIST 800-38D
  • Supports 96-bit Initialization Vector (IV)
  • Supports up to 16B Authentication TAG
  • Supports variable size Additional Authenticated Data (AAD)
  • Operates in single 256-bit AES key or dual 2×256-bit AES Key in configurable key switching schemes.
  • On-the-fly key expansion for both encryption and decryption.
  • Customizable new KEY acceptance and failed KEY exchange handling
  • Supports OTNsec OPUk encryption/decryption.
  • Supports inbound SW communication for key exchange through ODUk OH
  • Optional Scrambled SW communication channels to enhance confidentiality
  • Optimized parallel high speed architecture suitable for ASIC or FPGA implementation.
  • Supported bus width 8-bit or serial (for ultra-low bandwidth applications)
  • Processor interface with 32-bit data-bus
  • Modes of operations supported: GCM, CTR, GMAC.

Alarms and Errors

  • Key exchange timeout
  • IV exchange timeout
  • TAG exchange timeout
  • TAG Authenticity Failure

Standards compliance

  • Federal Information Processing Standard (FIPS) Pub. 197
  • National Institute of Standards and Technology (NIST) Special Publication 800-38D