FPGA parallel-pipelined AES-GCM core for 100G Ethernet applications

The forthcoming IEEE 802.3ba Ethernet standard will provide data transmission at a bandwidth of 100 Gbit/s. Currently, the fastest cryptographic primitive approved by the U.S. National Institute for Standard and Technology, that combines data encryption and authentication, is the Galois/Counter Mode (GCM) of operation. If the feasibility to increase the speed of the GCM up to 100 Gbit/s on ASIC technologies has already been demonstrated, the FPGA implementation of the GCM in secure 100G Ethernet network systems arises some important structural issues. In this paper, we report on an efficient FPGA architecture of the GCM combined with the AES block cipher. With the parallelization of four pipelined AES-GCM cores we were able to reach the speed required by the new Ethernet standard. Furthermore, the time-critical binary field multiplication of the authentication process relies on four pipelined 2-step Karatsuba-Ofman multipliers.

[1]  Vincent Rijmen Efficient Implementation of the Rijndael S-box , 2000 .

[2]  Tadayoshi Kohno,et al.  The CWC-AES Dual-Use Mode , 2003 .

[3]  D. McGrew,et al.  The Galois/Counter Mode of Operation (GCM) , 2005 .

[4]  Gang Zhou,et al.  Efficient and High-Throughput Implementations of AES-GCM on FPGAs , 2007, 2007 International Conference on Field-Programmable Technology.

[5]  Gang Zhou,et al.  Improving Throughput of AES-GCM with Pipelined Karatsuba Multipliers on FPGAs , 2009, ARC.

[6]  Zhongfeng Wang,et al.  High-throughput GCM VLSI architecture for IEEE 802.1ae applications , 2009, 2009 IEEE International Symposium on Circuits and Systems.

[7]  Akashi Satoh,et al.  High-Performance Hardware Architectures for Galois Counter Mode , 2009, IEEE Transactions on Computers.

[8]  Takeshi Sugawara,et al.  High-Speed Pipelined Hardware Architecture for Galois Counter Mode , 2007, ISC.

[9]  Jean-Jacques Quisquater,et al.  Implementation of the AES-128 on Virtex-5 FPGAs , 2008, AFRICACRYPT.

[10]  N. Felber,et al.  FPGA implementation of a 2G fibre channel link encryptor with authenticated encryption mode GCM , 2008, 2008 International Symposium on System-on-Chip.

[11]  John Viega,et al.  The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP) , 2005, RFC.

[12]  Morris J. Dworkin,et al.  SP 800-38D. Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC , 2007 .

[13]  Lars R. Knudsen,et al.  Advanced Encryption Standard (AES) - An Update , 1999, IMACC.

[14]  Simon Heron,et al.  Encryption: Advanced Encryption Standard (AES) , 2009 .