A highly parallel AES-GCM core for authenticated encryption of 400 Gb/s network protocols

Benjamin Buhrow, Karl Fritz, Barry Kent Gilbert, Erik Daniel

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Citations (Scopus)

Abstract

The Advanced Encryption Standard (AES) together with the Galois Counter Mode (GCM) of operation has been approved for use in several high throughput network protocols to provide authenticated encryption. However, the demand for continued increase in network bandwidth has not abated and we anticipate the need for continual performance improvement of AES-GCM in hardware. Additionally, as data interfaces become wider and segmented, existing methods of GCM parallelization become inefficient. This paper presents a novel scalable architecture for highly parallel implementations of AES-GCM that can process multiple separately-keyed packets simultaneously every clock cycle. We demonstrate throughputs of 482 Gb/s in a single Xilinx Virtex Ultrascale FPGA and describe how the architecture can be used to achieve over 800 Gb/s in a system comprising multiple FPGAs.

Original languageEnglish (US)
Title of host publication2015 International Conference on ReConFigurable Computing and FPGAs, ReConFig 2015
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Print)9781467394062
DOIs
StatePublished - Jan 25 2016
EventInternational Conference on ReConFigurable Computing and FPGAs, ReConFig 2015 - Riviera Maya, Mexico
Duration: Dec 7 2015Dec 9 2015

Other

OtherInternational Conference on ReConFigurable Computing and FPGAs, ReConFig 2015
CountryMexico
CityRiviera Maya
Period12/7/1512/9/15

Fingerprint

Cryptography
Network protocols
Field programmable gate arrays (FPGA)
Throughput
Computer hardware
Interfaces (computer)
Clocks
Bandwidth

Keywords

  • FPGA
  • Galois Counter Mode
  • high throughput
  • multiple packets per clock cycle
  • scalable
  • segmented bus

ASJC Scopus subject areas

  • Hardware and Architecture
  • Software

Cite this

Buhrow, B., Fritz, K., Gilbert, B. K., & Daniel, E. (2016). A highly parallel AES-GCM core for authenticated encryption of 400 Gb/s network protocols. In 2015 International Conference on ReConFigurable Computing and FPGAs, ReConFig 2015 [7393321] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ReConFig.2015.7393321

A highly parallel AES-GCM core for authenticated encryption of 400 Gb/s network protocols. / Buhrow, Benjamin; Fritz, Karl; Gilbert, Barry Kent; Daniel, Erik.

2015 International Conference on ReConFigurable Computing and FPGAs, ReConFig 2015. Institute of Electrical and Electronics Engineers Inc., 2016. 7393321.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Buhrow, B, Fritz, K, Gilbert, BK & Daniel, E 2016, A highly parallel AES-GCM core for authenticated encryption of 400 Gb/s network protocols. in 2015 International Conference on ReConFigurable Computing and FPGAs, ReConFig 2015., 7393321, Institute of Electrical and Electronics Engineers Inc., International Conference on ReConFigurable Computing and FPGAs, ReConFig 2015, Riviera Maya, Mexico, 12/7/15. https://doi.org/10.1109/ReConFig.2015.7393321
Buhrow B, Fritz K, Gilbert BK, Daniel E. A highly parallel AES-GCM core for authenticated encryption of 400 Gb/s network protocols. In 2015 International Conference on ReConFigurable Computing and FPGAs, ReConFig 2015. Institute of Electrical and Electronics Engineers Inc. 2016. 7393321 https://doi.org/10.1109/ReConFig.2015.7393321
Buhrow, Benjamin ; Fritz, Karl ; Gilbert, Barry Kent ; Daniel, Erik. / A highly parallel AES-GCM core for authenticated encryption of 400 Gb/s network protocols. 2015 International Conference on ReConFigurable Computing and FPGAs, ReConFig 2015. Institute of Electrical and Electronics Engineers Inc., 2016.
@inproceedings{feee352a71224c4f9bde0fade262744a,
title = "A highly parallel AES-GCM core for authenticated encryption of 400 Gb/s network protocols",
abstract = "The Advanced Encryption Standard (AES) together with the Galois Counter Mode (GCM) of operation has been approved for use in several high throughput network protocols to provide authenticated encryption. However, the demand for continued increase in network bandwidth has not abated and we anticipate the need for continual performance improvement of AES-GCM in hardware. Additionally, as data interfaces become wider and segmented, existing methods of GCM parallelization become inefficient. This paper presents a novel scalable architecture for highly parallel implementations of AES-GCM that can process multiple separately-keyed packets simultaneously every clock cycle. We demonstrate throughputs of 482 Gb/s in a single Xilinx Virtex Ultrascale FPGA and describe how the architecture can be used to achieve over 800 Gb/s in a system comprising multiple FPGAs.",
keywords = "FPGA, Galois Counter Mode, high throughput, multiple packets per clock cycle, scalable, segmented bus",
author = "Benjamin Buhrow and Karl Fritz and Gilbert, {Barry Kent} and Erik Daniel",
year = "2016",
month = "1",
day = "25",
doi = "10.1109/ReConFig.2015.7393321",
language = "English (US)",
isbn = "9781467394062",
booktitle = "2015 International Conference on ReConFigurable Computing and FPGAs, ReConFig 2015",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - GEN

T1 - A highly parallel AES-GCM core for authenticated encryption of 400 Gb/s network protocols

AU - Buhrow, Benjamin

AU - Fritz, Karl

AU - Gilbert, Barry Kent

AU - Daniel, Erik

PY - 2016/1/25

Y1 - 2016/1/25

N2 - The Advanced Encryption Standard (AES) together with the Galois Counter Mode (GCM) of operation has been approved for use in several high throughput network protocols to provide authenticated encryption. However, the demand for continued increase in network bandwidth has not abated and we anticipate the need for continual performance improvement of AES-GCM in hardware. Additionally, as data interfaces become wider and segmented, existing methods of GCM parallelization become inefficient. This paper presents a novel scalable architecture for highly parallel implementations of AES-GCM that can process multiple separately-keyed packets simultaneously every clock cycle. We demonstrate throughputs of 482 Gb/s in a single Xilinx Virtex Ultrascale FPGA and describe how the architecture can be used to achieve over 800 Gb/s in a system comprising multiple FPGAs.

AB - The Advanced Encryption Standard (AES) together with the Galois Counter Mode (GCM) of operation has been approved for use in several high throughput network protocols to provide authenticated encryption. However, the demand for continued increase in network bandwidth has not abated and we anticipate the need for continual performance improvement of AES-GCM in hardware. Additionally, as data interfaces become wider and segmented, existing methods of GCM parallelization become inefficient. This paper presents a novel scalable architecture for highly parallel implementations of AES-GCM that can process multiple separately-keyed packets simultaneously every clock cycle. We demonstrate throughputs of 482 Gb/s in a single Xilinx Virtex Ultrascale FPGA and describe how the architecture can be used to achieve over 800 Gb/s in a system comprising multiple FPGAs.

KW - FPGA

KW - Galois Counter Mode

KW - high throughput

KW - multiple packets per clock cycle

KW - scalable

KW - segmented bus

UR - http://www.scopus.com/inward/record.url?scp=84964344364&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84964344364&partnerID=8YFLogxK

U2 - 10.1109/ReConFig.2015.7393321

DO - 10.1109/ReConFig.2015.7393321

M3 - Conference contribution

AN - SCOPUS:84964344364

SN - 9781467394062

BT - 2015 International Conference on ReConFigurable Computing and FPGAs, ReConFig 2015

PB - Institute of Electrical and Electronics Engineers Inc.

ER -