Multi-gigabit GCM-AES Architecture Optimized for FPGAs

This paper presents a design-space exploration of the Galois/Counter Mode (GCM) algorithm with Advanced Encryption Standard (AES) as underlying block cipher for high throughput applications to combine data encryption and message authentication on FPGAs. Four different degrees of parallelism were implemented, namely a 128-, 64-, 32- and 16-bit wide data path calculating an output block in 1, 2, 4 and 8 clock cycles, respectively. Regarding the AES algorithm different SubBytes()and round architectures were evaluated against each other. For the multiplier required for GCM, two bit-parallel, a digit-serial and a hybrid architecture were evaluated. The different architectures were designed, implemented and tested on a Xilinx Virtex4-FX100 FPGA. All architectures support key lengths of 128, 192 and 256 bits and are equipped with a ready-to-use interface for real-world applications. A throughput of 15.3 Gb/s was reached. It pointed out that throughput rates for state-of-the-art communication channels can be achieved using reasonable hardware resources. The results comparing slice counts, RAM usage and speed are presented.