Overview
AES-GCM is an authenticated encryption algorithm designed to provide both authentication
and privacy. Developed by David A McGrew and John Viega, it uses universal hashing over
a binary Galois field to provide authenticated encryption. It was designed specifically
to support very high data rates as it can take advantage of pipelining and parallel
processing techniques.
Before GCM, it was quite possible to encrypt at very high data rates using Counter mode.
This mode uses no feedback, so multiple encryption engines can be used in parallel to
offer enhanced aggregate throughputs. However, authentication of that data was then a
problem. Most authentication algorithms like CBC-MAC (as used in CCM mode), OMAC (an AES
based authentication scheme) and the various hashing algorithms (like SHA-1 and SHA-2)
require block-by-block feedback, making pipelining and parallel operation impossible.
AES-OCB mode was a potential way around this, but was held back by multiple intellectual
property claims. CWC was another option, but this has implementational complexities
which make it less attractive.
So although encryption at very high rates was possible, it was the authentication which
could not keep pace. This issue was especially concerning since Counter mode without any
authentication provides no protection against bit-flipping attacks.
With the advent of GCM, authenticated encryption at data rates of many Gbps is now
practical, permitting high grade encryption and authentication on systems which
previously could not be fully protected.
AES-GCM is specified for use in a number of recent standards; for example it is one of
the options specified by the IEEE 1619 group for securing data-at-rest stored on tape media,
and it is also the algorithm specified for use in MACsec (802.1AE) for protecting data
traversing Ethernet LANs.
Helion AES-GCM Solutions
Helion offer a suite of AES-GCM solutions which allow the user to choose a level of
hardware acceleration which closely fits the requirements, therefore minimising the
amount of logic resources required. Solutions are available covering all throughput
requirements from less than 1Gbps right up to in excess of 30Gbps in any of the
target technologies we support. Also available are combined solutions which implement
AES-GCM together with other modes of AES such as AES-XTS (previously
known as AES-XEX) or AES-CBC, where multi protocol support is desired.
These high performance cores are available in versions for use in ASIC,
Altera and Xilinx FPGA, and in common with all Helion IP cores they
have been designed with each technology firmly in mind to yield the very
best and most efficient results.
To find out how these AES-GCM solutions can be used in your particular application,
please contact Helion so that we can discuss the options in more detail.
Contact
For more detailed information on these or any of our other products and services,
please feel free to email us at
helioncores@heliontech.com and we will be pleased to discuss how we can assist
with your individual requirements.
|