Data that is created and transferred between billions of devices and the cloud is growing exponentially. More and more devices are entering the market, the cloud is expanding to the network edge and new applications are emerging. These factors are drivers for technological advances in high-performance computing (HPC), reshaping system-on-chip (SoC) designs to address the need for more acceleration, storage capacity, new compute architectures, and increased bandwidths for faster data movement.
While technology is undergoing a revolution and data is increasing, data security and systems are paramount. With poor security mechanisms, attackers might aim to profit from secret information and interfere with private citizens’ lives or company and government operations. Multiple factors propel these security needs: increasing confidential and sensitive information, laws and regulations, changing nature of security threats, and standards evolution.
Security solutions need to support the latest interfaces bandwidth, low latency requirements, and minimum area, whether for data-in-transit or data-at-rest protection.
Memory and storage security involves protecting storage resources and the data stored both on-premises and in external data centers and the cloud.
To protect the data, designers are turning to high-performance, low-latency memory encryption solutions that preserve performance while securing the data over the latest generations of memory interfaces.
The AES-XTS cryptographic algorithm is at the heart of memory security
AES-XTS, or as it is sometimes referred XTS-AES, is the de-facto cryptographic algorithm for protecting the confidentiality of data-at-rest on storage devices. It is a standards-based symmetric algorithm defined by NIST SP800-38E and IEEE Std 1619-2018 specifications that, by its nature, allows for pipelined architectures that can scale in performance to Terabits per second (Tbps) bandwidth. The Ciphertext stealing (CTS) mode supports data units with size that is not divisible by the 16-byte block size of the underlying AES cipher.
AES-XTS is the critical component for memory security in HPC applications. It needs to be highly optimized and scaled to support increasing bandwidths while keeping the latency and area as low as possible and allowing for seamless SoC physical design and timing closure. In addition to being fully compliant with the cryptographic specifications, AES-XTS solutions need to support encryption and decryption for all key sizes, allow for seamless context switching for a high number of contexts, support efficient keys setup/refresh, and be certifiable, for example, to the FIPS 140-3 Level 2 requirements as a typical target, or Level 3 for more sensitive applications.
Ultra high-performance AES-XTS IP for HPC
When looking for storage or memory encryption IP solutions for HPC SoCs, it is essential to consider optimized solutions from trusted IP providers that offer the highest performance, lowest latency, and optimal area, are compliant with the latest standards, and are backed by experts.
It is also crucial for the IP to be built under a rigorous a security development process that includes:
- Identifying the proper assets such as plaintext, ciphertext, cryptographic keys and state, and key usage policy
- Defining security objectives to protect those assets, ensuring that plaintext received on the core’s input cannot be accessible through any other interface ports, and only the associated ciphertext is emitted from the output port; maintaining the confidentiality of cryptographic keys; and several more
- Implementing appropriate security mechanisms and providing guidelines for SoC integrators to achieve a secure integration in their designs.
Synopsys Ultra High-Performance AES-XTS Cryptographic IP core (figure 1) addresses these while providing the configurability needed to adjust to the SoC designs’ specific use cases and performance requirements.
By integrating Synopsys’ standards-compliant AES-XTS crypto cores, HPC SoCs take advantage of:
- High performance, low latency IP with efficient support for varied data traffic
- Scalable throughput from 128 to 4096 bits/cycle, achieving bandwidths beyond 4 Tbps
- Efficient encryption and decryption with 256-bit and 512-bit AES-XTS key sizes
- Latency as low as four cycles
- One tweak per cycle precomputation
- Seamless message interleaving, key setup, and key refresh for up to 64K cryptographic contexts
- Multi-clock domain support
- Dedicated secure key port
- Area, latency, performance, and maximum frequency optimization options
- FIPS 140-3 certification ready
- Path for seamless full-duplex inline memory encryption integration with memory interface controllers, including latest generations DDR4/LPDDR4, DDR5/LPDDR5, and HBM
With Synopsys’ Ultra High-Performance AES-XTS IP, designers ensure that their HPC SoCs’ memory security is robust and that data-at-rest confidentiality is maintained even in the face of new threats.
Fig. 1: Synopsys Ultra High-Performance AES-XTS Crypto IP block diagram.
With the tremendous data and bandwidth growth in our connected world, security is essential to protect private and sensitive data as it moves across systems to storage, including memory. At the heart of storage security lies the AES-XTS cryptographic algorithm, which needs to support scalable high data rates with minimal latency and area impact for HPC applications.
Synopsys Ultra High-Performance AES-XTS Crypto IP cores address the needs of the latest technological advances and security requirements with advanced features and capabilities while allowing them to be optimally configured to the SoC designs’ specific use cases.
Synopsys is uniquely positioned in the market with complete standards-compliant secure interface solutions that align with the latest application demands and enable designers to quickly implement the required security on their SoCs with low risk and fast time to market.
In addition to the ultra high-performance AES-XTS cryptographic cores for memory encryption, Synopsys provides a broad portfolio from standalone cryptographic cores to highly integrated security IP solutions that use a common set of standards-based building blocks and security concepts to enable the most efficient silicon design and highest levels of security for a range of products in the cloud computing, mobile, automotive, digital home, and IoT markets.
For more information, visit Synopsys Cryptography IP.
Dana Neustadter is a senior manager of product marketing for security IP at Synopsys. She holds a M. Eng. and B. Sc. in electrical engineering from Technical University Cluj-Napoca.