Pipelined Crypto-PAn 128-bit AES
Details
Category: Crypto Core
Created: February 16, 2007
Updated: January 27, 2020
Language: VHDL
Other project properties
Development Status: Stable
Additional info: Design done, FPGA proven
WishBone compliant: No
WishBone version: n/a
License: GPL
Description
Crypto-PAn
A hardware implementation of Crypto-PAn[1]. The core makes use of a fully pipelined 128-bit AES (Rijndael) cipher engine as the underlying pseudorandom function, supports online key changes, and is capable of line rates exceeding gigabit ethernet.
[1] Blake, A. and Nelson, R. 2008. Scalable Architecture for Prefix Preserving Anonymization of IP Addresses. In Proceedings of the 8th international Workshop on Embedded Computer Systems: Architectures, Modeling, and Simulation (Samos, Greece, July 21 - 24, 2008). M. Bereković, N. Dimopoulos, and S. Wong, Eds. Lecture Notes In Computer Science, vol. 5114. Springer-Verlag, Berlin, Heidelberg, 33-42.
Features
Crypto-PAn features:
- One to one mapping from original IP address to anonymized IP address
- Prefixes are preserved. That is, if two original IP addresses sharea a k-bit prefix, their anonymized mapping also share a k-bit prefix.
- Consistency is maintained across traces. That is, the same IP address in differant traces is mapped to the same anonymized IP address, if the secret key used is the same.
Core features:
- Fully pipelined
- AES(Rijndael) engine capable of 32Gbit/s throughput on Virtex-4.
- Supports online secret key changes.
- Compatiable with Jinliang Fan's C+++ reference implementation. That is, using the same secret keys, IP addresses will map to the same anonymous IP addresses.
- Capable of anonymizing traces at line rates above gigabit ethernet.
Status
Verified in hardware on XCV4FX60 FPGA.
