Three Cores AES Encryption Algorithm

Three Cores AES Encryption Algorithm


Category: Crypto Core

Created: October 13, 2012

Updated: January 27, 2020

Language: Verilog

Other project properties

Development Status: Stable

Additional info: Design done, FPGA proven, Specification done

WishBone compliant: No

WishBone version: n/a

License: Others


AES (Advanced Encryption Standard) is a specification published by
the American National Institute of Standards and Technology in 2001, as FIPS 197.[1]

AES describes a symmetric-key algorithm, in which the same key is used for
both encrypting and decrypting the data. The block size is restricted to 128 bits.
The key size can be 128, 192, or 256 bits. [1]

AES operates on a 4×4 matrix of bytes, called the state. Some rounds of transformation
converts the plaintext into the final cipher-text. The number of rounds is six plus
the key size divided by 32. One round reads the state into four 4-byte variables
y_0,y_1,y_2,y_3; transforms the variables; xor’s them by a 16-byte round key;
and puts the result into z_0,z_1,z_2,z_3.[3]

When targeting a variable-length plaintext, the plaintext must first be partitioned
into separate cipher blocks, and then be encrypted under some mode of operation,
generally using randomization based on an additional initialization vector.[4]

The cipher feedback (CFB) mode, output feedback (OFB) mode are specified in FIPS 81.
The counter (CTR) mode is specified by NIST in SP800-38A.[4] The advantage of these
modes is only using encryption algorithm for both encryption and decryption.
So the AES hardware price may be reduced by 50% (not need decryption hardware).

This project has implemented AES encryption algorithm.

This project provides three cores, doing AES-128, AES-192 and AES-256 encryption separately.

The cores can be used in cipher feedback (CFB) mode, output feedback (OFB) mode,
and counter (CTR) mode.

[1] Advanced Encryption Standard,
[2] J. Daemen and V. Rijmen. AES proposal: Rijndael. Original AES Submission to NIST, 1999.
[3] D. J. Bernstein and P. Schwabe. New AES software speed records. In INDOCRYPT 2008, volume 5365 of LNCS, pages 322-336, 2008.
[4] Block cipher modes of operation,

How to encrypt or decrypt a message


Suppose you use "aes_256" module, and the operation mode is CTR.

To encrypt something, let "aes_256.state" be a successive values of a "counter".

  e.g, in clock cycle T+0, "aes_256.state == N+0",
       in clock cycle T+1, "aes_256.state == N+1",
       in clock cycle T+2, "aes_256.state == N+2".

Then "aes_256.out" is a binary sequence. Xor the binary sequence to the plain text to get the cipher text.

To decrypt something, let "aes_256.state" be a successive values of the SAME "counter".

Then "aes_256.out" is the SAME binary sequence. Xor the binary sequence to the cipher text to get the plain text.

If you feel it against intuition, please read


- Pipeline architecture
- Ultra high speed
- Fully synchronous design
- Fully synthesize-able
- ONLY ONE clock domain in entire core
- NO latch
- All output signals are buffered
- Vendor-independent code


The maximum frequency is 324.6 MHz (on Xilinx FPGA XC6VLX240T,
for all of AES-128, AES-192 and AES-256 implementation).

The core can encrypt 128 bit per clock cycle.
The throughput is 38.4 G bit /second (=4.8 G bytes/sec) if it is working with a 300 MHz clock.


Specification ver. 0.1.2a

Synthesis result


Xilinx XC6VLX240T-1FF1156
(by Xilinx ISE version 14.2)
  AES-128    AES-192    AES-256   
Number of Slice Registers: 3,968 5,280 6,848
Number of Slice LUTs: 3,536 4,264 6,503
Number of bonded IOBs: 385 449 513
Number of Block RAM/FIFO: 86 100 121
Number of BUFG/BUFGCTRLs: 1 1 1



This project is licensed under the Apache License, version 2.