SphinX AES-XTS Security IP – dynamic key support
SphinX 2.0 is designed to accommodate the speed, latency and throughput requirements of computer systems main memory. The IP implements the standard (NIST FIPS 197) AES cipher in XTS mode (IEEE Std 1619-2018). The SphinX family of cores cover a scalable IP with 128b and 256b dynamic key support (i.e. key can be changed with each sector (64 bytes) or block (16 bytes)), allowing the designer to choose the most efficient and effective core that satisfies the latency and throughput requirements.
The design is fully synchronous and supports independent, non-blocking encryption/decryption at main memory speed. SphinX 2.0 is available for immediate licensing.
Overview
SphinX 2.0 is designed to accommodate the speed, latency and throughput requirements of computer systems main memory. The IP implements the standard (NIST FIPS 197) AES cipher in XTS mode (IEEE Std 1619-2018). The SphinX family of cores cover a scalable IP with 128b and 256b dynamic key support (i.e. key can be changed with each sector (64 bytes) or block (16 bytes)), allowing the designer to choose the most efficient and effective core that satisfies the latency and throughput requirements.
The design is fully synchronous and supports independent, non-blocking encryption/decryption at main memory speed. SphinX 2.0 is available for immediate licensing.
Standards
The IP implements the industry standard (NIST FIPS 197) AES cipher in XTS mode (IEEE Std 1619-2018)
Support industry standard memory and storage formats
Architecture
Modular architecture, enables scalability to meet customer throughput requirements
Flexible integration support to minimize latency impact
Verified maintained performance in configurations when the core to memory controller ratio is high (>100 cores)
Features
Transparent to operating system and applications
On-the-fly non-blocking encryption/ decryption of cache lines
Silicon verified TSMC N5
128b and 256b dynamic key support
Deliverables
FPGA evaluation license
Encrypted IP delivery (Xilinx)
HDL Source Licenses
Synthesizable System Verilog RTL (encrypted)
Implementation constraints
UVM testbench (self-checking)
Vectors for testbench and expected results
User Documentation
Applications
Main memory independent, non-blocking encryption/decryption. Hard drive (SATA, SAS, PCIe, NVMe, and CXL) encryption/decryption compliant with the IEEE Std 1619-2018. Applications requiring integration of encryption/decryption into the data path. Applications requiring high throughput, low latency, and strong encryption. Applications requiring FIPS-197 certified encryption/decryption algorithms.
Integration
SphinX is integrated on the DRAM memory access path. Either before the memory controller, or around the memory controller, in order to minimize latency impact.
Benefits
High Performance and Low Latency industry-standard encryption / decryption. Independent non-blocking encryption and decryption channels. 128b and 256b keys supported. Supports AES-XTS mode, without Cipher Text Stealing (CTS). Dynamic key support (i.e. key can be changed with each sector (64 bytes) or block (16 bytes)). Key expansion included. Fully pipelined design, optimized for high throughput and low latency. Operating at main memory speed and throughput.
Characteristics
| Feature | Performance |
| Algorithms: | AES-XTS 128b / 256b keys |
| Memory technologies supported: | (LP)DDR4, (LP)DDR5, HBM |
| Frequency: | 2.0 GHz (@5nm TSMC) |
| IP area: | Starting at 0.05mm2 (@5nm TSMC) |
Function Description
SphinX 2.0 is designed to accommodate the speed, latency, and throughput requirements of high-performance computer systems. This includes a main memory and other high-performance storage devices such as NvMe, SSD, CXL and PCIe-connected devices. The IP implements the standard (NIST FIPS 197) AES cipher in XTS mode (IEEE Std 1619-2018). The IP has a modular and scalable architecture that can easily scale according to customer throughput requirements. The design is fully synchronous and supports independent, non-blocking encryption/decryption at main memory speed.
The IP support 128b and 256b dynamic keys. The IP also supports an optional bypass control.
References
NIST FIPS 197, Advanced Encryption Standard (AES).
Datasheet / Implementation Results
Technology: TSMC 5nm
Throughput
| Parallell pipelines | Frequency | Encryption | Decryption | System total | |||
| 1 | 2 GHz | 32 GB/s | 256 Gbps | 32 GB/s | 512 Gbps | 64 GB/s | 512 Gbps |
| 4 | 2 GHz | 128 GB/s | 1 Tbps | 128 GB/s | 1 Tbps | 256 Gbps | 2 Tbps |
SphinX 2.0 has independent encryption and decryption pipelines. The total system performance of simultaneous encryption and decryption is the sum of the two. Higher throughput can be achieved by adding more cores in parallel, the example above shows 1 and 4 parallel pipelines.
Cache MX
The Cache MX compression solution increases the cache capacity by 2x at an 80% area and power saving to comparable SRAM capacity.
Ziptilion™ MX
High performance and low latency hardware accelerated compression at unmatched power efficiency.
Ziptilion™ BW
Delivers up to 25% more (LP)DDR bandwidth at nominal frequency and power, enabling a significantly more performance and energy efficient SoC.
DenseMem
Double the CXL connected memory capacity with data DenseMem.
NVMe expansion
Extend NvMe storage capacity 2-4x with LZ4 or zstd hardware accelerated compression.
SphinX
High Performance and Low Latency AES-XTS industry-standard encryption / decryption. Independent non-blocking encryption and decryption channels.