Pushing AES-256-GCM to Limits: Design, Implementation and Real FPGA Tests

conference paper

English

In this paper, we present the optimization of the AES-256-GCM encryption algorithm for high-speed security solutions based on Field Programmable Gate Arrays (FPGA). We discuss strategies and techniques to achieve the perfect balance between compactness and high throughput, aiming at applications with data rates over 100 Gbps. Using the presented optimizations, we were able to reduce the number of LUTs by 50\% and FFs by 85\% compared to reference implementation without any effect on security. Moreover, our resulting implementation achieves a frequency of only 200 MHz, which is very practical for a real deployment on existing chips, compared to many purely theoretical solutions that already exist in the literature. Besides the description of optimization techniques, we also present results from implementation on real hardware in a real IP network. All components were not only simulated but also deployed on real FPGA-enabled network cards based on Xilinx UltraScale+ chips. In particular, the performance of network packet encryption was measured in a real physical network, with high-speed data generators and network components. Therefore, we consider our results highly relevant not only for designers but also practitioners seeking cutting-edge solutions for fast networks.

Acceleration;AES-256;GCM;Cryptography;FPGA;Hardware implementation;Quantum-Resistant Cryptography;Optimization

CÍBIK, P.; DOBIÁŠ, P.; RICCI, S.; HAJNÝ, J.; MALINA, L.; JEDLIČKA, P.; SMÉKAL, D.

8. 3. 2024

978-3-031-61486-6

Lecture Notes in Computer Science - Applied Cryptography and Network Security Workshops

14586

0302-9743

Lecture Notes in Computer Science

Federal Republic of Germany

303

318

16

https://link.springer.com/book/10.1007/978-3-031-61486-6