Memory Security Relies on Ultra High-Performance AES-XTS Encryption/Decryption

Dana Neustadter, Sr. Product Marketing Manager for Security IP, Synopsys


Data that is created and transferred between billions of devices and the cloud is growing exponentially. More and more devices are entering the market, the cloud is expanding to the network edge and new applications are emerging. All these factors are drivers for technological advances in high-performance computing (HPC), reshaping system-on-chip (SoC) designs to address the need for more acceleration, more storage capacity, new compute architectures, and increased bandwidths for faster data movement. 

High bandwidth interfaces such as DDR, PCIe, CXL, and Ethernet are proliferating, and their speeds continue to increase from generation to generation. 

While the technology is undergoing a revolution and data is growing rapidly, the security of data and systems is paramount because with poor security mechanisms attackers might aim to profit from secret information and interfere with private citizens’ lives, or company and government operations.

Multiple factors propel these security needs: 

  • Increasing confidential and sensitive information
  • Laws and regulations
  • Changing nature of security threats and a growing attack surface
  • Standards evolution

Whether for data-in-transit or data-at-rest protection, security solutions need to support the latest interfaces bandwidth and low latency requirements, and in minimum area.

Memory and storage security involves protecting storage resources and the data stored on them, both on-premises and in external data centers and the cloud.

With HPC, the volume and variety of data are growing, as is the need for higher capacity, faster access, and accelerated processing. Designers are turning to high-performance, low-latency memory encryption solutions to preserve performance while protecting data over the latest generations of DDR, LPDDR, GDDR, and HBM memory interfaces. 

The AES-XTS Cryptographic Algorithm is at the Heart of Memory Security

AES-XTS, or as it is sometimes referred XTS-AES, is the de-facto cryptographic algorithm for protecting the confidentiality of data-at-rest on storage devices. It is a standards-based symmetric algorithm defined by NIST SP800-38E and IEEE Std 1619-2018 specifications, that by its nature allows for pipelined architectures that can scale in performance to Terabits per second (Tbps) bandwidth. The Ciphertext stealing (CTS) mode provides support for data units with size that is not divisible by the 16-byte block size of the underlying AES cipher.

AES-XTS is the critical component for memory security in HPC applications. It needs to be highly optimized and scale to support increasing bandwidths while keeping the latency and area as low as possible and allowing for seamless SoC physical design and timing closure. In addition to being fully compliant with the cryptographic specifications, AES-XTS solutions need to support encryption, and decryption for all key sizes, allow for seamless context switching for a high number of contexts, support efficient keys setup/refresh, and be certifiable, for example to the FIPS 140-3 Level 2 requirements as a typical target, or Level 3 for more sensitive applications.

Synopsys Ultra High-Performance AES-XTS IP for HPC

When looking for storage or memory encryption IP solutions for HPC SoCs, it is important to consider optimized solutions from trusted IP providers that offer the highest performance, lowest latency, and optimal area, are compliant with the latest standards and are backed by experts.

It is also important for the IP to be built under a rigorous a security development process that includes:

  • Identifying the proper assets such as plaintext, ciphertext, cryptographic keys and state, and key usage policy
  • Defining security objectives to protect those assets, ensuring that plaintext received on the core’s input cannot be accessible through any other interface ports, and only the associated ciphertext is emitted from the output port; maintaining the confidentiality of cryptographic keys; and several more
  • Implementing appropriate security mechanisms and providing guidelines for SoC integrators to achieve a secure integration in their designs.

Synopsys Ultra High-Performance AES-XTS Cryptographic IP core (Figure 1) addresses these while providing the configurability needed to adjust to the SoC designs’ specific use cases and performance requirements. 

By integrating Synopsys’ standards-compliant AES-XTS crypto cores, HPC SoCs take advantage of:

  • High performance, low latency IP with efficient support for varied data traffic
  • Scalable throughput from 128 to 4096 bits/cycle, achieving bandwidths beyond 4 Tbps
  • Efficient encryption and decryption with 256-bit and 512-bit AES-XTS key sizes
  • Latency as low as 4 cycles
  • One tweak per cycle precomputation
  • Seamless message interleaving, key setup, and key refresh for up to 64K cryptographic contexts
  • Multi-clock domain support
  • Dedicated secure key port
  • Area, latency, performance, and maximum frequency optimization options
  • FIPS 140-3 certification ready
  • Path for seamless full duplex inline memory encryption integration with memory interface controllers, including latest generations DDR4/LPDDR4, DDR5/LPDDR5, and HBM
  • Optional support for OSCCA SM4-XTS

With Synopsys’ Ultra High-Performance AES-XTS IP, designers are making sure that memory security of their HPC SoCs is robust and that data-at-rest confidentiality is maintained even in the face of new threats.  

DesignWare Ultra-High Performance AES-XTS Crypto IP Block Diagram

Figure 1: Synopsys Ultra High-Performance AES-XTS IP Block Diagram


With the tremendous data and bandwidth growth in our connected world, security is essential to protect private and sensitive data as it moves across systems to storage, including memory. At the heart of storage security lies the AES-XTS cryptographic algorithm, which for HPC applications needs to support scalable high data rates with minimal latency and area impact. 

Synopsys’ Ultra High-Performance AES-XTS Crypto IP cores address the needs of the latest technological advances and security requirements with advanced features and capabilities while allowing them to be optimally configured to the SoC designs’ specific use cases. 

Synopsys is uniquely positioned in the market with complete standards-compliant secure interface solutions that align with the latest application demands and enable designers to quickly implement the required security on their SoCs with low risk and fast time to market. 

In addition to the ultra high-performance AES-XTS cryptographic cores for memory encryption, Synopsys provides a broad portfolio from standalone cryptographic cores to highly integrated security IP solutions that use a common set of standards-based building blocks and security concepts to enable the most efficient silicon design and highest levels of security for a range of products in the cloud computing, mobile, automotive, digital home and IoT markets.

Synopsys’ highly configurable security IP solutions include hardware secure modules with Root of Trust, PCIe Integrity and Data Encryption (IDE) and CXL IDE Security Modules, content protection, cryptography, and security protocol accelerators for integration into SoCs. These integrated solutions enable the heart of many security standards, supporting confidentiality, data integrity, user/system authentication, non-repudiation, and positive authorization. Combined, Synopsys’ Security IP solutions help prevent a wide range of evolving threats in connected devices such as theft, tampering, side channels attacks, malware, and data breaches.