Advanced Encryption Standard and Authentication

Using Encryption and Authentication to Secure an UltraScale/UltraScale+ FPGA Bitstream Application Note (XAPP1267)

Document ID
XAPP1267
Release Date
2023-02-10
Revision
1.6 English

The UltraScale FPGA encryption system uses the AES-GCM authenticated encryption algorithm. AES is an official standard supported by the NIST and the U.S. Department of Commerce (see the AES publication [Ref 1] and GCM specification [Ref 2] for more information).

An advantage of AES-GCM is that it also supports built-in authentication. The UltraScale FPGA AES encryption system uses a 256-bit encryption key (the alternate key lengths of 128 and 192 bits described by NIST are not implemented) to encrypt or decrypt blocks of 128 bits of data at a time. According to NIST, there are 1.1 x 10 77 possible key combinations for a 256-bit key. For the most secure approach, it is recommended that you create this 256-bit key manually rather than use the pseudo-random key generator feature provided by Vivado.