View on Web
Design Gateway Hot! News
October 2023
Secure Data Storage with
SHA-256 and AES-XTS on FPGA


Learn more about Security solutions
Data storage is an essential component of many applications and also poses significant security challenges, such as data integrity, confidentiality, and authenticity. To address these challenges, cryptographic algorithms can be used to protect the data from unauthorized access and modification. Two of the most widely used cryptographic algorithms for data storage are SHA-256 and AES-XTS.



SHA-256 can be used for data storage to ensure the integrity and authenticity of the data. This is especially useful for large data sizes, such as over 1 GB, which are too costly to compute by CPU.



AES-XTS can be used for data storage to ensure the confidentiality of the data. The secret key for AES-XTS is divided into two parts: one for encrypting the data with AES and one for adding randomness with XTS. The XTS part prevents the same data blocks from resulting in the same encrypted blocks. To achieve real-time AES-XTS encryption on NVMe SSD, the encryption performance must match the PCIe Gen3 (4 GB/s), Gen4 (8 GB/s), and Gen5 (16 GB/s) speeds, which are too high for CPU to handle.



FPGA devices and IP cores from Design Gateway offer several advantages over other platforms, such as CPU or GPU, for cryptographic algorithms acceleration. Some of these advantages are:
  • Real-time performance: FPGA devices can do SHA-256 and AES-XTS fast and efficiently. They can handle many data blocks at once and use dedicated hardware for each operation. They can also adjust to different key and block sizes for different applications.
  • Flexibility: FPGA devices can change to support different crypto methods, rules, and standards. They can also update the hardware to deal with new security needs and risks. They can also work with different data storage devices and modes, such as SATA or NVMe.
  • Offload CPU task: FPGA devices can do SHA-256 and AES-XTS instead of CPU and save CPU resources for other tasks. They can also lower the power and heat of the system by doing crypto in hardware.

SHA256 IP is an optimized and efficient implementation of a secure hash algorithm SHA-256 specified in FIPS 180-4 standard. SHA256-IP can process 512-bit data blocks in just 65 clock cycles. Delivering 7.875Mbps throughput per 1MHz clock such as 1.575 Gbps throughput @ 200MHz.
Learn more about SHA256 IP		 AES256-XTS-STG IP implement the advanced encryption standard (AES) with XEX (XOR Encrypt XOR) tweakable block cipher which operates sequences of complete blocks and is widely used in protecting the confidentiality of data on various storage devices with interfaces such as NVMe and SATA. We also have a lineup of "2X" ideal for NVMe PCIe Gen4, and "4X", supported Gen5.
Learn more about AES256-XTS-STG IP
AES256-XTS-STG IP core YouTube Video
Subscribe to DG IP core YouTube channel

Enhancing NVMe SSD Security with
AES256-XTS-STG Encryption
Read Blog Article

Discover how AES-XTS encryption enhances NVMe SSD data security without compromising speed.

Experience outstanding write speeds up to 25.6 GB/s, securing your data without performance loss. With no CPU or external memory required, it's user-friendly and easy to implement.

AES256-XTS-STG-4X IP with NVMe Gen5 SSD demo is available on Intel® Agilex™ 7 I-Series FPGA board and achieved over 10,000MB/sec secure transmission.


| DG | About Us | Privacy | Unsubscribe | Contact |

(c) 2023 Design Gateway Co., Ltd.