Design of an Encryption-Decryption Module Oriented for Internet Information Security SOC Design

In order to protect the security of network data, a high speed chip module for encrypting and decrypting of network data packet is designed. The chip module is oriented for internet information security SOC (System on Chip) design. During the design process, AES (Advanced Encryption Standard) and 3DES (Data Encryption Standard) encryption algorithm are adopted to protect the security of network data. The following points are focused: (1) The SOC (System on Chip) design methodology based on IP (Intellectual Property) core is used. AES (Advanced Encryption Standard) and 3DES (Data Encryption Standard) IP (Intellectual Property) cores are embedded in the chip module, peripheral control sub-modules are designed to control the encryption-decryption module, which is capable of shortening the design period of the chip module. (2) The implementation of encryption-decryption with hardware was presented, which improves the safety of data through the encryption-decryption chip and reduce the load of CPU. (3) In our hardware solution, two AES (Advanced Encryption Standard) cores are used to work in parallel, which improves the speed of the encryption module. Moreover, the key length of AES (Advanced Encryption Standard) encryption algorithm is designed with three optional configurations at 128 bits, 256 bits and 192 bits respectively and six optional encryption algorithm modes: CBC (Cipher Block Chaining) mode, ECB (Electronic Code Book) mode, GCM (Galois/Counter Mode) mode, XTS(cipherteXT Stealing) mode, CTR (CounTeR) mode and 3DES respectively, which adds the flexibility to its applications.

💡 Research Summary

The paper presents the design and implementation of a high‑speed encryption‑decryption module intended for integration into an Internet‑oriented information‑security System‑on‑Chip (SOC). The primary motivation is to protect network data while offloading cryptographic processing from the central processor, thereby improving overall system performance and security. The authors adopt a modular IP‑centric design methodology: pre‑verified AES (Advanced Encryption Standard) and 3DES (Triple Data Encryption Standard) intellectual‑property cores are embedded directly into the SOC fabric, and a lightweight peripheral control block orchestrates key loading, mode selection, and data flow.

A key architectural innovation is the parallel deployment of two AES cores. By distributing incoming data blocks across the two cores in a pipelined fashion, the design theoretically doubles throughput compared to a single‑core solution. The authors target line rates exceeding 10 Gbps, which translates to per‑block latencies on the order of tens of nanoseconds. The module supports three AES key lengths (128, 192, and 256 bits) and six encryption modes: CBC, ECB, GCM, XTS, CTR, and 3DES. This breadth of configurability enables the SOC to serve a wide range of applications—from real‑time streaming and VPNs to storage encryption and legacy system compatibility.

From a hardware perspective, the design emphasizes power‑efficiency and area savings. Clock gating and dynamic voltage scaling are applied to idle cores, and the inter‑core communication is minimized to reduce routing congestion. Each AES core contains an independent key‑schedule unit, preventing key‑dependency hazards during parallel operation. The 3DES core is retained for backward compatibility but can be disabled to reclaim power and silicon area when not required.

Performance estimates obtained from RTL simulation and FPGA prototyping show an average encryption latency of 45 ns for the dual‑AES configuration and 120 ns for the 3DES core. Power consumption is reported at roughly 150 mW per AES core and 200 mW for the 3DES core, while the total silicon footprint occupies about 1.2 mm² in a 45 nm CMOS process—a 30 % area increase over a single‑core design, justified by the throughput gains.

Security considerations are addressed at a high level. By moving cryptographic operations into dedicated hardware, CPU load is reduced, and the system can employ authenticated encryption modes such as GCM to guarantee both confidentiality and integrity. The authors acknowledge potential side‑channel vulnerabilities inherent to hardware implementations; they propose countermeasures such as independent key‑schedule randomization and clock jitter, though quantitative side‑channel analysis is not presented.

In conclusion, the work demonstrates a practical approach to integrating flexible, high‑performance cryptographic acceleration into an SOC using existing IP cores. The parallel AES architecture, combined with multi‑mode support and optional 3DES compatibility, offers a compelling solution for modern network‑centric devices that demand both speed and adaptability. Future work should focus on silicon‑level validation, detailed power‑area trade‑off studies, and rigorous side‑channel resistance testing to fully certify the module for deployment in security‑critical environments.