Fast Low Level Disk Encryption Using FPGAs

TL;DR

This work tackles the challenge of high-speed, hardware-based disk encryption by evaluating tweakable enciphering schemes on FPGAs. It implements two modern TES options, FAST and AEZ, and benchmarks them against IEEE standards XCB and EME2 using AES as the underlying block cipher, focusing on fixed-length sector encryption with $n=128$ and sector sizes of $4096$ bytes. The results show FAST variants, especially FAST[$ ext{AES}$,BRW]-2, deliver the highest throughput and smallest area on both Virtex $5$ and $7$ platforms, while AEZ-2 variants require more resources yet remain competitive; XCB and EME2 are generally outperformed in both speed and area. The findings support FAST as a strong candidate for disk manufacturers and standardisation bodies, enabling fast, hardware-based disk encryption in future deployments.

Abstract

A fixed length tweakable enciphering scheme (TES) is the appropriate cryptographic functionality for low level disk encryption. Research on TES over the last two decades have led to a number of proposals many of which have already been implemented using FPGAs. This paper considers the FPGA implementations of two more recent and promising TESs, namely AEZ and FAST. The relevant architectures are described and simulation results on the Xilinx Virtex 5 and Virtex 7 FPGAs are presented. For comparison, two IEEE standard schemes, XCB and EME2 are considered. The results indicate that FAST outperforms the other schemes making it a serious candidate for future incorporation by disk manufacturers and standardisation bodies.

Figures (5)

• Figure 1: Architecture for FAST[ AES,BRW]-2.
• Figure 2: Time diagram for encryption using FAST[AES,BRW]-2.
• Figure 3: Pipelined architecture for AEZ using two AES-encryption cores.
• Figure 4: Two ways to compute the masks $j\cdot J$. In the figure $\times 2$ denotes doubling.
• Figure 5: Timing diagram for encryption using AEZ.