Go Back

Source code


Name: cryptopan_core
Created: Feb 16, 2007
Updated: Feb 26, 2010
SVN Updated: Mar 10, 2009

Other project properties

Category: Crypto core
Language: VHDL
Development status: Stable
Additional info: Design done , FPGA proven
WishBone Compliant: No
License: GPL


A hardware implementation of Crypto-PAn[1]. The core makes use of a fully pipelined 128-bit AES (Rijndael) cipher engine as the underlying pseudorandom function, supports online key changes, and is capable of line rates exceeding gigabit ethernet.
[1] Blake, A. and Nelson, R. 2008. Scalable Architecture for Prefix Preserving Anonymization of IP Addresses. In Proceedings of the 8th international Workshop on Embedded Computer Systems: Architectures, Modeling, and Simulation (Samos, Greece, July 21 - 24, 2008). M. Bereković, N. Dimopoulos, and S. Wong, Eds. Lecture Notes In Computer Science, vol. 5114. Springer-Verlag, Berlin, Heidelberg, 33-42. DOI= http://dx.doi.org/10.1007/978-3-540-70550-5_5


Crypto-PAn features:
- One to one mapping from original IP address to anonymized IP address
- Prefixes are preserved. That is, if two original IP addresses sharea a k-bit prefix, their anonymized mapping also share a k-bit prefix.
- Consistency is maintained across traces. That is, the same IP address in differant traces is mapped to the same anonymized IP address, if the secret key used is the same.
Core features:
- Fully pipelined
- AES(Rijndael) engine capable of 32Gbit/s throughput on Virtex-4.
- Supports online secret key changes.
- Compatiable with Jinliang Fan's C+++ reference implementation. That is, using the same secret keys, IP addresses will map to the same anonymous IP addresses.
- Capable of anonymizing traces at line rates above gigabit ethernet.


Verified in hardware on XCV4FX60 FPGA.