AES-GCM Multi-Booster

The AES-GCM Multi-Booster crypto engine is a scalable implementation of the AES-GCM algorithm compliant with the NIST SP 800-38D standard. The unique architecture enables high throughput while maintaining an optimal resource usage.

The AES-GCM (Galois Counter Mode) is an authenticated encryption algorithm which combines the AES counter mode for encryption and the Galois field multiplier for the authentication. The encryption and authentication occur in parallel to enable high throughput. Part of the data, such as the protocol header, may only be authenticated as it is done for MACsec.

The AES-GCM is the only authenticated encryption algorithm recommended by NIST enabling very high throughput. The GCM cipher mode is well suited to secure high speed communication channels and referenced in several standards such as MACsec (IEEE 802.1A), Fiber Channel Security Protocol (FC-SP), IPsec.



The unique architecture enables high level of flexibility. The throughput and features requested will be taken into account in order to select the most optimal configuration. It is easily portable to ASIC and FPGA technologies and addresses a wide range of networking applications where security is a concern.

The AES-GCM  Multi-Booster crypto engine includes key management and context switching. The optimized context switching enables handling of multiple virtual streams of data within a single core. The key can be selected for each packet independently. The advanced pipelined architecture of the AES-GCM core enables small data packets to be processed without penalty on performance.

For other AES solutions, please see dedicated product sheets: AES Multi-Purpose (BA411e) and AES-XTS Multi-Booster (BA416).



  • ASIC and FPGA
  • High throughput:
    • ASIC: 2Tbps
    • FPGA: 100 Gbps/s
  • Guaranteed performance with small packets
  • 128-bit and 256-bit key
  • NIST SP 800-38D compliant
  • Scalable solution
  • Can be provided with AXI DMA & software
  • Context switching & management
  • Low latency
  • Best trade-off between area and performance
  • Straight forward integration with simple FIFO interfaces



  • MACsec/IPsec/TLS
  • Optical transport
  • Broadband access
  • WPA3 support