WARNING!

This AES implementation is intended to be used as a primitive for the implementation of authenticated ciphers and other more complex cryptographic algorithms that include AES as a basic building block. The designer should ensure that any temporary value of the output dout of the AES core, other than the result of the final encryption or decryption, is neither visible at the primary outputs of the top-level unit, nor it can be calculated based on the values of these outputs.

Leaking partial encryption/decryption results of the AES calculations via dout to any external ports may lead to a very serious cryptographic weakness of any cryptographic module including this AES core as a building block. This weakness can be easily eliminated by blocking any partial results from ever leaking to the ports of the top-level circuit by using an appropriate 128-bit register connected to the output dout of the AES unit, and enabled only at the end of the 10th round of encryption and decryption, respectively.