Encryption requirements are now found in almost every new System-on-a-chip (SoC) design. From digital rights management, through storage security and virtual private network (VPN) applications, security is becoming a mandatory feature. The throughput requirement in modern networks is also rising significantly, and as such the processing required for encryption and decryption is substantial.

This paper focuses on symmetric offload in a packet processing system for IPsec, but the concepts apply equally well to SSL, SRTP and link security. The assumption is that the keys have already been derived through an administrative process or key exchange through asymmetric cryptography in software, and that the SoC designer is therefore focusing on the bulk encryption and hashing of packets in a virtual private networking (VPN)-enabled gateway design.