We detect you are using an unsupported browser. For the best experience, please visit the site using Chrome, Firefox, Safari, or Edge. X
Maximize Your Experience: Reap the Personalized Advantages by Completing Your Profile to Its Fullest. Update Here
Stay in the loop with the latest from Microchip. Update your profile while you are at it. Update Here
Complete your profile to access more resources. Update Here
Cross-reference search

Securing High-Throughput RISC-V® Systems: Rambus Inline Cipher Encryption IP Validated on Microchip PolarFire® FPGA

Users who have struggled with performance bottlenecks in secure embedded systems will now be able to achieve real-time data protection thanks to the integration of Rambus ICE-IP-63 Inline Cipher Encryption (ICE) with Microchip’s Mi-V PolarFire® FPGA ecosystem.

What Is Inline Encryption and Why Is It Needed?

Imagine a city’s water supply system. Water can be quickly distributed through pipes, but without filtration, it may not be safe to drink. Adding a filtration system provides safety, yet it introduces two critical factors:

  • Flow rate, which determines how fast the water moves
  • Filtration efficiency, which determines how thoroughly the water is cleaned

Similar trade-offs exist in data security. As data flows between processors and memory, it must be secured through encryption to remain protected. Traditional encryption functions like an external filtration plant; data must stop, get processed and then continue its journey. While the encryption strength (filtration efficiency) may be adequate, the flow rate (latency) can be heavily impacted, slowing down performance and response times.

Inline encryption changes that model. Instead of decelerating the flow, it integrates the “filtration system” directly into the data path. Data is protected continuously as it moves, maintaining both low latency and strong security. This balance between latency and security is critical in today’s high-performance system, where every millisecond counts.

The Rambus ICE-IP-63 solution embodies this balance, providing high-throughput, low-latency protection that enables real-time data security without compromising performance.

A Proven Solution for Real-Time, Inline Security

This article explores how the collaboration between Rambus and Microchip delivers a practical path toward secure, high-performance RISC-V system. You’ll learn:

  • Why inline encryption is becoming essential in modern embedded and data-center designs
  • How the Rambus ICE-IP-63 engine works inside Microchip Mi-V PolarFire® FPGA ecosystem
  • What makes this integration unique from both an architectural and application standpoint
  • Which real-world use cases, from edge computing to networking and AI acceleration, benefit most from this approach

By the end, you will understand how Rambus ICE-IP-63 transforms security from a performance burden into an enabler of innovation.

The Rise of Inline Encryption in Modern Data Architectures

As data rates skyrocket across applications like 5G, AI inference and automotive networking, the demand for cryptographic protection grows just as fast. Software-based encryption or external accelerators often cannot keep up, introducing latency, power overhead and complex bus interactions. Inline security addresses this by embedding encryption directly into the data path, allowing information to be encrypted and authenticated as it moves.

The main trends driving this need are:

  • Performance parity: designers need security engines that run at the same line rate as the I/O subsystem
  • Determinism: Real-time systems cannot tolerate unpredictable latency from encryption. Thus, deterministic latency is essential
  • Integration simplicity: FPGAs now require IP blocks that can connect directly to DMA, PCIe® or Ethernet with minimal glue logic

Rambus has a long heritage in security and cryptographic acceleration IP, deployed across numerous applications from secure SoCs to enterprise storage. The ICE-IP-63 leverages this heritage in designing a multi-channel, inline cryptographic accelerator engine purpose-built for modern data paths.

Inside the Technology: How Rambus ICE-IP-63 Powers Secure Mi-V Systems

  1. Performance meets protection

    The ICE-IP-63 engine accelerates the cryptographic AES-CTR, AES-GCM and GMAC algorithms/modes, providing both confidentiality and integrity with line-rate performance. Supporting multiple channels, each channel maintains its own Initialization Vector (IV), key and tunnel state, allowing deterministic behavior even under heavy traffic. This makes it ideal for real-time systems that demand low jitter, such as AI inference pipelines or industrial control loops.

  2. Built-in fault handling and resilience

    Security is not just about encryption; it is also about reliability. The ICE-IP-63 includes automatic exception detection for conditions like IV counter overflow (providing uniqueness of used IVs for a given key), counter mismatch (loss of synchronization between data and internal counters) or authentication-tag failure (integrity check errors indicating tampering or corruption).

    When an anomaly occurs, the system firmware is immediately alerted, enabling safe recovery and audit logging. In addition, these mechanisms are essential for certification under frameworks such as FIPS 140-3 and SESIP, where deterministic fault handling and auditability are mandatory.

  3. Seamless integration within the Mi-V ecosystem

    Microchip’s Mi-V PolarFire FPGA environment provides the perfect platform for deploying an ICE-IP-63 accelerator. Through lightweight configuration interfaces, the RISC-V host processor can program encryption keys, IVs and operating modes without heavy CPU involvement. Data flowing through DMA, memory or PCIe is automatically encrypted inline, maintaining security throughout while drastically reducing software load.

    This synergy allows designers to build secure data paths for applications without external crypto accelerators.

  4. Scalability for moder applications

    The modular architecture of the ICE-IP-63 allows multiple encryption tunnels to operate concurrently, making it adaptable from low-power embedded systems to multi-gigabit data-center designs. When combined with PolarFire FPGAs’ deterministic power and timing characteristics, the result is a secure-by-design platform ready for 100 Gbps to 2.4 Tbps data paths.

  5. Real world use cases

    Typical applications for the ICE-IP-63 accelerator are, but are not limited to:

    • PCIe and CXL Security: protect data transfers between CPUs and accelerators without host-CPU overhead
    • NVMe and Storage Encryption: Safeguard data at rest with minimal latency
    • MACsec/IPsec offload: enable high-throughput secure networking in edge and telecom environments
    • 5G and AI Edge: deliver deterministic, hardware-based protection for next-generation connected systems

Figure 1: A conceptual block diagram overview of ICE-IP-63

Your Path to Secure, High-Performance Design

The integration of the Rambus ICE-IP-63 engine within the Microchip Mi-V PolarFire ecosystem enables designers by providing them a valuable tool to achieve both world-class performance and uncompromising data protection. Inline encryption is no longer a bottleneck; it’s an accelerator for secure designs.

By starting from a Microchip FPGA implementation that is already validated, customers can accelerate their time to market and minimize the risk associated with first silicon success, a critical advantage in today’s fast-moving embedded markets.

To learn more about Rambus Inline Memory Encryption, visit the site. For additional details on ICE-IP-63, check out the page. Please feel free to contact our team at any point.

Berardino Carnevale, Sr. Technical Product Marketing Manager, Rambus Silicon IP - Security, Dec 10, 2025
Tags/Keywords: Security
Page link copied to clipboard