The Cryptographic Coprocessor (or CryptoSoc Accelerator) is a hardware IP core platform that accelerates cryptographic operations in System-on-Chip (SoC) environment on FPGA (Altera SoC, Xilinx Zynq) and ASIC.
Symmetric operations are offloaded very efficiently as it has a built-in scatter/gather DMA. The coprocessor can be used to accelerate/offload IPsec, VPN, TLS/SSL, disk encryption, or any custom application requiring cryptography algorithms.
Silex Insight offer in total 3 Crypto Coprocessors variants to accommodate the different market needs; all of them offer full security features, and the same crypto engines can be included:
• Compact (BA457): Specifically designed for devices with strict power and area constraints.
• Standard (BA450): Integrates desired cryptographic IP cores additional interfacing, DMA and software layers.
• Premium (BA456): Builds on top of standard features to support isolated hardware key generation.
- Scalable architecture and crypto engines for optimal performance/resource usage
- Configurable for perfect application fit
- 100% CPU offload with low latency and high throughput
- Optional DPA countermeasures for AES, PK and SM4
- Can use keys (from PUF or others) not visible by CPU
- Full software/driver support
- mbedTLS integration
- OpenSSL support
- Linux drivers (Crypto API integration)
- Easy integration
- AHB/AXI interfaces
- FIPS 140-2 validated:CAVP #C742
- Low power
- Hidden asymmetric keys (attestation)
- Hardware key generation (hidden from CPU)
- Protection against fault-injections
- The coprocessor platform integrates your desired selection of our cryptographic IP cores (including our TRNG solutions), additional interfacing, DMA and software layers providing a complete solution.
- The following cryptographic engines can be selected to be integrated:
- Public Key Cryptography (RSA, ECC, ECDSA, ECDH, SM2, SM9 …)
- Random Number Generator (compliant with NIST-800-90A/B/C)
- AES (CTR, CCM, CMAC, GCM/GMAC, XTS, ECB, CBC,…)
- Random Number Generator (non-deterministic and deterministic)
- Hash: SHA-1/SHA-2/SM3/HMAC, SHA-3
- 3GPP security (ZUC, KASMI, SNOW_3G)
- DES and 3-DES (Ideal for legacy)
- Netlist or RTL
- SW drivers (Linux) & OpenSSL Scripts for implementations
- Self-checking RTL test-bench based on FIPS vectors
- Secure Communication (TLS, IPSec, BLE, Zigbee, others…)
- Secure boot support
- Secure storage
- Key generation
Block Diagram of the Crypto Coprocessor (Premium) IP Core