The Public Key Crypto Engine is a versatile IP core for hardware offloading of all asymmetric cryptographic operations. It enables any SoC, ASIC and FPGA to support efficient execution of RSA, ECC-based algorithms and more. The IP core is ready for all ASIC and FPGA technologies.
Complete asymmetric cryptography support
Elliptic Curve Cryptography (ECC) operations
• ECC operations up to 571 bits in F(p) and F(2m)
• ECDSA and ECDH support
• NIST, Brainpool, Koblitz curves, Montgomery, Edwards, Twisted-Edwards, SM2, SM9 and other curves
Modular Exponentiation operations
• RSA and RSA-CRT up to 8192 bits
• DSA and Diffie-Hellman (DH)
• Curve25519/Curve448, EdDSA/Ed448, SRP and others
• Special operations: J-PAKE, ECMQV, ECIES, ECKCDSA
• Rabin-Miller (primality check)
100% CPU offload asymmetric cryptography
The Public Key IP core is the perfect companion to your processor or microcontroller. It executes high level operations (ECDSA, Diffie-Hellman…) completely stand-alone. The host controller does not need to interact with the Public Key IP core except for configuring the operation and reading out the result.
Scalable architecture matching any application
The core processing unit is scalable in performance and resource allowing both very high performance and very small configurations. The granularity of these configurations guarantees the best trade-off between technology, performance and area.
DPA and Timing attack resistance
By construction, the IP is protected against timing attacks. DPA countermeasures are available for both ECC and RSA operations. With DPA countermeasures, the cryptographic operations are strongly protected against side channel attacks.
Low resource usage and high performance
Thanks to its scalable architecture, the Public Key IP core can have a very low gate count delivering the most power efficient way to execute ECC/RSA algorithms in ASIC.
In terms of FPGA resources, it fits into the smallest FPGAs. Latest FPGA devices such as the Intel Arria 10/Stratix 10, Xilinx UltraScale+ and others enable extremely low execution time.
Custom operations possible on request
The flexibility of the architecture enables us to implement custom algorithms and schemes. For more information, please contact us.
To easily interface the IP core with your software application, several solutions are possible. A Linux Kernel Module (LKM) and OpenSSL engine are available. An OS-Independent software library is also available for small MCU and bare-metal software integration.
The Public Key Cryptography IP core is available in our eSecure Root-Of-Trust (BA470), Crypto Coprocessor (BA450) and TLS Handshake Accelerator/Blockchain accelerator (BA452).
- ASIC & FPGA (Xilinx, Intel, Microchip, Lattice…)
- RSA, ECC and more
- ECDH, ECDSA
- DSA, DH
- SM9 - NEW!!!
- 100% CPU offload
- DPA countermeasures
- Very small footprint & high performance
- 100% CPU off-load
- Unrivaled speed performance
- Optimal and tailored implementation to your needs
- Highest performance/area ratio for a large range of applications
- Reconfigurable and scalable features
- Portable and optimized to ASIC or FPGA technology
- Upgradeable to new performance requirements or to new generations of ASIC or FPGA technology
- User-friendly API
- Netlist or RTL
- Scripts for synthesis & STA
- Self-checking TestBench based on FIPS vectors
- MPU/MCU Crypto acceleration
- Hardware Security Module (HSM)
- Enterprise VPN
- Industrial communications
- Networking security
Block Diagram of the Public Key Crypto Engine IP Core