PKE-IP-85 Public Key Engine Family

The Rambus SCA-resistant PKE-IP-85 family of Public Key Engine cores provide semiconductor manufacturers with superior public key cryptography acceleration. The cores are easily integrated into ASIC/SoC and FPGA devices, offer a high-level of resistance to Differential Power Analysis (DPA), and, optionally, offer detection of Fault Injection Attacks (FIA).

The PKE solution accelerates RSA operations with up to 8-Kbit key size and ECC operations up to 521-bit key size. The PKE natively accelerates Elliptic Curve Based Digital Signature sign, verify and key generation operations using NIST, Curve448, Curve25519, Brainpool and, optionally, SM2/SM2DSA curves.

How the PKE-IP-85 Public Key Engine Works

The DPA-resistant and FIA-resistant PKE solution is comprised of a big-integer hardware Math Unit, a hardware Command Generator, firmware and software driver components.

Functional interfaces of the PKE core include a 32-bit AHB interface, a 32-bit low-level command interface, and a context SRAM interface and scratch pad interface. A system host controller writes input data for a high-level public key-based cryptographic operation (such as RSA, ECC) into a dedicated SRAM and issues high-level commands to the Command Generator. The PKE can also accelerate to a lower level by making direct calls to the Math Unit that accesses keys and data stored in a dedicated SRAM while performing its operations. The PKE firmware provides the required blinded key shares to the hardware core.

PKE-IP-85 Block Diagram
PKE-IP-85 Block Diagram

The cores are extensively side-channel validated using Test Vector Leakage Assessment methodology and show no leakage beyond 1 million operations. This results in a core that is protected against side-channel attacks beyond 10 million operations. The FIA-resistant core detects faults that are injected by lasers or EM pulses, for example.

Solution Offerings

Rambus logo