Security Icon

Security

PKA-IP-28 / EIP-28 RSA/ECC Public Key Accelerators

PKA-IP-28 (EIP-28) is a family of IP cores designed for full scalability and an optimal performance over gate count ratio. The PKA-IP-28 public key accelerators address the unique needs of semiconductor OEMs and provide a reliable and cost-effective IP solution that is easy to integrate into SoC designs. The PKA-IP-28 can be deployed in any semiconductor design that needs key exchange or key generation at high performance or in low power consumption. 

Up to 4160-bit modulus size for RSA & 768-bit modulus for prime field ECC operations

Nine different performance configurations ranging from 103…3,500 1K bit RSA/CRT ops

Public key signature generation, verification & key negotiation with little involvement of Host. FIPS-140 approved

How the PKA-IP-28 works

The PKA-IP-28  public key accelerators are suitable for a wide range of applications:

  • Small gate count (IoT or mobile) applications for secure boot, software public key signature checking and ‘occasional’ public key operations as used for IPsec and MACsec channel setup and firmware download signatures
  • Medium to high performance (Elliptic Curve) Diffie-Hellman key negotiation engines for secure router boxes, secure network interfaces and SSL servers
  • Medium to high performance secure public key signature generator/checker engines in hardware security modules
 

The PKA-IP-28 is available in nine different performance configurations ranging from 19K to 515K gates designs, each providing the full set of PKA operations with up to 4160-bit modulus size for modular exponentiations and 768-bit modulus for prime field ECC operations. The PKA-IP-28 is a security conscious design and can be provided with or without protection against side channel attacks. The PKA-IP-28 is also available as embedded PKA in our Vault-IP and PKA-IP-154 product lines.

PKA-IP-28 RSA/ECC Public Key Accelerators
PKA-IP-28 RSA/ECC Public Key Accelerators

PKA-IP-28 Information

Key benefits:

  • Silicon-proven implementation
  • FIPS approved in VaultIP
  • Fast and easy to integrate into SoCs
  • Flexible layered design
  • Complete range of configurations
  • World-class technical support
  • In-field upgradable firmware
  • Driver development kit
 

Performance @400MHz

  • DH 180/1K-bit exp/mod negotiate: 10,500 ops/s
  • RSA 1K-bit sign (no CRT): 2,000 ops/s
  • RSA 1K-bit sign (with CRT): 3,500 ops/s
  • RSA 1K-bit verify (17 bits exp): 70,000 ops/s
  • DSA 160/512-bit exp/mod sign: 16,000 ops/s
  • DSA 160/512-bit exp/mod verify: 
8,900 ops/s
  • ECDSA 192-bit sign: 2,950 ops/s
  • ECDSA 192-bit verify: 1,650 ops/s
  • ECDSA 384-bit sign: 900 ops/s
  • ECDSA 384-bit verify: 490 ops/s
  • Smaller and slower versions available:
    example range 103…3,500 1K bit RSA/CRT ops/s
  • Runs faster in 28nm (700MHz) and 16nm (800MHz), performance will scale.
 

The PKA-28 accelerates the following basic operations in hardware:

  • Large vector addition, subtraction and combined 
addition/subtraction
  • Large vector bit shift right or left
  • Large vector multiplication, modulo and division (the 
latter generates both remainder and quotient)
  • Large vector compare and copy
 

The PKA-28 accelerates the following complex operations under control of an embedded sequencer microcontroller using locally stored firmware:

  • Large vector unsigned value modular exponentiation
  • Large vector unsigned value modular exponentiation 
using the ‘Chinese Remainders Theorem’ (‘CRT’) 
method with pre-calculated Q inverse vector
  • Modular inversion: given A and M, calculate B such 
that ((AŸB) MOD M) = 1
  • Prime field ECC point addition/doubling on elliptic 
curve y2=x3+ax+b (mod p) with ‘p’ a prime number and ‘a’ and ‘b’ input values to the operation, adding identical points automatically performs point doubling – operation can be performed with affine and projective points
  • Prime field ECC point multiplication on elliptic curve y2=x3+ax+b (mod p) with ‘p’ a prime number and ‘a’ and ‘b’ input values to the operation – a version of the ‘Montgomery ladder’ algorithm, point randomization and point-on-curve checking are used to provide side channel attack protection 
The Sequencer firmware hides the fact that the modular exponentiations and ECC point multiplication are done using numbers in the Montgomery domain.
For improved performance of modular exponentiation operations, the Public Key Accelerator employs exponent recoding techniques that use a table with pre-calculated odd powers (filling this table is performed by the sequencer firmware). The smallest configurations can optionally use the ‘Montgomery Ladder’ algorithm for modular exponentiation (lower performance but fixed timing).
 

Interfaces:

  • Host Interface:
    • TCM target interface for configuration and control
    • Also available as PKA-150 with AMBA slave (AXI or AHB).
    • Local memories:
      • 2K or 4K Byte data RAM (1K and 8K Byte possible)
      • 2K … 4K words of 32 bits program RAM (ROM optional)
      • 47 … 132 words of 32 bits FIFO RAM for faster configurations
      • Interrupt outputs (functional and alarm)
CryptoManager Root of Trust Cover

The CryptoManager Root of Trust

Built around a custom RISC-V CPU, the Rambus CryptoManager Root of Trust (CMRT) is at the forefront of a new category of programmable hardware-based security cores. Siloed from the primary processor, it is designed to securely run sensitive code, processes and algorithms. More specifically, the CMRT provides the primary processor with a full suite of security services, such as secure boot and runtime integrity, remote attestation and broad crypto acceleration for symmetric and asymmetric algorithms.
Download White Paper

Related Markets & Applications

FREE Webinar: Understanding Fault Injection Attacks and Their Mitigation