Security Icon

Security

High Speed Public Key Accelerator

The PKI-IP-154 (EIP-154) is a family of IP cores designed for full scalability and an optimal performance over gate count ratio. The PKI-IP-154 implements a farm of PKA-IP-28 public key accelerators to address the needs very high key generation and key exchange solutions. The PKA-IP-154 can be deployed in any semiconductor design that needs key exchange or key generation at extreme high performance. The PKI-IP-154 public key accelerators combine an array of PKA-IP-28, TRNG-IP-76 with an AMBA interface such as AXI or AHB.

Up to 4160-bit modulus size for RSA & 768-bit modulus for prime field ECC operations. TRNG

2 different performance configurations ranging from 4.9K..22.6K 1K bit RSA/CRT ops.

Extreme performance public key signature generation, verification & key negotiation.

How the High Speed Public Key Accelerator works

The PKI-IP-154 public key accelerators are suitable for a wide range of applications:

  • High performance (Elliptic Curve) Diffie-Hellman key negotiation engines for secure router boxes, secure network interfaces and SSL servers.
  • High performance secure Public Key signature generator/checker engines in Hardware Security Modules.
 

The PKI-IP-154 is available in 2 different performance configurations ranging from 350K to 1000K gates designs, each providing the full set of TRNG and PKA operations with up to 4160-bit modulus size for modular exponentiations and 768-bit modulus for prime field ECC operations. The PKI-IP-154 is a security conscious design and can be provided with or without protection against side channel attacks.

PKI-IP-154 RSA/ECC Public Key Infrastructure engine
PKI-IP-154 RSA/ECC Public Key Infrastructure engine

High Speed Public Key Accelerator Information

Key benefits:

  • Silicon-proven implementation.
  • Fast and easy to integrate into SoCs
  • Flexible layered design
  • Complete range of configurations
  • World-class technical support
  • In-field upgradable Firmware
  • Driver Development Kit
 

Performance @500MHz for the 10 engine solution:

  • DH 180/1K-bit exp/mod negotiate: 42,250 ops/s
  • RSA 1K-bit sign (no CRT): 8,600 ops/s
  • RSA 1K-bit sign (with CRT): 22,630 ops/s
  • RSA 1K-bit verify (17 bits exp): 103,000 ops/s
  • DSA 160/512-bit exp/mod sign: 46,250 ops/s
  • DSA 160/512-bit exp/mod verify: 
31,880 ops/s
  • ECDSA 192-bit sign: 12,500 ops/s
  • ECDSA 192-bit verify: 7,630 ops/s
  • ECDSA 384-bit sign: 4,130 ops/s
  • ECDSA 384-bit verify: 2,310 ops/s
  • ECDSA 521-bit sign: 2,310 ops/s
  • ECDSA 521-bit verify: 1,190 ops/s
  • Different configurations are available
    example range 4.9K..22.6K 1K bit RSA/CRT ops/s
  • Runs faster in 28nm (700MHz) and 16nm (800MHz), performance will scale.
CryptoManager Root of Trust Cover

The CryptoManager Root of Trust

Built around a custom RISC-V CPU, the Rambus CryptoManager Root of Trust (CMRT) is at the forefront of a new category of programmable hardware-based security cores. Siloed from the primary processor, it is designed to securely run sensitive code, processes and algorithms. More specifically, the CMRT provides the primary processor with a full suite of security services, such as secure boot and runtime integrity, remote attestation and broad crypto acceleration for symmetric and asymmetric algorithms.

Related Markets & Applications

FREE Webinar: Understanding Fault Injection Attacks and Their Mitigation