Security IP icon

Security

High Speed Public Key Accelerator

The Rambus High Speed Public Key Accelerator PKI-IP-154 (EIP-154 formerly the Inside Secure) is a family of cryptographic IP cores designed for full scalability and an optimal performance over gate count ratio. The PKA-IP-154 can be deployed in any semiconductor design that needs key exchange or key generation at extreme high performance. The PKI-IP-154 public key accelerators combine an array of Public Key Accelerators (PKA) from the Rambus PKA-IP-28 and True Random Number Generators (TRNG) from the Rambus TRNG-IP-76 with an AMBA interface such as AXI or AHB.

Up to 4160-bit modulus size for RSA & 768-bit modulus for prime field ECC operations.

Two different performance configurations for RSA/CRT operations

Extreme performance public key signature generation, verification & key negotiation.

How the High Speed Public Key Accelerator works

The PKI-IP-154 public key accelerators are suitable for a wide range of applications:

  • High performance (Elliptic Curve) Diffie-Hellman key negotiation engines for secure router boxes, secure network interfaces and SSL servers.
  • High performance secure Public Key signature generator/checker engines in Hardware Security Modules.

The PKI-IP-154 is available in two different performance configurations that have gate counts of 350K and 1000K, each providing the full set of TRNG and PKA operations with up to 4160-bit modulus size for modular exponentiations and 768-bit modulus for prime field ECC operations. The PKI-IP-154 is a security conscious design and can be provided with or without protection against side channel attacks.

PKI-IP-154 RSA/ECC Public Key Infrastructure engine
PKI-IP-154 RSA/ECC Public Key Infrastructure engine

Technical Specifications

Performance @500MHz for the 10 engine solution:

  • DH 180/1K-bit exp/mod negotiate: 42,250 ops/s
  • RSA 1K-bit sign (no CRT): 8,600 ops/s
  • RSA 1K-bit sign (with CRT): 22,630 ops/s
  • RSA 1K-bit verify (17 bits exp): 103,000 ops/s
  • DSA 160/512-bit exp/mod sign: 46,250 ops/s
  • DSA 160/512-bit exp/mod verify: 31,880 ops/s
  • ECDSA 192-bit sign: 12,500 ops/s
  • ECDSA 192-bit verify: 7,630 ops/s
  • ECDSA 384-bit sign: 4,130 ops/s
  • ECDSA 384-bit verify: 2,310 ops/s
  • ECDSA 521-bit sign: 2,310 ops/s
  • ECDSA 521-bit verify: 1,190 ops/s
  • Runs faster in 28nm (700MHz) and 16nm (800MHz), performance scales with smaller process nodes.

 

CryptoManager Root of Trust Cover

The CryptoManager Root of Trust

Built around a custom RISC-V CPU, the Rambus CryptoManager Root of Trust (CMRT) is at the forefront of a new category of programmable hardware-based security cores. Siloed from the primary processor, it is designed to securely run sensitive code, processes and algorithms. More specifically, the CMRT provides the primary processor with a full suite of security services, such as secure boot and runtime integrity, remote attestation and broad crypto acceleration for symmetric and asymmetric algorithms.

Don’t miss out on the Rambus Design Summit on October 8th!