At Rambus, we create cutting-edge semiconductor and IP products, spanning memory and interfaces to security, smart sensors and lighting.
The Rambus Quantum Safe Engine (QSE) IP provides Quantum Safe Cryptography acceleration for ASIC, SoC and FPGA devices. The QSE-IP-86 core is typically integrated in a hardware Root of Trust or embedded secure element in chip designs together with a PKE-IP-85 core that accelerates classic public key cryptography and a TRNG-IP-76 core that generates true random numbers. For highly secure applications requiring additional protection against differential power analysis (DPA) attacks, a DPA version of the QSE is available.
The QSE supports the FIPS 203 ML-KEM and FIPS 204 ML-DSA draft standards. The embedded QSE core firmware allows the core functionality to be updated to adapt to potential future updates in the NIST specifications.
Contact
Product BriefProtecting Data and Devices Now and in the Quantum Computing Era
Quantum computing is being pursued across industry, government and academia with tremendous energy and is set to become a reality in the not-so-distant future. Once sufficiently large quantum computers exist, traditional asymmetric cryptographic methods for key exchange and digital signatures will be broken. Many initiatives have been launched throughout the world to develop and deploy new quantum-resistant cryptographic algorithms, known as Post-Quantum Cryptography (PQC).
How the QSE-IP-86 Quantum Safe Engine works
The QSE employs FIPS 203 ML-KEM, based on the CRYSTALS-Kyber algorithm, for key exchange and key de/encapsulation. This is combined with FIPS 204 ML-DSA, based on the CRYSTALS-Dilithium algorithm for digital signature, signature verification and key generation. Both operations are offered at up to NIST Category 5. The embedded SHA-3, SHAKE-128, SHAKE-256 accelerators are used to accelerate hash and extendable-output (XOF) functions.
The QSE is comprised of a RISC-V CPU, a lattice accelerator, a SHA-3 hash and SHAKE XOF accelerator, a host interface and firmware and software driver components.
A system host controller writes input data for a high-level cryptographic operation (such as ML-KEM, ML-DSA or SHA-3) into a dedicated SRAM and issues high-level commands to the QSE’s internal CPU. The internal CPU controls the lower-level operations and leverages the internal hardware modules (PQ core for NTT/inverse NTT operations, SHA-3 core for SHAKE) to accelerate the calculations. The internal CPU accesses keys and data stored in a dedicated SRAM while performing its operations.
The SHA-3/SHAKE core integrated in the QSE is also available for SHA-3 acceleration operations for (future) support of hash-based signature verify operations (like XMSS/LMS) implemented on the host processor.
At 1GHz, the Rambus QSE performs 7,100/13,500 ML-KEM-1024 (CRYSTALS-Kyber Cat-5) decapsulation/encapsulation operations per second and typically up to 1,400 ML-DSA-87 (CRYSTALS-Dilithium Cat-5) sign operations per second.
Solution Offerings
- Compliant with FIPS 203 ML-KEM and FIPS 204 ML-DSA draft standards
- Uses CRYSTALS-Kyber, CRYSTALS-Dilithium quantum-resistant algorithms
- Includes SHA-3, SHAKE-128 and SHAKE-256 acceleration
- The embedded QSE CPU combined with Rambus-supplied firmware implements the full FIPS 203/204 protocols
- Can be used stand alone or integrated into higher function security cores
- Offered as standard QSE-IP-86 or as DPA-protected QSE-IP-86-DPA
- Supports ASIC, SoC and FPGA implementations
- Firmware programmable to allow updates with evolving quantum-resistant standards
Complete Documentation
- Integration guides
- Reference manual
- Application developer guide
RTL and FW Package
- Verilog RTL for synthesis and simulation
- Standard EDA tool flow scripts and support files
- Verification test bench and test vectors
SW Package
- Driver Development Kit, including examples
