With Quantum Safe Cryptography
The Rambus RT-63x Root of Trust IP are fully programmable FIPS 140-3 compliant hardware security cores with optional Quantum Safe security by design for data center, AI/ML, as well as general purpose semiconductor applications. They protect against a wide range of hardware and software attacks through state-of-the-art anti-tamper and security techniques.
As Edge AI and other applications requiring protection evolve, device and system architects face a growing array of security threats, including the threat from quantum computers. Across applications, one constant is the need for a hardware Root of Trust-based security implementation.
The RT-63x Root of Trust family employs a custom 32-bit RISC-V siloed and layered secure co-processor, along with dedicated secure memories. The RT-630 features several high-capability cryptographic accelerators such as AES, HMAC, SHA2/3, RSA, ECC, and a NIST-compliant Random Bit Generator. The RT-631 adds the OSCAA SM2/3/4 Chinese cryptographic accelerators. The RT-632 builds on the RT-630 adding ChaCha20 and Poly1305 cryptographic accelerators. The RT-634 takes the robust feature set of the RT-630 and offers a Quantum Safe Engine with CRYSTALS-Kyber and CRYSTALS-Dilithium, as well as XMSS and LMS stateful hash acceleration, to safeguard against quantum computer attacks.
Satisfying use cases such as identity management, (Caliptra) attestation, and secure boot, the RT-63x products are ideally suited for data center and AI/ML applications where FIPS 140-3 validation is required and security is a priority.
This latest generation of the Rambus RT-600 Root of Trust IP offers many new features designed to support the security needs of customers today and into the future. These features include Quantum Safe Cryptography, Caliptra Root of Trust for Measurement (RoTM) emulation, an embedded physical unclonable function (PUF), as well as many architectural improvements, such as larger memory space and 64-bit addressing support.
The Rambus Root of Trust supports multi-tenant deployments by offering true multiple root of trust capabilities. Each individual secure application can be assigned its own unique keys, meaning permissions and access levels are set completely independent of others. Secure applications are siloed from each other, ensuring the best approach to security. OEMs can determine access levels and permissions for each and all processes operating within the secure processor.
The RT-630 is available in a FPGA configuration, targeting synthesis in programmable logic. This configuration is designed to map optimally (for max utilization and max frequency) into an FPGA fabric and connect either to on-board or external CPUs. In addition, the design is expanded with an additional OTP emulation model to overcome the lack of (or limitation of) true nonvolatile one-time programmable memory in certain FPGA families. This module allows storing secure assets in external flash in a secure way.
Included with the RT-63x Hardware Root of Trust products are a series of standard secure applications (“containers”) to speed development, including secure boot, identity management, HSM reference, and others. A container development kit (CSDK) is also included to allow the development of custom containers for specific use cases.
Rambus can optionally offer dedicated FIPS 140-3 support packages to its licensees that provide FIPS 140-3 related certification documentation, FIPS test scripts, and dedicated FIPS support.
Quantum computing is being pursued across industry, government and academia with tremendous energy and is set to become a reality in the not-so-distant future. Once sufficiently large quantum computers exist, traditional asymmetric cryptographic methods for key exchange and digital signatures will be broken. Many initiatives have been launched throughout the world to develop and deploy new quantum-resistant cryptographic algorithms, known as Post-Quantum Cryptography (PQC).
RT-630: Includes AES (all modes), HMAC, SHA-2/3 (all modes), RSA up to 4096 or 8192 bits, ECC up to 521 bits, a NIST SP 800-90a/b/c Random Bit Generator, LMS and XMSS hash-based signature schemes, and SHAKE XOF
RT-631: As per RT-630 + Chinese Encryption with OSCAA SM2/3/4
RT-632: As per RT-630 + IoT Encryption with ChaCha20/Poly1305
RT-634: As per RT-630 + Quantum Safe Engine with CRYSTALS-Kyber and CRYSTALS-Dilithium
|Linux Secure Boot||Implements secure boot for Linux OS, secured by the Root of Trust co-processor|
|Linux Secure FOTA||Implements secure Firmware Over the Air (FOTA) updates for Linux OS|
|Secure Boot||Uses the Root of Trust co-processor to assist in the secure boot process of ASICs and FPGAs|
|Secure Data Storage||Uses the Root of Trust co-processor to protect user credentials or biometric templates|
|Open SSL Hardening||Hardens the OpenSSL crypto operations via the Root of Trust secure co-processor|
|Reference HSM||Implements a basic HSM supporting AES, HMAC, SHA256, ECDSA, X.509 certificates and secure storage|
|Unique ID Generator||Creates a Root of Trust unique ID and stores it in the Root of Trust NVM (Non Volatile Memory)|