Implements ML-KEM and ML-DSA post-quantum cryptography digital signature standards. The system interface is an microprocessor slave bus (APB, AHB, AXI options are available).
The design is fully synchronous and requires only minimal CPU intervention due to internal microprogramming sequencer.
The core contains three accelerators:
- The number theoretic transform NTT accelerator also capable of other vector polynomial operations
- The FIPS-202 accelerator supporting SHA-3, SHAKE128 and SHAKE256 algorithms
- The packing/unpacking accelerator that handles the key and signature formats defined by FIPS-203 and FIPS-204
True random number generator (needed for key generation or randomization of signing) is not included. The true random generator IP core TRNG1 can be used for that purpose.
Performance
| Operation | Category | Performance, ops/sec |
|---|---|---|
| ML-DSA signature generation¹ | 2 | 15,000 |
| 3 | 10,000 | |
| 5 | 7,000 | |
| ML-DSA key generation | 2 | 30,000 |
| 3 | 20,000 | |
| 5 | 12,000 | |
| ML-DSA signature verification | 2 | 33,000 |
| 3 | 21,000 | |
| 5 | 13,000 | |
| ML-KEM key generation | 1 | 95,000 |
| 3 | 55,000 | |
| 5 | 35,000 | |
| ML-KEM encryption | 1 | 65,000 |
| 3 | 40,000 | |
| 5 | 28,000 | |
| ML-KEM decryption | 1 | 230,000 |
| 3 | 180,000 | |
| 5 | 145,000 |
