IP Catalog > Security IP > Crypto Accelerator IP > Public Key Accelerator IP > Curve25519 Key Exchange IP Core

Curve25519 Key Exchange IP Core

Overview

XIP4001C is a very compact Intellectual Property (IP) core designed for efficient key exchange using the X25519 protocol. XIP4001C implements arithmetic on Curve255191 [1], and provides a security level of 128 bits. Curve25519 is used in numerous contemporary security protocols and applications, including TLS 1.3.

XIP4001C has been designed for easy integration with FPGA- and ASIC-based designs in a vendor-agnostic design methodology, and the functionality of XIP4001C does not rely on any FPGA manufacturer-specific features.

Key Features

  • Minimal Resource Requirements: The entire XIP4001C requires less than 1k Logic Elements and uses only 1-2 multipliers/DSP Blocks2 and one internal memory block in a typical FPGA implementation.
  • Constant Latency: The execution time of XIP4001C is independent of the key value, and consequently provides protection against timing-based side-channel attacks.
  • Performance: Despite its small size, XIP4001C can support more than 100 key exchange operations per second.
  • Standard Compliance: XIP4001C is compliant with RFC7748, and can be used as a part of many public-key protocols including IKEv2 (RFC 8031) and TLS 1.3 (RFC 8446).

Benefits

  • Fully digital design
  • Portable to any ASIC or FPGA technology
  • Fully standard compliant
  • Easy to integrate
  • Several bus interfaces available
  • IP core designed in-house at Xiphera
  • Technical support by the original designers and cryptographic experts

Block Diagram

Curve25519 Key Exchange IP Core Block Diagram

Applications

  • XIP4001C can be used in combination with other Xiphera IP cores to design an FPGA-based security solution. Possible use cases include:
  • Using the TRNG IP core XIP8001B to supply the required number of random bits for secret key derivation by the HKDF IP core XIP3322B, whose result will be used by XIP4001C.
  • Using XIP4001C to exchange the 128 bits long secret key required for the AES-GCM-based communication with Xiphera IP cores XIP1111B, XIP1111H, XIP1113B and XIP1113H.
  • If EdDSA (Edwards-curve Digital Signature Algorithm) digital signature verification is also required, the extended functionality offered by Xiphera IP Core XIP4003C is recommended.
  • XIP4001C can also be used to offload microcontroller / -processor based designs, if a software-based implementation of Curve25519 arithmetic is too slow.

Deliverables

  • Please contact sales@xiphera.com for pricing and your preferred delivery method.
  • XIP4001C can be shipped in a number of formats, including netlist, source code, or encrypted source code.
  • Additionally, synthesis scripts, a comprehensive testbench, and a detailed datasheet including an integration guide are included.

Technical Specifications

Foundry, Node
Any
Maturity
Hardware Tested
Availability
Immediate
Request Info

Related IPs

×
Semiconductor IP