XIP3327Cis a versatile Intellectual Property (IP) core designed for SHA-256 and SHA-512 cryptographic hash functions with extended support for HMAC message authentication code and HKDF key derivation function that are based on using SHA-256. SHA-256 and SHA-512 are among the most commonly used hash functions and are used in numerous cryptographic applications. XIP3327C is optimized for low FPGA resource requirements.
XIP3327C has been designed for easy integration with FPGA- and ASIC-based designs in a vendor-agnostic design methodology, and the functionality of XIP3327C does not rely on any FPGA manufacturer-specific features.
XIP3327C has also been successfully validated in the CAVP (Cryptographic Algorithm Validation Program) by NIST (National Institute for Standards and Technology).
HKDF/HMAC/SHA-256/SHA-512, SHA-256 IP Core with Extended Functionalities
Overview
Key Features
- Versatility: XIP3327C supports the widely used cryptographic hash functions SHA-256 and SHA-512. It also has native support for commonly used message authentication code (HMAC) based on SHA-256 and key derivation function (HKDF) based on HMAC-SHA-256. This allows using XIP3327C for multiple cryptographic functions —for example, TLS 1.3 [4] —more easily and efficiently than an IP core that supports only SHA-256 or SHA-512.
- Constant Latency: The execution time of XIP3327C is independent of the message and key values (apart from message length), and consequently provides protection against timing based side-channel attacks.
- Compact Size: XIP3327C has compact size (for example, 1199 LUTs and, 2/1 RAMB36/18 in Xilinx® Zynq-7000® family) permitting integration into resource constrained FPGA designs.
- Standard Compliance: XIP3327C is compliant with NIST FIPS 180-4 Secure Hash Standard (SHS) [2], FIPS 198-1 The Keyed-Hash Message Authentication Code (HMAC) [1], and RFC 5869 HMAC-based Extract-and-Expand Key Derivation Function (HKDF) [3]. Consequently, XIP3327C can be used in multiple cryptographic applications.
Benefits
- Fully digital design
- Portable to any ASIC or FPGA technology
- Fully standard compliant
- Easy to integrate
- Several bus interfaces available
- IP core designed in-house at Xiphera
- Technical support by the original designers and cryptographic experts
- CAVP validated
Block Diagram
Applications
- XIP3327C supports five main functionalities:
- SHA-256: Computes a SHA-256 hash for an input message.
- SHA-512: Computes a SHA-512 hash for an input message.
- HMAC: Computes an HMAC-SHA-256 authentication tag for an input message using an authentication key.
- HKDF-extract: Computes the HKDF-extract function that calculates a pseudorandom key from initial key material.
- HKDF-expand: Computes the HKDF-expand function that expands the pseudorandom key to several additional pseudorandom keys of desired lengths for specific cryptographic algorithms.
Deliverables
- Please contact sales@xiphera.com for pricing and your preferred delivery method. XIP3327C can be shipped in a number of formats, including netlist, source code, or encrypted source code.
- Additionally, synthesis scripts, a comprehensive testbench, and a detailed datasheet including an integration guide are included.
Technical Specifications
Foundry, Node
Any
Maturity
Hardware Tested
Availability
Immediate
Related IPs
- HKDF/HMAC/SHA-256, SHA-256 IP Core with Extended Functionalities
- HKDF/HMAC/SHA-384, SHA-384 IP Core with Extended Functionalities
- HKDF/HMAC/SHA-512, SHA-512 IP Core with Extended Functionalities
- Complete memory system supporting any combinations of SDR SDRAM, DDR, DDR2, Mobile SDR, FCRAM, Flash, EEPROM, SRAM and NAND Flash, all in one IP core
- BCH Encoder/Decoder IP Core
- DDR-I/II/III CONTROLLER IP CORE