The KiviPQC™-KEM IP core is a hardware accelerator for post-quantum cryptographic operations. It implements the Module Lattice-based Key Encapsulation Mechanism (ML-KEM), standardized by NIST in FIPS 203. This mechanism realizes the appropriate procedures for securely exchanging a shared secret key between two parties that communicate over a public channel using a defined set of rules and parameters. The KiviPQC-KEM IP core supports key generation, encapsulation, and decapsulation procedures, making it suitable for both (client/server) sides of key exchange.
The solution supports all three parameter sets for ML-KEM, i.e. ML-KEM-512, ML-KEM-768, and ML-KEM-1024. It is based on a RISC-V-like SoC topology and includes a 32-bit RISC-V based processor. The resulting shared key is of 32 bytes. Beyond that, the main components of the core are a SHA-3 cryptographic hash accelerator, a hardware timer module, and a crossbar interconnect module for internal data routing. The communication with the host is accomplished by a Host Interface Module handling specific control and data flow, connected with an AMBA® AXI4-Lite slave port. Finally, the core is currently offered with a software implementation of a Random Byte Generator (RBG). Beyond that, it is able to be integrated with an external (third-party) entropy source and RBG via a fully customized interface, depending on the entropy/RBG selection.
The KiviPQC-KEM IP core provides hardware acceleration for computationally intensive operations while maintaining a small footprint and can be integrated into any system-on-chip (SoC) for ASIC or FPGA implementation. Beyond that, it combines a minimal attack surface with modest resource requirements for future-proof and quantum-safe systems.