ML-KEM Key Encapsulation IP Core

Overview

The KiviPQC™-KEM IP core is a hardware accelerator for post-quantum cryptographic operations. It implements the Module Lattice-based Key Encapsulation Mechanism (ML-KEM), standardized by NIST in FIPS 203. This mechanism realizes the appropriate procedures for securely exchanging a shared secret key between two parties that communicate over a public channel using a defined set of rules and parameters. The KiviPQC-KEM IP core supports key generation, encapsulation, and decapsulation procedures, making it suitable for both (client/server) sides of key exchange.

The solution supports all three parameter sets for ML-KEM, i.e. ML-KEM-512, ML-KEM-768, and ML-KEM-1024. It is based on a RISC-V-like SoC topology and includes a 32-bit RISC-V based processor. The resulting shared key is of 32 bytes. Beyond that, the main components of the core are a SHA-3 cryptographic hash accelerator, a hardware timer module, and a crossbar interconnect module for internal data routing. The communication with the host is accomplished by a Host Interface Module handling specific control and data flow, connected with an AMBA^® AXI4-Lite slave port. Finally, the core is currently offered with a software implementation of a Random Byte Generator (RBG). Beyond that, it is able to be integrated with an external (third-party) entropy source and RBG via a fully customized interface, depending on the entropy/RBG selection.

The KiviPQC-KEM IP core provides hardware acceleration for computationally intensive operations while maintaining a small footprint and can be integrated into any system-on-chip (SoC) for ASIC or FPGA implementation. Beyond that, it combines a minimal attack surface with modest resource requirements for future-proof and quantum-safe systems.

Key Features

NIST FIPS Compliant
- Module Lattice-based Key Encapsulation Mechanism (ML-KEM)
  - NIST FIPS 203
- All three ML-KEM parameter sets
  - 512 / 768 / 1024
Enhanced Security
- Self-contained engine with a minimal attack surface
- Protection against timing-based side channel attacks
Resource-efficient Acceleration
- Hardware offloading and acceleration of time-consuming PQC operations
- Minimal logic utilization
Straightforward SoC Integration
- Lightweight, simple-control AMBA^® AXI4 Interface
- Re-usable design, LINT-clean

Block Diagram

Applications

The core realizes a quantum-safe exchange of a shared secret key between two parties (client and server) communicating over a public channel. During the key sharing, the client generates a decapsulation key and an encapsulation key, keeps the first as private and sends the second as public to the server. The server generates a copy of the shared key and an associated ciphertext using the client’s encapsulation key and sends it to the client. Finally, the client generates a copy of the same shared key using the ciphertext received from the server and the kept private decapsulation key.
The KiviPQC-KEM IP core offers quantum-resistant security for a wide range of applications. In public-key infrastructure and cloud security, it ensures long-term confidentiality and integrity for sensitive information. It can play a vital role in safety-critical infrastructure and networks, safeguarding communication and exchange channels from potential threats. In the realm of secure IoT device communication, the core provides strong cryptographic support to protect shared secret keys. Additionally, it is well-suited for hardware security modules (HSMs) and Trusted Platform Modules (TPMs), enhancing secure key management and cryptographic processing. Its capabilities extend to supporting MACsec key agreement (MKA) protocols for secure Ethernet communications, Internet Key Exchange (IKEv2) protocols, strengthening VPN and secure network authentication mechanisms, and edge computing.

Deliverables

RTL source code (System Verilog)
HAL and drivers for integration
Complete testbenches
Simulation and synthesis scripts
Documentation

Technical Specifications

Request Info