RSA-ECC Public Key Accelerator Engine

Overview

The EIP-28 is a range of Public Key Accelerators operating as co-processors to offload Public Key operations from the Host processor.

Key Features

  • Low- to high-performance accelerator for Public Key operations, up to 4160-bit modulus size for modular exponentiations and 768-bit modulus for prime field ECC operations
  • Nine different configurations are available ranging from 19k (PKCP only) to 515k (dual 33-stage LNME) NAND2 gate equivalents (excluding memories) – the performance ratio between these extremes is up to a factor of 50 (depending on the operation)
  • Performs high-level Public Key signature generation / verification & key negotiation operations with little involvement of the Host processor
  • SECDED ECC support option for selected memories
  • Basic bus slave interface providing access to control/status registers and Public Key Accelerator data and local firmware program RAMs (program ROM is an option) – the functional interface is identical for all configurations
  • Security-conscious design: PROT hardware protection against basic side channel attacks is standard (can be removed on request)
  • Hardware zeroization of CSPs

Benefits

  • High-speed Public Key processing solution
  • Silicon-proven implementation
  • Fast and easy to integrate into SoCs
  • Flexible layered design
  • Complete range of configurations
  • World-class technical support

Applications

  • The EIP-28 Public Key Accelerators are suitable for a wide range of applications:
    • Small gate count (mobile) applications for secure boot, software public key signature checking and ‘occasionalÂ’ public key operations as used for IPsec and MACsec channel setup and firmware download signatures
    • Medium to high performance (Elliptic Curve) Diffie-Hellman key negotiation engines for secure router boxes, secure network interfaces and SSL servers
    • Medium to high performance secure Public Key signature generator/checker engines in Hardware Security Modules

Deliverables

  • Documentation
    • Hardware Reference and Programmer Manual
    • Integration Manual
    • Verification Specification
  • Synthesizable Verilog RTL source code
  • Self-checking RTL test bench, including test vectors and expected result vectors
  • Simulation scripts
  • Synthesis scripts
  • Many different configurations available:
    • RAM or ROM option
    • Protection of side-channel attacks
    • Gate counts range from : 16-515k gates, depending on the number of Large Number Multipliers and Exponentiators
  • Performance when running at 400 MHz (using the highest performing configuration for each operation and doing modular inversions with exponentiations):
    • DH 180/1K-bit exp/mod negotiate: 10,500 ops/s
    • RSA 1K-bit sign (no CRT): 2,000 ops/s; sign (with CRT): 3,500 ops/s; verify (17 bits exp): 70,000 ops/s
    • DSA 160/512-bit exp/mod sign: 16,000 ops/s; verify: 8,900 ops/s
    • ECDSA 192-bit sign: 2,950 ops/s; verify: 1,650 ops/s
    • ECDSA 384-bit sign: 900 ops/s; verify: 490 ops/s
    • SM2DSA 256-bit sign: 1,280 ops/s; verify: 890 ops/s
  • For more information about this product or the all the different configurations, please contact Rambus: https://www.rambus.com/contact

Technical Specifications

Foundry, Node
Any
Maturity
Silicon Proven
Availability
Now
TSMC
Silicon Proven: 7nm , 16nm , 28nm , 40nm G
×
Semiconductor IP