PQSecure™-CRYSTALS from PQSecure Technologies, LLC. is a set of hardware IP cores designed for various target applications of digital signatures and key encapsulation based on Dilithium and Kyber algorithms. PQSecure™-CRYSTALS supports parameters for all three FIPS recommended security levels with countermeasures (optional) against various side-channel and known fault attacks. It can be used in various security protocols to replace or augment the traditional elliptic curve based key exchange and digital signatures (ECDH and ECDSA) such as TLS, which are potentially compromised by quantum computing.
PQSecure™-CRYSTALS has several variations that operate at different levels of performance and security levels. The lowest area (tiny) design is PQSecure™-CRYSTALS-1000T, the compact design is designated PQSecure™-CRYSTALS-1000C, the balanced-performance design is PQSecure™-CRYSTALS-1000B, and the highest-performance design is PQSecure™-CRYSTALS-1000H.
Unified Hardware IP for Post-Quantum Cryptography based on Kyber and Dilithium
Overview
Key Features
- Turn-key implementations of the NIST FIPS recommended CRYSTALS post-quantum for key encapsulation (KEM) and digital signature algorithm (DSA)
- Complete CPU offload of cryptographic operations
- Highly silicon customizable design with optional hash accelerator, memory, and control unit to support customer’s requirements.
- Ease of integration into various RISC-V, SoC, and FPGA architectures and development flow
Benefits
- Support for multiple interface standards including AXI, APB, and AHB.
- Choice of several performance grades versus silicon footprint trade-offs
- Substantial power reductions in comparison to software implementations
- Optional and secure-by-design support for side-channel attack countermeasures
- Protection against known fault injection attacks
Block Diagram
Applications
- Microcontroller and Microprocessor acceleration for IoTs
- Secure networking protocols such as SSL/TLS, and IPSec
- Secure car-to-car communications
- Secure boot and root of trust for HSMs
Deliverables
- PQS-CRYSTALS-1000 is available in several formats including netlist, source code (plain and encrypted) with a complete testbench in SystemVerilog with known answer tests (KATs) for verification, with UVM testbenches, as well as integration data, simulation results and synthesis scripts.
Technical Specifications
Maturity
Final
Availability
Upon request
Related IPs
- Post-Quantum Cryptography IP: Crystals Kyber - Crystals Dilithium - XMSS - LMS
- Secure-IC Securyzr™ Tunable Cryptography solutions with embedded side-channel protections: AES - SHA2 - SHA3 - PKC - RSA - ECC - Crystals Kyber - Crystals Dilithium - XMSS - LMS - SM2 - SM3 - SM4 - Whirlpool - CHACHA20 - Poly1305
- NIST P-256/P-384 ECDH+ECDSA - Compact ECC IP Cores supporting ECDH and ECDSA on NIST P-256/P-384
- Future-proof IP for training and inference with leading performance per watt and per dollar
- High-Speed Elliptic Curve Cryptography Accelerator for ECDH and ECDSA
- Decision tree ensemble evaluation core based on serial evaluation of ensemble members