IP Catalog > Security IP > Quantum Safe Cryptography IP > Fast Quantum Safe Engine for ML-KEM (CRYSTALS-Kyber) and ML-DSA (CRYSTALS-Dilithium)

Fast Quantum Safe Engine for ML-KEM (CRYSTALS-Kyber) and ML-DSA (CRYSTALS-Dilithium)

Overview

The Quantum Safe Engine (QSE) IP provides Quantum Safe Cryptography acceleration for ASIC, SoC and FPGA devices. The QSE-IP-86 core is typically integrated in a hardware Root of Trust or embedded secure element in chip designs together with a PKE-IP-85 core that accelerates classic public key cryptography and a TRNG-IP-76 core that generates true random numbers. For highly secure applications requiring additional protection against differential power analysis (DPA) attacks, a DPA version of the QSE is available.

The QSE supports the FIPS 203 ML-KEM and FIPS 204 ML-DSA standards. The embedded QSE core firmware allows the core functionality to be updated to adapt to potential future updates in the NIST specifications.

Key Features

  • Compliant with FIPS 203 ML-KEM and FIPS 204 ML-DSA standards
  • Uses CRYSTALS-Kyber, CRYSTALS-Dilithium quantum-resistant algorithms
  • Includes SHA-3, SHAKE-128 and SHAKE-256 acceleration
  • The embedded QSE CPU combined with Rambus-supplied firmware implements the full FIPS 203/204 protocols
  • Can be used stand alone or integrated into higher function security cores
  • Offered as standard QSE-IP-86 or as DPA-protected QSE-IP-86-DPA
  • Supports ASIC, SoC and FPGA implementations
  • Firmware programmable to allow updates with evolving quantum-resistant standards

Benefits

  • The QSE employs FIPS 203 ML-KEM, based on the CRYSTALS-Kyber algorithm, for key exchange and key de/encapsulation. This is combined with FIPS 204 ML-DSA, based on the CRYSTALS-Dilithium algorithm for digital signature, signature verification and key generation. Both operations are offered at up to NIST Category 5. The embedded SHA-3, SHAKE-128, SHAKE-256 accelerators are used to accelerate hash and extendable-output (XOF) functions.
  • The QSE is comprised of a controller, a lattice accelerator, a SHA-3 hash and SHAKE XOF accelerator, a host interface and firmware and software driver components.
  • A system host controller writes input data for a high-level cryptographic operation (such as ML-KEM, ML-DSA or SHA-3) into a dedicated SRAM and issues high-level commands to the QSE’s internal CPU. The internal CPU controls the lower-level operations and leverages the internal hardware modules (PQ core for NTT/inverse NTT operations, SHA-3 core for SHAKE) to accelerate the calculations. The internal CPU accesses keys and data stored in a dedicated SRAM while performing its operations.
  • The SHA-3/SHAKE core integrated in the QSE is also available for SHA-3 acceleration operations for (future) support of hash-based signature verify operations (like XMSS/LMS) implemented on the host processor.
  • At 1GHz, the Rambus QSE performs 7,100/13,500 ML-KEM-1024 (CRYSTALS-Kyber Cat-5) decapsulation/encapsulation operations per second and typically up to 1,400 ML-DSA-87 (CRYSTALS-Dilithium Cat-5) sign operations per second.

Block Diagram

Fast Quantum Safe Engine for ML-KEM (CRYSTALS-Kyber) and ML-DSA (CRYSTALS-Dilithium) Block Diagram

Deliverables

  • Complete Documentation
    • Integration guides
    • Reference manual
    • Application developer guide
  • RTL and FW Package
    • Verilog RTL for synthesis and simulation
    • Standard EDA tool flow scripts and support files
    • Verification test bench and test vectors
  • SW Package
    • Driver Development Kit, including examples

Technical Specifications

Request Info

Related IPs

×
Semiconductor IP