HKDF/HMAC/SHA-512, SHA-512 IP Core with Extended Functionalities

Overview

XIP3324B from Xiphera is a versatile Intellectual Property (IP) core designed for SHA-512 cryptographic hash function with extended support for HMAC message authentication code and HKDF key derivation function that are based on using SHA-512. SHA-512 is one of the most commonly used hash functions and is used in numerous cryptographic applications. XIP3324B offers a good balance between performance and resource requirements.

XIP3324B has been designed for easy integration with FPGA- and ASIC-based designs in a vendor-agnostic design methodology, and the functionality of XIP3324B does not rely on any FPGA manufacturer-specific features.

XIP3324B has also been successfully validated in the CAVP (Cryptographic Algorithm Validation Program) by NIST (National Institute for Standards and Technology).

Key Features

Versatility: IP3324B supports the widely used cryptographic hash function SHA-512. It also has native support for commonly used message authentication code (HMAC) based on SHA-512 and key derivation function (HKDF) based on HMAC. This allows using XIP3324B for multiple cryptographic functions —for example, TLS 1.3 —more easily and efficiently than an IP core that supports only SHA-512.
Constant Latency: The execution time of XIP3324B is independent of the message and key values (apart from message length), and consequently provides protection against timing-based side-channel attacks.
Performance: XIP3324B provides high performance and reaches hashing speeds of several hundreds of Mbps.
Compact Size: XIP3324B has compact size (for example, 2483 ALMs and, 6 M20K blocks in Intel ® Cyclone ® 10 GX family) permitting integration into resource constrained FPGA designs. Contact sales@xiphera.com for ASIC resource requirements.
Standard Compliance: XIP3324B is compliant with NIST FIPS 180-4 Secure Hash Standard (SHS), FIPS 198-1 The Keyed-Hash Message Authentication Code (HMAC), and RFC 5869 HMAC-based Extract-and-Expand Key Derivation Function (HKDF). Consequently, XIP3324B can be used in multiple cryptographic applications.

Benefits

Fully digital design
Portable to any ASIC or FPGA technology
Fully standard compliant
Easy to integrate
Several bus interfaces available
IP core designed in-house at Xiphera
Technical support by the original designers and cryptographic experts
CAVP validated

Block Diagram

Applications

XIP3324B supports four main functionalities:
SHA-512: Computes a SHA-512 hash for an input message.
HMAC: Computes an HMAC authentication tag for an input message using an authentication key.
HKDF-extract: Computes the HKDF-extract function that calculates a pseudorandom key from initial key material.
HKDF-expand: Computes the HKDF-expand function that expands the pseudorandom key to several additional pseudorandom keys of desired lengths for specific cryptographic algorithms.
XIP3324B has a convenient 64-bit FIFO interface allowing for easy integration with rest of the FPGA design. The data inputs are loaded into XIP3324B with byte-level granularity using the numbytes signal that denotes the number of active bytes in a 64-bit word (0...4). The key inputs are loaded through a separate port allowing full isolation between keys and data.

Deliverables

Please contact sales@xiphera.com for pricing and your preferred delivery method. XIP3324B can be shipped in a number of formats, including netlist, source code, or encrypted source code.
Additionally, synthesis scripts, a comprehensive testbench, and a detailed datasheet including an integration guide are included.

Technical Specifications

Foundry, Node

Any

Maturity

Hardware Tested

Availability

Immediate

Request Info