NIST P-256/P-384 ECDH+ECDSA - Compact ECC IP Cores supporting ECDH and ECDSA on NIST P-256/P-384

Overview

XIP41x3C are a family of compact Intellectual Property (IP) cores implementing Elliptic Curve Diffie-Hellman (ECDH) and Elliptic Curve Digital Signature Algorithm (ECDSA) on NIST prime curves [2]. ECDH and ECDSA on NIST prime curves are widely used in various cryptographic protocols and systems.

The XIP41x3C family currently includes two IP cores:

  • XIP4123C for ECDH and ECDSA on the NIST P-256 elliptic curve and
  • XIP4133C for ECDH and ECDSA on the NIST P-384 elliptic curve.

These two curves are the most commonly used NIST curves today. XIP41x3C has been designed for easy integration with FPGA- and ASIC-based designs in a vendor-agnostic design methodology, and the functionality of XIP41x3C does not rely on any FPGA manufacturer-specific features

Functionality

XIP41x3C can be used for elliptic curve key generation, computation of Diffie-Hellman shared secrets as well as for ECDSA signature generation and verification. Hence, they are very versatile IP cores that can be used in a variety of cryptographic protocols and systems. The NIST prime curves are arguably still the most used elliptic curves and it is common for practical systems using ECC to support P-256 and/or P-384.

The main optimization objective for XIP41x3C has been on reducing the resource requirements and XIP41x3C require only very few resources considering the complexity of the operations that they support. They also include various security checks for the input values that prevent acci dental misuses that could compromise the security of the cryptosystem. These include validations that the input points are in fact a valid point on the curve and in-built prevention of accidential misuse of values that should be used only once (ECDSA nonces). XIP41x3C also include protections against side-channel attacks, the most important of which is the fully constant-time operation of all operations that use secret values.

XIP41x3C implements the main elliptic curve operations. XIP41x3C requires an external random number generator (for example, XIP8001B) and ECDSA also requires an external hash function.

Key Features

  • Minimal Resource Requirements: XIP41x3Crequire for example 1119 LUTs in AMDSpartan 7® and use only 1-2 multipliers/DSP blocks and 1-3 internal memory block in a typical FPGA implementation.
  • Secure Architecture: The execution time of XIP41x3C is independent of the secret val ues and, consequently, provides full protection against timing-based side-channel attacks. Additionally, the pattern of operations during computations is independent of the secrets. XIP41x3C have two interfaces which can be used for separating access to security-critical values.
  • Standard Compliance: XIP41x3C are compliant with FIPS 186-5 [2] and SP 800-56A [1]. XIP41x3C can be used as a part of numerous public-key systems and protocols including IKEv2 [4, 6, 3] and TLS 1.3 (RFC 8446) [5].
  • Easy Integration: The 16-bit interface of XIP41x3C supports easy integration to various systems.

Benefits

  • Fully digital design
  • Portable to any ASIC or FPGA technology
  • Fully standard compliant
  • Easy to integrate
  • Several bus interfaces available
  • IP core designed in-house at Xiphera
  • Technical support by the original designers and cryptographic experts
  • CAVP validated

Block Diagram

NIST P-256/P-384 ECDH+ECDSA - Compact ECC IP Cores supporting ECDH and  ECDSA on NIST P-256/P-384 Block Diagram

Applications

  • XIP41x3C have several applications, as ECC on NIST prime curves are popular asymmetric cryptography schemes that are used in a number of standardized communications protocols, including IPSEC, MACSEC and TLS (Transport Layer Security) versions 1.2 and 1.3.
  • XIP41x3C can also be used to offload microcontroller / -processor based designs, if a software-based implementation of P-256/P-384 arithmetic is too slow.

Deliverables

  • XIP41x3C can be shipped in a number of formats, including netlist, source code, or encrypted source code.
  • Additionally, synthesis scripts, a comprehensive testbench, and a detailed datasheet including an integration guide are included.

Technical Specifications

Short description
NIST P-256/P-384 ECDH+ECDSA - Compact ECC IP Cores supporting ECDH and ECDSA on NIST P-256/P-384
Vendor
Vendor Name
×
Semiconductor IP