XIP41x3C are a family of compact Intellectual Property (IP) cores implementing Elliptic Curve Diffie-Hellman (ECDH) and Elliptic Curve Digital Signature Algorithm (ECDSA) on NIST prime curves [2]. ECDH and ECDSA on NIST prime curves are widely used in various cryptographic protocols and systems.
The XIP41x3C family currently includes two IP cores:
- XIP4123C for ECDH and ECDSA on the NIST P-256 elliptic curve and
- XIP4133C for ECDH and ECDSA on the NIST P-384 elliptic curve.
These two curves are the most commonly used NIST curves today. XIP41x3C has been designed for easy integration with FPGA- and ASIC-based designs in a vendor-agnostic design methodology, and the functionality of XIP41x3C does not rely on any FPGA manufacturer-specific features
Functionality
XIP41x3C can be used for elliptic curve key generation, computation of Diffie-Hellman shared secrets as well as for ECDSA signature generation and verification. Hence, they are very versatile IP cores that can be used in a variety of cryptographic protocols and systems. The NIST prime curves are arguably still the most used elliptic curves and it is common for practical systems using ECC to support P-256 and/or P-384.
The main optimization objective for XIP41x3C has been on reducing the resource requirements and XIP41x3C require only very few resources considering the complexity of the operations that they support. They also include various security checks for the input values that prevent acci dental misuses that could compromise the security of the cryptosystem. These include validations that the input points are in fact a valid point on the curve and in-built prevention of accidential misuse of values that should be used only once (ECDSA nonces). XIP41x3C also include protections against side-channel attacks, the most important of which is the fully constant-time operation of all operations that use secret values.
XIP41x3C implements the main elliptic curve operations. XIP41x3C requires an external random number generator (for example, XIP8001B) and ECDSA also requires an external hash function.