RSA/ECC Public Key Accelerators with TRNG and AHB

Overview

Key Features

• Up to 4160-bit modulus size for RSA & 768-bit modulus for prime field ECC operations
• Public key signature generation, verification and key negotiation with little involvement of host
• NIST CAVP compliant for FIPS 140-3

Benefits

• The PKA-IP-150 accelerates the following basic operations in hardware:
  • Large vector addition, subtraction and combined addition/subtraction
  • Large vector bit shift right or left
  • Large vector multiplication, modulo and division (the 
latter generates both remainder and quotient)
  • Large vector compare and copy
• The included PKA-IP-28 core also accelerates the following complex operations, under control of an embedded sequencer microcontroller, using locally stored firmware:
  • Large vector unsigned value modular exponentiation
  • Large vector unsigned value modular exponentiation using the ‘Chinese Remainders Theorem’ (‘CRT’) method with pre-calculated Q inverse vector
  • Modular inversion: given A and M, calculate B such that ((AB) MOD M) = 1
  • Prime field ECC point addition/doubling on elliptic curve y2=x3+ax+b (mod p) with ‘p’ a prime number and ‘a’ and ‘b’ input values to the operation, adding identical points automatically performs point doubling – operation can be performed with affine and projective points
  • Prime field ECC point multiplication on elliptic curve y2=x3+ax+b (mod p) with ‘p’ a prime number and ‘a’ and ‘b’ input values to the operation – a version of the ‘Montgomery ladder’ algorithm, point randomization and point-on-curve checking are used to provide side channel attack protection 
The Sequencer firmware hides the fact that the modular exponentiations and ECC point multiplication are done using numbers in the Montgomery domain.
For improved performance of modular exponentiation operations, the Public Key Accelerator employs exponent recoding techniques that use a table with pre-calculated odd powers (filling this table is performed by the sequencer firmware). The smallest configurations can optionally use the ‘Montgomery Ladder’ algorithm for modular exponentiation (lower performance but fixed timing).

Block Diagram

Applications

• IoT, mobile, or other small gate count applications for secure boot, software public key signature checking and ‘occasional’ public key operations as used for IPsec and MACsec channel setup and firmware download signatures
• Secure router boxes, secure network interfaces and SSL servers, where the PKA-IP-150 is used in medium to high performance (Elliptic Curve) Diffie-Hellman key negotiation engines
• Hardware security modules, used in medium to high performance secure public key signature generator/checker engines 

Deliverables

• Documentation
  • Hardware Reference and Programmer Manual
  • Integration Manual
  • Verification Specification
  • Operations Manual
• Synthesizable Verilog RTL source code
• Self-checking RTL test bench, including test vectors and expected result vectors
• Simulation scripts
• Synthesis scripts
• Configurations:
• Many different configurations available:
  • Side channel protection
  • ROM or RAM
  • PLB or asynchronous AHB or APB interface instead of the synchronous AHB or AXI interface.
  • Gate counts range from : 33-340k gates, depending on number of modules
  • Up to 900 MHz
• For more information about this product or the all the different configurations, please contact Rambus: https://www.rambus.com/contact

Technical Specifications