SHA-2 / HMAC and HKDF
Xiphera offers IP cores for key derivation with extended support for HMAC message authentication code and HKDF key derivation function.
About the product
Hash algorithms are also the basis for Key Derivation Functions (KDFs) such as HKDF that can be used, for example, for computing cryptographic keys from passwords or for stretching a cryptographic key to a longer key or to several keys.
Our Key Derivation Function IP cores possess a device-agnostic design, ensuring compatibility across a diverse range of FPGA and ASIC platforms. Furthermore, our Key Derivation Function IP cores are fully protected against timing attacks as the execution time does not depend on the values of the inputs.
All Xiphera’s KDF IP cores have received the CAVP validation batch from the American NIST (National Institute of Standards and Technology).
Xiphera offers 4 IP cores for key derivation with extended support for HMAC message authentication code and HKDF key derivation function:
- SHA-256 IP core, balanced variant (XIP3322B)
- SHA-384 IP core, balanced variant (XIP3323B)
- SHA-512 IP core, balanced variant (XIP3324B)
- SHA-256/SHA-512 IP core, compact variant (XIP3327C)
Key features
- Versatility: All 4 offerings have native support for commonly used message authentication code (HMAC) and and key derivation function (HKDF). This allows using Xiphera’s KDF offerings for multiple cryptographic functions – for example, TLS 1.3 – more easily and eficiently than an IP core that supports only SHA-256, SHA-384, or SHA-512.
- Constant Latency: The execution time of Xiphera’s KDF offering is independent of the message and key values (apart from message length), and consequently provides protection against timingbased side-channel attacks.
- Performance: Xiphera’s KDF offering provides high performance and reaches hashing speeds of several hundreds of Mbps.
- Compact Size: has compact size permitting integration into resource constrained FPGA designs.
- Standard Compliance: Xiphera’s KDF offering is compliant with NIST FIPS 180-4 Secure Hash Standard (SHS), FIPS 198-1 The Keyed-Hash Message Authentication Code (HMAC), and RFC 5869 HMAC-based Extract-and-Expand Key Derivation Function (HKDF). Consequently, they can be used in multiple cryptographic applications.
- CAVP validation: All four IP core variants have received the CAVP validation from the U.S. National Institute of Standards and Technology (NIST).
For more details, including FPGA resources & peak performance as well as ordering instructions, open the full product briefs in PDF. Contact us here, and we’ll get back to you as soon as possible.
Interested to learn more about the technical details and performance numbers for ASIC application? Register for the ASIC-specific product briefs:
Partner collaborations
We are proud partners with leading global as well as innovative growing FPGA companies. We offer a selection of our cryptographic IP cores for our technology partners. Visit our partner pages to learn more about our SHA-2, HMAC, and HKDF offering for our partners.