SHA-2 / HMAC and HKDF

Xiphera’s extensive portfolio of cryptographic hash functions complies with NIST standards for SHA-2, SHA-3, and Key Derivation Functions.

About the product

Hash algorithms are also the basis for Key Derivation Functions (KDFs) such as HKDF that can be used, for example, for computing cryptographic keys from passwords or for stretching a cryptographic key to a longer key or to several keys.

Our Key Derivation Function IP cores possess a device-agnostic design, ensuring compatibility across a diverse range of FPGA and ASIC platforms. Furthermore, our Key Derivation Function IP cores are fully protected against timing attacks as the execution time does not depend on the values of the inputs.

All Xiphera’s KDF IP cores have received the CAVP validation batch from the American NIST (National Institute of Standards and Technology).

Xiphera offers 4 IP cores for key derivation with extended support for HMAC message authentication code and HKDF key derivation function:

  1. SHA-256 IP core, balanced variant (XIP3322B)
  2. SHA-384 IP core, balanced variant (XIP3323B)
  3. SHA-512 IP core, balanced variant (XIP3324B)
  4. SHA-256/SHA-512 IP core, compact variant (XIP3327C)
Contact us

Key features

  1. Versatility: All 4 offerings have native support for commonly used message authentication code (HMAC) and and key derivation function (HKDF). This allows using Xiphera’s KDF offerings for multiple cryptographic functions – for example, TLS 1.3 – more easily and eficiently than an IP core that supports only SHA-256, SHA-384, or SHA-512.
  2. Constant Latency: The execution time of Xiphera’s KDF offering is independent of the message and key values (apart from message length), and consequently provides protection against timingbased side-channel attacks.
  3. Performance: Xiphera’s KDF offering provides high performance and reaches hashing speeds of several hundreds of Mbps.
  4. Compact Size: has compact size permitting integration into resource constrained FPGA designs.
  5. Standard Compliance: Xiphera’s KDF offering is compliant with NIST FIPS 180-4 Secure Hash Standard (SHS), FIPS 198-1 The Keyed-Hash Message Authentication Code (HMAC), and RFC 5869 HMAC-based Extract-and-Expand Key Derivation Function (HKDF). Consequently, they can be used in multiple cryptographic applications.
Internal high-level block diagram of the compact HKDF/HMAC/SHA-256/SHA-512 IP core (XIP3327C).
Internal high-level block diagram of the compact HKDF/HMAC/SHA-256/SHA-512 IP core.

For more details, including FPGA resources & peak performance as well as ordering instructions, open the full product briefs in PDF. Contact us here, and we’ll get back to you as soon as possible.

SHA-256, balanced
SHA-384, balanced
SHA-512, balanced
SHA-256/SHA-512, compact

Interested to learn more about the technical details and performance numbers for ASIC application? Register for the ASIC-specific product briefs:

Back to product family page

Partner collaborations

We are proud partners with leading global as well as innovative growing FPGA companies. We offer a selection of our cryptographic IP cores for our technology partners. Visit our partner pages to learn more about our MACsec offering on our partner portfolios.

View all partners