Key Derivation Functions (SHA-2)
Xiphera’s extensive portfolio of cryptographic hash functions complies with NIST standards for SHA-2, SHA-3, and Key Derivation Functions.
About the product
Hash algorithms are also the basis for Key Derivation Functions (KDFs) such as HKDF that can be used, for example, for computing cryptographic keys from passwords or for stretching a cryptographic key to a longer key or to several keys.
Our Key Derivation Function IP cores possess a device-agnostic design, ensuring compatibility across a diverse range of FPGA and ASIC platforms. Furthermore, our Key Derivation Function IP cores are fully protected against timing attacks as the execution time does not depend on the values of the inputs.
Xiphera offers 4 IP cores for key derivation with extended support for HMAC message authentication code and HKDF key derivation function:
- SHA-256 IP Core (XIP3322B: HKDF/HMAC/SHA-256)
- SHA-384 IP Core (XIP3323B: HKDF/HMAC/SHA-384) – CAVP validated
- SHA-512 IP Core (XIP3324B: HKDF/HMAC/SHA-512)
- SHA-256/SHA-512 IP Core (XIP3327C: HKDF/HMAC/SHA-256/SHA-512)
- Versatility: All 4 offerings have native support for commonly used message authentication code (HMAC) and and key derivation function (HKDF). This allows using Xiphera’s KDF offerings for multiple cryptographic functions – for example, TLS 1.3 – more easily and eficiently than an IP core that supports only SHA-256, SHA-384, or SHA-512.
- Constant Latency: The execution time of Xiphera’s KDF offering is independent of the message and key values (apart from message length), and consequently provides protection against timingbased side-channel attacks.
- Performance: Xiphera’s KDF offering provides high performance and reaches hashing speeds of several hundreds of Mbps.
- Compact Size: has compact size permitting integration into resource constrained FPGA designs.
- Standard Compliance: Xiphera’s KDF offering is compliant with NIST FIPS 180-4 Secure Hash Standard (SHS), FIPS 198-1 The Keyed-Hash Message Authentication Code (HMAC), and RFC 5869 HMAC-based Extract-and-Expand Key Derivation Function (HKDF). Consequently, they can be used in multiple cryptographic applications.