Hardware-based security for high-level protection.

XIP4003C: X25519 AND Ed25519

Curve25519 Key Exchange and Digital Signature IP Core


Introduction

XIP4003C from Xiphera is a very compact Intellectual Property (IP) core designed for efficient X25519 key exchange and Ed25519-based Edwards-curve Digital Signature Algorithm (EdDSA). XIP4003C implements arithmetic on Curve25519 [1], and provides a security level of 128 bits. Curve25519 is used in numerous contemporary security protocols and applications, including TLS 1.3.

XIP4003C has been designed for easy integration with FPGA- and ASIC-based designs in a vendor-agnostic design methodology, and the functionality of XIP4003C does not rely on any FPGA manufacturer-specific features.

Key features

  • Minimal Resource Requirements: The entire XIP4003C requires less than 800 ALMs (Cyclone® 5) and uses only 1-2 multipliers/DSP Blocks [2] and 1-2 internal memory block in a typical FPGA implementation.
  • Constant Latency: The execution time of XIP4003C is independent of the key value, and consequently provides protection against timing-based side-channel attacks.
  • Performance: Despite its small size, XIP4003C can support more than 100 key exchange or digital signature operations per second.
  • Standard Compliance: XIP4003C is compliant with RFC7748, RFC8032, and the draft vesion of FIPS 186-5. XIP4003C can be used as a part of many public-key protocols including IKEv2 (RFC 8031) and TLS 1.3 (RFC 8446).

Functionality

XIP4003C supports the following operations:

  • Constant-time x-coordinate-only scalar multiplication (for X25519) with the Montgomery ladder algorithm
  • Constant-time fixed-base scalar multiplication (for Ed25519 signature generation)
  • Double-base scalar multiplication (for Ed25519 signature verification)
  • Point compression/decompression
  • Other modular arithmetic for generating and verifying Ed25519 signatures

The internal word width is set to 17 bits, as this leads to an efficient internal implementation [3] of the multiplication algorithm.


For more technical and commercial details, including FPGA resources & peak performance as well as ordering instructions, open the full product brief in PDF. Contact us by sending and email to email_career.png, and we’ll get back to you as soon as possible.

Open full product brief

Block diagram

Figure 1: Internal high-level block diagram of XIP4003C

Figure 1: Internal high-level block diagram of XIP4003C

Footnotes

[1] Curve25519 is formally defined as y² = x³ + 486662x² + x over the finite field defined by the prime number 2²⁵⁵ − 19.

[2] The exact number depends on the targeted FPGA architecture.

[3] 15 · 17 bits = 255 bits.


Visit the product family page