Hardware-based security for high-level protection.

XIP41X3C: NIST P-256/P-384 ECDH+ECDSA

Compact ECC IP Cores supporting ECDH and ECDSA on NIST P-256/P-384


Introduction

XIP41x3C from Xiphera are a family of compact Intellectual Property (IP) cores implementing Elliptic Curve Diffie-Hellman (ECDH) and Elliptic Curve Digital Signature Algorithm (ECDSA) on NIST prime curves [1]. ECDH and ECDSA on NIST prime curves are widely used in various cryptographic protocols and systems.

The XIP41x3C family currently includes two IP cores:

  • XIP4123C for ECDH and ECDSA on the NIST P-256 elliptic curve and
  • XIP4133C for ECDH and ECDSA on the NIST P-384 elliptic curve.

These two curves are the most commonly used NIST curves today. XIP41x3C has been designed for easy integration with FPGA- and ASIC-based designs in a vendor-agnostic design methodology, and the functionality of XIP41x3C does not rely on any FPGA manufacturer-specific features.

Key features

  • Minimal Resource Requirements: XIP41x3C require for example 1549 ALMs in Intel Cyclone® V SX SoC or 1118 LUTs in Xilinx Artix-7® and use only 1-2 multipliers/DSP blocks and 1-3 internal memory block in a typical FPGA implementation.
  • Secure Architecture: The execution time of XIP41x3C is independent of the secret values and, consequently, provides full protection against timing-based side-channel attacks. Additionally, the pattern of operations during computations is independent of the secrets. XIP41x3C have two interfaces which can be used for separating access to security-critical values.
  • Standard Compliance: XIP41x3C are compliant with FIPS 186-4 [1] and SP 800-56A [2]. XIP41x3C can be used as a part of numerous public-key systems and protocols including IKEv2 [4, 6, 3] and TLS 1.3 (RFC 8446) [5].
  • Easy Integration: The 16-bit interface of XIP41x3C supports easy integration to various systems.

Functionality

XIP41x3C can be used for elliptic curve key generation, computation of Diffie-Hellman shared secrets as well as for ECDSA signature generation and verification. Hence, they are very versatile IP cores that can be used in a variety of cryptographic protocols and systems. The NIST prime curves are arguably still the most used elliptic curves and it is common for practical systems using ECC to support P-256 and/or P-384.

C to support P-256 and/or P-384. The main optimization objective for XIP41x3C has been on reducing the resource requirements and XIP41x3C require only very few resources considering the complexity of the operations that they support. They also include various security checks for the input values that prevent accidental misuses that could compromise the security of the cryptosystem. These include validations that the input points are in fact a valid point on the curve and in-built prevention of accidential misuse of values that should be used only once (ECDSA nonces). XIP41x3C also include protections against side-channel attacks, the most important of which is the fully constant-time operation of all operations that use secret values.

XIP41x3C implements the main elliptic curve operations. XIP41x3C requires an external random number generator (for example, XIP8001B) and ECDSA also requires an external hash function.


For more technical and commercial details, including FPGA resources & peak performance as well as ordering instructions, open the full product brief in PDF. Contact us by sending and email to email_career.png, and we’ll get back to you as soon as possible.

Open full product brief

Block diagram

Figure 1: Block diagram - picture description from PDF

Figure 1: Internal high-level block diagram of XIP41x3C.

Footnotes

[1] FIPS PUB 186-4 Digital Signature Standard (DSS). Technical report, National Institute of Standards & Technology, Gaithersburg, MD, United States, 2013.

[2] SP 800-56A Rev.3 Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography. Technical report, National Institute of Standards & Technology, Gaithersburg, MD, United States, 2018.

[3] David E. Fu and Jerome Solinas. IKE and IKEv2 Authentication Using the Elliptic Curve Digital Signature Algorithm (ECDSA). RFC 4754, January 2007.

[4] Charlie Kaufman. Internet Key Exchange (IKEv2) Protocol. RFC 4306, December 2005.

[5] Eric Rescorla. The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446, August 2018.

[6] Jerome Solinas and David E. Fu. Elliptic Curve Groups modulo a Prime (ECP Groups) for IKE and IKEv2. RFC 5903, June 2010.


Visit the product family page