TLS 1.3

Xiphera’s cryptographic Security Protocol portfolio secures point-to-point communication as well as server-client connections over the Internet.

About the product

Transport Layer Security (TLS) is a cryptographic protocol used for building a secure connection between a client and a server over the Internet. A hardware-based TLS 1.3 implementation enables high-level security in mission-critical industries, such as industrial automation; example applications are distributed and remote control, edge computing, and secure industrial communications.

Xiphera’s TLS 1.3 Client IP core (XIP7131C)  operates in a hardware-only fashion, encompassing both endpoints of a TLS 1.3 session. This approach ensures that security-critical operations are entirely self-reliant on hardware, eliminating the need for software involvement. Despite the extensive feature set, our TLS 1.3 IP cores maintain a compact footprint, making them exceptionally well-suited for high-volume applications.

The latest and most secure version of Transport Layer Security is TLS 1.3 which was released in 2018 and standardised in RFC 8446. Xiphera’s TLS 1.3 Client IP core (XIP7131C) comes with the ability to customise the algorithms in use which in turn allows for a future-proof roadmap for Post-Quantum Cryptography (PQC). In specific instances, it is possible to retrofit TLS 1.3 IP cores into existing FPGA-based solutions, adding to their versatility and compatibility.

Key features

  1. Optimised Resource Requirements: The entire TLS 1.3 Client IP core requires less than 8500 ALMs (Adaptive Logic Modules) in Intel® Cyclone® V implementation.
  2. Short Session Establishment Time: The FPGA-dependent execution time of the TLS1.3 handshake calculations is less than 100 ms at 100MHz clock, and the FPGA execution time is constant and does not depend on the key values, thus providing protection against timing-based side-channel attacks.
  3. Performance: Despite its small size, TLS 1.3 Client IP core can support bulk traffic encryption and decryption speeds in excess of 1 Gbps.
  4. Follows RFC 8446: Xiphera’s TLS 1.3 Client IP core follows the latest TLS 1.3 standard defined in RFC8446 with specifically selected ciphers to minimise area requirements.
  5. Hardware-based Security: The primary design goal of TLS 1.3 Client IP core is to avoid the potential weaknesses in software-based security, including but not limited to dependence on operating system security, vulnerabilities in third party cryptographic software libraries, and bugs in underlying processor architectures.
  6. Hardware-based Cryptographic Operations: All the cryptographic mathematical operations are performed entirely in the FPGA, providing a substantial security and performance advantages compared to software-based TLS implementations.
  7. Hardware-based Key Management: All the cryptographic keys are stored in dedicated internal FPGA memory, which provides a substantial security advantage over software-based key management, and amongst other benefits is a requirement for IEC62443 Security Level 3 designs.
Internal high-level block diagram of the compact TLS 1.3 IP core (XIP7131C).
Internal high-level block diagram of the compact TLS 1.3 IP core

Get in touch for more details, including FPGA resources & peak performance as well as ordering instructions. Contact us here, and we’ll get back to you as soon as possible.