

# XIP3323B: HKDF/HMAC/SHA-384

### SHA-384 IP Core with Extended Functionalities

Product Brief ver. 1.0 September 20, 2023

sales@xiphera.com

#### Introduction

XIP3323B from Xiphera is a versatile Intellectual Property (IP) core designed for SHA-384 cryptographic hash function with extended support for HMAC message authentication code and HKDF key derivation function that are based on using SHA-384. SHA-384 is one of the most commonly used hash functions and is used in numerous cryptographic applications. XIP3323B offers a good balance between performance and resource requirements.

XIP3323B has been designed for easy integration with FPGA- and ASIC-based designs in a vendor-agnostic design methodology, and the functionality of XIP3323B does not rely on any FPGA manufacturer-specific features.

# **Key Features**

- Versatility: XIP3323B supports the widely used cryptographic hash function SHA-384. It also has native support for commonly used message authentication code (HMAC) based on SHA-384 and key derivation function (HKDF) based on HMAC. This allows using XIP3323B for multiple cryptographic functions —for example, TLS 1.3 [4] —more easily and efficiently than an IP core that supports only SHA-384.
- Constant Latency: The execution time of XIP3323B is independent of the message and key values (apart from message length), and consequently provides protection against timingbased side-channel attacks.
- Performance: XIP3323B provides high performance and reaches hashing speeds of several hundreds of Mbps.
- Compact Size: XIP3323B has compact size (for example, 2481 ALMs and, 6 M20K blocks in Intel® Arria® 10 GX family) permitting integration into resource constrained FPGA designs.



Figure 1: Internal high-level block diagram of XIP3323B

 Standard Compliance: XIP3323B is compliant with NIST FIPS 180-4 Secure Hash Standard (SHS) [2], FIPS 198-1 The Keyed-Hash Message Authentication Code (HMAC) [1], and RFC 5869 HMAC-based Extract-and-Expand Key Derivation Function (HKDF) [3]. Consequently, XIP3323B can be used in multiple cryptographic applications.

### **Functionality**

XIP3323B supports four main functionalities:

- SHA-384: Computes a SHA-384 hash for an input message.
- HMAC: Computes an HMAC authentication tag for an input message using an authentication key.
- HKDF-extract: Computes the HKDF-extract function that calculates a pseudorandom key from initial key material.
- HKDF-expand: Computes the HKDF-expand function that expands the pseudorandom key to several additional pseudorandom keys of desired lengths for specific cryptographic algorithms.

XIP3323B has a convenient 64-bit FIFO interface allowing for easy integration with rest of the FPGA design. The data inputs are loaded into XIP3323B with byte-level granularity using the numbytes signal that denotes the number of active bytes in a 64-bit word (0...4). The key inputs are loaded through a separate port allowing full isolation between keys and data.

# **Block Diagram**

The internal high-level block diagram of XIP3323B is depicted in Figure 1.



#### Interfaces

The external interfaces of XIP3323B are depicted in Figure 2.



Figure 2: External interfaces of XIP3323B

This Product Brief describes a high-level overview of the functionality and capabilities of XIP3323B. Please contact sales@xiphera.com for a complete datasheet with a detailed description of the input and output signals, startup procedure of XIP3323B, example simulation waveforms, and the FPGA resource requirements of your targeted FPGA family.

### FPGA Resources and Performance

Table 1 presents the FPGA resource requirements for certain FPGAs. On request, the resource estimates can also be supplied for other FPGA families.

| Device                                                     | Resources                  | $f_{MAX}$  |
|------------------------------------------------------------|----------------------------|------------|
| Intel® Arria® 10 GX*                                       | 2481 ALM, 6 M20K           | 193.91 MHz |
| Intel <sup>®</sup> Cyclone <sup>®</sup> 10 GX*             | 2481 ALM, 6 M20K           | 188.75 MHz |
| Xilinx <sup>®</sup> Versal <sup>®</sup> Prime <sup>†</sup> | 3752 LUT, 2 RAMB36         | 304.51 MHz |
| Xilinx® Kintex® UltraScale+†                               | 2908 LUT, 2 RAMB36         | 350.88 MHz |
| Xilinx <sup>®</sup> Zynq <sup>®</sup> MPSoC <sup>†</sup>   | 3082 LUT, 2 RAMB36         | 271.81 MHz |
| Lattice <sup>®</sup> CertusPro-NX <sup>®</sup> ‡           | 6004 LUT4, 6 EBR           | 94.69 MHz  |
| Lattice <sup>®</sup> ECP5 <sup>®</sup> §                   | 4016 LUT4, 6 EBR           | 80.44 MHz  |
| Microchip® PolarFire® ¶                                    | 5112 4LUT, 6/8 uSRAM/LSRAM | 89.22 MHz  |

Table 1: Resource usage and performance of XIP3323B on representative FPGA families.

<sup>\*</sup>Quartus® Prime Pro 21.1.0, default compilation settings, industrial speedgrade.



The general performance characteristics for different functionalities are as follows:

- SHA-384: XIP3323B can perform SHA-384 hash computations with an asymptotic maximum throughput of  $\frac{f_{MAX}*1024\ bits}{86}$  and minimum latency of 95 clock cycles (for at most 64 bit messages)
- HMAC: An authentication tag computation requires two iterations of SHA-384, but the throughput of the computation approaches the throughput of SHA-384 for long messages.
- HKDF: HKDF-Extract and HKDF-Expand both require computation of a single HMAC and their performance is similar to HMAC with short messages.

### Ordering and Deliverables

Please contact sales@xiphera.com for pricing and your preferred delivery method. XIP3323B can be shipped in a number of formats, including netlist, source code, or encrypted source code. Additionally, a comprehensive VHDL testbench and a detailed datasheet are included.

### **About Xiphera**

Xiphera specializes in secure and efficient implementations of standardized cryptographic algorithms on Field Programmable Gate Arrays (FPGAs) and Application Specific Integrated Circuits (ASICs). Our product portfolio includes individual cryptographic Intellectual Property (IP) cores, as well as comprehensive security solutions built from a combination of individual IP cores.

Xiphera is a Finnish company operating under the laws of the Republic of Finland, and is fully owned by Finnish citizens and institutional investors.

#### Contact

Xiphera Oy Tekniikantie 12 FIN-02150 Espoo Finland sales@xiphera.com +358 20 730 5252

#### References

[1] NIST Computer Security Division. FIPS PUB 198-1, The Keyed-Hash Message Authentication Code (HMAC). Technical report, National Institute of Standards & Technology, Gaithersburg, MD, United States, 2008.

<sup>&</sup>lt;sup>¶</sup>Libero 2022.1.0.10, default compilation settings, industrial speedgrade.



<sup>&</sup>lt;sup>†</sup>Vivado 2021.1, default compilation settings, industrial speedgrade.

<sup>&</sup>lt;sup>‡</sup>Radiant 2022.1.0, default compilation settings, synthesised with Synplify.

<sup>§</sup>Diamond 3.12.0, default compilation settings, synthesised with Synplify.

- [2] NIST Computer Security Division. FIPS PUB 180-4 Secure Hash Standard (SHS). Technical report, National Institute of Standards & Technology, Gaithersburg, MD, United States, 2015.
- [3] Dr. Hugo Krawczyk and Pasi Eronen. HMAC-based Extract-and-Expand Key Derivation Function (HKDF). RFC 5869, May 2010.
- [4] Eric Rescorla. The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446, August 2018.

