Elliptic Curve Cryptographic IP
ECC is a public key cryptography approach that benefits from the same level of security as RSA but using a smaller key size. Elliptic curves are commonly used in digital signatures for signing and verification
ECC is an algorithm for public key cryptography. For elliptic-curve-based protocols, it is assumed that finding the Discrete Logarithm of a random elliptic curve element with respect to a publicly known base point is infeasible. The primary benefit promised by ECC is a smaller key size. For example a 256-bit ECC key should provide comparable security to a 3072-bit RSA key.
Public key accelerators are deployed in semiconductors used for Internet Protocol Security (IPsec), Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocol implementations. Increasingly they find application in digital signatures.
- Elliptic Curve Diffe-Hellman (ECDH)
- Elliptic Curve Digital Signature Algorithm (ECDSA)
- Korean Elliptic Curve Digital Signature Algorithm (KCDSA)
Standard curves are defined in
- NIST, Recommended Elliptic Curves for Government Use
- SECG, SEC 2: Recommended Elliptic Curve Domain Parameters
- ECC Brainpool, ECC Brainpool Standard Curves and Curve Generation
EnSilica can provide secure ECC, ECDSA and KCDSA related IP for use in ASIC or FPGA target technologies. The standard ECC, ECDSA and KCDSA modules are available as either an AHB/APB peripherals, where they seamlessly integrate with popular open source cryptography libraries such as mbedTLS and wolfSSL.
The peripherals can be configured for between 192 and 521-bit maximum key size to keep the resource requirements as low as possible. It accelerates the most time consuming arithmetic operations of the ECC algorithm, notably the EC Scalar Multiplication, EC Scalar Addition and EC Doubling, with 100% CPU offload. Furthermore the ECDSA and KCDSA cores include full Signing, Verification and Public Key Validation operations. These cores only support elliptic curves over prime fields.
- ECC-micro is the smallest version offering acceleration of the basic GF(p) operations, all other function are supported by sequencing the core in software
- ECC-lite additionally offers hardware acceleration of ECD,ECA,ECSM and ECDH, other function such as ECDSA are supported by sequencing the core in software
- ECDSA is a full hardware core supporting ECDSA sign and veify and public key validation acceleration
- ECDSA-HT is the high throughput version of the above core for applications requiring a very high count of Ops/s, such as V2X communications.
- Secure standalone ECC/ECDSA solution.
- Defence against Statistical Timing Side Channel Attack (STA)
- Defence against Simple Power Analysis Attack (SPA)
- Defence against Differential Timing Attack (DTA)
- Optional defence against Differential Power Analysis Attack (DPA)
- Optional defence against Doubling Attack (DA)
- Configurable for maximum key size
- Fully integrated with EnSilica’s cryptographic software library