+1 613 254 5456
adjust font size Increase Font Size Reset Font Size Decrease Font Size

CLP-300: High Performance RSA and Elliptic Curve Cryptography Public Key Accelerator Core

Public key cryptography requires complex mathematical operations on very large numbers (from 160- to 4096-bits, or more). The majority of CPUs are limited to operations on 32- and 64-bits values and require a significant amount of computational resources when implementing these security algorithms.

Elliptic’s CLP-300 is a co-processor dedicated to the computationally intensive elements of the mathematics required for RSA operations as well as the algorithms used in prime field Elliptic Curve Cryptography. CLP-300 integrates seamlessly with the Ellipsys™ Cryptography Middleware, and the designer can accelerate the asymmetric cryptography required in public key algorithms to reach performance levels that are not achievable in a software only solutions.

The traditional RSA, Digital Signature Algorithm (DSA) and Diffie-Hellman (DH) asymmetric algorithms require the calculation of complex modular exponentiation operations to encrypt, decrypt, sign and verify data for public key negotiations or digital signature schemes. Similarly, Elliptic Curve Cryptography (ECC) requires a number of complex mathematical operations, such as point multiplications, in support of public key negotiations and digital signature schemes.

The CLP-300 Public Key Accelerator (PKA) is designed to significantly accelerate these cumbersome operations. The engine is highly configurable and can cover a broad range of mathematical operations, size and performance options selectable at build time. With these configuration options, customers can meet a wide range of capabilities suitable for applications ranging from base stations in WiMAX and 3GPP Long Term Evolution (LTE) designs, to National Security Agency (NSA) Suite B and 10 Gbps security blades in network edge routers. The table below provides several data points for specific build options.

 

Features

  • Offloads the computationally intensive parts of public key cryptography
  • Integer operations (512, 768, 1024, 1536, 2048, 3072, and 4096-bit)
    • Modular exponentiation, division, multiplication, inversion, addition, and subtraction.
  • ECC-GF(p) operations ( 160, 192, 224, 256, 384, 512 and 521-bit)
    • Point multiplication, addition, doubling, and verification
  • Core acts as a processor peripheral
  • Support for AMBA/AHB, AMBA/AXI and synchronous RAM slave interfaces
  • DPA hardening
  • Programmable DTA hardening
  • Highly configurable at build time
  • Configurable firmware memory type
    • RAM only
    • ROM only
    • RAM/ROM mix
  • Ellipsys middleware for RSA, Diffe-Hellman, DSA
  • Ellipsys middleware for prime field ECC operations such as ECDSA and ECDH

Benefits

  • Dramatic acceleration of Public Key Exchange operations
    • Including key generation
    • Particularly significant for private key functions
  • Substantial power reduction relative to software-based implementations
  • Choice of several performance grades, to enable performance vs. silicon area trade-offs
  • Advanced DPA and DTA resistance features minimize exposure to sophisticated side-channel attacks, useful for payment card, government and military applications
  • ROM-based firmware eliminates attacks on firmware image, enables secure boot
  • Silicon proven
  • Highly integrated
  • SoC/ASIC developers and embedded system OEMs benefit from
    • Reduced time to market
    • Reduced risk
    • Highly tuned solutions for performance, power and size
  • IP developed by industry experts through a structured and rigorous development and verification program

Applications

  • NSA Suite B
  • IPsec and SSL gateways
  • WiMax (IEEE 802.16) base stations
  • Femtocells
  • 3GPP/LTE
  • Network processors
  • E-commerce acceleration
  • Military communications systems
  • Payment Card Industry
  • Secure Manufacturing

Downloads

Featured Products

media ETS-020: tVault HDCP 2.2
A proven HDCP-based content protection solution that provides robust security inside Trusted Execution Environments (TEEs) and enforces the protection of sensitive information to ensure that it is stored, processed and accessed only by authorized applications.The solution integrates seamlessly within frameworks such as ARM TrustZone™, where the critical security components are embedded in a trusted and secure OS environment. The non-critical components are executed by the rich OS, such as Android.
tower CLP-630: Multi-Packet Manager Security Engine
A highly programmable and unique Security Protocol Accelerator specifically designed to efficiently process data for high capacity wireless and network applications. The engine is perfectly suited for applications that deal with multiple active connections and significant traffic load on different contexts, such as 4G LTE-Advanced wireless cellular base stations and femtocells.