Contact Us
IP Catalog

FortiPKA-RISC-V

Secure, Swift and Versatile

Intro
Modern asymmetric cryptography algorithms such as RSA or elliptic curve cryptography over prime fields require complex mathematical calculations of large numbers up to 4096 bits. FortiPKA-RISC-V is a public key accelerator that allows offloading all the computationally heavy operations from the main CPU, while offering excellent balance between small footprint and high performance.

One of the key features of FortiPKA-RISC-V is a unique computation technology that eliminates the necessity for data transformations to and from the Montgomery domain, which leads to superior performance compared to alternative solutions. The efficient resource usage is ensured by implementation of cryptographic algorithms in firmware that is executed on an internal miniature RISC-V core. The core instruction set is extended to support custom modular arithmetic for large integers. Hardware configuration options are available to balance area and performance for specific applications. Moreover, FortiPKA-RISC-V supports CPU interfacing through AMBA AXI4, APB, AHB or custom memory-like slave interface.

Request This Core

To ensure smooth integration of FortiPKA-RISC-V to a customer’s product, a software library which performs high-level operations, such as encryption, decryption, signing and verifying for a variety of cryptographic algorithms is provided.

Supported algorithms include:

  • RSA
  • DH
  • DSA
  • ECDH
  • ECDHE
  • ECDSA
  • EdDSA
  • SM2

Additionally, FortiPKA-RISC-V’s technology-agnostic design ensures compatibility across 
diverse semiconductor technologies.

FortiPKA-RISC-V includes all the necessary countermeasures against modern side-channel and fault injection attacks. The protection level is configurable, allowing to further improve security characteristics at the cost of resource usage or computation speed. To minimize the overhead of protections from physical attacks, countermeasures are employed in hardware, firmware and software when appropriate.

Features
The performance/area metrics can vary depending on the specific configuration, interface, and chosen standard cell library.
  • Technology agnostic
  • Modular exponentiation operations with up to 4096-bit modulus
  • Prime field ECC operations with up to 571-bit modulus
  • Fastest implementation is 58 kGE and 498 Op/s for 1024-bit RSA, 147 Op/s for 384-bit scalar multiplication
  • Smallest implementation is 33 kGE and 77 Op/s for 1024-bit RSA, 24 Op/s for 384-bit scalar multiplication
  • Up to 350 MHz on the 45 nm process
  • Unique mathematical solution that eliminates the need for preprocessing
  • Software library with support for RSA, DH, DSA, ECDH, ECDHE, ECDSA, EdDSA, DH, SM2
  • CPU interface support for AMBA AXI4, APB, AHB and custom memory-like slave interface
  • RAM and ROM option for firmware storage
  • Strong protection against modern side-channel and timing attacks, and fault injection attacks, tunable security level
  • Native support for standard NIST curves, optional support for custom curves
  • Shared memories between host CPU and FortiPKA-RISC-V that enables memory reuse
  • High level of customization on software, firmware and hardware level
Benefits
  • Enhanced performance with no need for data preprocessing
  • Optimal balance between high performance and low area
  • Robust defense against side-channel and fault injection attacks, with customizable options to meet diverse cryptographic requirements
  • Hardware configuration options allowing to optimize FortiPKA-RISC-V for specific applications
  • Versatile CPU Interfaces: AMBA AXI4, APB, AHB, or a custom memory-like slave interface
  • Extensive Algorithm Support: RSA, DH, DSA, ECDH, ECDHE, ECDSA, EdDSA, DH, and SM2
  • Facilitation of memory reuse due to shared memory resources
  • Seamless integration into customer products, supported by a comprehensive set of deliverables and documentation
Applications
  • Networks
  • Communications
  • Payment Systems
  • Authentication Devices
  • IoT Devices
  • Embedded Systems
Tech Specs

Part Number

FIQPKA-RISC-V-IP

Short description

Public Key Accelerator

Provider

FortifyIQ, Inc

Foundry, Node

Independent

FPGA

AMD Xilinx, Intel, Lattice

Maturity

Compliant 
Standard

ANSI X9.31, ANSI X9.42, ANSI X9.62, 
ANSI X9.63, PKCS#1, IEEE Std. 1363-2000, 
AIS-31, FIPS 140-2, FIPS 186-3

Availability

Public Key Accelerator

FPGA Technology

TSMC

Deliverables
  • SystemVerilog source code or netlist
  • Testbench, input vectors and expected results
  • Sample timing constraints, synthesis and simulation scripts
  • Hardware Abstraction Layer (HAL) reference implementation
  • Integration, configuration and usage manuals
  • Firmware code
  • Software library
Block Diagram
Fortify’s AES security evaluation by SGS

“Summary. The leakage analysis (Welch t-test) on over 30 million traces did not show statistically significant first- and second-order differences between trace sets with fixed and random inputs. The template-based DPA analysis, on the pseudo-random trace set for the profiling phase (15 million traces) and on a sub-set of 300k fix input traces for matching phase targeting the first-round S-box output, and template attack on ciphertext, did not indicate any potential information leakage.”

” The results for the soft IP presented in the report were obtained on the TOE which is the basic hardware implementation of the soft IP without additional levels of security (e.g. that are present in a secure silicon layout). Therefore the internal strength of the soft IP itself was evaluated. This indicates that the investigated features and parameters of the soft IP implementation should be robust against SCA and fault injection attacks in different implementations including ASIC. Nevertheless, according to the Common Criteria rules, the strength of the final composite product must be evaluated on its own.”

Request Technical Details