New hardware product: Elliptic Curve Accelerator


We’ve released our new high-speed Elliptic Curve Accelerator today for supporting elliptic curve based cryptographic algorithms including ECDSA, EdDSA and ECDH on FPGA and ASIC.

Elliptic Curve Cryptography

Symmetric key cryptographic algorithms such as AES use the same secret key to encrypt and decrypt data and so you need to make sure that this key is always kept secret. Asymmetric (or public key) cryptographic algorithms have separate keys for encrypt and decrypt, allowing one of these keys to be made public depending on the application, while the other is still kept secret, without breaking the security. The disadvantage compared to symmetric key cryptography is that public key cryptography is generally much slower and needs much larger keys.

In order to get the advantages of both types of algorithm it is common to use public key algorithms to exchange symmetric keys and then use the symmetric algorithms for more rapid encryption and decryption. Public key algorithms are also used to authenticate data sent between parties by each party using the public key of the other to verify a digital signature.

Elliptic Curve (EC) cryptography is a public-key cryptographic system and compared to other public-key algorithms such as RSA, EC requires smaller keys to achieve the same security lever and hence needs much less data storage or transmission bandwidth.

Popular uses for EC cryptography include:

  • Software authentication on IoT edge-node devices or other resource-constrained devices for secure boot and over-the-air downloads
  • Communications protocols, where it reduces the network traffic used for key agreement and digital signatures (e.g. see the mandatory requirements for TLS1.3, where the Elliptic Curve Digital Signing Algorithm (ECDSA) is required)

The product

Cerberus has developed hardware IP, called the CSL-ECA, for implementing EC-based algorithms such as ECDSA, EdDSA, ECDH(E). The hardware consists of an interface to a controlling processor, a high-speed numerical accelerator for performing the mathematical operations required for EC operations and a controller for performing the algorithms such as ECDSA.

This hardware is highly configurable depending on the security level required, the silicon area required and whether the implementation will be on an FPGA or in an ASIC.

Configurable parameters include:

  • The core numerical accelerator can be configured for the desired numerical width. For example, 256 bits for the common NIST p256 curve operations. The core supports operation over any prime field GF(p) allowing for use with NIST prime curves, Curve25519 and Brainpool with keys up to the configured numerical width
  • The silicon area can be reduced at the expense of performance. The default implementation is optimised for speed and not silicon area
  • The controller can be configured to support a range of standard or custom EC-based algorithms. The default implementation is to support ECDSA

The FPGA implementation of the IP uses DSP slices where available for maximum performance and minimum size.

More details

You can find more information and download the Product Summary sheet for the CSL-ECA at Design and Reuse (registration required).