Metis hardware Elliptic Curve Cryptography Accelerator

Cerberus Metis logo

Feature Summary

  • Supports all NIST curves, Curve25519, Curve448, SM2, Brainpool and others
  • Configurable bit width and modulus
  • Operation over any prime field GF(p) within the configured bit width
  • EC point arithmetic operations over any prime curve
  • ECDSA/EdDSA sign and verify and ECDH key exchange
  • Built-in side channel attack (SCA) countermeasures for resistance against timing attacks, doubling attacks and power analysis (SPA/SEMA and DPA/DEMA)
  • Configured via a memory mapped register interface, AXI options available
  • Optionally, a private hardware key may be wired to the IP, not readable via the register interface
  • Our flexible micro sequencer allows for extensive customisation and new feature support if required
  • Suitable for both FPGA and ASIC implementation
  • Reference Linux®1 driver
  • Various size versus performance options available upon request

IP Overview

Cerberus “Metis” is an updated version of our CSL-ECA elliptic curve cryptography hardware accelerator that is more configurable, with better off-load capability and performance. Its new inbuilt dedicated programmable microcontroller allows for efficiently off-loading algorithms.

The Metis Elliptic Curve Cryptography accelerator is a configurable hardware IP core capable of delivering high speed elliptic curve point arithmetic over any prime field. It is thus compatible with all NIST prime curves as well as any other prime field alternative. Examples are Ed25519, SM2 and the Brainpool family of curves. It may be used for encryption, decryption, signing and verification operations and in the implementation of common standards such as ECDSA, EdDSA signature schemes and ECDH key exchange.

The design can be implemented on an FPGA (and effectively uses DSP slices) as well as on an ASIC.

Example hardware configuration
Example hardware configuration

Configurable parameters include:

  • The core numerical accelerator can be configured for the numerical width. For example, 256 bits for the common NIST p256 curve operations
  • The silicon area can be reduced at the expense of performance. The default implementation is optimised for performance and not silicon area

Value-added services

Based on your exact requirements, Cerberus deliver a fully tailored IP solution, suitable for ASIC or FPGA integration. Cerberus are also able to offer a bespoke software driver development service to our customers. We are happy to work closely with customers at an early stage, to help review their requirements, derive appropriate threat models and mitigations, and formulate a suitable security system architecture.

PDF download

You can download the Metis Elliptic Curve Cryptography hardware accelerator brief here

Contact us

Please use the web contact form or email us for more information.

The small print

Information in this page is provided “as is”, with all faults.

Cerberus expressly disclaims all warranties, representations and conditions of any kind, whether express or implied, including, but not limited to, the implied warranties or conditions of merchantability, fitness for a particular purpose and non-infringement.

Cerberus does not assume any liability rising out of the application or use of any product or circuit,and specifically disclaims any and all liability, including without limitation indirect, incidental,special, exemplary, or consequential damages.

Cerberus reserves the right to make changes to this product without further notice.

  1. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. ↩︎