Crypto IP Introduction

Fundamental IP of SoC Security

Preventing SoC from the threats of hardware IP privacy, reverse-engineering, physical tampering and counterfeiting is an emerging topic and becoming more important.

While SoC serves as the trust anchor, hardware-based security enables and enhances the secure operation of the whole system.

PUFsecurity provides hardware-based fundamental IP cores in SoCs with major offerings as follows:

1) Block-Ciphers (Advance Encryption Standard algorithm)
Provide complete IP of standard AES algorithm with chain modes (e.g. ECB/CBC/CFB/OFB…, etc.) and flexible key lengths of 128, 192 or 256 bits.

2) Asymmetric Public-key Cryptography (Elliptic Curve Cryptography algorithm)
Provide complete IP of ECC algorithm with primary & binary curves which are compliant with NIST standards.

3) Integrity with SHA (Secure Hash Algorithm)
Provide complete IP of SHA2 / SHA3 with different digest values (e.g. 224, 256, 384, or 512 bits).

4) Protocol Support of Authentication

5) Protocol Support of Key-Agreement and Digital Signature

We would like to highlight that in order to comply with the security requirement of the Chinese Government and meet the demands of China’s market, we also provide algorithms mentioned below. These comply with recommended China’s cryptography algorithms in OSCCA

Crypto IP.png

All of the crypto IPs above are digital RTL designs which is flexible enough to be integrated into PUFiot and PUFse solutions within a secure boundary. By cooperating with the root of trust core PUFrt, these crypto IPs can enhance the hardware security level of SoCs in an efficient way.


Evaluation Kit

AES-128 Engine


The NIST-standard symmetric cipher. Using a user-supplied 128-bit private key, this AES engine can encrypt plaintext into ciphertext and vice versa for tasks that require confidentiality. 



RTL / Testbench / Test vectors / Documentation

SHA-2 256 Engine



The NIST-standard hashing algorithm. Users have the flexibility of using their own padding functions. This SHA-2 engine could process 512-bit data at a time, and hash user input data down into a 256-bit digest for integrity checking. 


RTL / Testbench / Test vectors / Documentation