13. Public key accelerator (PKA)

13.1 Introduction

The Public Key Accelerator (PKA) is intended for the computation of cryptographic public key primitives, specifically those related to RSA, Diffie-Hellmann or ECC (Elliptic Curve Cryptography) over GF(p) (Galois fields). To achieve high performance at a reasonable cost, these operations are executed in the Montgomery domain. All needed computations are performed within the accelerator, so no further hardware/software elaboration is needed to process the inputs or the outputs.

13.2 PKA main features

• • Acceleration of RSA, DH and ECC over GF(p) operations, based on the Montgomery method for fast modular multiplications. More specifically:
  • – RSA modular exponentiation, RSA Chinese remainder theorem (CRT) exponentiation
  • – ECC scalar multiplication, point on curve check
  • – ECDSA signature generation and verification.
• • Capability to handle operands up to 3136 bits for RSA/DH and 640 bits for ECC
• • Arithmetic and modular operations such as addition, subtraction, multiplication, modular reduction, modular inversion, comparison, and Montgomery multiplication
• • Built-in Montgomery domain inward and outward transformations
• • AMBA AHB slave peripheral, accessible through 32-bit word single accesses only (otherwise, for writes, an AHB bus error is generated, and write accesses are ignored).

13.3 PKA functional description

Figure 25. Block diagram shows the block diagram of the Public Key Accelerator.

Figure 25. Block diagram

graph TD
    RAM["894 words
Internal 32-bit RAM"] <--> PKA_Core
    subgraph PKA_v7c ["PKA v7c"]
        PKA_Core
    end
    PKA_Core <--> AHB_Wrapper["AHB control wrapper (32-bit)"]
    AHB_Wrapper <--> AHB_Bus["AHB Bus"]
    AHB_Wrapper --> IRQ
    PKA_Core <--> |32-bit| AHB_Wrapper
  

PKA can be used for accelerating Rivest, Shamir and Adleman (RSA), Diffie-Hellman (DH) and Elliptic Curve Cryptography (ECC) operations over a \( GF(p) \) field for operand sizes up to 3136 bits for RSA and DH, and up to 640 bits for ECC.

A memory of 3576 bytes (894 words of 32 bits) is used for providing initial data to the PKA, and for holding the results after computation is completed. This memory is called PKA RAM. Access is done through the PKA AHB interface.

A typical computing sequence by the PKA is composed by the following steps:

1. 1. Calculation of \( R2 \pmod n \) parameter to enter the Montgomery domain
2. 2. Conversion of inputs into the Montgomery residue-system representation
3. 3. Computation of the requested primitive (modular exponentiation for RSA/DH and point multiplication for ECC)
4. 4. Conversion out from Montgomery representation

If several operations are computed sequentially using the same modulus \( n \) , the first step can be skipped, since the PKA can store the last computed \( R2 \pmod n \) . User software is also able to load precomputed values of \( R2 \pmod n \) directly into the PKA.

13.3.1 Enabling/disabling PKA

Setting the EN bit (PKA_CR[0]) to '1' enables the PKA peripheral. When EN='0', the PKA peripheral is reset, no operation can be started, and the PKA memory cannot be accessed.

Clearing EN bit while a calculation is in progress causes the operation to be aborted. In this case, the content of the PKA RAM (described here below) is not guaranteed.

13.3.2 PKA RAM

The PKA RAM is an internal memory block of 3576 bytes which is organized as 894 words of 32 bits. Each 32-bit word has an address associated with it, from decimal offset 0 to 893.

The offset address to access the first word of the memory block is 0x400. External masters may access this internal memory block from the PKA AHB interface.

Note: Only 32 bits access are supported.

Accesses are allowed only while there is no computation in progress (BUSY = 0). During computation the internal memory block is accessed by the PKA core itself.

13.3.3 Executing a PKA operation

PKA is able to perform 18 types of operations. Each of those PKA operations is executed using the following procedure:

1. 1. Load initial data into the PKA internal RAM.
2. 2. Load the MODE[5:0] field specifying the operation to be executed and assert the START bit. Both fields are in the PKA_CR register.
3. 3. Wait until the PROCENDF bit in the PKA_SR register is set, which indicates that the computation is complete.
4. 4. Read the result data from the PKA internal RAM.

The operations and their corresponding input data and results are described in Section 13.4: Operating modes .

13.3.4 Security level

The PKA device offers a countermeasure to thwart side band channel attack. This protection can be activated by setting the bit SEC_LVL in the PKA_CR register. One must know that this specific protection mode increases the processing time by 25% on average.

13.3.5 PKA error management

When PKA is used some errors can occur:

• • The access to PKA RAM falls outside the expected range or access to PKA registers falls outside the expected range. In this case the Address Error flag (ADDRERRF) is set in the PKA_SR register
• • An AHB access to the PKA RAM occurred while the PKA core was using it. In this case the RAM Error Flag (RAMERRF) is set in the PKA_SR register, reads to PKA RAM return zero, while writes are ignored.

For each error flag above, PKA generates an interrupt if the application sets the corresponding bit in PKA_CR register (see Section 13.5.1: PKA interrupts for details).

ADDRERRF and RAMERRF errors are cleared by setting the corresponding bit in PKA_CLRFR.

The PKA can be re-initialized at any moment by resetting the EN bit in the PKA_CR register.

13.4 Operating modes

There are 18 types of operations that the PKA can perform. Each of these operating modes has an associated code which is to be written to the MODE[5:0] field in the PKA_CR register.

Table 35. Operating modes

The format of the input data and the results in the PKA RAM are specified for each operating mode in the following sections.

The size of the operands is configurable. For RSA operations (where MODE[5]=0), the maximum “rsa_size” is 3136 bits. For ECC operations (where MODE[5]=1), the maximum “ecc_size” is 640.

In the tables below, the acronyms ROS (RSA operand size) and EOS (ECC operand size) indicate how many words the given field includes.

Fractional results are rounded up to the nearest integer since the PKA's processing is based on 32-bit words. The maximum ROS is 99 (3136-bit maximum exponent size), while the maximum EOS is 21 (640-bit maximum operand size).

For example, if you want to compute RSA with an operand of 1024 bits, then ROS equals 33. If you want to compute ECC with an operand of 192 bits, then EOS = 7.

Note: For the input fields whose size is ROS, ROS/2, or EOS, an additional word which is entirely zeros must be written after the last word. For example, to prepare for the calculation of the Montgomery parameter, ROS words are written for the modulus starting at address 305 until address 305+ROS-1. A word of all zeros must also be written at address 305+ROS before starting the calculation.

13.4.1 Compute Montgomery parameter

During this operation the PKA computes the Montgomery parameter \( R^2 \pmod n \) .

Table 36. Montgomery parameter input data

Table 37. Montgomery parameter output data

Note: Computation of the Montgomery parameter depends on the word size of the core, so for a given modulus the core produces a different Montgomery parameter with word size = 64 than with word size = 32.

13.4.2 Compute modular exponentiation

During this operation the PKA computes the modular exponentiation \( m^e \pmod n \) .

Table 38. Modular exponentiation input data

Table 39. Modular exponentiation output data

Note: The core supports only odd modulus. If modulus randomization is applied, the randomized modulus has to be an odd number. Both exponent and operand are unsigned integers represented in binary form on 32 bits. Both must be less or equal to max_rsa_size (3136).

13.4.3 Compute the ECC scalar multiplication

During this operation the PKA computes the ECC scalar multiplication \( kP \) .

Table 40. ECC scalar multiplication input data

Table 41. ECC scalar multiplication output data

Note: The core supports only prime modulus; it is not possible to apply modulus randomization. The input value \( k \) is required to be greater than zero. If the user wants to execute the side channel protection known as scalar blinding (where the scalar 'k' is randomized via the addition of a multiple of the order of the curve \( n \) ), the PKA core is not able to deal with the case where the internal temporary result falls in the point at infinity. It is very unlikely to fall in the point at infinity, but it is possible to check that this inconvenience has happened by checking the final result. I.e. if the temporary result is equal to the point at infinity, the final result has both coordinates \( x \) and \( y \) equal to zero, that is not a point on the curve. When the scalar 'k' is smaller than the order, it is not possible to reach the point at infinity.

13.4.4 Point check

During this operation the PKA computes a boolean informing whether the given point P satisfies the curve over prime fields equation or not. If output error is equal to zero the point is on the curve.

Table 42. Point check input data

Table 43. Point check output data

Note: Coordinates X and Y of the point P must be smaller than the modulus.

13.4.5 ECDSA sign

During this operation the PKA computes a signed message using elliptic curves over prime fields.

Table 44. ECDSA sign input data

Table 45. ECDSA sign output data

Note: The prime modulus for P-256 curve is \( p = 2^{256} - 2^{224} + 2^{192} + 2^{96} - 1 \) which corresponds to hexadecimal value 0xFFFFFFFF 00000001 00000000 00000000 00000000 FFFFFFFF FFFFFFFF FFFFFFFF .

13.4.6 ECDSA verification

During this operation the PKA computes a boolean informing whether given signature is valid or not. This signature is based on an elliptic curve over prime fields.

If output error is equal to zero the signature is valid.

Table 46. ECDSA verification input data

Table 47. ECDSA verification output data

13.4.7 RSA CRT exponentiation

During this operation the PKA computes the Chinese Remainder Theorem (CRT) optimization.

Table 48. RSA CRT exponentiation input

Table 49. RSA CRT exponentiation output data

Note: CRT is supported for modulus up to 3072 bits, with prime p and q of the same length i.e. half of the length of the modulus.

13.4.8 Modular reduction

During this operation the PKA computes a modular reduction.

Table 50. Modular reduction input data

Table 51. Modular reduction output data

13.4.9 Arithmetic addition

During this operation the PKA computes the arithmetic addition of two inputs, op1 and op2.

Table 52. Arithmetic addition input data

Table 53. Arithmetic addition output data

13.4.10 Arithmetic Subtraction

During this operation the PKA computes the arithmetic subtraction of two inputs, op1 and op2.

Table 54. Arithmetic subtraction input data

Table 55. Arithmetic subtraction output data

13.4.11 Comparison

During this operation, given two inputs op1 and op2, the PKA computes comparisons as follow:

• • If op1 = op2, then the result = 0
• • If op1 > op2, then the result = 1
• • If op1 < op2, then the result = 2

Table 56. Comparison input data

Table 57. Comparison output data

13.4.12 Arithmetic multiplication

During this operation the PKA computes the arithmetic multiplication of two inputs, op1 and op2.

Table 58. Arithmetic multiplication input data

Table 59. Arithmetic multiplication output data

13.4.13 Modular addition

During this operation the PKA computes the addition of op1 by op2 modulus op3.

Table 60. Modular addition input data

Table 61. Modular addition output data

13.4.14 Modular inversion

During this operation the PKA computes the inversion of op1 modulus op2. Note that op1 must be smaller than the modulus op2.

Table 62. Modular inversion input data

Table 63. Modular inversion output data

Note: The operand to invert should be coprime with the modulus. In case this is not known, and the operand is a divisor of the modulus, the result is a multiple of a factor of the modulus.

13.4.15 Modular subtraction

During this operation the PKA computes the subtraction of op1 by op2 modulus op3.

Table 64. Modular subtraction input data

Table 65. Modular subtraction output data

Note: Reduction happens when op2 is larger than op1. The result is always smaller than op3 and equal or larger than zero.

13.4.16 Montgomery multiplication

During this operation the PKA computes the multiplication of op1 by op2 modulus op3 in the Montgomery space. Before issuing this operation the PKA needs to set some internal registers, which can be done by issuing a Montgomery parameter computation, an ECC scalar multiplication or any ECC operation.

Table 66. Montgomery multiplication input data

Table 67. Montgomery multiplication output data

Note: In order to convert a number from natural representation to Montgomery domain it is necessary to perform a Montgomery multiplication between the number and the Montgomery parameter (called also \( R^2 \bmod n \) ). Besides, in order to convert a number from Montgomery domain to natural domain a Montgomery multiplication between the Montgomery number and one has to be computed.

13.5 Processing time

The following tables summarize the PKA computation times, expressed in clock cycles.

Table 68. Modular exponentiation

Table 69. ECC scalar multiplication

Note: These times depend on the number of “1”s included in the scalar parameter.

Table 70. ECDSA signature average computation time

Note: These values are average execution times of random moduli of given length, as they depend upon the length and the value of the modulus. The execution time for the moduli that define the finite field of NIST elliptic curves is shorter than that needed for the moduli used for Brainpool elliptic curves or for random moduli of the same size.

Table 71. ECDSA verification average computation times

Note: The computation times depend upon the length and the value of the modulus, hence these values are average execution times of random moduli of given length.

13.5.1 PKA interrupts

There are three individual maskable interrupt sources generated by the public key accelerator when enabled by EN bit, signaling the following events:

1. 1. Access to unmapped address (ADDRERRF), see Section 13.3.5: PKA error management
2. 2. PKARAM access while PKA operation is in progress (RAMERRF), see Section 13.3.5: PKA error management
3. 3. PKA end of operation (PROCENDF)

Three interrupt sources are connected to the same global interrupt request signal pka_it. The user can enable or disable the above interrupt sources individually by changing the mask bits in Section 13.6.1: PKA control register (PKA_CR) . Setting the appropriate mask bit to 1 enables the interrupt. The status of the individual interrupt events can be read from the PKA status register (PKA_SR), and it is cleared in the PKA_CLRFR register.

Table 73. PKA interrupt requests gives a summary of the available features.

Table 73. PKA interrupt requests

13.6 PKA registers

13.6.1 PKA control register (PKA_CR)

Address offset: 0x00

Reset value: 0x0000 0000

13.6.2 PKA status register (PKA_SR)

Address offset: 0x04

Reset value: 0x0000 0000

13.6.3 PKA clear flag register (PKA_CLRFR)

Address offset: 0x08

Reset value: 0x0000 0000

13.6.4 PKA RAM memory

Address offset: 0x400

The PKA_RAM is memory mapped at the offset address of 0x0400 compared to the PKA base address. Only word access (32 bits) are supported. RAM size is 3576 bytes (max. word offset: 0x11F4)

13.6.5 PKA register map

Table 74. PKA register map