Verimatrix and Inside Secure have merged. Learn more here. Go to Verimatrix website.

Up to 4160-bit modulus size for RSA & 768-bit modulus for prime field ECC operations

Nine different performance configurations ranging from 103…3,500 1K bit RSA/CRT ops

Public key signature generation, verification & key negotiation with little involvement of Host. FIPS-140 approved

Product description

The PKA-IP-28  public key accelerators are suitable for a wide range of applications:

  • Small gate count (IoT or mobile) applications for secure boot, software public key signature checking and ‘occasional’ public key operations as used for IPsec and MACsec channel setup and firmware download signatures.
  • Medium to high performance (Elliptic Curve) Diffie-Hellman key negotiation engines for secure router boxes, secure network interfaces and SSL servers.
  • Medium to high performance secure public key signature generator/checker engines in hardware security modules.

The PKA-IP-28 is available in nine different performance configurations ranging from 19K to 515K gates designs, each providing the full set of PKA operations with up to 4160-bit modulus size for modular exponentiations and 768-bit modulus for prime field ECC operations. The PKA-IP-28 is a security conscious design and can be provided with or without protection against side channel attacks. The PKA-IP-28 is also available as embedded PKA in our Vault-IP and PKA-IP-154 product lines.

PKA-IP-28 RSA ECC public key accelerators scheme
Other information

Key benefits:

  • Silicon-proven implementation
  • FIPS approved in VaultIP
  • Fast and easy to integrate into SoCs
  • Flexible layered design
  • Complete range of configurations
  • World-class technical support
  • In-field upgradable firmware
  • Driver development kit

Performance @400MHz

  • DH 180/1K-bit exp/mod negotiate: 10,500 ops/s
  • RSA 1K-bit sign (no CRT): 2,000 ops/s
  • RSA 1K-bit sign (with CRT): 3,500 ops/s
  • RSA 1K-bit verify (17 bits exp): 70,000 ops/s
  • DSA 160/512-bit exp/mod sign: 16,000 ops/s
  • DSA 160/512-bit exp/mod verify: 
8,900 ops/s
  • ECDSA 192-bit sign: 2,950 ops/s
  • ECDSA 192-bit verify: 1,650 ops/s
  • ECDSA 384-bit sign: 900 ops/s
  • ECDSA 384-bit verify: 490 ops/s
  • Smaller and slower versions available:
    example range 103…3,500 1K bit RSA/CRT ops/s
  • Runs faster in 28nm (700MHz) and 16nm (800MHz), performance will scale.

The PKA-28 accelerates the following basic operations in hardware:

  • Large vector addition, subtraction and combined 
  • Large vector bit shift right or left
  • Large vector multiplication, modulo and division (the 
latter generates both remainder and quotient)
  • Large vector compare and copy

The PKA-28 accelerates the following complex operations under control of an embedded sequencer microcontroller using locally stored firmware:

  • Large vector unsigned value modular exponentiation 

  • Large vector unsigned value modular exponentiation 
using the ‘Chinese Remainders Theorem’ (‘CRT’) 
method with pre-calculated Q inverse vector 

  • Modular inversion: given A and M, calculate B such 
that ((AŸB) MOD M) = 1 

  • Prime field ECC point addition/doubling on elliptic 
curve y2=x3+ax+b (mod p) with ‘p’ a prime number and ‘a’ and ‘b’ input values to the operation, adding identical points automatically performs point doubling – operation can be performed with affine and projective points
  • Prime field ECC point multiplication on elliptic curve y2=x3+ax+b (mod p) with ‘p’ a prime number and ‘a’ and ‘b’ input values to the operation – a version of the ‘Montgomery ladder’ algorithm, point randomization and point-on-curve checking are used to provide side channel attack protection 
The Sequencer firmware hides the fact that the modular exponentiations and ECC point multiplication are done using numbers in the Montgomery domain.
For improved performance of modular exponentiation operations, the Public Key Accelerator employs exponent recoding techniques that use a table with pre-calculated odd powers (filling this table is performed by the sequencer firmware). The smallest configurations can optionally use the ‘Montgomery Ladder’ algorithm for modular exponentiation (lower performance but fixed timing). 


  • Host Interface:
    • TCM target interface for configuration and control
    • Also available as PKA-150 with AMBA slave (AXI or AHB).
    • Local memories:
      • 2K or 4K Byte data RAM (1K and 8K Byte possible)
      • 2K ... 4K words of 32 bits program RAM (ROM optional)
      • 47 ... 132 words of 32 bits FIFO RAM for faster configurations

      • Interrupt outputs (functional and alarm)