1.3 Cryptographic Operation
The ATECC608B implements a complete asymmetric (public/private) key cryptographic signature solution based upon Elliptic Curve Cryptography and the ECDSA signature protocol. The device features hardware acceleration for the NIST standard P256 prime curve and supports the complete key life cycle from high quality private key generation, to ECDSA signature generation, ECDH key agreement and ECDSA public key signature verification.
The hardware accelerator can implement such asymmetric cryptographic operations from ten to one-thousand times faster than software running on standard microprocessors, without the usual high risk of key exposure that is endemic to standard microprocessors.
The ATECC608B also implements AES-128, SHA256 and multiple SHA derivatives such as HMAC(SHA), PRF (the key derivation function in TLS) and HKDF in hardware. Support is included for the Galois Field Multiply (aka Ghash) to facilitate GCM encryption/decryption/authentication.
The device is designed to securely store multiple private keys along with their associated public keys and certificates. The signature verification command can use any stored or an external ECC public key. Public keys stored within the device can be configured to require validation via a certificate chain to speed up subsequent device authentications.
Random private key generation is supported internally within the device to ensure that the private key can never be known outside of the device. The public key corresponding to a stored private key is always returned when the key is generated and it may optionally be computed at a later time.
The ATECC608B can generate high-quality random numbers using its internal random number generator. This sophisticated function includes runtime health testing designed to ensure that the values generated from the internal noise source contain sufficient entropy at the time of use. The random number generator is designed to meet the requirements documented in the NIST 800-90A, 800-90B and 800-90C documents.
These random numbers can be employed for any purpose, including as part of the device’s cryptographic protocols. Because each random number is ensured to be essentially unique from all numbers ever generated on this or any other device, their inclusion in the protocol calculation ensures that replay attacks (i.e., re-transmitting a previously successful transaction) will always fail.
The ATECC608B also supports a standard hash-based challenge-response protocol to allow its use across a wide variety of additional applications. In its most basic instantiation, the system sends a challenge to the device, which combines that challenge with a secret key via the MAC command and then sends the response back to the system. The device uses a SHA-256 cryptographic hash algorithm to make that combination so that an observer on the bus cannot derive the value of the secret key. At the same time, the recipient can verify that the response is correct by performing the same calculation with a stored copy of the secret on the recipient’s system. There are a wide variety of variations possible on this symmetric challenge/response theme.