User Cryptoprocessor and NRBG

The “S” grade devices include a dedicated cryptoprocessor (referred to as the User Cryptoprocessor) for data security applications. In PolarFire SoC FPGA, the user cryptoprocessor is integrated within the microcontroller subsystem (MSS). The user cryptoprocessor can be accessed from MSS or Fabric. The User Cryptoprocessor is an Athena TeraFire EXP-F5200B cryptography microprocessor. It provides complete support for the Commercial National Security Algorithm (CNSA) suite and beyond, and also includes side-channel analysis (SCA) resistant cryptographic countermeasures. These countermeasures provide strong resistance against SCA attacks such as SPA and DPA.

The User Cryptoprocessor also incorporates an NRBG. The User Cryptoprocessor specifically supports an NRBG combined with an AES counter mode-based DRBG, compliant with NIST SP800-90A.

Many of the commonly used cryptographic operations available are certified by an independent third-party NIST-accredited security laboratory under the NIST cryptographic algorithm validation program (CAVP) scheme. This includes the AES, SHA, HMAC, ECDSA, RSA, DSA, and DRBG implementations, providing a high level of assurance that they are implemented correctly. The following table lists the CAVP validation numbers, see the NIST CAVP website for details on the specific algorithms and modes that are certified.

Table 1. NIST CAVP Validation Numbers
Algorithm CAVP No.
AES 3950
SHA1/2 3258
HMAC 2573
DSA 1077
RSA 2018
ECDSA 867
DRBG 1153

For more information about User Cryptoprocessor, see Data Security.

Note: The User Cryptoprocessor and NRBG block is disabled using an SEU immune flash bit in the non ‘S’ grade devices.