Elliptic Curve Key Exchange and Digital Signature

The PKEC-P521 is a Key Exchange and Digital Signature Accelerator for hardware offloading of Elliptic Curve Cryptography (ECC) in FPGA, SoC, and ASIC technologies.

The core implements ECDH (Elliptic Curve Diffie–Hellman) Key Agreement, ECDSA (Elliptic Curve Digital Signature Algorithm), and EC-KCDSA (Korean Certificate-based Digital Signature Algorithm).

It supports ECC operations up to 1008 bits in prime fields, F(p). Any elliptic curve in Short-Weierstrass form can be configured, including NIST, Brainpool, SECG, Curve25519, Curve448, Montgomery, and Twisted-Edwards curves.

Portable to any AMD (Xilinx), Intel (Altera), or Microchip (Microsemi) device, the PKEC‑P521 is compliant with NIST SP 800-56A (Rev.3), FIPS 140-3, FIPS 186-5, and ISO 14888-3:2018.

The public key crypto core implements strong protections against Fault Injection and Side‑Channel Attacks (SCA), including SPA and DPA countermeasures.

PKEC-P521 includes an AXI4-Lite interface and a register map with user-programmable parameters to select the ECC operation, configure the Elliptic Curves, and exchange I/O data. ANSI C drivers are provided for a fast integration into the target platform.

Public Key - Elliptic Curve Cryptography (ECC)

Elliptic Curve Operations

ECC Operation

Performance, op/s @300 MHz

256-bit Curve

384-bit Curve

ECDH Public Key Generation from Private Key 111 35
Shared Key Generation 111 35
ECDSA Public Key Generation from Private Key 111 35
Digital Signature Generation 100 31
Digital Signature Verification 55 17
EC-KCDSA Public Key Generation from Private Key 101 31
Digital Signature Generation 111 35
Digital Signature Verification 58 18


Device Family



AMD Xilinx Spartan-7, Artix-7, Kintex-7, Virtex-7 2.9K 2.6K
Kintex/Virtex Ultrascale 2.9K 2.6K
Artix/Kintex/Virtex Ultrascale+ 2.9K 2.7K
Versal ACAP 2.6K 2.6K
Intel Altera
MAX 10 / Cyclone 10 LP 5.9K 2.6K
Cyclone V 3.3K 2.6K
Arria 10 3.4K 2.7K
Stratix V 3.4K 2.7K
Elliptic Curve Operations

PKEC-P521 includes ECDH, ECDSA, and EC-KCDSA algorithms to support key exchange and digital signature operations based on any Short-Weierstrass elliptic curve up to 1008 bits in prime fields, including:

  • NIST: P-192, P-224, P-256, P-384, P-521.
  • Brainpool: P192r1, P224r1, P256r1, P320r1, P384r1, P512r1.
  • SECG: secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, secp256r1, secp384r1, secp521r1.
  • Curve25519, Curve448

The core implements a sequencer and a SCA-protected arithmetic unit in a minimum area. Random nonces, private and public keys, hash values, and signatures are exchanged through the integrated register map.

Attack Resistance

The IP core implements countermeasures against Fault Injection and Side-Channel Attacks (SCA), including Timing, Simple (SPA), and Differential Power Analysis (DPA) attacks.
PKEC-P521 reports an alarm when the input values are invalid or unsafe. Automatic and on-demand zeroization of internal memories and registers are also available.


The AXI4-Lite interface provides access to the register map to select the ECC operation mode, configure the domain parameters (Field and Elliptic Curve), and exchange I/O data. A Status port is available for events notification.


The IP Core is provided as encrypted netlist for one device family, under a perpetual Site Licence. It includes 12 months of maintenance and remote support for the integration of the module in your platform.

  • Targeted, timing closed Netlist
  • Design Constraints
  • Simulation Model
  • User Manual
  • ANSI C drivers
  •  Prime Fields up to 1008 Bits
  •  NIST, SECG, Brainpool Curves
  •  Curve25519, Curve448
  •  NIST SP 800-56A Compliant
  •  FIPS 186-5 Compliant
  •  ISO 14888-3 Compliant
  •  FIPS 140-3 Compliant
  •  SPA/DPA Countermeasures
  •  Fault Injection Resistance
  •  AMBA AXI Interface
  •  Network Security: MACsec, IPsec
  •  Transport Protocols: TLS, SSL
  •  Blockchain HW Acceleration
  •  User Authentication
  •  Secure Communications
  •  Electronic Transactions
Related Products