SHA-2 Hash Crypto Engine

The SHA2-B209 is a crypto IP Core for hardware offloading of Hash algorithms in FPGA, SoC, and ASIC technologies.

The engine implements the Secure Hash Algorithm 2 (SHA‑2) family according to FIPS 180-4 standard. It includes SHA-224, SHA-256, SHA-384, and SHA‑512 functions, and the truncated variants SHA-512/224 and SHA-512/256.

SHA2-B209 supports HMAC (Keyed-Hash Message Authenticated Code) and HKDF (HMAC-based Key Derivation Function) operations, being possible to use any of the hash primitives as underlying function.

Portable to any AMD (Xilinx), Intel (Altera), or Microchip (Microsemi) device, the IP Core is compliant with FIPS 140-3 and provides the highest performance in a minimum area.

SHA2‑B209 includes AMBA AXI interfaces and a register map with user-programmable parameters to select the operation mode, hash algorithm, and HKDF output length. ANSI C drivers are provided for a fast integration into the target platform.

SHA2-B209 Hash Crypto Engine

SHA-2 Operations


Performance, Gbps

@300 MHz

SHA-224, SHA-256 2.3
SHA-384, SHA-512, SHA‑512/224, SHA-512/256 3.8


Device Family



AMD Xilinx Spartan-7, Artix-7, Kintex-7, Virtex-7 3.3K 2.5K
Kintex/Virtex Ultrascale 3.3K 2.5K
Artix/Kintex/Virtex Ultrascale+ 3.3K 2.5K
Versal ACAP 3.3K 2.5K
Intel Altera
MAX 10, Cyclone 10 LP 5.9K 2.3K
Cyclone V 3.2K 2.3K
Arria 10 3.2K 2.3K
Stratix V 3.2K 2.3K
Hash Algorithms

The SHA2-B209 IP Core implements the following SHA‑2 algorithms specified in the FIPS 180-4 standard:

  •  SHA-224
  •  SHA-256
  •  SHA-384
  •  SHA-512
  •  SHA-512/224
  •  SHA-512/256

The high-throughput SHA-2 engine executes these cryptographic primitives based on the Merkle-Damgård construction. Message padding according to FIPS 180-4 is applied to the input data.

Operation Modes

In addition to cryptographic hashing, the IP Core supports the following functions:


The IP Core includes three 64-bit AXI4-Stream interfaces for high-speed transfer of the key, input, and output data. An AXI4-Lite interface provides access to the register map for selecting the operation mode, SHA‑2 algorithm, and HKDF-Expand output length. A Status port is available for event notification.


The IP Core is provided as encrypted netlist for one device family, under a perpetual Site Licence. It includes 12 months of maintenance and remote support for the integration of the module in your platform.

  • Targeted, timing closed Netlist
  • Design Constraints
  • Simulation Model
  • User Manual
  • ANSI C drivers
  • Cryptographic Hashing
    • SHA-224
    • SHA-256
    • SHA-384
    • SHA-512
    • SHA-512/224
    • SHA-512/256
  •  HMAC, HKDF Support
  •  FIPS 180-4, FIPS 140-3 Compliant
  •  FIPS 198-1, RFC 2104 Compliant
  •  RFC 5869 Compliant
  •  Portable to any FPGA or ASIC
  •  AMBA AXI Interfaces
  •  Digital Signature
  •  User Authentication
  •  Encrypted Data Storage
  •  Secure Communications
  •  Blockchain, Cryptocurrencies
  •  Post-Quantum Cryptography
  •  Xilinx Partner IP
Related Products