Xiphera

Xiphera’s xQlave® product family offers quantum-secure cryptography, consisting of secure and efficient implementations of Post-Quantum Cryptography (PQC) – algorithms that are designed to withstand attacks made by quantum computers. The xQlave® product family includes a portfolio of quantum-secure key exchange and digital signatures that are based on the PQC algorithms standardised by the U.S. National Institute of Standards and Technology (NIST).

Our xQlave® PQC family includes ML-KEM (Kyber) key encapsulation and ML-DSA (Dilithium) digital signature IP cores. The xQlave® product family offers multiple implementations, optimised for minimal resource usage, maximum performance, or an optimal balance between the two.

nQrux® is Xiphera’s family of hardware-based trust engines designed to deliver strong, application-specific security for mission-critical systems. The product provides hardware-level trust and security services by isolating cryptographic operations and sensitive data into dedicated secure hardware elements. All cryptographic computations are executed directly in hardware, without embedded CPUs or software, ensuring maximum security, high performance, and straightforward validation.

The nQrux® family consists of three core solutions. nQrux® Crypto Module is an integrated security platform offering a customer-tailored set of optimised cryptographic services for microcontrollers and system-on-chip implementations, supporting data integrity, confidentiality, and authenticity. nQrux® Confidential Computing Engine (CCE) protects data, code execution, and AI models in distributed cloud and edge environments. nQrux® Secure Boot enables quantum-secure authentication for boot images and firmware updates using a hybrid signature scheme combining ECDSA and ML-DSA.

All nQrux® solutions are configurable to meet footprint, performance, and security requirements, adaptable across FPGA and ASIC platforms, and built on Xiphera’s NIST CAVP-validated, standards-compliant cryptographic IP cores.

Xiphera’s cryptographic Security Protocol portfolio, including widely used MACsec, IPsec, and TLS 1.3 protocols, secures point-to-point communication as well as server-client connections over the Internet.

Xiphera offers a wide selection of security protocols for designers to protect the data in transfer through the most critical communication layers of the OSI model.

• MACsec (Media Access Control security) is a point-to-point protocol in the second layer, or data link layer, of the OSI model. Xiphera’s comprehensive MACsec solution protects both the confidentiality and integrity of data transmitted on a point-to-point communications link. The confidentiality and authenticity of transmitted data is protected by AES (Advanced Ecnryption Standard) in GCM (Galois Counter Mode) with either 128 or 256 bits long keys. The underlying crypto engines in Xiphera’s MACsec solutions are based on Xiphera’s AES-GCM IP cores.

• IPsec (Internet Protocol security)is the prevalent security protocol for communications over an Internet Protocol (IP) network, securing IP traffic by authenticating and encrypting each IP packet within a communication session. IPsec is widely adopted and supported in a variety of operating systems and network devices, and it is commonly used to implement Virtual Private Networks (VPNs) for secure communication over the Internet. The underlying crypto engines in Xiphera’s IPsec solutions are based on Xiphera’s AES-GCM IP cores.

• TLS (Transport Layer Security) is used for securing communication from eavesdropping or manipulation in a large variety of different applications, including secure web browsing as well as machine-to-machine communication protocols. The cryptographic computations and key management in Xiphera’s TLS 1.3 solution are entirely hardware-based, which enables complete independence from software for security-critical operations. The TLS 1.3 IP cores provide throughputs from a few Gbps up to several tens of Gbps. Despite the rich feature set, Xiphera’s TLS 1.3 products are compact in size and can be used even in resource constrained devices.

Xiphera offers randomness with industry standard-compliant True Random Number Generators (TRNG) and Pseudorandom Number Generators (PRNG).

Random number generation is an essential concept in engineering and various fields of science and technology, including all cryptography. Engineers often need random numbers for various applications, such as simulations, statistical analysis, cryptography, and more.

If encryption or signature protocols were strictly deterministic, i.e., not randomness-based, they could easily be broken. Xiphera offers in-house random number generation solutions that are developed for our customers to achieve and maintain true randomness. Our device-agnostic implementations support all FPGA and ASIC technologies available in the market.

Xiphera offers two types of random number generators:

• True Random Number Generators (TRNG)are based on physical random phenomena. They generate numbers based on inherently unpredictable physical processes, such as electronic noise, radioactive decay, or atmospheric noise. 
• Pseudorandom Number Generators (PRNG) produce random-looking outputs from a given seed. Xiphera’s PRNG IP cores provide the user with random data at the speed of gigabits or even tens of gigabits per second. 

Xiphera’s portfolio of symmetric encryption algorithms, including widely used and established AES IP cores, provides uncompromised data encryption.

Symmetric encryption is a cryptographic technique where the same secret key is used for both the encryption (encoding) and decryption (decoding) of data i.e., create ciphertext from plaintext. Advanced Encryption Standard (AES) is the most widely used symmetric encryption approach and is primarily used for protecting data communication and storage. 

Xiphera offers a wide range of symmetric encryption algorithms, including versions of the well-established AES (AES-GCM, AES-CTR, AES-XTS, and Versatile AES), ChaCha20-Poly1305 for Authenticated Encryption with Associated Data (AEAD) scheme, as well as a lightweight stream cipher Ascon. Our offering is carefully designed and implemented while keeping in mind the needs of our customers. The symmetric encryption IP cores are optimised for performance and resource usage, while achieving their intended functionality. Most importantly, all our symmetric encryption implementations are not tied to any specific device or platform which means that they can support all FPGA and ASIC technologies available in the market.

Xiphera’s offering for Asymmetric Cryptography includes solutions for key exchange, digital signatures, and public-key encryption.

Asymmetric cryptography, also known as public-key cryptography, is a fundamental concept in the field of information security. It’s a cryptographic technique that uses a pair of mathematically related keys (a public key and a private key) to perform two main functions: key exchange and digital signatures. 

The most famous asymmetric cryptographic approach is the RSA (Rivest-Shamir-Adleman) algorithm, but the current state-of-the-art asymmetric cryptography is based on elliptic curves mathematics, which are complicated mathematical algorithms combining security with efficient computations and small key sizes. Elliptic Curve Cryptography (ECC) commonly uses standardised elliptic curves such as the NIST curves by the U.S. National Institute of Standards and Technology (NIST) or the newer Curve25519.

Xiphera offers a broad spectrum of the above-mentioned modern and widely used asymmetric cryptography:

• ECC Accelerator
• Elliptic Curve Diffie-Hellman (ECDH) and Elliptic Curve Digital Signature Algorithm (ECDSA) on NIST prime curves
• Curve25519 – public-key exchange and digital signatures
• RSA signature verification

Our Asymmetric Cryptography offering is developed according to the needs of our customers and optimised for performance and resource usage. Our implementations are device-agnostic and can support all FPGA (Field Programmable Gate Arrays) and ASIC (Application Specific Integrated Circuits) technologies available in the market.