Overview of Our
Security / Crypto IPs
Tiempo Secure brings you a variety of Security / Crypto IPs, ensuring your digital assets are protected with advanced technology. From securing your data to enhancing cryptographic foundations, our solutions are developed to meet the evolving security demands.
Discover our high-end security solutions, that keep your digital assets safe, and boost your cryptographic applications receive a boost.
Secure Boot
TRNG
SHA-2
SHA-3
PSA Crypto API
PQC
Looking for Secure Enclave IP?
Secure Boot
Code: SECBOOT-01
The Secure Boot enforces booting from authenticated firmware, while offering complete flexibility to update that firmware securely.
It is based on the implementation of the Post-Quantum Secure LMS algorithmas standardized by the NIST (standard NIST SP 800-208).
It provides anti-roll-back protection to ensure that firmware is not “downgraded” to expose already corrected vulnerabilities.
The implementation allows 32K firmware updates and the signature requires just 2.8 KBytes of signature to be stored alongside the firmware.
Main Features
- Use standardized post quantum algorithm LMS
- Security level up to 256 bit (PQ 128 bit)
- Support 32K firmware updates (2.8KBytes signatures)
- Extensive logging facilities (build time option)
- 100 % portable C code + assembly optimization for selected CPUs
- MISRA C compliant
- Cross platform signing tool included
- Optional AES-CTR encryption
True Random Number Generator (TRNG)
The True Random Number Generator (TRNG) cryptographic IP is an essential and proven digital core designed for SoC applications. Tailored for cryptographically secured designs, our TRNG stands as a foundation of security, providing a digital source of randomness thoughtfully engineered to comply with NIST-800-22, NIST-800-90B, and AIS31 test suites, and securing FIPS-140-3 validation.
Creating random numbers is crucial for secure devices. It’s essential for tasks like generating keys, exchanging keys, digital signatures, encryption, and more. Our TRNG is carefully designed to meet the high standards required by secure protocols like IPsec, MACsec, TLS/SSL, and wireless technologies. It easily fits into processes like authentication, key exchange, and data streaming.
Code: TRNG-01
Main Features
- Mathematical model for AIS31
- Raw data access for AIS31 characterization
- Startup and online health tests compliant to SP800-90b, FIPS140-3 and AIS31
- Wrapper available for standard bus such as APB, AXI…
SHA-2 Crypto Engine
Code: HASH-01
This cutting-edge cryptographic IP is designed to bring robust hash functionality to a wide range of applications, ensuring data integrity, authentication, and security. Whether you are ensuring authenticity of information, implementing digital signatures, or enhancing overall cryptographic strength, our Hash Crypto Engine stands as an easy to use and reliable solution.
Main Features
- Support SHA-256 and SHA-224
- 1 cycle per round architecture
- Support Import/Export of SHA-256 state
- Support any message length with bit granularity
- Padding done internally, can accept payloads already padded too
- Wrapper available for standard bus such as APB, AXI…
SHA-3 Crypto Engine
Our SHA-3 crypto engine includes integrated flexibility and scalability, ensuring high throughput and a customizable number of hashing rounds per clock cycle. It optimizes the silicon resource-to-performance ratio, providing an efficient solution for diverse applications. Users have the power to easily select between fixed-length or extendable-output (XOF) functions for each individual message through straightforward configuration settings. This adaptability gives seamless customization, meeting the unique needs of every cryptographic operation.
Code: HASH-02
Main Features
- Accelerate all functions specified in SHA-3 standard
- 1 cycle per round architecture
- Support Import/Export of KECCAK-p state
- Support any message length with bit granularity
- Padding done internally, can accept payloads already padded too
- Wrapper available for standard bus such as APB, AXI…
- Rate and number of rounds specified by software
- Accelerate Kangaroo Twelve algorithm
PSA Compliant Crypto API
Code: PSACRY-01
The PSA Compliant Crypto API serves as a user-friendly interface ensuring robust digital security. It is a purpose-built programming interface, simplifying cryptographic functions. This versatile API includes a software library for PUF and TRNG+DRBG, yet remains compact, utilizing only a few kilobytes of on-chip SRAM.
All platforms that incorporate these APIs can obtain the “PSA Certified Storage” status, proving adherence to stringent security standards
Main Features
- Storage of arbitrary key using SRAM PUF
- Generation of 256-bit True random seed
- DRBG with 256-bit security compliant to NIST SP-800 90A
- Highly optimized SHA-256
- Extensive logging facilities (build time option)
- 100 % portable C code + assembly optimization for selected CPUs
- MISRA C compliant
Post-Quantum Cryptography (PQC)
Designed to tackle the challenges of the quantum era, our Post-Quantum Cryptography (PQC) solution guarantees the security of your sensitive data in the face of evolving cryptographic threats. Integrating advanced algorithms to withstand quantum attacks, our solution provides a robust and future-proof answer to your cryptographic needs. Whether you seek secure code signatures or quantum-resistant key encapsulation and digital signatures, our PQC offering stands as a reliable and adaptable safeguard for your digital assets.
Codes: PQC-01, PQC-02, PQC-03
Main Features
LMS Code Signature
Leverage the LMS (Leighton-Micali Hash-Based Signature) Scheme for robust and quantum-resistant code signing
Crystals-Dilithium Digital Signature
Implement the FIPS 204 algorithm for robust and quantum-resistant digital signatures
Crystals-Kyber Key Encapsulation Mechanism
Deploy a secure and Hardware-accelerated version of the FIPS 203 standard for secure key encapsulation
High-End Pre-Certified Secure Enclave and Services for IC Design and Production
SECURE ENCLAVE IP
Our TESIC Secure Enclave IP portfolio ensures security with proven resistance to physical and logical attacks. TESIC products include programmable and customizable solutions that enable product designers to seamlessly integrate security solutions that provide the most efficient power, size, and performance.
CERTIFICATION SERVICES
We guarantee that any SOC that integrates our TESIC Secure Enclave solution will obtain the appropriate security certification from recognized external evaluation laboratories (SESIP, FIPs, PSA Level 3, and Common Criteria). We can provide a comprehensive service to manage the certification process; from liaising with your chosen laboratory, and preparing the required extensive documentation package, to handling the day-to-day project management.
SECURE PROVISIONING
We provide a complete provisioning and key management service. We can interface with your chosen manufacturing site to initially provision your SoC and further manage keys and authenticated firmware from your third-party OS providers, maintaining the chain of trust. This is handled from our (MSSR) Minimum Site Security Requirements Common Criteria EAL6+ audited and certified site in France.