Silicom-Eideticom Accelerated Crypto Adapter
In collaboration with Eideticom, Silicom is launching the Silicom Accelerated Crypto Adapter, a look-aside acceleration solution that offloads cryptographic tasks to unlock application performance while maximizing overall efficiency.
The solution leverages the Eideticom NoLoad® Cryptographic Accelerator, providing a flexible platform for integrating custom cryptographic IP. It supports a wide range of algorithms tailored to specific security and performance requirements, ensuring seamless offloading of cryptographic tasks. This includes support for PQC algorithms like Module Lattice Based Key Encapsulation Mechanism (ML-KEM) and Module Lattice Based Digital Signature Algorithm (ML-DSA).
The Silicom Accelerated Crypto Adapter (SACA) is designed to offload complex and compute-intensive cryptographic functions, serving as an alternative to Intel’s QuickAssist Technology (QAT), a dedicated hardware acceleration solution for cryptographic and compression workloads. While QAT and other System-on-Chip (SoC) solutions have been widely adopted, they often present challenges in maintenance and upgrades as new cryptographic algorithms emerge.
By leveraging the flexibility of Field Programmable Gate Arrays (FPGAs), the Silicom solution provides enhanced crypto agility and scalability, ensuring long-term adaptability to evolving security requirements. To date, the primary focus has been on offloading Elliptic Curve Cryptography (ECC) and Rivest-Shamir-Adleman (RSA) operations, as these are notoriously inefficient tasks on CPUs. Offloading these operations reduces the load on the application and host CPU, improving latency during connection establishment.
The recent introduction of Post-Quantum Compute (PQC) algorithms for security handshakes and connection establishment increases the need for offloading these computationally intensive operations.
Key Features NoLoad® Cryptographic Acceleratorprovides the following
▪TLS 1.3 Support
▪ECDSA/ECDH(E)/RSA
– P-256, P-384, P-521 & X25519
▪Post Quantum Cryptography Support
– FIPS 203 (ML-KEM): 512, 768, 1024
– FIPS 204 (ML-DSA): 44, 65, 87
▪Key Management w/ Secure Key Import/Export/Rotate
▪Side-Channel Resistant
▪OpenSSL, NGINX, and Apache integration
▪Cryptographic Agility
▪True Random Number Generator
– NIST SP 800-22/SP 800-90B
Performance Example performance (Agilex AGF027):
▪485K operations/s ECDHE-P256-ECDSA-P256 (50%)
▪160K ECC TLS Handshakes/s
▪1.7M ML-KEM TLS Handshakes/s
Performance scales roughly linearly for FPGAs of other capacities. The hardware of the solution can be offered at several different FPGA capacities.
Deliverables
Host SW
▪Seamless plug-and-play integration with OpenSSL, NGINX, and Apache
– OpenSSL engine and provider
Hardware and FPGA
▪½-height, ½-length PCIe card with Altera Agilex F FPGA PCIe Gen4 x16
– Support different FPGA models of the F-series, offering different capacities
▪FPGA IP delivered in compiled code format
▪Configuration scripts
▪Less than 45W power consumption
Management
▪NVMe-MI support for system level administration
▪NVMe log pages and administrative support including firmware updates
Documentation
▪Detailed datasheet including an integration guide and installation guide
