Navigation and service

RISC-V bAsed Crypto Engine Part 1

Infineon Technologies AG, together with the Fraunhofer Institute AISEC, conducted the “RACE-I” study on behalf of the German Federal Office for Information Security (BSI). The study was divided into two phases. In phase A, an analysis of the RISC-V market and the need for a crypto engine based on RISC-V was carried out. Phase B focused on the identification of required cryptographic extensions, primitives and protocols.

Based on this identification, the resource consumption was estimated and a selection of suitable development platforms was proposed on which a prototype could be realized in follow-up projects.

The RISC-V processor architecture is an open instruction set architecture for processors, available free of charge. It can be used to develop new processors on its basis, either as a physical microchip (IC) or as a so-called soft core in programmable hardware such as an FPGA (Field Programmable Gate Array). The RISC-V architecture is represented by the RISC-V International Association, a non-profit association incorporated in Switzerland. In addition to RISC-V, the currently most common processor architectures include the two commercial alternatives: Intel x86 (e.g. for desktop PCs) and ARM (used in mobile devices such as smartphones and tablets, among others).

RACE-I provides a deep insight into the current market situation regarding RISC-V and its future potential. It shows examples of how independently designed extensions to the RISC-V instruction set, so-called ISA extensions, can be ratified by RISC-V International. In addition, existing and future cryptographic RISC-V ISA extensions are identified. Based on the BSI Technical Guideline for Cryptographic Mechanisms TR-02102 and on a catalog of requirements for a hypothetical VPN gateway (defined as part of the project), a comparison of existing and required cryptographic extensions will be carried out with the help of the study's results.

BSI's overall RACE initiative

The aim of the overall RACE project is to provide a RISC-V-based crypto engine. BSI intends to make RACE available to the crypto-developing industry and used preferentially for the development of IT products for classified information (CI) in the future.

The chip industry has highly specialized but fragile supply chains. The entire industry depends on a small number of state and commercial players who are facing increasingly fierce competition, particularly in the field of technology. However, chips or microchips are the central components of all electronic devices; they perform central computing and control tasks and store data permanently or temporarily. The architecture of the circuits differs depending on the task. Geopolitical events can put further strain on the chip industry's already fragile supply chains. There is currently a strong dependency on a few economic and state players in the microprocessor sector. The use of programmable hardware can overcome the need to manufacture dedicated chips for specific purposes. These devices allow the implementation of hardware in a reconfigurable form, using a hardware description language similar to a classical programming language. As the RISC-V architecture is free of any fees, RISC-V compatible processors can be implemented on FPGA devices. It is also possible to extend the functionality using ISA extensions, such as cryptographic capabilities and random number generation. The strategic goal of RACE is to reduce the dependency on a few market and state players in the development of IT systems for the protection of classified information (CI-IT for short) by providing a microprocessor developed under the control of BSI.

Another argument in favor of RACE is the faster evaluation of the cryptographic processor to be developed. For the security-related evaluation of a CI-IT product, it is advantageous and sometimes even necessary for the implementations to be available at both hardware and software level in order to make a statement about the security level of the CI-IT system. Processor manufacturers do not usually provide this information. A crypto engine provided by the BSI can be evaluated directly, as both hardware description and software implementation are available. It is planned that RACE will be directly subjected to an evaluation by the BSI with the aim of approval for use in CI-IT products.

The successfully completed sub-project RACE-I has shown that the RISC-V architecture can be used for the future development of a crypto engine. The knowledge gained will be used for the second sub-project RACE-II. The follow-up project is already in the procurement procedure and aims to implement the cryptoengine as a prototype.

P647: RACE-I RISC-V bAsed Crypto Engine – Part 1 Project Report
P647: RACE-I RISC-V bAsed Crypto Engine – Part 1 Project documentation summary