Kryptor is a professional FPGA development board designed with encryption in mind, and capable of offering all the functionalities of a dedicated Hardware Security Module (HSM) when running our soft-core within a single compact Intel/Altera MAX10 FPGA chip. Kryptor, using a verifiable HSM soft-core, brings a professional European encryption solution to the IoT developer and maker communities with an easy plug-and-play module.

Technical Specifications

• FPGA: model Intel/Altera MAX10 8K LE (code: 10M08DAF256C8G)
• Dimensions: 22.8 x 31.2 mm
• Internal flash: 1376 Kb
• Internal RAM: 378 Kb total
• GPIO: 250 available from the FPGA (fewer accessible via the board)
• Operating frequency: 100 MHz
• Control: API compiled library / Command Line Interface (CLI)
• Platform compatibility: Linux, RPi, Arduino, etc.
• Electrical interfaces: 1x SPI
• Duplication protection: Anti-piracy duplication protection via chip ID (Soft-cores are encrypted and cannot be executed on a different physical FPGA)
• Encryption speed: Camellia symmetric encryption speed up to 108 Mbps on a single core (SPI link speed capped at 100 Kbps)
• PCB power consumption: 58 mAh (FPGA idle) to 64 mAh (FPGA encrypting)

FPGA Features

• 55 nm TSMC embedded flash (flash + SRAM) process technology
• 4-input look-up table (LUT) and single register logic element (LE)
• Flash memory data retention of 20 years at 85 °C
• Up to 830 Mbps
• LVDS receiver, 800 Mbps LVDS transmitter

Security Benefits

Hardware Over Software

Kryptor replaces all SW-base encryption functionalities (now replaced by HW-based ones) and also avoids using any Operating System (OS) - reducing the options for potential surface attacks (virus’, malware injections and bug exploits).

One Chip is more Secure

Both RAM and flash memory circuits are all self contained within the FPGA surface, which provides a safer architecture compared to the usage of external chips, each of which, in turn would need to be physically secured.

Verifiability

One of the main strengths and competitive advantages we offer is the verifiability of the entire implementation, which makes use of well-known and proven open source encryption primitives and the adoption of open hardware.

The security of any encryption solution cannot rely on blind trust for a certain chip manufacturer. Rather, trust must be earned - which is why we’re making our files available for review by completely independent third party companies for review and analysis. While in most commercial cases you are not allowed to access the detailed schematics of, for example, an encryption ASIC commercial chip, in our approach we want to be transparent and let independent third parties get access to all our technologies and documents to make sure there is no back-doors or hidden elements. We also value very much our identity and location, being a European company with the intent to design and produce as much as possible all within Europe (we also assemble and test all our boards inside the European borders).

HSM Soft-core Encryption Features

• Key agreement scheme: Elliptic Curve Diffie-Hellman / Curve25519 (ECDH)
• Symmetric key block cipher: Camellia
• Asymmetric: ECC25519
• Cryptographic hash function: Skein
• True Random Number Generator (TRNG): Ring Oscillators as the source of entropy (FIGARO)
• Optional functions: Other functions (e.g. Ed25519, AES256, SHA512, Keccak, etc) can be optionally added (ask for a commercial offer) for legacy applications

Encryption Functionality

These functions are made available when using Kryptor and the HSM soft-core - all of which are implemented in Verilog inside the FPGA):

• Generate and store inside the FPGA up to 4 symmetric encryption keys and work faster on up to 4 encryption streams
• Generate and store inside the FPGA up to 4 asymmetric encryption key pairs and work faster on up to 4 encryption streams
• Generate Random Numbers based on a True Random Number Generator
• Generate and store a Root asymmetric key pair (the private key will never be exposed)
• Perform hashing operations
• Encrypt and decrypt a file using any stored key (symmetric or asymmetric)
• Execute an Elliptic-Curve Cryptography (ECC) function on a given asymmetric key
• Extract (from those generated internally) or load any public key

Please note: for security reasons the private keys (from any asymmetric key pair) cannot be extracted.

Raspberry Pi API & Arduino Library

To make Kryptor easy to use for IoT developers and makers, we also provide a free and easy-to-use API for Linux (e.g. compatible with Raspberry Pi), which lets almost anyone start working with Kryptor in mere minutes. We also provide an Arduino library. See our demos and technical documentation for more details.

We have made an API for Linux/Raspberry Pi and Arduino.

In these pictures you can see how simple it is to interact with our HSM using a RPi (connected via SPI) through the simple command line interface.

Out-of-the-box Configuration

Please note: due to the import/export legislation regulating all the products which include data encryption capabilities, we are delivering to your door the Kryptor product without the encryption soft-cores pre-installed.

All Kryptor owners will have the option to download the HSM soft-core, free of charge, directly from us at skudo.tech along with all the instructions to easily flash it into their own FPGA Krypto boards.

Of course, all Kryptor board owners are free to use the board in any other way they prefer and they are not forced to use it only with the encryption soft-core. Owners can use the Kryptor board as a development board with their own soft-core and make use of the secure and professional MAX10 FPGA. And the HSM soft-core may be uploaded at any time.

Get in Touch

For feedback, comments and questions you are welcome to contact us at:

• Twitter: @SkudoTech
• Reddit: u/Skudo_HSM
• Youtube
• Telegram