Kryptor FPGA

by Skudo OÜ

A one-chip hardware security module (HSM) and MAX10 FPGA dev board

$14,494 raised

of $13,000 goal

111% Funded!

Pledge Now

$129

SKUDO Kryptor FPGA Board

One SKUDO Kryptor FPGA board, one voucher for a free Skudo HSM softcore download, one BB-170 Solderless Plug-In Breadboard, and six male/female 10 cm jumper wires.


$249

Two-Pack of SKUDO Kryptor FPGA Boards

Two SKUDO Kryptor FPGA boards, two vouchers for a free Skudo HSM softcore download, two BB-170 Solderless Plug-In Breadboards, and 12 male/female 10 cm jumper wires.


$21

SKUDO Kryptor JTAG adapter

Adapter with pogo pins that connects a USB Blaster to the SKUDO Kryptor FPGA board to reprogram it using its JTAG interface.


$16

USB Blaster

An FPGA programmer that you can use to reprogram Skudo Kryptor through its JTAG interface.

Details

Recent Updates


As Featured In

Hackster News

"Add complex encryption with a simple serial-based API."

seguridadprofesionalhoy

"Basado en una FPGA, este módulo de seguridad y encriptación dispone de un verdadero generador de números aleatorios, permitiendo descargar al software de la tarea que realiza este elemento de hardware."

Electronics-Lab.com

"Designed for processors that support serial interfaces, the one-chip module offers all the functionalities of a dedicated HSM within a single compact MAX10 FPGA chip."

LinuxGizmos.com

"In order to make Kryptor FPGA more accessible to IoT developers and makers, the company says it’s providing a free Raspberry-Pi-compatible API for Linux."

CNXSoft - Embedded Systems News

"Kyrptor...is a compact Intel/Altera MAX10 FPGA development board mostly designed for encryption, and acting as a dedicated Hardware Security Module (HSM) with a custom soft-core from Skudo OÜ."

Designed with encryption in mind and built around a single, compact Intel/Altera MAX10 FPGA chip, Kryptor is a professional FPGA development board capable of offering all the functionality of a dedicated Hardware Security Module (HSM) when running our custom soft-core. Combined with that verifiable HSM soft-core, Kryptor brings an easy-to-use, plug-and-play encryption solution to the IoT-developer and maker communities.

Technical Specifications

  • FPGA: model Intel/Altera MAX10 8K LE (code: 10M08DAF256C8G)
  • Dimensions: 22.8 x 31.2 mm
  • Internal flash: 1376 Kb
  • Internal RAM: 378 Kb total
  • GPIO: 250 available from the FPGA (fewer accessible via the board)
  • Operating frequency: 100 MHz
  • Control: API compiled library / Command Line Interface (CLI)
  • Platform compatibility: Linux, Raspberry Pi (RPi), Arduino, etc.
  • Electrical interfaces: 1x SPI
  • Duplication protection: Anti-piracy duplication protection via chip ID (soft-cores are encrypted and cannot be executed on a different physical PCB)
  • Encryption speed: Camellia symmetric encryption speed up to 108 Mbps on a single core (SPI link speed capped at 100 Kbps)
  • PCB power consumption: 58 mAh (FPGA idle) to 64 mAh (FPGA encrypting)

FPGA Features

  • 55 nm TSMC embedded flash (flash + SRAM) process technology
  • Four-input look-up table (LUT) and single register logic element (LE)
  • Flash memory data retention of 20 years at 85 °C
  • Up to 830 Mbps
  • LVDS receiver, 800 Mbps LVDS transmitter

Security Benefits

Hardware Over Software

Kryptor replaces all software-based encryption functionality with HW-based implementations and reduces its attack surface—to defend against viruses, malware-injection attacks, and exploitable bugs—by avoiding the use of an operating system (OS).

One Chip is More Secure

Both its RAM and its flash memory circuitry is self contained within the FPGA. This architecture is safer than relying on external chips, each of which, in turn would need to be physically secured.

Verifiability

One of the main strengths and competitive advantages of this board is the fact that the entire implementation can be verified using well-known, proven open source encryption primitives. And, as open hardware, Kryptor provides even greater transparency and verifiability.

No encryption solution should rely on blind trust in a particular chip manufacturer for its security. Trust must be earned, which is why we’re making our files available to independent third-parties for review and analysis. It is quite rare for a commercial entity to grant access to the detailed schematics of, for example, a commercial encryption ASIC chip, but we are committed to providing a level of transparency that allows our customers to rule out the possibility that Kryptor might contain back doors or other hidden elements. To that end, we are giving independent third parties access to our technology and to our technical documents.

Finally, we greatly value our identity as a European company, and we carry out as much of our design and manufacturing as possible—including all of our assembly and testing—within Europe.

HSM Soft-Core Encryption Features

  • Key-agreement scheme: Elliptic Curve Diffie-Hellman / Curve25519 (ECDH)
  • Symmetric key block cipher: Camellia
  • Asymmetric encryption: ECC25519
  • Cryptographic hash function: Skein
  • True random number generator (TRNG): With ring oscillators as the source of entropy (FIGARO)
  • Optional functions: Additional functions (Ed25519, AES256, SHA512, Keccak, etc) can be added for legacy applications (contact us for a commercial offer)

Encryption Functionality

When running our HSM soft-core, Kryptor provides the following functions, all of which are implemented in Verilog inside the FPGA:

  • Generate and store up to four symmetric encryption keys within the FPGA, to accelerate work on up to four encryption streams
  • Generate and store up to four asymmetric encryption key pairs within the FPGA to accelerate work on up to four encryption streams
  • Generate random numbers based on a true random number generator (TRNG)
  • Generate and store a root asymmetric key pair (the private key of which will never be exposed)
  • Perform hashing operations
  • Encrypt and decrypt a file using any stored key (symmetric or asymmetric)
  • Execute an elliptic-curve cryptography (ECC) function on a given asymmetric key
  • Load any public key or extract any public key from those generated internally

Please note: for security reasons, the private key of any asymmetric key pair cannot be extracted.

Raspberry Pi API & Arduino Library

To make Kryptor more accessible to IoT developers and makers, we provide a free, easy-to-use, Raspberry-Pi-compatible API for Linux, which allows almost anyone to get started in mere minutes. We also provide an Arduino library. See our demos and technical documentation for more details.

In the screenshots below, you can see how simple it is to interact with our HSM using a Raspberry Pi connected via SPI:

Out-of-the-box Configuration

Please note: due to the import/export legislation regulating all the products that include data-encryption capabilities, we are shipping Kryptor without the encryption soft-core pre-installed.

Everyone who backs the SKUDO Kryptor crowdfunding campaign will have the option to download the HSM soft-core free of charge from skudo.tech, along with instructions that walk you through the simple process of flashing that soft-core onto your board (without the need for a JTAG adapter).

Of course, backers are free to use Kryptor in any way they like. Use it as a MAX10 FPGA development board or load your own soft-core. And you can still load our HSM soft-core, at a later date, using our JTAG adapter board.

Comparisons

KryptoriCEBreaker FPGATinyFPGA BXNiteFury (Product page)
FPGA model Intel 10M08 Lattice iCE40UP5k iCE40LP8K Artix XC7A200T
Design year 2020 2018 2017 2018
Form factor Header or SMD Header Header M.2
Integrated HSMYES NO NO NO
Made in EuropeYES NO NO NO
LUT/LE8000 5000 8000 215k
On-chip flashYES NO NO NO
ProgrammableYES YES YES YES
Chip clock100 MHz 12 MHz 16 MHz 90 MHz
SPI interfaceYES YES YES NO
UART interfaceYES YES YES NO
I²C interfaceYES YES YES NO
JTAGYES YES YES NO
Open hardwareYES YES YES YES
Size23 x 35 mm 50 x 40 mm 36 x 18 mm 22 x 80 mm
Price$129 $69 $39 $349

Support & Documentation

You can find more technical details about SKUDO Kryptor—including a datasheet—on our website. For feedback, comments, and questions, you are welcome to contact us via:

You can also reach out using the Ask a technical question link below.

Manufacturing Plan

One of our strong values is for our technology to be "Made in Europe", and so our plan is to design, develop, assemble, and test SKUDO Kryptor entirely within Europe. All our prototype work was carried out between Estonia, Belgium, Hungary, and Italy. For the production of the final product, we intend to stick with our current suppliers, with whom we have developed a solid, proven relationship. We will have two options:

  • Print the PCB through one service and do the full assembly (PCBA) through another, or
  • Do the complete PCB+PCBA entirely through a single factory.

In either case, the end products will then arrive at our office in Estonia, where they will be programmed with a basic FPGA soft-core that allows backers to load our HSM soft-core without the need for a JTAG adapter.

Fulfillment & Logistics

Once the SKUDO Kryptor PCBs have been fabricated, assembled, tested, and packaged, they will be sent in bulk to Crowd Supply’s fulfillment partner, Mouser Electronics, along with the rest of the products we are making available through this campaign. (For more information, please see Crowd Supply’s Ordering, paying, and shipping guide.) From there, Mouser will ship everything to backers, who will then have the option to redeem their free vouchers to receive an HSM programming file from our website, which they can upload to their SKUDO Kryptor boards using, for example, a standard Raspberry Pi.

Risks & Challenges

We have done a lot of work to design this product, and we have tested and verified quite a few iterations. As a result, there is little risk that we will have to make any modifications down the line due to sourcing challenges.

The electronics used in Kryptor are very common, so setbacks due to manufacturing errors are also quite unlikely. As always, product delivery slow-downs caused by shipping delays remain a possibility.

Rest assured that we will update you regularly on our progress.

Funding ends on Sep 28, 2021 at 04:59 PM PDT (11:59 PM UTC)


Credits

Skudo OÜ

Skudo is an European company offering deep-tech cybersecurity and hardware based encryption for high level niche markets (space, critical infrastructure, IoT etc.) We realized that for guaranteeing the highest level of security that these fields require, the hardware encryption is a must, but the commercial hardware encryption solutions available on the market did not match our clients needs. Hence, we decided to build it ourselves.


Stefano Alberico

Piret Uustal

Vlad


Eurocircuits

PCB fabrication & assembly

See Also

Subscribe to the Crowd Supply newsletter, highlighting the latest creators and projects: