Designed with encryption in mind and built around a single, compact Intel/Altera MAX10 FPGA chip, Kryptor is a professional FPGA development board capable of offering all the functionality of a dedicated Hardware Security Module (HSM) when running our custom soft-core. Combined with that verifiable HSM soft-core, Kryptor brings an easy-to-use, plug-and-play encryption solution to the IoT-developer and maker communities.

Technical Specifications

• FPGA: model Intel/Altera MAX10 8K LE (code: 10M08DAF256C8G)
• Dimensions: 22.8 x 31.2 mm
• Internal flash: 1376 Kb
• Internal RAM: 378 Kb total
• GPIO: 250 available from the FPGA (fewer accessible via the board)
• Operating frequency: 100 MHz
• Control: API compiled library / Command Line Interface (CLI)
• Platform compatibility: Linux, Raspberry Pi (RPi), Arduino, etc.
• Electrical interfaces: 1x SPI
• Duplication protection: Anti-piracy duplication protection via chip ID (soft-cores are encrypted and cannot be executed on a different physical PCB)
• Encryption speed: Camellia symmetric encryption speed up to 108 Mbps on a single core (SPI link speed capped at 100 Kbps)
• PCB power consumption: 58 mAh (FPGA idle) to 64 mAh (FPGA encrypting)

FPGA Features

• 55 nm TSMC embedded flash (flash + SRAM) process technology
• Four-input look-up table (LUT) and single register logic element (LE)
• Flash memory data retention of 20 years at 85 °C
• Up to 830 Mbps
• LVDS receiver, 800 Mbps LVDS transmitter

Security Benefits

Hardware Over Software

Kryptor replaces all software-based encryption functionality with HW-based implementations and reduces its attack surface—to defend against viruses, malware-injection attacks, and exploitable bugs—by avoiding the use of an operating system (OS).

One Chip is More Secure

Both its RAM and its flash memory circuitry is self contained within the FPGA. This architecture is safer than relying on external chips, each of which, in turn would need to be physically secured.

Verifiability

One of the main strengths and competitive advantages of this board is the fact that the entire implementation can be verified using well-known, proven open source encryption primitives. And, as open hardware, Kryptor provides even greater transparency and verifiability.

No encryption solution should rely on blind trust in a particular chip manufacturer for its security. Trust must be earned, which is why we’re making our files available to independent third-parties for review and analysis. It is quite rare for a commercial entity to grant access to the detailed schematics of, for example, a commercial encryption ASIC chip, but we are committed to providing a level of transparency that allows our customers to rule out the possibility that Kryptor might contain back doors or other hidden elements. To that end, we are giving independent third parties access to our technology and to our technical documents.

Finally, we greatly value our identity as a European company, and we carry out as much of our design and manufacturing as possible—including all of our assembly and testing—within Europe.

HSM Soft-Core Encryption Features

• Key-agreement scheme: Elliptic Curve Diffie-Hellman / Curve25519 (ECDH)
• Symmetric key block cipher: Camellia
• Asymmetric encryption: ECC25519
• Cryptographic hash function: Skein
• True random number generator (TRNG): With ring oscillators as the source of entropy (FIGARO)
• Optional functions: Additional functions (Ed25519, AES256, SHA512, Keccak, etc) can be added for legacy applications (contact us for a commercial offer)

Encryption Functionality

When running our HSM soft-core, Kryptor provides the following functions, all of which are implemented in Verilog inside the FPGA:

• Generate and store up to four symmetric encryption keys within the FPGA, to accelerate work on up to four encryption streams
• Generate and store up to four asymmetric encryption key pairs within the FPGA to accelerate work on up to four encryption streams
• Generate random numbers based on a true random number generator (TRNG)
• Generate and store a root asymmetric key pair (the private key of which will never be exposed)
• Perform hashing operations
• Encrypt and decrypt a file using any stored key (symmetric or asymmetric)
• Execute an elliptic-curve cryptography (ECC) function on a given asymmetric key
• Load any public key or extract any public key from those generated internally

Please note: for security reasons, the private key of any asymmetric key pair cannot be extracted.

Raspberry Pi API & Arduino Library

To make Kryptor more accessible to IoT developers and makers, we provide a free, easy-to-use, Raspberry-Pi-compatible API for Linux, which allows almost anyone to get started in mere minutes. We also provide an Arduino library. See our demos and technical documentation for more details.

In the screenshots below, you can see how simple it is to interact with our HSM using a Raspberry Pi connected via SPI:

Out-of-the-box Configuration

Please note: due to the import/export legislation regulating all the products that include data-encryption capabilities, we are shipping Kryptor without the encryption soft-core pre-installed.

Everyone who backs the SKUDO Kryptor crowdfunding campaign will have the option to download the HSM soft-core free of charge from skudo.tech, along with instructions that walk you through the simple process of flashing that soft-core onto your board (without the need for a JTAG adapter).

Of course, backers are free to use Kryptor in any way they like. Use it as a MAX10 FPGA development board or load your own soft-core. And you can still load our HSM soft-core, at a later date, using our JTAG adapter board.

Comparisons

Support & Documentation

You can find more technical details about SKUDO Kryptor—including a datasheet—on our website. For feedback, comments, and questions, you are welcome to contact us via:

• Twitter: @SkudoTech
• Reddit: u/Skudo_HSM
• Youtube
• Telegram

You can also reach out using the Ask a technical question link below.

Manufacturing Plan

One of our strong values is for our technology to be "Made in Europe", and so our plan is to design, develop, assemble, and test SKUDO Kryptor entirely within Europe. All our prototype work was carried out between Estonia, Belgium, Hungary, and Italy. For the production of the final product, we intend to stick with our current suppliers, with whom we have developed a solid, proven relationship. We will have two options:

• Print the PCB through one service and do the full assembly (PCBA) through another, or
• Do the complete PCB+PCBA entirely through a single factory.

In either case, the end products will then arrive at our office in Estonia, where they will be programmed with a basic FPGA soft-core that allows backers to load our HSM soft-core without the need for a JTAG adapter.

Fulfillment & Logistics

Once the SKUDO Kryptor PCBs have been fabricated, assembled, tested, and packaged, they will be sent in bulk to Crowd Supply’s fulfillment partner, Mouser Electronics, along with the rest of the products we are making available through this campaign. (For more information, please see Crowd Supply’s Ordering, paying, and shipping guide.) From there, Mouser will ship everything to backers, who will then have the option to redeem their free vouchers to receive an HSM programming file from our website, which they can upload to their SKUDO Kryptor boards using, for example, a standard Raspberry Pi.

Risks & Challenges

We have done a lot of work to design this product, and we have tested and verified quite a few iterations. As a result, there is little risk that we will have to make any modifications down the line due to sourcing challenges.

The electronics used in Kryptor are very common, so setbacks due to manufacturing errors are also quite unlikely. As always, product delivery slow-downs caused by shipping delays remain a possibility.

Rest assured that we will update you regularly on our progress.