Requirements, Design Methodologies, and Implementation of Hardware Security Modules for General Purpose Processors

The research presented in this Thesis is related to the analysis of design strategies and requirements for Hardware Secure Modules (HSMs) and the implementation of a suite of hardware accelerators for cryptographic services (named Crypto-Tile IP) that will be integrated into the HSM of the General Purpose Processor (GPP) developed in the framework of the European Processor Initiative (EPI). The Crypto-Tile features four different coprocessors for symmetric-key cryptography, public-key cryptography, computation of digests, and generation of random numbers, plus dedicated resources for storage and management of key materials and implementation of security mechanisms. The Crypto-Tile IP has been designed in SystemVerilog Hardware Description Language (HDL) and synthesized on a 7 nm standard-cell technology. It has been verified and validated against an extensive test plan in both Register Transfer Level (RTL) and post-synthesis netlist level. A complete RISC-V-based system has been implemented on a Xilinx VCU128 FPGA board; this system includes a 32-bit RISC-V soft-core processor, the Crypto-Tile IP, and other peripherals (UART, DMAs, JTAG, etc.). The Crypto-Tile IP has been delivered to the EPI consortium and is ready to be integrated into the Security Subsystem of the EPI chip. In order to provide hardware support for Post-Quantum Cryptography (PQC), an instruction set extension of the RISC-V processor has been proposed in order to accelerate the lattice-based Post-Quantum algorithms CRYSTALS-Kyber and CRYSTALS- dilithium. In addition, a dedicated hardware accelerator for the eXtendable Output Functions (XOF) SHAKE128/256 has been designed since XOFs are largely adopted in PQC algorithms like the CRYSTALS suite.