Kryptor FPGA – Tiny MAX10 FPGA board works as a hardware security module (Crowdfunding)

Kryptor FPGA, sometimes just called Kryptor, is a compact Intel/Altera MAX10 FPGA development board mostly designed for encryption, and acting as a dedicated Hardware Security Module (HSM) with a custom soft-core from Skudo OÜ. But obviously, you could also use the FPGA board for other purposes.

Hardware encryption can be quite more secure than software-based encryption with reduced attack surfaces, especially since data processing can be done in the FPGA RAM. The HSM can be used to encrypt files, videos, emails, IoT messages, etc… from various hardware platforms including Arduino and Raspberry Pi boards. Contrary to closed-sourced commercial solutions, the soft-core is open-source and as such can be verified by third parties to make sure there aren’t any backdoors or security flaws.

Kryptor FPGA

Kryptor FPGA specifications:

  • FPGA – Intel/Altera MAX10 8K LE ( 10M08DAF256C8G) FPGA @ 100 MHz with 8000 logic elements (LE), 1376 Kb flash, 378 Kb total RAM, up to 250 GPIOs
  • Host interface – SPI (preferred) up to 100 Kbps, I2C, or UART
  • Security features
    • Duplication protection – Anti-piracy duplication protection via chip ID (soft-cores are encrypted and cannot be executed on a different physical PCB)
    • Encryption speed – Camellia symmetric encryption speed of up to 108 Mbps on a single core (but note the SPI link speed limit of 100 Kbps)
  • Power Supply – 5V
  • Power Consumption – 58 mAh (FPGA idle) to 64 mAh (FPGA encrypting)
  • Dimensions – 31.2 x 22.8 mm

That’s it for the hardware. Implemented in Verilog, the HSM soft-core supports the following encryption features:

  • Key-agreement scheme: Elliptic Curve Diffie-Hellman / Curve25519 (ECDH)
  • Symmetric key block cipher: Camellia; up to four symmetric keys can be stored
  • Asymmetric encryption: ECC25519; up to four asymmetric keys can be stored
  • Cryptographic hash function: Skein
  • True random number generator (TRNG): With ring oscillators as the source of entropy (FIGARO)

The company can also update the code to support additional functions such as Ed25519, AES256, SHA512, or Keccak, etc for legacy applications upon request.

Raspberry Pi encryption Kryptor FPGA
Kryptor FPGA connected to Raspberry Pi 3 board

The company also provides a Raspberry Pi API library, a Linux Command Line Interface (CLI), and an Arduino library to control the board from a host connected over SPI, I2C, or UART.

I could not find a link to the tools, libraries, and soft-core yet, but the company will make those open-source, and you’ll eventually be able to download those from the company’s website. Note that since some/most governments have strict regulations with regards to importing and exporting devices with data encryption capabilities, the HSM soft-core will be pre-installed on the board.

Kryptor FPGA comparison

In the table above, SKUDO compares the Kryptor with other open-source hardware FPGA boards that were previously launched on Crowd Supply including iCEBreaker FPGA, TinyFPGA BX, and the NiteFury boards. None of those boards were specifically designed with encryption in mind, but the comparison still gives an idea of the differences between the boards.

You can get a SKUDO Kryptor FPGA board on Crowd Supply for a $129 reward that also includes a small breadboard and jumper wires. Shipping is free to the US, but adds $10 to the rest of the world, and the project should be completed by the end of February 2022. You may see an FPGA adapter in the list of rewards, but the company says it is not needed to flash the HSM soft-core.

Share this:

Support CNX Software! Donate via PayPal or cryptocurrencies, become a Patron on Patreon, or buy review samples

Notify of
The comment form collects your name, email and content to allow us keep track of the comments placed on the website. Please read and accept our website Terms and Privacy Policy to post a comment.
13 days ago

Small correction: Contrary to what is stated in the table, NiteFury has JTAG

13 days ago

not bad

Marcin Dąbrowski
13 days ago

I wonder if it would be possible to backdoor it at RTL level?

11 days ago

reduced attach surfaces“, should read, “reduced attack surfaces“, imho