nRF54L Series Express

Feedback
Feedback

If you are having issues with the exercises, please create a ticket on DevZone: devzone.nordicsemi.com
Drag & Drop Files, Choose Files to Upload You can upload up to 2 files.
Register

Cryptographic accelerator engine (CRACEN)

Embedded devices require cryptographic mechanisms for various functions, such as data encryption and decryption. Connected embedded devices frequently require cryptographic acceleration, which is a critical feature that not only enhances the speed and efficiency but, more importantly, the security of the cryptographic operations. Dedicated crypto acceleration hardware provides better resilience against security exploits such as side-channel attacks targeted towards key cryptographic services like secure boot and secure updates compared to software-based cryptography.

The nRF54L and nRF54H Series devices are the first to introduce the advanced Cryptographic Accelerator Engine (CRACEN). As a new feature in the nRF54 Series, CRACEN features key generation from seed using the Isolated Key Generator (IKG), which is briefly described below. The main features of CRACEN are also detailed in this section.

Isolated Key Generator

To provide additional security against various types of attacks, the nRF54L Series introduces an Isolated Key Generator, an isolated module that derives symmetric and asymmetric keys from a 384-bit device unique seed and an optional personalization string. The keys are typically not used by the application directly and are not accessible by the CPU, but they can be used for cryptographic operations by CRACEN. The fact that the keys are generated in an isolated, secure environment provides additional protection from potential compromise.

The seeds used by the IKG must be pushed by the KMU to the SEED register and marked as valid before keys can be generated. The 384-bit seed value is provisioned to the device or generated automatically during the device’s first boot using the CRACEN Random Number Generator (RNG). More details on how the seeds are generated and loaded into the IKG can be read in the technical documentation Loading seed to IKG.

IKG also provides identity attestation through the use of Hardware Unique Key (HUK) and Master Key Encryption Key (MKEK) generation – other devices can verify the identity of the device using the generated identity key.

IKG keys are also accessed using the standard PSA Crypto APIs and are referenced by special built-in key IDs. The three unique keys derived from the 384-bit unique seed and their purposes are listed in the table below.

Key IDKey typeDescription
CRACEN_BUILTIN_IDENTITY_KEY_IDECC secp256r1Used for signing/verification.
CRACEN_BUILTIN_MKEK_IDAES 256-bitUsed for encryption/decryption or key derivation.
CRACEN_BUILTIN_MEXT_IDAES 256-bitUsed for encryption/decryption or key derivation.

Note

The IKG generated keys are not directly accessible by the CPU but are used by the Public Key Encryption (PKE) and Advanced Encryption Standard (AES) engines. The IKG generated AES keys are not the same as the protected keys in protected RAM but can be used by the same AES engine.

CRACEN

The nRF54L features CRACEN, which improves the speed of cryptographic computations and provides additional security. From the user’s perspective, CRACEN, along with the IKG for key generation and KMU for key management, can be seen in the system as a black box that ensures that the cryptographic routines are fast and have strong security, and the keys are handled safely and securely.

The full list of features found in CRACEN is listed below:

  • CryptoMaster (Symmetric cryptographic engines and digest engines)
    • Symmetric and asymmetric operations
    • AES
      • Supports 128-, 192-, and 256-bit keys
      • Context switching
    • Hashing, including MD5, SHA1, SHA224, SHA256, SHA384, SHA512, and HMAC
    • ChaCha20 / Poly1305
    • SHA3
    • EC-JPAKE
  • Public Key cryptographic engine (PKE) and Isolated Key Generator (IKG)
    • RSA: Sign/verify/encyption/key generation
    • Modular exponentiation for RSA with and without CRT; 4096-bit maximum operand size
    • Elliptic Curve Cryptography (ECC) with 640-bit maximum operand size
    • Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA, EC-KCDSA, and EdDSA), with 4096-bit maximum operand size
    • Diffie-Hellman (D-H and ECDH) key exchange
  • Random Number Generator (RNG)
    • NIST SP800-90B compliant
    • PRNG, TRNG
  • Side channel DPA countermeasures
    • AES – Masking against Simple Power Analysis (SPA) and Differential Power Analysis (DPA)
    • IKG/PKE – Protection against timing attacks and DPA
  • Tamper Detection
    • Built-in countermeasure for fault-injection attacks

The diagram below depicts how CRACEN, IKG and random number generator are interconnected.

Cryptographic Accelerator Engine block diagram

Make sure to Log in or Register to save your progress

Back
Next

Switch language?

Progress is tracked separately for each language. Switching will continue from your progress in that language or start fresh if you haven't begun.

Your current progress is saved, and you can switch back anytime.

Register an account
Already have an account? Log in
(All fields are required unless specified optional)

  • 8 or more characters
  • Upper and lower case letters
  • At least one number or special character

Forgot your password?
Enter the email associated with your account, and we will send you a link to reset your password.