Crypto Quantique has announced a new lightweight root-of-trust (RoT) IP block to enable security feature implementation in resource-constrained microcontrollers and IoT devices. Called QRoot Lite, the implementation complies with the Measurement & Attestation Root of Trust (MARS) specification developed by the Trusted Computing Group (TCG) as a lightweight, hardware security IP block for measurement, storage, and reporting to attest to the health and trustworthiness of embedded IoT devices and sensors. The IP block is implemented in hardware as a state machine to allow easy integration into small systems as an attachment to a host microcontroller, providing essential functions for device identity, measurement, and attestation where on-chip resources are limited.The MARS implementation on QRoot Lite provides the functionality of hashing, key derivation, and digital signature generation, using NIST’s lightweight cryptography standard, the Ascon family of cryptographic algorithms, to implement these functions. The IP block’s identity may be provided with seed injection but optionally, for maximum security, Crypto Quantique’s Physical Unclonable Function (PUF) can generate the seed required for provisioning a unique identity to the device. The IP block securely stores derived keys and performs cryptographic operations within the secure hardware, protecting against known side-channel and fault injection attacks. In an ASIC, its side-channel protected hardware footprint is less than 25 Kgates, and less than 14 Kgates for an unprotected implementation.
Applications that can benefit from QRoot Lite include verified boot implementation to ensure that only trusted code is executed during the boot process, key generation and key storage to load and store encrypted data, and remote verification of the integrity and authenticity of sensor data.
