TLS Handshake Hardware Accelerator

The TLS handshake hardware accelerator is a secure connection engine that can be used to offload the compute intensive Public Key operations (Diffie-Hellman, Signature Generation and Verification).

It combines a load dispatcher and a configurable amount of instances of the Public Key Crypto Engine (BA414EP) benefiting from all features supported (i.e. RSA/DH/DHE and ECDSA/ECDH/ECDHE/X.25519/X.448 and more). The efficient dispatching to several tenths of BA414EP instances helps reaching maximum system performance.

This IP is made of a core and optional modules to connect the core to standard interfaces (PCIe, AXI_DMA…). In addition our drivers have an asynchronous API (or non-blocking API) which are integrated in OpenSSL Async.


  • RSA, ECC and more
    • RSA/DH/DHE
    • X.25519/X.448
    • mbedTLS integration
    • SM2
  • > 1 GHz in 16nm
  • 400-500 MHz on mid-range/high-end FPGA
  • Very high performance on off-the-shelf FPGA


  • Cloud computing
  • Data center
  • HSM
  • Firewall
  • IKE-TLS/SSL connection engine
  • Blockchain transactions


TLS connection performance (Ops/s)

Implementation aspects

The TLS handshake hardware accelerator IP core is easily portable to ASIC and FPGA. It supports a wide range of applications on various technologies. The unique architecture offers a high level of scalability, enabling a trade-off between throughput, area and latency.


For more detailed information about our Public Key Crypto Engine (BA414EP), click here:


Reference: BA452