Assessing the Performance of OpenTitan as Cryptographic Accelerator in Secure Open-Hardware System-on-Chips
Emanuele Parisi, Alberto Musa, Maicol Ciani, Francesco Barchi, Davide Rossi, Andrea Bartolini, Andrea Acquaviva
TL;DR
This paper quantifies the benefits of using OpenTitan as a cryptographic accelerator in secure open-hardware system-on-chips by evaluating three IPs (HMAC, AES, OTBN) across five workloads (SHA-256, HMAC, AES-256, RSA-512, RSA-1024) with bare-metal drivers in a cycle-accurate RTL simulation and comparing against a CVA6 software baseline. It introduces a detailed methodology to attribute performance to computation versus memory access and demonstrates speedups from 4.3x to 12.5x, while highlighting memory-bandwidth bottlenecks that limit accelerator utilization to 16%–61% depending on memory hierarchy. The study shows that loading data into the OpenTitan private scratchpad significantly improves utilization (up to about 61% for AES), suggesting architectural and data-m movement optimizations can unlock greater gains. The results provide design guidelines to maximize OpenTitan-based security platforms and outline future work to optimize memory movement and explore architectural changes to OTBN and the host-SoC memory system for higher efficiency in secure applications.
Abstract
RISC-V open-source systems are emerging in deployment scenarios where safety and security are critical. OpenTitan is an open-source silicon root-of-trust designed to be deployed in a wide range of systems, from high-end to deeply embedded secure environments. Despite the availability of various cryptographic hardware accelerators that make OpenTitan suitable for offloading cryptographic workloads from the main processor, there has been no accurate and quantitative establishment of the benefits derived from using OpenTitan as a secure accelerator. This paper addresses this gap by thoroughly analysing strengths and inefficiencies when offloading cryptographic workloads to OpenTitan. The focus is on three key IPs - HMAC, AES, and OpenTitan Big Number accelerator (OTBN) - which can accelerate four security workloads: Secure Hash Functions, Message Authentication Codes, Symmetric cryptography, and Asymmetric cryptography. For every workload, we develop a bare-metal driver for the OpenTitan accelerator and analyze its efficiency when computation is offloaded from a RISC-V application core within a System-on-Chip designed for secure Cyber-Physical Systems applications. Finally, we assess it against a software implementation on the application core. The characterization was conducted on a cycle-accurate RTL simulator of the System-on-Chip (SoC). Our study demonstrates that OpenTitan significantly outperforms software implementations, with speedups ranging from 4.3x to 12.5x. However, there is potential for even greater gains as the current OpenTitan utilizes a fraction of the accelerator bandwidths, which ranges from 16% to 61%, depending on the memory being accessed and the accelerator used. Our results open the way to the optimization of OpenTitan-based secure platforms, providing design guidelines to unlock the full potential of its accelerators in secure applications.