Kunpeng Modules for Commercial Cryptography Application

The Kunpeng commercial cryptographic module is built on the Kunpeng confidential computing TrustZone kit, powered by the secure iTrustee OS. It provides encryption, decryption, signature, verification, and key management capabilities through the standard SDF APIs. The module can enable cryptographic applications such as SSL gateways and digital signatures to help customers meet the CPCA requirements.

Figure 1 Commercial cryptography application components

The core capabilities of the Kunpeng commercial cryptographic module are as follows:

1. This module is an intrinsic feature of Kunpeng servers. Each host is equipped with one cryptographic module to offer certified cryptographic capabilities.
2. It provides software-defined cryptographic services, offering significant advantages in areas like rapid product deployment and agile feature iteration. For example, this module enables easy upgrades to support new post-quantum cryptography (PQC) algorithms.
3. This module leverages CPU software, CPU instruction sets, and Kunpeng Accelerator Engine (KAE) to achieve high performance in multi-threading and high-concurrency scenarios, effectively handling both small and large packets.