# Copyright lowRISC contributors (OpenTitan project). # Copyright zeroRISC Inc. # Modified by Ruben Niederhagen and Hoang Nguyen Hien Pham - authors of # "Improving ML-KEM & ML-DSA on OpenTitan - Efficient Multiplication Vector Instructions for OTBN" # (https://eprint.iacr.org/2025/2028). # Copyright Ruben Niederhagen and Hoang Nguyen Hien Pham. # Licensed under the Apache License, Version 2.0, see LICENSE for details. # SPDX-License-Identifier: Apache-2.0 - name: mod address: 0 doc: | The modulus used by the {{#acc-insn-ref BN.ADDM}} and {{#acc-insn-ref BN.SUBM}} instructions. This WSR is also visible as CSRs `MOD0` through to `MOD7`. - name: rnd address: 1 read-only: true doc: | An AIS31-compliant class PTG.3 random number with guaranteed entropy and forward and backward secrecy. Primarily intended to be used for key generation. The number is sourced from the EDN via a single-entry cache. Reads when the cache is empty will cause ACC to be stalled until a new random number is fetched from the EDN. - name: urnd address: 2 read-only: true doc: | A random number without guaranteed secrecy properties or specific statistical properties. Intended for use in masking and blinding schemes. Use RND for high-quality randomness. The number is sourced from an local PRNG. Reads never stall. - name: acc address: 3 doc: | The accumulator register used by the {{#acc-insn-ref BN.MULQACC}} instruction. - name: key_s0_l address: 4 read-only: true doc: | Bits [255:0] of share 0 of the 384b ACC sideload key provided by the [Key Manager](../keymgr/README.md). A `KEY_INVALID` software error is raised on read if the Key Manager has not provided a valid key. - name: key_s0_h address: 5 read-only: true doc: | Bits [255:128] of this register are always zero. Bits [127:0] contain bits [383:256] of share 0 of the 384b ACC sideload key provided by the [Key Manager](../keymgr/README.md). A `KEY_INVALID` software error is raised on read if the Key Manager has not provided a valid key. - name: key_s1_l address: 6 read-only: true doc: | Bits [255:0] of share 1 of the 384b ACC sideload key provided by the [Key Manager](../keymgr/README.md). A `KEY_INVALID` software error is raised on read if the Key Manager has not provided a valid key. - name: key_s1_h address: 7 read-only: true doc: | Bits [255:128] of this register are always zero. Bits [127:0] contain bits [383:256] of share 1 of the 384b ACC sideload key provided by the [Key Manager](../keymgr/README.md). A `KEY_INVALID` software error is raised on read if the Key Manager has not provided a valid key. - name: kmac_cfg address: 8 doc: | Contains the configuration bits for sending KMAC messages. Also visible as a kmac_cfg CSR. - name: kmac_msg address: 9 doc: | The kmac message data share0 to send over the AppIntf. A byte mask is applied to the message from the kmac_partial_write WSR value before being written into the internal MSG FIFO. - name: kmac_digest address: 10 doc: | Return digest share 0 from AppIntf. In unmasked kmac_cfg this is the whole digest. - name: acch address: 11 doc: | The high 256-bits of the accumulator register used by the {{#acc-insn-ref BN.MULV}} instruction. - name: kmac_msg1 address: 12 doc: | The kmac message data share1 to send over the AppIntf. In unmasked kmac_cfg writing to this WSR is illegal. A byte mask is applied to the message from the kmac_partial_write WSR value before being written into the internal MSG FIFO. - name: kmac_digest1 address: 13 doc: | Return digest share 1 from AppIntf. In unmasked kmac_cfg reading from this WSR is illegal.