 Hello and welcome to this presentation of the STM32U5 public key accelerator widely used for asymmetric cryptography applications. Public key cryptography is part of many security standards and is widely used to establish secure communication channels across unsecure open networks like the internet or to provide authentication via electronic signatures. Software-only solutions can be too slow for real-time applications impacting the system's overall performance. The PK-A module is an efficient hardware accelerator that speeds up the public key cryptography operations performed by the CPU. It accelerates RIVS, Chamier and Adelman or RSA, Diffie-Hellman or DH as well as Elliptic Curve Cryptography or ECC over prime-field operations. Supported operand sizes are up to 4,160 bits for RSA and DH up to 640 bits for ECC. Binary Curves, Edwards Curves and Curve 25519 are not supported by the PK-A. The list of supported operations are described here. Unlike STM32U5 modular exponentiation for RSA decryption, scalar multiplication and signature for ECC are protected against side-channel attacks. Those operations are used when manipulating secret keys. PK-A lightens the CPU workload by performing key operations in the PK-A core using dedicated PK-A memory. First, the CPU loads initial data into the PK-A internal RAM, which is located at address offset 0x400. Then, in the PK-A control register, the CPU specifies the operation which is to be executed and finally asserts the start bit. Once the PK-A reports the end of operation with PROC AND F flag, the CPU reads the resulting data from the PK-A RAM, then clears the PROC AND F flag. Software can abort a PK-A operation at any time by clearing the EN bit in the PK-A CR register. In this case, the content of the PK-A memory is not guaranteed. The PK-A has three error flags. The operation error flag or OPE-ERRF, the address error flag or ADD-RE-RRF and the RAM error flag or RAM-ERRF. All flags can generate an interrupt if the corresponding interrupt enable bit is set. OPE-ERR-IE, PROC AND-IE, ADD-RE-R-IE or RAM-ERR-IE. When the PK-A peripheral reset signal is released, the PK-A RAM is cleared automatically, taking 667 clock cycles. During this time, the setting of the EN bit in PK-A CR is ignored. PK-A's side-channel protected operations like modular exponentiation for RSA decryption, scalar multiplication and signature for ECC manages secrets that are automatically erased from PK-A RAM at the end of the operation. Here are the modular exponentiation processing times using different exponent and operand sizes. Other important operations like ECC's scalar multiplication and ECDSA signature and verification are also mentioned. Values are computed in an STM32L5 for a PK-A clock of 110 MHz. Differences versus the STM32L5PK-A running at the same clock are highlighted. Here are the modular exponentiation processing times using different exponent and operand sizes. Other important operations like ECC's scalar multiplication and ECDSA signature and verification are also mentioned. Values are computed in an STM32U5 for a PK-A clock of 110 MHz. Here are the modular exponentiation processing times using different exponents and operand sizes. Other important operations like ECC's scalar multiplication and ECDSA signature and verification are also mentioned. Values are computed with a clock of 160 MHz. Thank you for attending this presentation.