The crypto engine consists of three dedicated ASIC blocks:

| Block | Function | Speed (typical) | |-------|----------|-----------------| | RSA/EC | RSA‑2048/4096, ECC‑P‑256/521, Ed25519 | 5 kRSA‑4096 ops/s, 12 M ECC‑P‑521 ops/s | | Symmetric | AES‑256‑GCM, ChaCha20‑Poly1305, SHA‑2/3 | 30 GB/s AES‑256‑GCM, 22 GB/s SHA‑3 | | Post‑Quantum (PQC) | Kyber‑1024 KEM, NTRU‑HRSS | 1.5 k Kyber encaps/decaps per sec (software‑assisted) |

The TRNG feeds all blocks with a dedicated entropy source based on a laser‑phase‑noise generator, meeting the NIST SP 800‑90B requirements.

Benchmarks from NIST’s Cryptographic Module Validation Program (CMVP) 2025 show that the SGKI 078 can terminate up to 150 k TLS 1.3 handshakes per second on a single 10 GbE NIC, while maintaining < 1 µs per‑packet latency for data plane encryption/decryption.

The device’s management NIC runs a TLS 1.3‑only stack with mutual attestation. During boot, the SGKI 078 publishes an attestation report (signed by the hardware root key) that includes:

This report can be consumed by orchestration platforms (Kubernetes, OpenShift) to enforce zero‑trust policies—only verified SGKI 078s may join the cluster.