Go Back
By Industry
By Technology
Synopsys Cloud
Synopsys Cloud

Cloud native EDA tools & pre-optimized hardware platforms

Request a Free Trial →
Multi-Die System Solution
Multi-Die System Solution

A comprehensive solution for fast heterogeneous integration

Discover Multi-Die →
View All Solutions →
Explore Silicon Design, Verification & Manufacturing

Synopsys is a leading provider of electronic design automation solutions and services.

Families
Optical Design
Photonic Design
Design
3D Image Processing
Verification
Modeling & Simulation
Manufacturing
Try Synopsys Cloud
Synopsys Cloud

Unlimited access to EDA software licenses on-demand

Request a Free Trial →
Explore Silicon IP

Synopsys is a leading provider of high-quality, silicon-proven semiconductor IP solutions for SoC designs.

Interface IP
Processor IP
Analog IP
Memories & Libraries
SoC Architecture
Security IP
SoC Infrastructure IP
IP Accelerated
IP Markets
Synopsys IP Portfolio Cover
Synopsys IP Portfolio
Download Brochure →
Synopsys IP Technical Bulletin
Read Latest Issue →
Explore Application Security

Synopsys helps you protect your bottom line by building trust in your software—at the speed your business demands.

Integrated AppSec Solutions
Software Risk Analysis
AppSec Program Services
Your guide to securing your open source supply chain
Your guide to securing your open source supply chain
Read the report →
View All Products →
Company Overview
Resources
SNUG 2024 | Synopsys
SNUG 2024

Synopsys User Group Conference

Learn more →
Synopsys Job Search Thumbnail
Pursue Your Passion

Start Your Job Search

Apply Now →

Ensuring Security in SoCs with Specific Processing Needs

FPGAs are widely used in mission-critical environments with specific processing needs. Motivations for copying or altering sensitive data or valuable IP are abundant. Especially in aerospace and defense, attacks can result in loss of IP, leakage of top-secret information, and compromised national security. A way for designers to secure their FPGAs, their sensitive data, and communications is the use of cryptography. Authenticity, integrity, and confidentiality can be guaranteed by using strong cryptographic keys rooted in the hardware of the FPGA.

Synopsys FPGA PUF IP combines a Butterfly Physical Unclonable Function (PUF) with Synopsys' helper data algorithms. Butterfly-shaped circuits are configured on the fabric of the FPGA to intrinsically generate the entropy needed for a strong hardware root of trust. Keys derived from Synopsys FPGA PUF are volatile and derived only when required, providing a significant high-security assurance. Since Synopsys PFGA PUF is part of the FPGA configuration file, it is a “soft PUF” implementation, and security functionality can be retrofitted on deployed devices, enabling remote “brownfield” installation of a hardware root of trust.

The FPGA “Intrinsic Fingerprint”

The biggest challenge when solving security problems is getting credentials, such as cryptographic keys, into the device and keeping them secure. A butterfly PUF enables designers to extract a unique device fingerprint from standard FPGA fabric for FPGA architectures in which standard uninitialized SRAM is unavailable. This fingerprint is converted to a high-quality device-unique PUF key using Synopsys' helper data algorithms (or fuzzy extractor). Synopsys FPGA PUF IP reliably reconstructs the same cryptographic key under all environmental circumstances.

Upon first use, called the enrollment, Synopsys FPGA PUF generates an activation code which, in combination with the butterfly PUF fingerprint, is used to reconstruct, on demand, in real-time, an intrinsic PUF key inside a secure perimeter. The intrinsic PUF key can be used as a root key for key derivation and wrapping. A key protected by Synopsys FPGA PUF is integrity protected and can be retrieved only on the same device, while it will be meaningless on other devices.

When combined with a crypto core, Synopsys FPGA PUF IP allows designers to provision their FPGAs with an unclonable identity consisting of a private key, a public key, and a device certificate. Once provisioned, the FPGA can prove its identity and establish a secure channel with another device, a server, or a cloud. The private key is never stored in NVM or OTP but regenerated on the fly, making the solution effective against counterfeiting.

Use Cases

  • Anti-counterfeiting: binding of proprietary mission-critical IP to the device.
  • Secure communication: authentication and encryption of data between heterogeneous devices that are part of a homogenous defense electronics system.
  • Secure supply chain: enabled by generation of end-user keys which can be wrapped or protected using device-unique cryptographic keys.

Benefits

  • Compatible with standard FPGA products
  • No sensitive key material present on device
  • High protection against tampering and invasive attacks

Applications

  • Secure Key Storage
  • Authentication
  • Flexible Key Provisioning
  • Anti-Counterfeiting
  • HW-SW Binding
  • Supply Chain Protection

Specifications

  • Verified on Xilinx platforms Artix-7, Virtex-7, Kintex-7, and Zynq 7000, Kintex UltraScale+, Zynq UltraScale+ and Virtex UltraScale+ 
  • Temperature range from -40°C to +125°C
  • Voltage supply variation +/- 20%
  • Lifetime > 25 years

 

Synopsys PPGA PUF IP
Security Strength (bits)

256
Maximum Key Length (bits)

4096
Size : #LUTS

14k - 16k
Activation Code Size (bytes)

644
Generate Device Keys and Random Values

Wrap and Unwrap Keys

(✓)
Attack Countermeasures

Anti-aging Measures

PUF Monitoring

Logic BIST

(✓)
APB Interface (optional to remove)

(✓)

Deliverables

Synopsys FPGA PUF IP is easily integrated into any FPGA design. Standard deliverables include:

  • VHDL top-level design for a specific platform
  • FPGA module with routing scripts
  • Simulation and test bench
  • Driver for easy integration
  • Documentation

Resources

Datasheet

Synopsys FPGA PUF IP

Read now →
White Paper

Securing FPGAs Beyond the Bitstream

Read now →

What is Butterfly PUF Technology?

Read now →
Success Story

Flex Logix and Synopsys Hardware-based PUF IP

Read now →