Synopsys Cloud
Cloud native EDA tools & pre-optimized hardware platforms
Request a Free Trial →
Introduction
Synopsys Hardware-based Physical Unclonable Function (PUF) IP is a hardware IP solution that enables device manufacturers and designers to secure their products with internally generated, device-unique cryptographic keys without needing costly, security-dedicated silicon. It uses the inherently random start-up values of SRAM as a PUF, which generates the entropy required for a strong hardware root of trust (RoT). The Synopsys Hardware-based PUF IP is agnostic to foundry and process node and has been protecting millions of ASIC/SoC/MCU and FPGA-based devices for more than a decade with no known breach or failure. The IP has been proven in devices certified by EMVCo, Visa, CC EAL6+, PSA, ioXt, and governments across the globe.
The Synopsys Hardware-based PUF IP family serves various markets such as IoT, datacenter/HPC, and automotive. The Synopsys Hardware-based PUF IP - 100 can be applied easily to almost any chip – even the tiniest microcontrollers. The Synopsys Hardware-based PUF IP - 300 is the world’s first RoT IP to receive a SESIP and PSA Certified Level 3 certification. The Synopsys Hardware-based PUF IP - 400, tailored to the automotive industry, has been developed following an ISO 26262 functional-safety-compliant flow and meets the ISO 26262 Automotive Safety Integrity Level (ASIL) B fault metric.
Features
- Uses standard SRAM start-up values as a PUF to create a hardware RoT
- Eliminates target for physical attacks: root key is never stored but re-created from the PUF each time it is needed
- Supports fault detection and reporting
- Includes countermeasures against side-channel and fault-injection attacks
- Offers key provisioning, wrapping, and unwrapping to enable secure key storage across the supply chain and for the lifetime of the device
- Binds keys to the device by ensuring that keys can only be recreated and accessed on the device on which they have been created
- Eases integration with custom driver API
Benefits
- Certified as a RoT component (PSA, SESIP)
- Integrates easily and scales with all fabs and technology nodes
- Offers a higher level of security than traditional key storage in NVM such as secure flash, OTP or e-fuses
- Enables designers to create and store an unlimited number of keys securely in unprotected NVM on/off chip
- Minimizes overhead through optimized hardware design
- Eliminates the need for centralized key management and programming
- Provides a highly reliable secure key storage solution in the most advanced process nodes
- Remains secure in the post-quantum computing era
Applications
- Secure Key Storage
- Authentication
- Flexible Key Provisioning
- Anti-Counterfeiting
- IP Binding
- Supply Chain Protection
- Chiplet Security
Certifications
- PSA Certified Level 3 RoT Component
- SESIP Level 3
- NIST CAVP
- Meets ISO 26262 ASIL B fault metric
- ASIL D for systematic failures
- ISO/IEC 20897-compliant PUF
- Supports FIPS 140-3
- QuiddiKey enabled products have been certified by EMVCo, Visa, CC EAL6+, PSA, and ioXt
- DoD and EU governments qualified
Why You Need Synopsys Hardware-based PUF IP
Secure supply chain: Each Synopsys Hardware-based PUF IP user can generate unlimited device-unique keys. None of these keys are ever stored on the device. This means that each user in the supply chain can derive their own device-unique keys and import and protect other secrets without these keys or secrets being known to the manufacturer or other supply-chain users. The wrapping functionality enables supply-chain applications and IP to be securely and reliably protected – for the device's lifetime – before being deployed in the field.
Protection against reverse-engineering, counterfeiting/cloning: Synopsys Hardware-based PUF IP protects firmware IP by encrypting it with a PUF-derived encryption key that is locked to the hardware instance of the device. If the firmware IP tied to a device with Synopsys Hardware-based PUF IP is copied to other device instances, these rogue devices cannot unlock the IP or use it because every device has a different hardware fingerprint.
Other use cases: Secure key storage, flexible key provisioning, HW-SW binding, secure communication, authentication
Operational Range
Synopsys Hardware-based PUF IP has been deployed on MCUs/SoCs/ASICs in diverse foundry/process node combinations. SRAM PUF responses across this diverse array have been qualified for use with Synopsys-Hardware-based PUF IP in various operational environments over years of field operation.
Deliverables
Synopsys Hardware-based PUF IP can be integrated easily into any semiconductor design across all foundries and process nodes. Standard deliverables include:
- RTL netlist (Verilog, VHDL)
- Testbench (UVM, VHDL)
- C model
- APB or TileLink interface (VHDL, Verilog)
- Design Compiler synthesis constraints (tcl)
- Driver (C sources, headers)
- Register description (IP-XACT)
- Datasheet, integration manual and driver documentation
- NIST documentation (SP 800-90A/B)
Easy Integration
The Synopsys Hardware-based PUF IP driver eases developers' use of the Hardware IP in an embedded software environment. It is delivered as C source code and comes with a reference manual, integration tests, and the Hardware-based PUF IP register description.
Resources
White Paper
Success Story
Datasheet
Glossary