While the ASIC market has always had its advantages over alternate solutions, it has faced boom and bust cycles typically driven by high NRE development costs and time to market lead times. During the same time, the FPGA market has been consistently bringing out more and more advanced products with each new generation. With very high-speed interfaces offered on these products along with flexibility through field-programmability, these advanced FPGA products give ASICs a good run for the money.
Changing requirements have also been the tail wind behind the fast adoption of FPGAs. Being able to accommodate last minute changes without having to re-spin the chip is a God-send in markets with fast changing requirements. This is not to say that ASICs have lost their edge. ASICs still hold their deserved place in terms of PPA scoring when compared against FPGA-based solutions and software solutions run on general-purpose processors. But the advent of embedded FPGA capability has brought flexibility and configurability to ASICs. By integrating embedded FPGA (eFPGA) cores into ASICs, systems can now enjoy the benefits of both ASICs and FPGAs.
What About Security?
Today, there are a number of fast growing markets with rapidly evolving requirements too and that is great for ASICs with embedded FPGA cores. But these fast growing markets also have a high-bar in terms of security of data and communications. While security is always a topic of serious interest in the field of electronics, the focus has grown with the increased use of global supply chains. With many touchpoints throughout the development and deployment phases, concerns about counterfeit chips being inserted to hijack systems are logical and valid.
That is why, securing systems is implemented through the mechanism of hardware root of trust. The hardware root of trust contains the keys for the encrypting and decrypting functions and enables a secure boot process. As the hardware root of trust is inherently trusted, it is critical to ensure that the keys that are stored on the chip can never be hacked.
Can Security Be Further Enhanced?
What if the security can be further enhanced by not even storing the keys on the chip? What if the keys can be individualized to the chip level rather than limited to the design/product level? The security level would indeed be enhanced a lot. This is the essence of a recent announcement by Flex Logix. By partnering with Intrinsic ID, Flex Logix is able to bring an enhanced level of security to SoCs that integrate their EFLX® eFPGA cores. The enhanced security is implemented through Intrinsic ID’s QuiddiKey that leverages their SRAM PUF technology. Refer to the Figure below for a block level diagram of such an SoC.
Intrinsic ID QuiddiKey® is a hardware IP solution that enables device manufacturers and designers to secure their products with internally generated, chip-unique cryptographic keys without the need for adding costly, security-dedicated silicon. It uses the inherently random start-up values of SRAM as a physical unclonable function (PUF), which generates the entropy required for a strong hardware root of trust. Since the pattern is unique to a particular SRAM, the pattern is unique to a particular chip like a fingerprint is to its owner. For more details about Intrinsic ID’s SRAM PUF technology, visit the SRAM-PUF product page. For more details about QuiddiKey, visit the QuiddiKey product page.
QuiddiKey IP can be applied easily to almost any chip – from tiny microcontrollers (MCUs) to high-performance systems-on-chip (SoCs). QuiddiKey has been validated for NIST CAVP and has been deployed and proven in hundreds of millions of devices certified by EMVCo, Visa, CCEAL6+, PSA, ioXt, and many governments across the globe. Refer to the Figure below for the major functions that the QuiddiKey IP implements.
Enhanced Security of eFPGA Platforms
In the joint Flex Logix/Intrinsic ID solution, a cryptographic key derived from a chip-unique root key is used to encrypt and authenticate the bitstream of an eFPGA. If the chip is attacked or found in the field, the bitstream of the eFPGA cannot be altered, read, or copied to another chip. That is because the content is protected by a key that is never stored and therefore is invisible and unclonable by an attacker.
Neither is the concern of counterfeit chips being inserted within the supply chain valid any longer. Each QuiddiKey user can generate an unlimited number of chip-unique keys, enabling each user in the supply chain to derive their own chip-unique keys. Each user can protect their respective secrets as their cryptographic keys will not be known to the manufacturer or other supply-chain users.
For more details about how the Flex Logix/Intrinsic ID partnership is “taking eFPGA security to the next level”, refer to this whitepaper.
To learn more about Flex Logix’s eFPGA solutions visit https://flex-logix.com/efpga/.