Synopsys Hardware-based Physical Unclonable Function (PUF) IP is a hardware IP solution that enables device manufacturers and designers to secure their products with internally generated, device-unique cryptographic keys without needing costly, security-dedicated silicon. It uses the inherently random start-up values of SRAM as a PUF, which generates the entropy required for a strong hardware root of trust (RoT). The Synopsys Hardware-based PUF IP is agnostic to foundry and process node and has been protecting millions of ASIC/SoC/MCU and FPGA-based devices for more than a decade with no known breach or failure. The IP has been proven in devices certified by EMVCo, Visa, CC EAL6+, PSA, ioXt, and governments across the globe.

The Synopsys Hardware-based PUF IP family serves various markets such as IoT, datacenter/HPC, and automotive. The Synopsys Hardware-based PUF IP - 100 can be applied easily to almost any chip – even the tiniest microcontrollers. The Synopsys Hardware-based PUF IP - 300 is the world’s first RoT IP to receive a SESIP and PSA Certified Level 3 certification. The Synopsys Hardware-based PUF IP - 400, tailored to the automotive industry, has been developed following an ISO 26262 functional-safety-compliant flow and meets the ISO 26262 Automotive Safety Integrity Level (ASIL) B fault metric.



  • Uses standard SRAM start-up values as a PUF to create a hardware RoT 
  • Eliminates target for physical attacks: root key is never stored but re-created from the PUF each time it is needed
  • Supports fault detection and reporting
  • Includes countermeasures against side-channel and fault-injection attacks
  • Offers key provisioning, wrapping, and unwrapping to enable secure key storage across the supply chain and for the lifetime of the device
  • Binds keys to the device by ensuring that keys can only be recreated and accessed on the device on which they have been created
  • Eases integration with custom driver API


  • Certified as a RoT component (PSA, SESIP)
  • Integrates easily and scales with all fabs and technology nodes
  • Offers a higher level of security than traditional key storage in NVM such as secure flash, OTP or e-fuses
  • Enables designers to create and store an unlimited number of keys securely in unprotected NVM on/off chip
  • Minimizes overhead through optimized hardware design
  • Eliminates the need for centralized key management and programming
  • Provides a highly reliable secure key storage solution in the most advanced process nodes
  • Remains secure in the post-quantum computing era


  • Secure Key Storage
  • Authentication
  • Flexible Key Provisioning
  • Anti-Counterfeiting
  • IP Binding
  • Supply Chain Protection
  • Chiplet Security


  • PSA Certified Level 3 RoT Component
  • SESIP Level 3
  • Meets ISO 26262 ASIL B fault metric
  • ASIL D for systematic failures
  • ISO/IEC 20897-compliant PUF
  • Supports FIPS 140-3
  • QuiddiKey enabled products have been certified by EMVCo, Visa, CC EAL6+, PSA, and ioXt
  • DoD and EU governments qualified

Why You Need Synopsys Hardware-based PUF IP

Secure supply chain: Each Synopsys Hardware-based PUF IP user can generate unlimited device-unique keys. None of these keys are ever stored on the device. This means that each user in the supply chain can derive their own device-unique keys and import and protect other secrets without these keys or secrets being known to the manufacturer or other supply-chain users. The wrapping functionality enables supply-chain applications and IP to be securely and reliably protected – for the device's lifetime – before being deployed in the field.

Protection against reverse-engineering, counterfeiting/cloning: Synopsys Hardware-based PUF IP protects firmware IP by encrypting it with a PUF-derived encryption key that is locked to the hardware instance of the device. If the firmware IP tied to a device with Synopsys Hardware-based PUF IP is copied to other device instances, these rogue devices cannot unlock the IP or use it because every device has a different hardware fingerprint.

Other use cases: Secure key storage, flexible key provisioning, HW-SW binding, secure communication, authentication

Operational Range

Synopsys Hardware-based PUF IP has been deployed on MCUs/SoCs/ASICs in diverse foundry/process node combinations. SRAM PUF responses across this diverse array have been qualified for use with Synopsys-Hardware-based PUF IP in various operational environments over years of field operation.


Synopsys Hardware-based PUF IP can be integrated easily into any semiconductor design across all foundries and process nodes. Standard deliverables include:

  • RTL netlist (Verilog, VHDL)
  • Testbench (UVM, VHDL)
  • C model
  • APB or TileLink interface (VHDL, Verilog)
  • Design Compiler synthesis constraints (tcl)
  • Driver (C sources, headers)
  • Register description (IP-XACT)
  • Datasheet, integration manual and driver documentation
  • NIST documentation (SP 800-90A/B)

Easy Integration

The Synopsys Hardware-based PUF IP driver eases developers' use of the Hardware IP in an embedded software environment. It is delivered as C source code and comes with a reference manual, integration tests, and the Hardware-based PUF IP register description.