Anything that is connected to the internet is at risk, and connected vehicles are no exception. Every connected electronic component represents a potential entry point for malicious intrusion – into the component itself or onto the network to which it is connected. Root-of-trust (RoT) technology is becoming an essential requirement for components in autonomous vehicles which now need to adhere to the industry standard ISO/SAE 21434 to ensure the vehicle fleet is secure by design.

Synopsys Hardware-based PUF IP is a physical unclonable function (PUF)-based RoT solution that can be applied easily to almost any MCU/SoC/ASIC without the need for adding costly, security-dedicated silicon. The PUF IP - 400 has been developed following an ISO 26262 functional-safety-compliant flow and meets the ISO 26262 Automotive Safety Integrity Level (ASIL) B fault metric. Just like Synopsys Hardware-based PUF IP - 300, which was the world’s first RoT IP to receive a SESIP and PSA Certified level 3 certification, Synopsys Hardware-based PUF IP - 400 includes substantial protection against both software and hardware attacks to deny adversaries access to any key material or data, even on unmanned autonomous vehicles.

Synopsys Hardware-based PUF is the world-leading and certified IP that uses standard SRAM as a PUF to create a strong hardware RoT. The PUF root key is never stored but re-created from the PUF each time it is needed, offering the highest level of security. A key protected by the Hardware-based PUF is integrity-protected and can be decrypted solely on the device on which it was created.

Synopsys Hardware-based PUF IP - 400  meets the ISO 26262 Automotive Safety Integrity Level (ASIL) B fault metric. It validates all inputs and critical internal logic through integrity checks and error detection. It continuously asserts that everything runs as intended and flags any observed faults. Additionally, Synopsys Hardware-based PUF IP - 400 offers the user hardware and software handholds to check whether all data is correctly transferred to and from hardware-based PUF.


  • Uses standard SRAM start-up values as a PUF to create a hardware RoT
  • Supports fault detection and reporting
  • Validates input and output logic, flags observed faults and offers handholds to check data transfer to and from the Hardware-based PUF
  • Offers key provisioning, wrapping, and unwrapping to enable secure key storage across the supply chain and for the lifetime of the device
  • Binds keys and data to the hardware of the device
  • Eases integration with custom driver API


  • Meets the functional safety ISO 26262 standard ASIL B fault metric
  • Integrates easily and scales with all fabs and technology nodes
  • Offers a higher level of security than traditional key storage in NVM such as secure flash, OTP or e-fuses
  • Enables designers to create and store an unlimited number of keys securely in unprotected NVM on/off chip
  • Eliminates the need for centralized key management and programming
  • Remains secure post quantum computing


  • Meets ISO 26262 ASIL B fault metric
  • ASIL D for systematic failures
  • ISO/IEC 20897-compliant PUF
  • FIPS 140-3 support
  • SRAM PUF-enabled products have been certified by EMVCo, Visa, CC EAL6+, PSA, and ioXt
  • DoD and EU governments qualified

Why You Need Synopsys Hardware-based PUF IP

Secure supply chain: Each Synopsys Hardware-based PUF IP user can generate unlimited device-unique keys. None of these keys are ever stored on the device. This means that each user in the supply chain can derive their own device-unique keys and import and protect other secrets without these keys or secrets being known to the manufacturer or other supply-chain users. The wrapping functionality enables supply-chain applications and IP to be securely and reliably protected – for the device's lifetime – before being deployed in the field.

Protection against reverse-engineering, counterfeiting/cloning: Synopsys Hardware-based PUF IP protects firmware IP by encrypting it with a PUF-derived encryption key that is locked to the hardware instance of the device. If the firmware IP tied to a device with Synopsys Hardware-based PUF IP is copied to other device instances, these rogue devices cannot unlock the IP or use it because every device has a different hardware fingerprint.

Other use cases: Secure key storage, flexible key provisioning, HW-SW binding, secure communication, authentication


Synopsys Hardware-based PUF IP - 400 is available in off-the-shelf configurations with sizes ranging between 114k and 163k gates. Configurations differ according to functionality, performance, and compliance.


Synopsys Hardware-based PUF IP - 400


Generate device keys and random values

Wrap and unwrap keys


Size (k gates)


AC size (bytes)


Security strength (bits)


Maximum key length (bits)


Time to root key (k cycles)


SRAM required for PUF (kB)



APB or TileLink-UL

Masked key output

Logic BIST


SRAM health checks

SRAM anti-aging

PUF monitoring

Fault detection and reporting

Attack countermeasures

NIST CAVP certification (DRBG, AES, KDF)


NIST SP 800-90 compliant


(✓) features are optional

Operational Range

Synopsys Hardware-based PUF IP has been embedded on MCU/SoC/ASICs in a diverse set of foundry/process node combinations. SRAM PUF responses have been qualified for use with Synopsys-Hardware-based PUF IP in a wide range of operational environments.


Synopsys Hardware-based PUF IP - 400 can be integrated easily into any semiconductor design across all foundries and process nodes. Standard deliverables include:

  • RTL netlist (VHDL, Verilog)
  • Testbench (UVM, VHDL), C model
  • Synopsys Design Compiler® synthesis constraints (tcl)
  • Synopsys Hardware-based PUF driver (C sources, headers)
  • Synopsys Hardware-based PUF register description (IP-XACT)
  • Datasheet, integration manual and driver documentation
  • NIST documentation (SP 800-90A/B)
  • ISO 26262 documentation (ASIL B/D metrics)

Easy Integration

The Synopsys Hardware-based PUF IP - 400 driver eases developers' use of the Hardware IP in an embedded software environment. It is delivered as C source code and comes with a reference manual, integration tests, and the Synopsys Hardware-based PUF - 400 register description.