Ensuring IoT Security

The number of connected devices, machines, sensors, or things that are linked with each other over open communication networks on the Internet of Things (IoT) has exploded. Processes are remotely monitored through networks of smart devices. And every device represents a potential entry point for malicious intrusion – into the device itself or the network to which it’s connected. These new security threats pose technology challenges in securing and stabilizing such large systems. In such an environment, secure device identity is essential for clone-resistant operational security.

The Synopsys Software-based PUF IP - 100 enables IoT developers to generate unique device identities, secure cryptographic keys, and random values. It enables easy and collision-free identification of billions of devices from different vendors. Synopsys Software-based PUF - 100 can also be integrated as a hardware-based trust anchor for Mbed TLS, OpenSSL, wolfSSL, and other libraries, extending the chain of trust beyond just a single device. Synopsys Software-based PUF solution is the only hardware entropy source currently available that doesn’t have to be loaded at silicon fabrication.


  • Uses standard SRAM as a physical unclonable function (PUF) to create a device-unique identity and cryptographic keys
  • Keys are never stored but re-created from the PUF each time they are needed
  • Keys are bound to the device and can only be recreated and accessed on the device on which they have been created
  • NIST SP 800-90A/B compliant random number generator


  • Easy and collision-free identification of billions of devices from various vendors
  • A trust anchor can be installed later in the supply chain or even remotely retrofitted on deployed devices
  • Offers stronger protection than traditional key storage in NVM
  • Seamlessly integrates with other crypto such as Mbed TLS, wolfSSL, and OpenSSL
  • Proven technology with 500M+ devices in the field
  • Synopsys Software-based PUF IP - 100 is post-quantum secure

Security Based on SRAM PUF

Synopsys Software-based PUF IP - 100 uses the inherently random start-up values of SRAM as a PUF from which a device-unique identity and root key are generated. The root key is never stored and is only available (in volatile memory) when needed. This means the key is never present in persistent memory – even when the chip is powered down – which raises the security significantly and eliminates the need for OTP or other secure memory.

An unlimited number of keys can be derived from the root key using the NIST-compliant key-derivation function. Synopsys Software-based PUF IP - 100 also offers random values generated by a NIST 800-90A/B-compliant random number generator and a unique device identity for each device. All Synopsys Software-based PUF IP features are accessed by the host software via the API.

Operating Ranges

SRAM PUF responses have been qualified for use with the Synopsys Software-based PUF IP products in a wide range of operational environments over years of field operation:

  • All major fabs from 0.35 μm to 5 nm
  • Temperature range from -55°C to 150°C [-67°F to 300°F]
  • Voltage supply variation +/- 20%
  • Lifetime > 25 years


  • Target-specific library (C-code)
  • Datasheet
  • API reference manual
  • Code examples (e.g. of integration with Mbed TLS, OpenSSL, wolfSSL)
  • NIST documentation
  • Application notes


The Synopsys Software-based PUF IP - 100 products are available in off-the-shelf configurations with sizes ranging between 6.3 kB and 7.6 kB. Configurations differ according to functionality, performance, and compliance.


Synopsys Software-based PUF - 100

Security strength (bits)

128 / 256


0.7 / 1.0

Code size (kB)

6.3 - 7.6

SRAM anti-aging

Device-unique identifier (UID)

Generate device-unique keys

Generate random values

NIST CAVP certifiable (DRBG, KDF, HMAC, SHA-2)

NIST SP 800-90A compliant DRBG

NIST SP 800-90B compliant entropy source for RNG (adds about 3 kB of SRAM)


FIPS 140-3 ready


Markets and Applications | Certifications





  • Automotive
  • Chiplets
  • Financial services
  • Internet of things
  • Manufacturing
  • Medical
  • Memory
  • Sensors
  • Wearables
  • Microcontrollers
  • Anti-counterfeiting
  • Device-to-host Authentication
  • Secure key storage
  • Flexible key provisioning
  • HW-SW binding
  • Supply chain protection