## **SYNOPSYS**<sup>®</sup>

## Success Story

## Synopsys and Flex Logix

"Our technology integration with Synopsys takes security to the next level, particularly when dealing with high-risk assets included in the eFPGA for obfuscation."

~Andy Jaros, VP IP Sales, Marketing & Solutions Architecture at Flex Logix



## Taking eFPGA Security to the Next Level

Many markets – 5G, networking, cloud storage, defense, smart home, automotive, and others – are looking to <u>embedded FPGAs (eFPGA)</u> to save power and reduce cost. By removing the high-speed SERDES and other unnecessary I/Os or unused peripherals, the customer can <u>save</u> <u>power</u> and reduce latency. With FPGA embedded, the end product can take advantage of these benefits and still be reconfigurable in the field, saving time and money.

Reconfigurability has many uses, but in the past, this meant greater area and came at an additional cost that was difficult to justify except where it was a requirement. Smaller technology nodes and the increasing cost of taping out (or retaping out) have made FPGA technology from Flex Logix and EFLX® eFPGA both simple to integrate using less area than ever before and easy to justify from a cost perspective.

Flex Logix has become the number one eFPGA vendor because of strong adoption based on several patented technologies that reduce the size of the eFPGA. One of these technologies is the Boundless Radix Interconnect technology (XFLX® Network), which can reduce the interconnect area by forty-five percent (see figure below). This results in an area-efficient solution, similar in density to designed FPGA chips while offering higher utilization and using just the lower layers in a metal stack, making it compatible with most metal stacks. As more and more SoCs are integrating FPGAs, the question of security is being raised, and it's an important one.



Security is an important topic for every SoC, but it's especially salient in the context of high-risk assets included in the <u>eFPGA for obfuscation</u>. Whether the device is used in defense systems or in cars driving around town, encryption is important so the device remains secure and can't be modified maliciously, whether through physical attacks or remote hacking. There are several different established ways to secure eFPGA content, each with its own tradeoffs. Now there is a new and better way to take encryption of the eFPGA content to the next level.

What if you could encrypt your eFPGA configuration data with a device-unique key that is never stored on the device, that cannot be copied from one device to the next, and that is not known to anyone (not even you)? Now you can, by using the secure and patented <u>SRAM Physical</u> <u>Unclonable Function (PUF) technology</u> from Synopsys. The Synopsys SRAM PUF creates a device-unique fingerprint (see figure below) from which a cryptographic root key is extracted. A key derived from this device-unique root key is used to encrypt and authenticate the bitstream of the eFPGA. If the device is attacked or found in the field, the bitstream of the eFPGA cannot be altered, read, or copied to another device because it is protected by a key that is never stored and therefore is invisible and unclonable for the attacker.



The main benefits of using the Synopsys SRAM PUF technology over storing a key in non-volatile memory are:

- High Security: No key material is programmed into the device and no key is present when it is not in use
- High Flexibility: Key generation at any time and place in the supply chain without external provisioning

- Low Cost: No dedicated security hardware is required to protect the key, as it is never stored
- Highly Scalable: It employs only standard logic, scaling effortlessly with shrinking technology nodes

From the SoC hardware engineering point of view, the process for encryption with Synopsys SRAM PUF-based keys is no different than with any other type of encryption. It only requires instantiating the SRAM PUF through the Synopsys Hardware-based PUF IP. The standard implementation looks like the diagram below.



The system would power up just like any other eFPGA, but the AES-GCM will fetch the key from Synopsys Hardware-based PUF IP and decrypt the eFPGA configuration data before programming the eFPGA in the SoC. The configuration data can be stored in any non-volatile memory since it is protected by the key from the SRAM PUF. Not only will your supply chain be secure by using obfuscation, but the bitstream of the eFPGA can also no longer be altered, read, or copied to another device.

Contact us now to help you take the security of your configuration data to the next level by combining Flex Logix eFPGA and Synopsys SRAM PUF IP technology.

Learn more about the Flex Logix eFPGA solutions and the Synopsys PUF IP technology.

©2024 Synopsys, Inc. All rights reserved. Synopsys is a trademark of Synopsys, Inc. in the United States and other countries. A list of Synopsys trademarks is available at <a href="http://www.synopsys.com/copyright.html">http://www.synopsys.com/copyright.html</a>. All other names mentioned herein are trademarks or registered trademarks of their respective owners.