Hardware Root of Trust Software to Create, Wrap and Manage Keys

BROADKEY™ is a secure key management software solution for IoT security, based on SRAM PUF technology. This patented technology is able to extract identifiers from the uniqueness that is inherent to every piece of silicon. BROADKEY dynamically reconstructs on-chip secret keys without ever storing those keys. SRAM PUF-based keys are bound to a device in such a way that they cannot be cloned, copied or in any way extracted from the device.

BROADKEY is designed to enable secure storage of multiple cryptographic keys of various lengths. The software is delivered as library compiled for a specific target chip, including interface specifications and user manual. BROADKEY can be implemented on virtually every MCU.

Hardware-Based Security

Hardware-Based Security

In line with the strategic principles for IoT of U.S. Department of Homeland Security.



Can be implemented on almost all MCUs, sensors, flash devices …

Low Cost

Low Cost

Low-footprint software that fits into the smallest, resource-constrained devices.



User keys can be provisioned at any point in the supply chain.

SRAM PUF – Keys from Silicon Characteristics

SRAM Physical Unclonable Functions, or PUFs, use the behavior of standard SRAM, available in any digital chip, to differentiate chips from each other. Due to deep submicron process variations in the production process, every transistor in an IC and hence in an SRAM cell has slightly random electric properties. This randomness is expressed in the startup values of “uninitialized” SRAM memory.

An SRAM memory consists of a number of SRAM cells. Each SRAM cell consists of two cross-coupled inverters that each are built up by a p- and n-MOS transistor. When power is applied to an SRAM cell, its logical state is determined by the relation between the threshold voltages of the p-MOS transistors in the invertors. The transistor that starts conducting first determines the outcome, a logical “0” or “1”.

It turns out that an SRAM cell has its own preferred state every time the SRAM is powered, resulting from the random differences in the threshold voltages. This preference is independent from the preference of the neighboring cells and independent of the location of the cell on the chip or on the wafer.

Hence the startup values of unitialized SRAM memory form a unique and random pattern of 0’s and 1’s. This pattern is like a silicon fingerprint since it is unique per SRAM and hence per chip. It can be used as a Physical Unclonable Function and is called the SRAM PUF response.


BROADKEY Software IP Family

The SRAM PUF response is a noisy fingerprint, and turning it into a high-quality and secure key vault requires further processing. This is done with the BROADKEY software. BROADKEY bundles the following techniques to reconstruct exactly the same cryptographic key every time and under all (environmental) circumstances in a very secure manner:

  • Error correction
  • Randomness extraction
  • Security countermeasures
  • Anti-aging techniques

More information on these techniques can be found in these white papers. BROADKEY generates an Activation Code which, in combination with the SRAM startup behavior, is used to reconstruct on demand, in real time, an intrinsic PUF key which is never stored. When it is needed later it can be reconstructed. The intrinsic PUF key can be used as a root key to wrap and manage user keys. Reconstruction can be done very quickly starting at 0.7M cycles for 128 bits keys. All of BROADKEY’s features are accessed by the host software via the BROADKEY API.
Three BROADKEY configurations are available:


Device-unique key derivation, random number generation, wrapping and management, including elliptic curve private key generation and storage, importing and exporting of public keys, signature generation and verification, key agreement functionality and public key encryption and decryption.


Device-unique key derivation, random number generation, application key wrapping and management.


Low footprint, device-unique key derivation and random number generation.





Security Strength (bits)




PUF (KB) related to Security Strength




Code Size (KB)




Generate Device Keys and Random Values




Wrap and Unwrap Application Keys



Public Key Management and Crypto Operations


Operating Conditions

Intrinsic ID’s SRAM PUF technology operates reliably over a wide range of applications and operating conditions:

  • Qualified semiconductor technology nodes ranging from 180nm down to 14nm
  • Semiconductor processes include low power, high speed, and high density
  • Temperature range for SRAM PUF reading from -55°C to 150°C [-67°F to 300°F]
  • Voltage supply variation +/- 20%
  • Lifetime > 25 years


BROADKEY Software IP is delivered as library compiled for a specific target chip, including interface specifications and user manual.


SRAM PUF Benefits

  • Device-unique, unclonable fingerprint
  • Leverages entropy of manufacturing process
  • No key material programmed


  • Secure Key Storage
  • Authentication
  • Flexible Key Provisioning
  • Anti-Counterfeiting
  • Hardware-Software Binding
  • Supply Chain Protection


  • 256- or 128-bit key entropy
  • Highly reliable across large range of operating environments and on every technology node
  • Lifetime > 25 years
  • Requires uninitialized SRAM