skip to Main Content

Monark™ FPGA IP

FPGAs are widely used in high-demanding environments with specific processing needs, especially in medical, aerospace and defense, and data centers. Motivations for copying or altering secret keys or valuable IP and the attached peripherals, such as consumables, are abundant. And consequences for victims can be a matter of life or death. A way for designers to secure their FPGA’s secrets, protect IP and prevent attached peripheral counterfeiting is the use of cryptography. Authenticity, integrity and confidentiality can be guaranteed by using strong cryptographic keys, rooted in the hardware of the FPGA, and keeping secret keys secure. Monark uses circuits present inside the FPGA to intrinsically generate the entropy needed for a strong hardware root of trust. It combines a butterfly Physical Unclonable Function (PUF) with post-processing by helper data algorithms to create a key vault to secure data in transit and on chip, without the need for adding costly, security-dedicated silicon.

Protecting FPGAs with Monark

The FPGA “Intrinsic Fingerprint”

The biggest challenge when solving security problems is getting credentials, such as cryptographic keys, into the device and keeping them secure. For FPGA architectures in which standard uninitialized SRAM is not available, a butterfly PUF* enables designers to extract a unique device fingerprint from standard FPGA fabric. This fingerprint is converted to a high-quality device-unique PUF key using post-processing with helper data algorithms (or fuzzy extractor). Monark FPGA IP reliably reconstructs the same cryptographic key under all environmental circumstances. 

Upon first use, called the enrollment, Monark generates an activation code which, in combination with the butterfly PUF fingerprint, is used to reconstruct on demand, in real time, an intrinsic PUF key inside a secure perimeter. The intrinsic PUF key can be used as a root key for key derivation and key wrapping. A key protected by Monark is integrity protected and can be retrieved only on the same device, while it will be meaningless on other devices. 

When used in combination with a crypto core, Monark allows designers to provision their FPGAs with an unclonable identity, which consists of a private key, a public key and a device certificate. Once provisioned, the FPGA can prove its identity and establish a secure channel with another device, a server or a cloud. The private key is never stored in NVM or OTP, but regenerated on the fly when needed, making the solution very effective against counterfeiting

Specifications

  • Qualified for Xilinx platforms Virtex 7, Kintex7 (from XC7k160T onward), and Zynq 7000 (from XC7Z020 onward)
  • Temperature range from -40°C to +85°C
  • Voltage supply variation  +/- 20%
  • Accelerated lifetime > 25 years

Deliverables

Monark FPGA IP is easily integrated in any FPGA design. Standard deliverables include : 

  • VHDL top-level design for specific platform
  • FPGA macro with routing scripts
  • Simulation and test bench
  • Documentation
 

Monark

Security Strength (bits)

256

Maximum Key Length (bits)

4096

Size:
#LUTS
#Regs


43k
21k

Activation Code Size (bytes)

1k

Generate Device Keys and Random Values

Y

Wrap and Unwrap Keys

Y

Attack Countermeasures

Y

Anti-aging Measures

Y

Diagnostics

Y

APB Interface (optional to remove)

(Y)

* A butterfly PUF consists of an array of circuits, each consisting of two cross-coupled memory elements, to obtain a bi-stable output behavior. During operation each circuit is brought temporarily into a “conflicting state,” and once released the circuit will settle into one of the two allowed states in a non-deterministic way that not even the manufacturer can predict or duplicate.

Monark Benefits

  • Compatible with standard FPGA products
  • No sensitive key material present on device
  • High protection against tampering and invasive attacks

Applications

  • Secure Key Storage
  • Authentication
  • Flexible Key Provisioning
  • Anti-Counterfeiting
  • HW-SW Binding
  • Supply ChainProtection

Protecting the IoT with Invisible Keys | Get White Paper

Back To Top