skip to Main Content

QuiddiKey 300

Digital trust is critical for the continued success of the IoT, so security, reliability, and privacy are top concerns. New legislations are driving improved security practices as well as an increased sense of urgency. Developers and service providers tasked with demonstrating the security capability of their products are looking for guidance and standardized solutions. One important industry-led effort that can speed up the process and build confidence is PSA Certified.

QuiddiKey® 300, a physical unclonable function or PUF-based root-of-trust (RoT) security solution, is the world’s first IP solution to be awarded “PSA Certified Level 3 RoT Component.” This certifies that the IP includes substantial protection against both software and hardware attacks. It allows chip designers to fast-track their products for full PSA Level 3 certification and further helps ensure supply chain integrity, chiplet security, and protection against reverse engineering. Certification is essential for security-critical IoT market verticals, such as healthcare, critical infrastructures, and smart consumer products as outlined in the US Cyber Mark Program.

PSA Certified Level 3 Root Of Trust Component With New Certificate


  • Uses standard SRAM start-up values as a PUF to create a hardware root of trust 
  • Eliminates target for physical attacks: root key is never stored, but re-created from the PUF each time it is needed
  • Supports fault detection and reporting
  • Includes countermeasures against side-channel and fault-injection attacks
  • Offers key provisioning, wrapping, and unwrapping to enable secure key storage across the supply chain and for the lifetime of the device
  • Binds keys to the device by ensuring that keys can only be recreated and accessed on the device on which they have been created on
  • Eases integration with custom driver API


  • Certified as an RoT component (PSA)
  • Integrates easily and scales with all fabs and technology nodes
  • Offers a higher level of security than traditional key storage in NVM such as secure flash, OTP or e-fuses
  • Enables designers to create and store an unlimited number of keys securely in unprotected NVM on/off chip
  • Minimizes overhead through optimized hardware design
  • Eliminates the need for centralized key management and programming
  • Provides a highly reliable secure key storage solution in the most advanced process nodes
  • Remains secure post quantum computing

Why You Need QuiddiKey

Secure supply chain: Each QuiddiKey user can generate an unlimited number of device-unique keys. None of these keys are ever stored on the device. This means that each user in the supply chain can derive their own device-unique keys and import and protect other secrets, without these keys or secrets being known to the manufacturer or other supply-chain users. The wrapping functionality enables supply-chain applications and IP to be securely and reliably protected – for the lifetime of the device – prior to being deployed in the field.

Protection against reverse-engineering, counterfeiting/cloning: QuiddiKey protects firmware IP by encrypting it with a PUF-derived encryption key that is locked to the hardware instance of the device. If the firmware IP tied to a device with QuiddiKey is copied to other device instances, these rogue devices cannot unlock the IP or use it, because every device has a different hardware fingerprint.

Other use cases: Secure key storage, flexible key provisioning, HW-SW binding, secure communication, authentication

QuiddiKey 300 Configurations

QuiddiKey 300 is available in off-the-shelf configurations with size ranging between 51k and 81k gates. Configurations differ according to functionality, performance and compliance, enabling options customized to the needs of your application.

QuiddiKey 300

Generate device-unique keys

Generate random values

Wrap and unwrap secrets


Size (k gates)


AC size (bytes)

580 or 852

Security strength (bits)


Maximum key length (bits)


Time to root key (k cycles)


SRAM required for PUF (kB)



APB / TileLink-UL

Masked key output

Logic BIST


SRAM health checks

SRAM anti-aging

PUF Monitoring


Tamper-evident: supports fault detection and reporting

Countermeasures against side-channel and fault-injection attacks

NIST CAVP certification (DRBG, AES, KDF)


NIST SP 800-90 compliant


PSA Certified Level 3 RoT Component

(✓) features are optional

Operational Range

QuiddiKey has been embedded on MCU/SoC/ASICs in a diverse set of foundry/process node combinations. SRAM PUF responses have been qualified for use with QuiddiKey in a wide range of operational environments.

QuiddiKey Reliability Image

QuiddiKey 300 Deliverables

QuiddiKey In A Microcontroller System

QuiddiKey 300 IP can be integrated easily into any semiconductor design across all foundries and process nodes. Standard deliverables include:

  • RTL netlist (VHDL, Verilog)
  • Testbench (UVM, VHDL), C model
  • Synopsys Design Compiler® synthesis constraints (tcl)
  • QuiddiKey driver (C sources, headers)
  • QuiddiKey register description (IP-XACT)
  • Datasheet, integration manual and driver documentation
  • NIST documentation (SP 800-90A/B)


QuiddiKey DriverDriver Eases Integration

The QuiddiKey 300 driver eases the use of the HW IP for developers in an embedded software environment. It is delivered as C source code and comes with a reference manual, integration tests and the QuiddiKey 300 register description.

Back To Top