QuiddiKey®
QuiddiKey is Intrinsic ID’s hardware IP which enables device manufacturers and designers to secure their products with internally generated, device-unique cryptographic keys without the need for adding costly, security-dedicated silicon. Based on the randomness inside uninitialized SRAM it generates the entropy needed for a strong hardware root of trust. The IP can be applied easily to almost any chip – from tiny microcontrollers to high-performance SoCs. Since SRAM is used as a PUF source, the IP is agnostic to foundry and process node technology. QuiddiKey has been deployed and proven in millions of devices certified by EMVCo, Visa, CC EAL6+, PSA, IoXt, and governments across the globe.
QuiddiKey Configurations
QuiddiKey is available in off-the-shelf configurations with size ranging between 24k and 50k gates. Configurations differ according to functionality, performance and compliancy, allowing options customized to the needs of your application.
| QuiddiKey Configurations | QuiddiKey-Safe | QuiddiKey-Plus |
|---|---|---|
| Generate device-unique keys | ✓ | ✓ |
| Generate random values | ✓ | ✓ |
| Wrap and unwrap keys | (✓) |
|
| Size (k gates) | 24 | 38-50 |
| Security strength (bits) | 256 | 256 |
| Maximum key length (bits) | 4096 | 4096 |
| Time to root key (k cycles) | 149 | 50-68 |
| SRAM required for PUF (KB) | 2 | 2-4 |
| NIST approved algorithms | AES, SHA-256, HMAC-SHA |
|
| CAVP for DRBG (NIST SP 800-90A) | (✓) |
|
| Interface | APB | APB |
| Logic BIST | (✓) | (✓) |
| SRAM health checks | ✓ | ✓ |
| SRAM anti-aging | ✓ | ✓ |
| Diagnostics | ✓ | ✓ |
| Driver | ✓ | ✓ |
| Attack countermeasures | ✓ | Extended |
Operational Range
QuiddiKey has been embedded on MCUs/SoC/ASICs in a diverse set of foundry/process node combinations and SRAM PUF responses have been qualified for use with QuiddiKey in a wide range of operational environments.
Deliverables
QuiddiKey IP is easily integrated in any semiconductor design across all foundries and process nodes. Standard deliverables include:
- Synthesizable RTL netlist (VHDL and Verilog)
- VHDL test bench with supporting files
- Design compiler synthesis constraints (tcl)
- Driver API for easy integration
- QuiddiKey register description (IP-XACT)
- Datasheet, integration manual and driver documentation
Driver Eases Integration
The driver eases the use of the QuiddiKey HW IP for developers in an embedded software environment. It is delivered as C source and comes with a reference manual, integration tests and the QuiddiKey register description.
QuiddiKey Benefits
Security: Instead of storing keys in non-volatile memory (NVM), typically secure flash, OTP or e-fuses, QuiddiKey allows for secure key extraction from the unique physical properties of the underlying hardware. This “biometrics for electronic devices” provides a very high level of resistance against invasive attacks. Unlike keys stored in NVM, nothing is permanently programmed, and no secrets are present at power-off. Keys are bound to the device and can only be recreated and accessed on the device they have been created on.
QuiddiKey is built according to state-of-the-art security guidelines to protect against invasive and non-invasive hardware attacks.
Cost-effectiveness: Adds minimal overhead with an optimized hardware design and eliminates the need for (secure) NVM. QuiddiKey allows designers to store an unlimited number of user keys securely in unprotected NVM on/off chip.
Flexible and scalable: QuiddiKey IP can be easily integrated in any semiconductor design. Since the IP is only based on standard SRAM and digital logic, it works reliably on all available technology nodes. It eliminates the need for centralized key management and programming.
Low power: No need for additional hardware components such as a secure element chip or charge pumps. QuiddiKey offers a highly reliable secure key storage solution in the most advanced technology nodes.
Use Cases
Secure supply chain: An unlimited number of device-unique keys can be generated by each user of QuiddiKey. None of these keys are ever stored on the device even when powered off. This enables users to derive their own device-unique keys and import and protect other secrets; the wrapping functionality enables users’ applications and IP to be securely and reliably protected – for the lifetime of the device – prior to being deployed in the field.
Protection against reverse-engineering, counterfeiting/cloning: Protect your Firmware IP by encrypting it with a PUF-derived encryption key that is locked to the hardware instance of the device. When the firmware IP, tied to a device with QuiddiKey, is copied to other device instances, these rogue devices cannot unlock the IP and use it, since the devices have different hardware fingerprints.
Other use cases: Secure key storage, flexible key provisioning, HW-SW binding, secure communication, …
