SRAM PUF – Root Key from Silicon “Fingerprint”
SRAM Physical Unclonable Functions, or PUFs, use the behavior of standard SRAM, available in any digital chip, to differentiate chips from each other. They are virtually impossible to duplicate, clone or predict. This makes them very suitable for applications such as secure key generation and storage, device authentication, flexible key provisioning and chip asset management.
Due to deep submicron process variations in the production process, every transistor in an SRAM cell has slightly random electric properties. This randomness is expressed in the startup values of uninitialized SRAM. These values form a unique chip fingerprint, called the SRAM PUF response.
An SRAM PUF response is a noisy fingerprint, and turning it into a high-quality and secure key vault requires further processing. This is done with the QuiddiKey IP. QuiddiKey reliably reconstructs the same cryptographic key under all environmental circumstances. It generates an Activation Code which, in combination with the SRAM startup behavior, is used to reconstruct on demand, in real time, an intrinsic PUF key which is never stored. When it is needed later it can be reconstructed. The intrinsic PUF key can be used as a root key for key derivation and wrapping. A key protected by QuiddiKey is integrity protected and can be retrieved only on the same device while it will be meaningless on other devices.
QuiddiKey is available in two configurations:
Device-unique key creation, derivation, wrapping and management
Device-unique key creation and derivation
Secure: QuiddiKey has significant security advantages compared to traditional key storage methods. Each chip has its unique unclonable key. At power-up, SRAM bits settle in the one or zero state in a non-deterministic way that not even the manufacturer can predict or duplicate. Furthermore, because the key is not permanently stored, it is not present when the device is unpowered (no key at rest) and hence cannot be found by an attacker opening up the device.
Low Cost: Keys are extracted from the chip, on demand. Keys do not need to be programmed in NVM or OTP.
Flexible & Scalable: Keys can be provisioned at any suitable stage in the production process. The low footprint and flexible design make QuiddiKey suitable for most semiconductor platforms, and scalable to billions of devices.
SRAM PUF responses have been qualified for use with QuiddiKey over a wide operating range:
- Qualified semiconductor technology nodes ranging from 350nm down to 7nm
- Semiconductor processes include low power, high speed and high density
- Temperature range from -55°C to 150°C [-67°F to 300°F]
- Voltage supply variation +/- 20%
- Accelerated lifetime > 25 years
QuiddiKey hardware IP is easily integrated in any semiconductor design or firmware. Standard deliverables include:
- Synthesizable RTL netlist (VHDL and Verilog)
- APB interface
- Test bench, synthesis constraints
- Datasheet and integration manual
|Security Strength (bits)|
|Variable Key Length|
|PUF (KB) related to Security Strength|
|Size (K gates, Engine + APB + BIST)|
19 + 1+ 4.5*
28.5 + 1 + 4.5
|Generate Device Keys and Random Values|
|Wrap and Unwrap Keys||
*BIST is optional for Safe