The protection of hardware designs is the most important requirement for many FPGA IP vendors. IP to be used on SRAM FPGAs is more vulnerable to attacks because the programming bitstream has to be stored on non-volatile memory (NVM) external to the chip. To this end, FPGA manufacturers have proposed various solutions based on the technique of bitstream encryption. However, such traditional encryption solutions based on NVM/fuses are vulnerable to invasive attacks as the secret (in the form a secret key) is present in the system during such an attack.
Physical Unclonable Functions (PUFs), with a unique circuit based on the intrinsic physical characteristics of integrated circuits, provide significantly higher security assurance. Keys derived from a PUF are volatile and derived only when required. They don’t need to be stored in NVM and when a chip is powered off no keys can be found by an attacker.
The first practical PUF on an FPGA was proposed in 2007  and was an SRAM PUF, which uses the startup values of uninitialized SRAM. Most FPGAs do not support uninitialized SRAM memory. In most FPGAs SRAM memories are forcibly set to a known state upon startup. The most successful alternative to date is the Butterfly PUF, proposed in 2008 , which can be instantiated on a large family of FPGAs and strong cryptographic keys can be derived without the need for uninitialized SRAM.
What is a Butterfly PUF?
The concept of the Butterfly PUF is based on the idea of creating structures within the FPGA matrix which behave similarly to an SRAM cell during the startup phase. A Butterfly PUF cell is a cross-coupled bistable circuit*, which can be brought to an unstable state before it settles to one of the two stable states that are possible. The structure consists of two latches whose outputs are cross coupled as indicated in the figure on the right.
To start the PUF operation, the excite signal is set to high. This brings the Butterfly PUF circuit to an unstable operating point (as both latches have opposite signals on their inputs and outputs). After a few clock cycles the excite signal is set to low. This starts the process of the PUF circuit to attain either one of the two possible stable states, 0 or 1, on the out signal. The stable state depends on the slight differences in the delays of the connecting wires which are designed using symmetrical paths on the FPGA matrix. Hence, these slight variations are based only on the intrinsic characteristics of the integrated circuit and vary from device to device, and position, on the FPGA. However, for the same FPGA, latch locations, and routing resources, the stable state tends to be the same over time and over a large temperature range. An attacker cannot derive these stable states from the bitstream since it does not contain these values. Also, an attack cannot derive the stable states from the FPGA itself as these properties are determined by the minute process variations for the basic elements and routing used for the butterfly PUF structures.
Hence the Butterfly circuit is an implementation of a PUF circuit within the FPGA matrix whose properties depend only on the intrinsic physical characteristics of the integrated circuit and can be used for identification.
Intrinsic ID has developed products for FPGAs which have been designed specifically to meet the security and reliability requirements of defense contractors and government agencies. For more information please contact MAGsales[@]Intrinsic-ID.com.
What is a Cross-coupled Bistable Circuit?
A cross-coupled circuit is a basic building block used in all types of storage elements in electronic circuits such as latches, flip-flops and SRAM memories. It is constructed such that it provides a positive-feedback loop to store the required bit value within the loop. Notice in the figure on the right that such cross-coupled circuits have two different stable operating points (to store the bit value) and an unstable operating point as shown. The circuit automatically settles in one of the two stable states due to slight differences in the elements used to build the circuit (latches in the case of the butterfly PUF). We use this fact to build a PUF where the circuit is initially at the unstable operating point and left to attain one of the two stable operating points. With high probability the circuit goes to a preferred stable state. This behavior is due to small differences in the wire delays and cross-coupled element’s (here latch) voltage transfer characteristics. It is important to note that these circuits are constructed as symmetrically as possible, and all variations are due to randomness in the circuit which is beyond the control of the designer.
 J. Guajardo, S. S. Kumar, G.-J. Schrijen, and P. Tuyls. FPGA Intrinsic PUFs and Their Use for IP Protection. In P. Paillier and I. Verbauwhede, editors, Cryptographic Hardware and Embedded Systems — CHES 2007, volume 4727 of LNCS, pages 63–80. Springer, September 10-13, 2007.
 Kumar, S.S., Guajardo, J., Maes, R., Schrijen, G.J., Tuyls, P.: The Butterfly PUF: Protecting IP on every FPGA. In: IEEE International Workshop on Hardware-Oriented Security and Trust, HOST (2008)