Programmable logic device with decryption and structure for preventing design relocation
First Claim
1. A PLD with decryption and structure for preventing design relocation comprising:
- a decryptor for decrypting an encrypted bitstream;
an address indicator for indicating an address into which configuration data will be loaded; and
a decryption algorithm implemented by the decryptor, wherein the decryption algorithm uses data from the address indicator for decrypting the encrypted bitstream;
wherein the decryption algorithm comprises the DES algorithm; and
wherein the DES algorithm includes at least one cipher block algorithm selected from the group consisting of a cipher block chaining algorithm and a cipher feedback mode algorithm, and the address indicator is placed into a starter value of the at least one cipher block algorithm.
1 Assignment
0 Petitions
Accused Products
Abstract
It is sometimes desirable to protect a design used in a PLD from being copied. According to the present invention, the design is encrypted, then loaded into a PLD, then decrypted, and then loaded into the configuration memory of the PLD. An attacker could relocate the design to a visible part of the PLD and learn the design. The present invention prevents design relocation by attaching address information to the encryption key or by encrypting an address where the design is to be loaded as well as encrypting the design itself. Thus, if an attacker tries to load the design into a different part of the PLD, the encrypted design will not decrypt properly.
76 Citations
19 Claims
-
1. A PLD with decryption and structure for preventing design relocation comprising:
-
a decryptor for decrypting an encrypted bitstream; an address indicator for indicating an address into which configuration data will be loaded; and a decryption algorithm implemented by the decryptor, wherein the decryption algorithm uses data from the address indicator for decrypting the encrypted bitstream; wherein the decryption algorithm comprises the DES algorithm; and wherein the DES algorithm includes at least one cipher block algorithm selected from the group consisting of a cipher block chaining algorithm and a cipher feedback mode algorithm, and the address indicator is placed into a starter value of the at least one cipher block algorithm. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for configuring a programmable logic device (PLD), comprising:
-
storing a plurality of decryption keys in storage elements of the PLD; receiving a configuration bitstream at the PLD, wherein the configuration bitstream includes control data and configuration data, the control data includes an address that references configuration memory of the PLD, and at least the configuration data is encrypted; decrypting the configuration bitstream in the PLD using the address from the configuration bitstream and the plurality of decryption keys, whereby a decrypted configuration bitstream is generated; storing configuration data from the decrypted configuration bitstream in configuration memory of the PLD; disabling readback of configuration data from the PLD after storing the configuration data in configuration memory; and disabling partial reconfiguration of the PLD in response to decryption of the configuration bitstream. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. An apparatus for configuring a programmable logic device (PLD), comprising:
-
means for storing a plurality of decryption keys in storage elements of the PLD; means for receiving a configuration bitstream at the PLD, wherein the configuration bitstream includes control data and configuration data, the control data includes an address that references configuration memory of the PLD, and at least the configuration data is encrypted; means for decrypting the configuration bitstream in the PLD using the address from the configuration bitstream and the plurality of decryption keys, whereby a decrypted configuration bitstream is generated; means for storing configuration data from the decrypted configuration bitstream in configuration memory of the PLD; means for disabling readback of configuration data from the PLD after storing the configuration data in configuration memory; and means for disabling partial reconfiguration of the PLD in response to the means for decrypting the configuration bitstream.
-
-
15. A programmable logic device (PLD), comprising:
-
a configuration memory; programmable logic circuitry coupled to the configuration memory; a key management circuit adapted for storage of a plurality of keys; a configuration circuit coupled to the configuration memory and to the plurality of storage elements, the configuration circuit adapted to configure the configuration memory with an input configuration bitstream, wherein the configuration bitstream includes control data and configuration data, the control data includes an address that references configuration memory of the PLD, and at least the configuration data is encrypted; and a decryptor coupled to the configuration circuit and to the plurality of storage elements, the decryptor configured to decrypt, responsive to the configuration circuit, an input configuration bitstream using the address from the configuration bitstream and a plurality of decryption keys stored in the plurality of storage elements; wherein the decryptor is adapted to perform DES decryption using at least one of cipher block chaining and cipher feedback and include the address in an input value to the at least one of cipher block chaining and cipher feedback. - View Dependent Claims (16, 17, 18, 19)
-
Specification