Evolved circuits for bitstream protection

US 8,355,502 B1
Filed: 04/05/2005
Issued: 01/15/2013
Est. Priority Date: 05/12/2003
Status: Active Grant

First Claim

Patent Images

1. A configuration bitstream for a particular reprogrammable integrated circuit (IC), the configuration bitstream comprising:

an evolved circuit bitstream for configuring an evolved circuit in the reprogrammable IC, the evolved circuit bitstream being defined by an iterative configuration process based on a predetermined security-based evaluation function, the evolved circuit generating a constant output for a given input each time the evolved circuit is implemented in the particular reprogrammable IC based upon at least one physical property associated with a process variation of the particular reprogrammable IC, wherein the iterative configuration process results in a design for the evolved circuit based upon the at least one physical property associated with the process variation of the particular reprogrammable IC and the evolved circuit enables decrypting an encrypted bitstream for the particular reprogrammable IC.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security circuit for a reprogrammable logic IC includes an evolved circuit that ties the performance of the security circuit to the physical properties of that particular reprogrammable logic IC. The security circuit can be a decryption and/or encryption circuit that decrypts and/or encrypts, respectively, a configuration bitstream for the IC. Because of the link between the performance of the security circuit and the physical properties of the IC, the security circuit cannot be used in other ICs. For example, an encrypted bitstream that can be decrypted by the security circuit in a first IC will typically not be decrypted by the same security circuit in a second IC, since the physical properties of the two ICs will typically be different. The evolved circuit can comprise a portion of the security circuit, such as a security key generator, or it can comprise the full security circuit.

Citations

20 Claims

1. A configuration bitstream for a particular reprogrammable integrated circuit (IC), the configuration bitstream comprising:
- an evolved circuit bitstream for configuring an evolved circuit in the reprogrammable IC, the evolved circuit bitstream being defined by an iterative configuration process based on a predetermined security-based evaluation function, the evolved circuit generating a constant output for a given input each time the evolved circuit is implemented in the particular reprogrammable IC based upon at least one physical property associated with a process variation of the particular reprogrammable IC, wherein the iterative configuration process results in a design for the evolved circuit based upon the at least one physical property associated with the process variation of the particular reprogrammable IC and the evolved circuit enables decrypting an encrypted bitstream for the particular reprogrammable IC.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The configuration bitstream of claim 1, wherein the configuration bitstream further comprises a decryption circuit bitstream for implementing a decryption circuit in the particular reprogrammable IC, the decryption circuit bitstream including the evolved circuit bitstream.
  - 3. The configuration bitstream of claim 2, further comprising the encrypted bitstream to be decrypted by the decryption circuit.
  - 4. The configuration bitstream of claim 1, wherein the configuration bitstream further comprises an encryption circuit bitstream for implementing an encryption circuit in the particular reprogrammable IC, the encryption circuit bitstream including the evolved circuit bitstream.
  - 5. The configuration bitstream of claim 1, wherein the particular reprogrammable IC comprises a field programmable gate array.

6. A method for encrypting a configuration bitstream for a particular reprogrammable integrated circuit (IC) having reprogrammable resources, the method comprising:
- evolving an evolved circuit by applying an iterative configuration process to a portion of the reprogrammable resources until the portion of the reprogrammable resources satisfies a predetermined security-based evaluation function, wherein the iterative configuration process results in a design for the evolved circuit based upon at least one physical property associated with a process variation of the particular reprogrammable IC and;
  
  incorporating the evolved circuit into a decryption circuit in the particular reprogrammable IC, wherein the evolved circuit will generate a constant output for a given input each time the evolved circuit is implemented in the particular reprogrammable IC based upon the at least one physical property associated with the process variation of the particular reprogrammable IC and enables the decryption circuit to decrypt an encrypted configuration bitstream for the particular reprogrammable IC; and
  
  encrypting the configuration bitstream to be decrypted by the decryption circuit.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 7. The method of claim 6, wherein the evolved circuit comprises a first counter having a weakly specified frequency, and wherein encrypting the configuration bitstream comprises:
    - implementing the decryption circuit in the particular reprogrammable IC;
      
      reading a plurality of counter results from the evolved circuit at regular intervals;
      
      combining the plurality of counter results to generate a security key for the decryption circuit; and
      
      encrypting the configuration bitstream using the security key.
  - 8. The method of claim 6, wherein encrypting the configuration bitstream comprises:
    - generating an encryption key using the evolved circuit, wherein the configuration bitstream comprises a first quantity of bits, and wherein the encryption key comprises a second quantity of bits, the first quantity being equal to the second quantity; and
      
      performing an XOR operation on the configuration bitstream and the encryption key.
  - 9. The method of claim 6, wherein evolving the evolved circuit comprises:
    - selecting the portion of the reprogrammable resources;
      
      defining the security-based evaluation function;
      
      loading a candidate bitstream into the particular reprogrammable IC to configure the portion of the reprogrammable resources into a logic configuration;
      
      comparing a sample output from the logic configuration against a desired output from the security-based evaluation function; and
      
      modifying and reloading the candidate bitstream into the particular reprogrammable IC to reconfigure the portion of the particular reprogrammable resources until the sample output matches the desired output.
  - 10. The method of claim 9, wherein modifying and reloading the candidate bitstream comprises applying a random permutation to the candidate bitstream.
  - 11. The method of claim 9, wherein modifying and reloading the candidate bitstream comprises locking selected bits in the candidate bitstream to prevent modification of those selected bits.
  - 12. The method of claim 9, wherein loading the candidate bitstream into the particular reprogrammable IC comprises combining the candidate bitstream with a predefined static circuit bitstream.
  - 13. The method of claim 9, wherein the security-based evaluation function comprises a constant output function.
  - 14. The method of claim 13, wherein the constant output function specifies a specific signal for the desired output.
  - 15. The method of claim 9, wherein the security-based evaluation function is applied across a range of temperatures for the particular reprogrammable IC.
  - 16. The method of claim 9, wherein the security-based evaluation function is applied across a range of supply voltages for the particular reprogrammable IC.
  - 17. The method of claim 6, wherein encrypting the configuration bitstream comprises generating a security key using the evolved circuit, further comprising:
    - storing the security key in a nonvolatile memory in the particular reprogrammable IC.

18. A method for distributing a configuration bitstream for a particular reprogrammable integrated circuit (IC), the method comprising:
- designing a decryption circuit for the particular reprogrammable IC, the decryption circuit comprising an evolved circuit developed by applying an iterative configuration process to a set of resources in the particular reprogrammable IC until the set of resources satisfies a predetermined evaluation function, wherein the iterative configuration process results in a design for the evolved circuit based upon at least one physical property associated with a process variation of the particular reprogrammable IC and;
  
  creating an encrypted bitstream to be decrypted into the configuration bitstream by the decryption circuit;
  
  shipping the particular reprogrammable IC to a user;
  
  providing a decryption circuit bitstream to the user, the decryption circuit bitstream implementing the decryption circuit when loaded into the particular reprogrammable IC, wherein the evolved circuit of the decryption circuit will generate a constant output for a given input each time the evolved circuit is implemented in the particular reprogrammable IC based upon the at least one physical property associated with the process variation of the particular reprogrammable IC and enables the decryption circuit to decrypt the encrypted bitstream; and
  
  providing the encrypted bitstream to the user.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18, wherein the evolved circuit comprises a key generator for generating a security key, wherein the decryption circuit performs decryption using the security key, and wherein creating the encrypted bitstream comprises:
    - reading the security key from the particular reprogrammable IC; and
      
      encrypting the configuration bitstream into the encrypted bitstream using the security key.
  - 20. The method of claim 18, wherein the evolved circuit comprises a key generator for generating a security key, wherein the decryption circuit performs decryption using the security key, and wherein creating the encrypted bitstream comprises:
    - implementing the evolved circuit in the particular reprogrammable IC;
      
      implementing an encryption circuit in the particular reprogrammable IC, the encryption circuit being coupled to receive the security key from the evolved circuit, the encryption circuit performing encryption using the security key; and
      
      providing the configuration bitstream to the encryption circuit to encrypt the configuration bitstream into the encrypted bitstream.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Xilinx, Inc. (Advanced Micro Devices, Inc.)
Original Assignee
Xilinx, Inc. (Advanced Micro Devices, Inc.)
Inventors
Donlin, Adam P., Trimberger, Stephen M.
Primary Examiner(s)
Vu, Kim
Assistant Examiner(s)
TRUVAN, LEYNNA THANH

Application Number

US11/099,765
Time in Patent Office

2,842 Days
Field of Search

716/1, 716/4, 716/7, 716/17, 326/8, 326/15, 326/37, 326/41, 326/101, 326/105, 711/145, 713/1, 713/100
US Class Current

380/37
CPC Class Codes

G06F 21/72 in cryptographic circuits

Evolved circuits for bitstream protection

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Evolved circuits for bitstream protection

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links