FirstEDA news articles
FirstEDA are the Sales Channel for Aldec in the UK & Ireland
You can read this article in Electronics Weekly here.
Protecting your IP just got simpler
Christine Evans-Pughe
There was a rare outbreak of agreement at the Design Automation Conference this year when the FPGA tools company Synplicity announced a free, non-proprietary IP encryption flow and the idea got the thumbs up from EDA companies, IP vendors, and FPGA companies alike. If adopted across the industry, the proposed mechanism should make a great deal more IP available to FPGA users by providing a secure mechanism for distributing IP to thousands of different users.
In the past, FPGA firms and EDA vendors have employed their own proprietary IP core encryption/decryption schemes, which has meant that IP vendors wanting to sell to a variety of FPGA users have had to package their cores in multiple different ways to run in different tools. This has been costly and has hampered IP evaluation. “Clearly you can’t just put your source-code out there, it would be crazy, but there needs to be a way for someone to simulate a core and see if it’s going to work in their environment,” explains Hal Barbour, CEO of CAST, a broad range IP vendor. “It currently costs a great deal to generate cores for all the different vendors tools. The appeal of a format you can do once and then can be used for a variety of FPGA suppliers and toolsets, is that it really cuts down the support required.”
FPGA companies Xilinx, Altera, Actel and Lattice all like the idea (in fact Lattice has been using the encryption mechanism with hundreds of customers since December 2005) because they hope it will open up the IP market. “We’re seeing more and more migration to programmable logic and a greater need for IP, so any tool that helps IP companies to become profitable and successful is interesting to us. Well over 50 per cent of FPGAs now have IP in them,” explains Steve Mensor, Altera’s director of marketing for IP.
The methodology is also applicable to Asic design flows, but the industry view is it will not be taken up for Asic because there aren’t thousands of customers to distribute to. “It would be lovely to have but I don’t believe it will happen,” says Mike Kaskowitz, v-p of Mosaid’s the IP division and previously the president of the VSIA IP standards body.“ The biggest issue in the Asic world is not theft, which implies malicious intent, but accidental misappropriation at the engineering level and that’s a tagging and tracking issue,” he explains.
Synplicity’s proposal allows IP vendors to create a single version of the encrypted data that can be used by tools from multiple EDA vendors. It uses a combination of symmetric and asymmetric encryption in an effort to get the benefits of both. It is based on a mechanism that Cadence has already donated to the IEEE 1364-2005 Verilog Working Group (and has been employed in Cadence’s NC-Verilog simulator for several years) with the addition of support for VHDL and EDIF.
With symmetric encryption (e.g. DES and AES), the algorithm uses the same key to encrypt and decrypt the file. Both processes take a few seconds. The snag is that each IP vendor has a single key so if that key is cracked, all their IP becomes compromised. To solve this, the IP vendor needs to associate a unique key with each EDA vendor who also needs a unique key for every FPGA vendor. It can be rather confusing.
In asymmetrical (public key) encryption, there is a public key for encryption and a private key for decryption. The IP is encrypted with the public key and decrypted by a private key inside the EDA tool. The IP vendor has to create an encrypted copy of the IP blocks for each EDA vendor and the biggest spanner in the works is that a large IP block can take several hours to encrypt or decrypt.
With Synplicity’s hybrid approach, the IP vendor encrypts the IP with their own symmetric key using DES, Triple DES or AES. The vendor then encrypts this data key using the asymmetric public key cipher RSA and each EDA vendor’s public key, to produce several ‘key blocks’. This only takes seconds because the files are so small. The IP vendor finally bundles the data block and all the key blocks into one file, which can be sent to every EDA vendor.
Once the IP block is within a synthesis or simulation tool, the EDA vendor’s private key decrypts the correct key block and extracts the data key, which is then used to decrypt the IP data block. Inside the data block, the IP vendor will include a script that tells each tool what is required, such as how to best synthesise the core.
“The nice thing is that user doesn’t have to do anything special and may not even know that the IP is even encrypted because the tools know what to do when they receive the IP,” explains Andy Haines, Synplicity’s v-p of marketing. He adds: “Based on what I’ve seen so far I’m completely confident that this is going to become a standard. We’re talking to various standards organisations now and we will select one and donate the copyright for the material with developed.”
Aldec is already supporting the Open IP Encryption Initiative design flow in the latest version of its Riviera simulation tool, and is looking forward to future enhancements. Jarek Kaczynski, a research engineer at Aldec comments: “There is one feature that could be appreciated by large and complicated IP users: viewports (or test points) allowing access to selected, internal objects of the encrypted IP. While the idea of viewports may seem simple, implementation into the tools is quite challenging. If the support for the new standard grows, implementation of this new feature will be more feasible,” he adds.
Mentor Graphics, which sells both FPGA synthesis and simulation tools, has also acknowledged the value of the initiative but says it needs to be taken over by a standards body as soon as possible for it to achieve widespread adoption. “IP encryption is one piece of the IP ecosystem that needs to be an industry standard. Without a standard, IP and EDA tool providers will have too many independent schemes to support and the entire effort will fail. Customers will also face an overly complex situation that is costly. The only method for an efficient ecosystem is for an independent organisation, such as the VSIA, to own this standard and continue the standard’s un-restricted evolution,” states Bill Martin, general manager of Mentor Graphics Intellectual Property Division.
Synplicity’s Haines says he is confident that the Open IP Encryption Initiative will be a standard by early next year.
