A PLD (programmable logic device) is an integrated circuit that performs digital logic functions selected by a designer. PLDs include logic blocks and interconnect lines, and typically both the logic blocks and interconnect lines are programmable. One common type of PLD is an FPGA (field programmable gate array), in which the logic blocks typically include lookup tables and flip-flops that generate and store any logic function of their input signals. Another type of PLD is the CPLD (complex programmable logic device), in which the logic blocks perform the AND function and the OR function and the selection of input signals is programmable.
Designs implemented in PLDs have become so complex that they often take months to complete and debug. When a design is going into a system of which the PLD is a part and is to be sold for profit, the designer does not want the result of this design effort to be copied by someone else. The designer often wants to keep the design a trade secret.
Many PLDs, particularly FPGAs, use volatile configuration memory that must be loaded from an external device such as a PROM every time the PLD is powered up. Since configuration data is stored external to the PLD and must be transmitted through a configuration access port, the privacy of the design can easily be violated by an attacker who monitors the data on the configuration access port, e.g. by probing board traces.
A number of companies address this security problem by encrypting configuration data stored off chip. Xilinx, Inc., is one such company. Their Virtex-II™ line of FPGAs provides design security through bitstream encryption. Bitstreams are encrypted for storage using a secure triple Data Encryption Standard (DES) algorithm. The requisite decryption key is supplied to the FPGA through the IEEE 1149.1 JTAG interface for storage on-chip in non-volatile memory. The FPGA can then receive and decrypt the encrypted bitstream using the stored key.
In the Virtex-II™ encryption method, all configuration data within a given bitstream is encrypted. This provides adequate security for many applications, but can expose designs to some threats. For example, a logic designer may design an application-specific portion of a circuit to be instantiated on an FPGA and purchase a core design separately from an intellectual property (IP) vendor to provide additional functionality. The IP vendor will be interested in maintaining the core design secret from the logic designer; however, using the same encryption algorithm and key to encrypt both the core design and the application-specific portion presents the logic designer an opportunity to reverse the encryption process using the known portion and the resulting encryption. There is consequently a need for a way for IP vendors to better protect their designs.
For a more detailed discussion of configuration-data encryption, see U.S. patent application Ser. No. 10/112,790, filed Mar. 29, 2002 and entitled “METHODS AND CIRCUITS FOR PROTECTING PROPRIETARY CONFIGURATION DATA FOR PROGRAMMABLE LOGIC DEVICES,” by Stephen M. Trimberger, which is incorporated herein by reference.