Programmable Logic Circuits are Integrated Circuits (ICs) that are user configurable and capable of implementing digital logic operations. There are several types of programmable logic ICs, including Complex Programmable Logic Devices (CPLDs) and Field Programmable Gate Arrays (FPGAs), for example. CPLDs include function blocks based on programmable logic array (PLA) architecture and programmable interconnect lines to route and transmit signals between the function blocks. FPGAs may include configurable logic blocks (CLBs) arranged in rows and columns, input output blocks (IOBs) surrounding the CLBs, and programmable interconnect lines that route and transmit signals between the CLBs. In other FPGAs, IOBs are arranged in columns between the columns of other logic. Each CLB includes look-up tables and other configurable circuitry that is programmable to implement a logic function. The function blocks of CPLDs, CLBs of FPGAs and interconnect lines are configured by data stored in a configuration memory of the respective devices.
Designs implemented in programmable logic have become complex. Due to the time and investment required for design and debugging, when the design is going into a system including the programmable logic, it is desirable to protect the design from unauthorized copying.
Many programmable logic ICs use volatile configuration memory that must be loaded from an external device, such as a Programmable Read-Only Memory (PROM), every time the programmable logic is powered up. Since configuration data is stored external to the programmable logic and must be transmitted through a configuration access port, the design can easily be revealed to an attacker by monitoring the data on the configuration access port during configuration.
Other programmable logic ICs, including some FPGAs, include at least some non-volatile configuration memory within the device. However, even when a device is configured with internally stored configuration memory, configuration data can still be accessed if the designer releases configuration data to update the device.
Efforts have been made to encrypt designs, but it is difficult to make the design both secure from attackers and easy to upgrade by legitimate users. Several encryption algorithms, for example, the standard Data Encryption Standard (DES) and the more secure Advanced Encryption Standard (AES) algorithms, are known for encrypting blocks of data. Additionally, a one-time encryption pad may be used as a cipher for encrypting blocks of data by XORing blocks of data with blocks of the one-time pad (OTP). However, a key must somehow be communicated in a secure way to the structure that decrypts the design, so the design can be decrypted before being used to configure the programmable logic. Once the programmable logic has been configured using the unencrypted design, the design must continue to be protected from unauthorized discovery.
A decryption key can be stored in non-volatile memory of a programmable logic integrated circuit. An encrypted bitstream can then be loaded into the IC and decrypted using the key within the programmable logic. This prevents an attacker from reading the bitstream as it is being loaded into the programmable logic IC. However, this structure does not protect the user's design from all modes of attack. A reverse engineering process in which the programmed device is decapped, metal layers are removed, and the non-volatile memory cells are chemically treated can expose which memory cells have been charged and thus can allow an attacker to learn the decryption key. There remains a need for a design protection method that is convenient, reliable, and secure.
The present invention may address one or more of the above issues.