It is known to distribute content by encrypting the content using a secret key and then encrypting the secret key using a public key of a private key/public key pair. The content is encrypted using a secret key which provides what is referred to as symmetrical encryption because encryption and decryption is effected in accordance with similar operations as part of a reciprocal process. Symmetrical encryption and decryption using a private secret key is relatively simple in terms of the computations, which are require to effect the encryption or decryption process. In contrast, asymmetric encryption which is effected using a public key/private key pair such as that used in accordance with the Rivest-Shamir-Adleman (RSA) algorithm is computationally more involved, but is to some extent more secure. Accordingly, asymmetric encryption using the public key/private key pair is not used for the content data, which represents a substantial amount of data, because of the substantially greater amount of computations required to encrypt using asymmetric encryption. For this reason, in known systems for distributing content, the content data is encrypted with the private secret key. The private secret key, which is used for encrypting the content will be referred to as the content key. The content key is encrypted with the public key of the private key/public key pair and distributed with the encrypted content. Thus by providing the receiver of the content with the private key corresponding to the public key, the receiver can decrypt the content key thereby recovering the content by decrypting that content using the content key. For example, it is known to broadcast television programs to set top boxes using such an arrangement in which a smart card is provided with the private key of the public key/private key pair for decrypting the content key.
Field programmable gate arrays are an example of programmable logic devices which can be used to form an encryption or decryption processor by providing the field programmable gate array (FPGA) with a configuration program which configures the gate array to form an encryption and/or decryption processor. In order to be secure the FPGA must be provided with the configuration program in an encrypted form. This is because, if an attacker could recover the configuration program then it may be possible to identify the encryption/decryption algorithm and/or private keys for encrypting/decrypting. Furthermore, the encryption keys must be provided securely. To this end, some manufacturers of FPGAs such as Xilinx (RTM) provide an FPGA with an on-chip hardware decryption processor for decrypting a configuration program stored in a non-volatile memory as part of the FPGA. When power up occurs on the FPGA, the configuration program is first decrypted by the hardware decryption processor using a first secret configuration key stored in a register in the decryption hardware. The decryption hardware is also provided with additional hardware protection to hinder attempts to determine the decryption algorithm and the secret configuration key. Thus, the configuration program can be encrypted so that intellectual property associated with the configuration program, which will provide the functionality of the FPGA, can be protected.