FPGA Central

Hello,

I am working on cryptographic application over VirtexII FPGAs. I
need to store a simmetric key inside a reg of the FPGA, but I dont
want that someboy could read it analizyng the bitstream. The bitstream
could not be encrypted. Has anybody experience about hide data inside
a FPGA?. Anyone knows some papers about this topic?

Regards

Javier

Javier Castillo wrote:
> Hello,
>
> I am working on cryptographic application over VirtexII FPGAs. I
> need to store a simmetric key inside a reg of the FPGA, but I dont
> want that someboy could read it analizyng the bitstream. The bitstream
> could not be encrypted. Has anybody experience about hide data inside
> a FPGA?. Anyone knows some papers about this topic?
>
> Regards
>
> Javier

Hiding a key should be easy if your "reg of the FPGA" is formed by a
non-contiguous set of flip-flops. Unless the person reading the
bitstream
understands the register's usage within the FPGA, they could not
determine
which of the bitstream bits make up the "reg" and in what order. Try
to avoid regular structures (like relational place macros) for your
register and either place the flip-flops randomly by hand, or set
the placement switches to ignore register ordering when you place and
route.

Javier Castillo wrote:
> Hello,
>
> I am working on cryptographic application over VirtexII FPGAs. I
> need to store a simmetric key inside a reg of the FPGA, but I dont
> want that someboy could read it analizyng the bitstream. The bitstream
> could not be encrypted. Has anybody experience about hide data inside
> a FPGA?. Anyone knows some papers about this topic?
>
> Regards
>
> Javier

I'd say force the placement of theses regs around. And you can also make
a small logic block that "calculates" the key from apparently random data.


Sylvain

On 8 Aug 2005 06:16:01 -0700, "Gabor" <gabor@al[email protected]> wrote:

>
>Javier Castillo wrote:
>> Hello,
>>
>> I am working on cryptographic application over VirtexII FPGAs. I
>> need to store a simmetric key inside a reg of the FPGA, but I dont
>> want that someboy could read it analizyng the bitstream. The bitstream
>> could not be encrypted. Has anybody experience about hide data inside
>> a FPGA?. Anyone knows some papers about this topic?
>>
>> Regards
>>
>> Javier
>
>Hiding a key should be easy if your "reg of the FPGA" is formed by a
>non-contiguous set of flip-flops. Unless the person reading the
>bitstream
>understands the register's usage within the FPGA, they could not
>determine
>which of the bitstream bits make up the "reg" and in what order. Try
>to avoid regular structures (like relational place macros) for your
>register and either place the flip-flops randomly by hand, or set
>the placement switches to ignore register ordering when you place and
>route.

A problem arises if you are making more than one device though if they need different keys, as an
attacker could compare the bitstreams to find where the key is stored. Adding a significant amount
of extra random data would make it harder.
Another thing you could do is store a large block of data in a RAM element, with multiple levels of
indirection, i.e. some bits determine the location of other bits, which determine the location of
other bits etc., with the rest filled with random data.

Maybe you should think about another FPGA (e.g. without bitstream).

Otherwise I would generate the key instead of hardwireing it.
It depends on your apllication how save you need the key and how likely
it is that an attacker has access to your bitstream.

bye Thomas

> Javier Castillowrote
Hello
>
> I am working on cryptographic application over VirtexII FPGAs.
> need to store a simmetric key inside a reg of the FPGA, but I don
> want that someboy could read it analizyng the bitstream. Th
bitstrea
> could not be encrypted. Has anybody experience about hide dat
insid
> a FPGA?. Anyone knows some papers about this topic
>
> Regard
>
> Javie

Javier

If you use the new Lattice XP devices, the need for an external PRO
is eliminated and read back can be disabled. They do this by havin
the Flash internal. Just offering another way to "skin the cat"

Regards
Jeff Holle
Lattice FA
(yes, I work for Lattice

Would be nice if more Lattice FAEs would participate n the discussions
on this
board ...

Rgds
André

<[email protected]> schrieb im Newsbeitrag
news:[email protected] oups.com...
Would be nice if more Lattice FAEs would participate n the discussions
on this
board ...

Rgds
André

there are people with Lattice and Actel experience around, but yes there
seem to be no public comments from anyone directly from Lattice of Actel.
This could actually be corporate policy of those companies. ?

Antti

On Tue, 09 Aug 2005 19:16:32 -0500,
[email protected]d (jholley) wrote:

>> Javier Castillowrote:
>Hello,
>>
>> I am working on cryptographic application over VirtexII FPGAs. I
>> need to store a simmetric key inside a reg of the FPGA, but I dont
>> want that someboy could read it analizyng the bitstream. The
>bitstream
>> could not be encrypted. Has anybody experience about hide data
>inside
>> a FPGA?. Anyone knows some papers about this topic?
>>
>> Regards
>>
>> Javier
>
>Javier,
>
>If you use the new Lattice XP devices, the need for an external PROM
>is eliminated and read back can be disabled. They do this by having
>the Flash internal. Just offering another way to "skin the cat".
>
>Regards,
>Jeff Holley
>Lattice FAE
>(yes, I work for Lattice)

Hello,
Thank you for your answer. I am not familiar with those type of FPGAs
and I dont know the configuration mechanism. Is it possible to
on-the-field reprogram a FLASH based FPGA using a external
microprocessor connected to Internet as in Xilinx IRL scheme?

Best Regards

Javier Castillo

"Javier Castillo" <[email protected]> schrieb im Newsbeitrag
news:[email protected]..
> On Tue, 09 Aug 2005 19:16:32 -0500,
> [email protected]d (jholley) wrote:
>
> >> Javier Castillowrote:
> >Hello,
> >>
> >> I am working on cryptographic application over VirtexII FPGAs. I
> >> need to store a simmetric key inside a reg of the FPGA, but I dont
> >> want that someboy could read it analizyng the bitstream. The
> >bitstream
> >> could not be encrypted. Has anybody experience about hide data
> >inside
> >> a FPGA?. Anyone knows some papers about this topic?
> >>
> >> Regards
> >>
> >> Javier
> >
> >Javier,
> >
> >If you use the new Lattice XP devices, the need for an external PROM
> >is eliminated and read back can be disabled. They do this by having
> >the Flash internal. Just offering another way to "skin the cat".
> >
> >Regards,
> >Jeff Holley
> >Lattice FAE
> >(yes, I work for Lattice)
>
> Hello,
> Thank you for your answer. I am not familiar with those type of FPGAs
> and I dont know the configuration mechanism. Is it possible to
> on-the-field reprogram a FLASH based FPGA using a external
> microprocessor connected to Internet as in Xilinx IRL scheme?
>
> Best Regards
>
> Javier Castillo

yes it is.

the Actel PA3 also allows non volatile secure keys for encrypted bitstream
(I thínk that is not possible for LatticeXP)

Antti

Javier Castillo wrote:
> Thank you for your answer. I am not familiar with those type of FPGAs
> and I dont know the configuration mechanism. Is it possible to
> on-the-field reprogram a FLASH based FPGA using a external
> microprocessor connected to Internet as in Xilinx IRL scheme?

They use JTAG, so I suppose you could put a JTAG master in your micro.

-a

> I am working on cryptographic application over VirtexII FPGAs. I
> need to store a simmetric key inside a reg of the FPGA, but I dont
> want that someboy could read it analizyng the bitstream. The bitstream
> could not be encrypted. Has anybody experience about hide data inside
> a FPGA?. Anyone knows some papers about this topic?


As a possible alternative, you might want to consider ...

http://www.actel.com/products/rescen...ons/flash.aspx
http://www.actel.com/products/pa3/index.aspx

cheers,
Kris