The Syndicated

Hybrid Encryption Methodology Aids Designers, IP Providers and EDA Vendors

Editor's Note: Jim Robinson, Vice President of Corporate Applications at Synplicity, Inc. is guest writing this article for Ken McElvain.

Since value-added IP first emerged over a decade ago, it has held the promise of shaving months off of development time while significantly enhancing design functionality for IC designers. In reality, however, this innovation has fallen short of fulfilling its promise. At the heart of the problem is the need by IP providers to protect their development investment.

Few IC designers can afford to pay the prohibitive price for IP source code, so IP suppliers provide significantly less costly “black box” (or encrypted) versions for use with specific design tools. One problem with this methodology is that the IP vendor must manage the task of maintaining multiple IP core versions for various tool sets. An even bigger problem is that most tool sets in use today consist of EDA solutions from various sources making it very difficult for IC designers to use encrypted IP throughout their flow. A so-called “black box flow” can impair designers’ ability to debug and analyze designs and may impair EDA tools’ ability to deliver the best result.

To address the need for a means to protect IP from piracy while making it easier for the IP supplier to deploy, the IC designer to use, and the EDA vendor to support, Synplicity has developed and introduced an open IP encryption/decryption methodology. This non-proprietary solution leverages other developments such as IEEE 1364-2005 for Verilog and commonly used encryption mechanisms in a new usage model that is viable as an industry standard. With this capability, IP providers and EDA vendors can deliver solutions with the level of flexibility and security to enable designers to realize the full potential of value-added IP in their development efforts.

In an effort to alleviate the problems associated with traditional encryption methods and to deliver the high security and productivity demanded by the various constituencies, Synplicity has developed a hybrid approach that exploits the strengths of both symmetric and asymmetric methods. In a hybrid IP cryptosystem (figure 1), the IP vendor generates a symmetric key and uses it to rapidly encrypt the IP. The IP vendor then encrypts this symmetric key itself using an asymmetric algorithm and the EDA vendor’s public key, repeating the process for each EDA vendor. Because the key doesn’t represent a lot of data, even the asymmetric encryption process for multiple vendors is very fast. The IP provider combines the encrypted IP and encrypted keys for all EDA vendors into a single file and delivers the file to all its customers. The EDA tools that support this methodology are equipped with sufficient information embedded in the IP envelope to fully utilize the IP when the end user integrates it into a design.

Figure 1. Hybrid IP Encryption Scheme

The EDA tool, thus endowed with the vendor’s private key, symmetrically decrypts the keys and IP, integrates the IP with unencrypted elements of the design, processes the design, and then encrypts the proprietary portions of the output using the same keys. Each EDA tool uses its own private key to access the IP vendor’s unique symmetric key, and all decryption, data manipulation and encryption activities take place inside the EDA applications. The unencrypted IP is never accessible by the end user, and files are decrypted in memory only and never stored on disk.

In addition to hybrid encryption, another key development that contributes to the confluence of an open IP-based design flow is encryption-embedding mechanisms that are now appearing in standard design languages and data formats. The recently published Verilog standard IEEE 1364-2005 and forthcomming VHDL standard both are compatible with a hybrid encryption scheme. These standards also allow the IP vendor to specify the type of encryption algorithm used, as well as the flexibility to partially decrypt an element in certain stages of the design process where more visibility is required, such as verification and debugging.

Gaining acceptance

The capabilities of this open IP encryption methodology have been tested and proven by a number of early adopters, namely Synplicity, ALDEC and Lattice Semiconductor. Since Synplicity’s formal announcement of their IP encryption flow in June of 2006, interest is high among IP providers and EDA vendors alike.

Broadening usage is the next important step in enabling this capability to fully realize its potential for unburdening IP and EDA vendors, and empowering IC designers. To this end, Synplicity has donated its Open IP encryption methodology to the VSI Alliance (VSIA). The VSIA has created the IP Encryption working group with the purpose of creating an industry Encryption standard based on Synplicity’s methodology.