Synplicity Open IP Protection Methodology in Riviera

By Jaroslaw Kaczynski, Research Engineer, ALDEC, Inc.

Introduction

Lack of industry-wide standard for IP (Intellectual Property) encryption and decryption was affecting both IP vendors and their customers for long period of time. While easy to use, unencrypted IP cores were prohibitively expensive for some customers, availability of cheaper (but encrypted) versions working with customer tools was spotty. Maintaining multiple IP core versions for multiple tools was also cumbersome for IP vendors. Fortunately for IP users, IP vendors and tool vendors the situation is going to change.

New Solution

ALDEC, Inc. in cooperation with Synplicity®, Inc., introduces a new methodology of handling IP protection in simulation and synthesis, compatible with the recently published Verilog standard IEEE Std 1364-2005 and forthcoming VHDL 2006 standard. This new methodology enables easy encryption of IP cores for secure delivery from the IP vendor to the customer. The encryption and decryption involves no action on the side of the customer – all required activities concern IP vendor and tool vendors only. Customers can open delivered IP source but will only see unintelligible, encrypted and encoded text. The compiler of a compatible tool will be able to decrypt the source on-the-fly, leaving no traces that could compromise the security of encryption.

Availability

Coordinated encryption->simulation->synthesis flow is available starting with Riviera release 2006.06 and the Synplify/Synplify Pro software release 8.6.1.

Cryptography Fundamentals

Key Terms

Cryptography is a discipline of mathematics and computer science dealing with information security and related issues, particularly encryption and authentication. While applied to IP security, cryptology teaches how to turn open source of the IP (plaintext) into secure IP (ciphertext) readable only by authorized tools. This process is called encryption and uses various algorithms called ciphers. The reverse process, recreating original plaintext from the ciphertext, is called decryption. Treated together, encryption, message delivery and decryption create cryptosystem.

Symetric Ciphers

One group of encryption algorithms, called symmetric key algorithms, uses one secret key that allows both encryption and decryption of the text. Security of the cryptosystem based on symmetric key ciphers depends on the length of the key used and the particular algorithms utilized during encryption/decryption. The popular ciphers belonging to this group are DES, 3DES and AES; they are all characterized by high speed and low implementation cost of encryption and decryption. Although they can be broken, the cost to do so is of the hundreds of thousands of dollars magnitude, making them secure for IP applications.

Asymmetric Ciphers

The other group of algorithms is called asymmetric key algorithms and uses two keys: public key and public key. Intended recipient of the information generates both keys on his site, keeping the private key secret, and publishing the public key to all possible senders of information. The most popular cipher from this group is called RSA and uses very large prime numbers for key generation. It is considered highly secure, but its implementation is slow and expensive, especially for encryption of longer texts.

Hybrid Cryptosystems

To utilize high security of asymmetric algorithms and low cost of symmetric algorithms in one solution, the following mixed or hybrid cryptosystem can be used:

• Sender encrypts the message using cheap and fast symmetric cipher with secret key (let’s call it SENDER’S_SECRET_KEY).
• Sender encrypts SENDER’S_SECRET_KEY using public key of the message recipient (RECIPIENT’S_PUBLIC_KEY).
• Sender sends both encrypted message and encrypted secret key to the recipient.
• The recipient uses RECIPIENT’S_PRIVATE_KEY to decrypt secret key first, and once it is retrieved he can decrypt the message.

The hybrid cryptosystem with carefully selected algorithms (e.g. AES for message encryption and RSA for secret key encryption) is very secure and easy to implement at the same time, making it perfect choice for IP delivery.

New Methodology Usage

Coordinated encryption->simulation->synthesis flow supported by Riviera and Synplify uses hybrid cryptosystem described above.

Encryption with Perl Script

To encrypt the source, creator of the code can use the ‘protectip’ Perl script delivered with the tool installation. Linux/Unix users should have Perl interpreter and OpenSSL (open source encryption/decryption toolkit) component already installed with their operating system. MS Windows users should download and install OpenSSL binaries (from http://gnuwin32.sourceforge.net/packages/openssl.htm and some publicly available Perl distribution, such as ActivePerl (from http://www.activestate.com/Products/ActivePerl/).

Here are the most important switches supported by the script:

Table 1: Parameters of the 'protectip' script

To learn the scope and meaning of all switches supported by the script, it should be run without any parameters.

Cipher and key selection are the most critical options:

Selecting “des-cbc” cipher provides fastest, but least secure encryption and requires specification of either 8-character text key or 64-bit hexadecimal key (16 hex digits). Please note that DES algorithm uses only 7 bits out of each byte of the key, so the effective key length is 56 bits.

Selecting “3des-cbc” provides significantly more secure, but slower encryption. TripleDES algorithm uses plain DES algorithm 3 times with different keys, so you have to specify either 24-character text key or 192-bit hexadecimal key (48 hex digits).

Selecting “aes128-cbc” provides the most secure, and still fast encryption, requiring either 16-character text key or 128-bit hexadecimal key (32 hex digits).

For most IP cores, selecting “aes128-cbc” seems to be the best choice; only some special factors may justify the use of other supported algorithms. Quick tests conducted on Intel machine with 2 GHz clock show that encrypting 1 megabyte source file using ‘protectip’ script and any of the supported ciphers takes less than 2 seconds. Times required for decryption may differ, since special measures are taken to ensure that no critical information is compromised during the process.

To encrypt file memory.v using AES cipher with MY_AES_SAMPLEKEY text key and store the result in memory_ip.v file, the following command line can be used:

protectip -in memory.v -out memory_ip.v -c aes128-cbc -k MY_AES_SAMPLEKEY -om persistent_key -v

(On MS Windows platform renaming the script to protectip.pl may be required for correct execution; first item in the command line should be modified appropriately in this case.)

A sample encrypted file created by the previously listed command line is shown below:

%%% protect protected_file
%%% protect begin_protected
%%% protect encoding=(enctype=base64)
%%% protect key_keyowner=Synplicity
%%% protect key_keyname=SYNP05_001
%%% protect key_method=rsa
%%% protect key_block
KBNM4JvxqAiEnflB822dQTeLru2ZZYbdUf7yv0Gi1wXfbGUqhK2LXX/snAXXb3CQwfUQhs2Cj7Is
sf+E9345RBa+T5QdQiNSKRAvBy9CwvbIZay6RWQtufbXdM5sTudvRdYKjeqCKRSE85AJJ8LV/WxF
qkO3IqezcZJIOnv4w83ISfQBSZp4r7yyY8juVNMZwUbJgNJuG05HIMEE0QwaeAje/Lb7V4MZlXtQ
SRZZ7I/fapv0Tk9VZueoTyKue/MGFifWbRblvICx2ZsHt6uUFX/GntTTkx8Dk5rLQ1JLtRhMSh/0
VT6eu2hUOD0ig7nUQADEerGefGiWUctkfIn8Jw==
%%% protect key_keyowner=Aldec
%%% protect key_keyname=ALDEC06_001
%%% protect key_method=rsa
%%% protect key_block
WSt5IKlYtBkRcIlp0dyOgO2gWFaxHpTu8Eig/J+a090P8NUipoSl/bSOLcnGvbVsglvxY1y7DBUw
kiys37NA+Phii2DWu1uxqqVfH7/xq/VubuHJp1PWDIudv5XyUZUIPdZu5VafoIdqth2A8KLc6Mpn
PMbvzxVF15TsWvzItL5COYq49RiROHRoNKDrmKnY90PK3VwXFRi6fyzcTWP76PnMVpM1WXuK4EQp
PC8q3B+QWzpzFA/kYsfMPfnbpPUQkDqwoN+Io0qaF9RzNqvj/wUsXBKZKfi3xs89BAGUM2te1OHt
k6aKaa7uchAGxDXdNztgyOhMWeTGwb3rVxNBeQ==
%%% protect author=ipauthor@ipcompany.com
%%% protect data_keyname=ip_data_key_name
%%% protect data_keyowner=ipcompany
%%% protect data_method=des-cbc
%%% protect data_block
S+SflZCZyJ/ApfcAU4V1PEH0Fu3QGH3+oTg+gTgPeCrmS/yg4I0kyMJfxAzPV4MGuyV/BBdGD9xH
SheDYtMzKOSSDmA6miVm62PsaKkX02m9OKITvdxCr15L89z3o65ywhnkK3Y4swIoSAecwRsigJPF
xUFZfEut4mM153v3iorH7VG9nY9g9QmI9j6m1R7pKOvF7233DD8XL4Tsh7C3wxPejBUdOGdLTgTB
jNBqGDgLUPekWG61z6sBP5hpe+fs5QkHyChYBtaplm3sAnQAcm08mrF54dIaF5rW6mFPNinXQh0J
GoJMi9xvpGeEh0k4uvvzhLEuK+w6yyO5Ks5k3jSCVQVgsu0ngHredygjBWp03JhoByx14w==
%%% protect end_protected

Encrypted IP Delivery

After compilation of the encrypted file in the Riviera environment, only the name of the encrypted module is visible (names of ports are not displayed).

To facilitate easy instantiation of the encrypted module, IP core vendors are advised to add an unencrypted wrapper module instantiating the protected module. The text of the wrapper can be placed between the obligatory first line with “%%% protect protected_file” pragma and the line with “%%% protect begin_protected” pragma, as shown below:

%%% protect protected_file
module memory_ip( input WE, input CLK,
                  input [7:0] ADDR,
                  input [7:0] DATA,
                  output [7:0] Q );
   ram U1 (WE, CLK, ADDR, DATA, Q);
endmodule
%%% protect begin_protected
...
In the IP core documentation, the vendor can instruct end-user to add the encrypted file to his project resources and compile it in Riviera as any other source (no special switches required).

Conclusion

The new methodology described in this document should quickly gain popularity among other tool vendors, providing unified, easy to use but secure way of IP protection handling in FPGA and ASIC design flow.

Reference:
[1] An Open IP Encryption Flow Permits Industry-Wide Interoperability – Synplicity White Paper (http://www.synplicity.com/literature/whitepapers/pdf/ip_encryption_wp.pdf)